Medical devices, certification and compliance


To meet essential health and safety requirements, the CE mark was created as part of the European technical harmonization legislation. It recognizes that a product can be sold in the European Union and that it respects the associated standards and regulations. The healthcare and medical device industry is no exception to this rule. In order to deploy a medical device in the EU, a manufacturer must obtain the CE mark. 

What is a medical device?

"Any instrument, apparatus, equipment, software, implant, reagent, or other article, intended by the manufacturer to be used, alone or in combination, in humans for one or more of the following specified medical purposes:

  • diagnosis, prevention, control, prediction, prognosis, treatment or mitigation of a disease,
  • diagnosis, control, treatment, mitigation or compensation of an injury or disability,
  • study, replacement or modification of an anatomical structure or function or of a physiological or pathological process or condition,
  • communication of information through in vitro examination of samples from the human body, including organ, blood and tissue donations,

and whose principal intended action in or on the human body is not achieved by pharmacological or immunological means or by metabolism, but whose function can be assisted by such means."

Article 2 of Regulation 2017/745


Our software engages, by its module "Connected Follow-up" and its triggering of alarms, allows the monitoring of a pathology, a wound or a handicap. The main action desired in or on the human body is not obtained by pharmacological or immunological means or by metabolism. It is therefore a medical device."

What certification?

The CE marking materializes the conformity of a product to the Community requirements incumbent on the manufacturer of the product, with a view to its free circulation throughout the EU.

The medical CE mark is based on an examination that guarantees that the medical device meets specific safety and clinical benefit requirements, set by European regulations(Regulation 2017/745, formerly Directive 93/45 EEC).

This regulation involves different actors:

  • The software manufacturer/publisher
  • The notified body (except for class I DM)
  • The competent authority. In France, this is the Agence Nationale de la Santé et du Médicament (ANSM).

Which conformities?

Two steps are required to bring DMs into compliance:

  • Evaluation of the DM (technical file, design, clinical data, production, risk analysis...) by a notified body during an audit.
  • Implementation of a quality management system in the company in accordance with the ISO 13485 standard and evaluation by a notified body (ability to produce and sell only compliant products) during an audit.

What are the different risk classes of medical devices?


The class of a medical device is important because it helps define the regulatory requirements applicable to a DM and the activities of its manufacturer. It is determined according to its characteristics and the rules determined in Regulation 2017/745 and to the dangerousness of the device. In these predefined characteristics, we find:

  • Duration of use
  • Type of DM

The answers to these requirements define the safety class of the DM. They have a direct impact on certification, because the higher the risk class, the greater the regulatory constraints. There are four classes for DM, in order of criticality: I / IIa / IIb / III

Criticality is determined by the potential risk to the patient, caregiver, or any other person involved in the use of the device.

How important is exolis?

As mentioned before, our software is a medical device thanks to its "connected monitoring" module, its management of alerts, its questionnaires and the sending of responses to caregivers. This is why we are taking the necessary steps to comply with our software:

  • Since May 2021, engage is a class I medical device, CE marked according to the applicable regulations.
  • Since July 2022, exolis is certified ISO 13485.

In order to remain in conformity with the regulatory requirements, exolis maintains its technical files up to date.

About the white label:

In order to allow for specific parameterization for each user healthcare institution, we deploy our application as a white label. The "daughter" solutions created retain the CE mark.

exolis_Maxime Gachie

Article written by :

Maxime GACHIE, Quality and Regulatory Affairs Manager at exolis