The Korean Ministry of Food and Drug Safety (MFDS) has clarified the scope of medical devices subject to cybersecurity requirements during the medical device approval and review process. It has also defined the applicable security requirements and the range of materials that must be submitted based on the product’s characteristics to ensure the safety management of communicable medical devices. On November 27, 2024, following the enactment of the Digital Medical Product Act, the guidelines were revised to apply international standards (IEC 62443-4-2, IEC TR 60601-4-5), and on January 10, 2025, additional revisions were made to clarify the implementation timeline for the requirements.
For medical device subject to cybersecurity requirements during the approval and review process, the following timeline for applying the cybersecurity requirements is as follows:
- Until June 30, 2025, it is permissible to submit verification documents based on the previous requirements.
- However, medical devices falling under the “Digital Medical Product Act” must comply with the revised requirements in line with the law’s enforcement date (January 24, 2025), and additional verification of “artificial intelligence security” will be required.
These guidelines also include the basic principles of medical device cybersecurity, cyber security requirements for medical devices, and supporting materials for the approval and review process.
Please refer to them for your work.
Please refer to the attached document below.
If you have any questions about medical device,
please contact us with the below.
ra@jnmglobal.net
info@jnmglobal.net