CRAdarCheck

Is my product in scope? / Medical / health app

Health apps: CRA or Medical Device Regulation?

It depends — read on

It depends on qualification. Software that is a medical device under MDR/IVDR is excluded from the CRA — the (stricter) sectoral regime applies. Wellness apps that avoid medical-device qualification are ordinary apps under the CRA. Health-monitoring wearables not covered by MDR are Annex III Class I.

What this means for you specifically

The pitfall that catches most teams

Drifting into MDR scope through feature updates ('detect arrhythmia' shipped by a PM who didn't ask legal) while your compliance file still says 'wellness app, CRA default class'.

The deadlines

2026-09-11

Reporting obligations start: actively exploited vulnerabilities and severe incidents must be reported within 24h/72h via the ENISA Single Reporting Platform.

2027-12-11

Full application: essential requirements, technical documentation, EU Declaration of Conformity and CE marking required to sell in the EU.

Where does your product actually stand?

The free Risk Check gives you a readiness score and a prioritized fix list in 3 minutes — tuned to your exact situation, including the edge cases this page can't cover.

Run the free Risk Check →No signup · instant result

Or get CRAdar to handle it continuously:

Other product types

Educational guidance on Regulation (EU) 2024/2847 — not legal advice.