---

Medical apps now ‘products’ under EU law – MHC

The EU has introduced sweeping changes to the regulation of digital healthcare, with new rules on product liability, AI systems, and patient-data privacy, a Mason Hayes & Curran review states.

The revised EU Product Liability Directive now treats software, including AI and medical apps, as "products" under EU law.

Developers may face liability for defects, cybersecurity flaws, or issues with software updates, signalling a major shift in how digital health products are regulated.

Guidelines from the International Medical Device Regulators Forum (IMDRF) also establish principles for the safe deployment of AI-enabled medical devices, setting the stage for tighter oversight in the sector, the review states.

Remote healthcare

The review points to the Court of Justice of the EU Advocate General opinion in Case C-115/24, delivered on 8 May 2025, which originated from a request for a preliminary ruling from the Austrian Supreme Court.

The request relates to a dispute between the Austrian Dental Chamber and an Austrian dentist, who was contracted by a German-based provider of remote aesthetic dental treatments, to perform dental examinations on its behalf in Austria.

In the opinion, the Advocate General was satisfied that only services that were entirely remote and ICT-based would fall within the scope of the meaning of the term ‘telemedicine’.

Health data

The review adds that new European Health Data Space Regulation, effective in early 2025, gives patients more control over their health data while allowing secure, anonymised sharing for research and innovation across EU member states.

MHC life-sciences regulatory partner Jamie Gallagher stressed that digital health companies must understand how these overlapping regulations, on product safety, AI, data privacy, and cybersecurity, affected their operations.

“Understanding how these regimes interact has become essential to managing regulatory risk,” he said.