App stores and SaMD

Under the MDR, the responsibilities of manufacturers and distributors are well-defined, at least for physical devices. But for SaMD, where the ‘product’ is accessed through digital marketplaces, things have been less clear. 

“If I package SaMD as an app and I put it on the Apple App Store or the Google Play Store, does that make them a distributor?” Says Marijn. “For the past four years, no one knew the answer. Now we do.” 

The recently published MDCG guidance finally removes the ambiguity: app stores are classified as ‘intermediary service providers’, not distributors. And there’s a big difference. 

Distributor vs. intermediary

Under the MDR, ‘distributors’ carry significant responsibilities, including ensuring CE marking, UDI labeling, regulatory record-keeping, and cooperation with competent authorities. In contrast, ‘intermediary service providers’ host and disseminate apps without modifying or taking ownership of the software. 

Intermediaries do not carry the same compliance burden as distributors, but they still have roles to play. As Marijn explains, “They’re required to remove non-compliant or illegal content and give manufacturers the tools to display CE markings, UDIs, and other labeling. They’re also responsible for conducting risk assessments, such as scanning for malicious software or non-compliant apps.”

Key definitions explained

MDCG 2025-4 brings clarity to previously vague areas of the MDR. Three key definitions help shape compliance for SaMD:

1. “Making available on the market”: For SaMD, this includes uploading the app to a platform and making it accessible to users, whether it’s paid or free.
2. “Putting into service”: This means the app is actually used by the end user, an important step in the regulatory timeline.
3. “Intermediary service provider”: Digital marketplaces like Apple’s App Store and Google Play host apps, but do not ‘distribute’ them in the traditional sense. This allows manufacturers to avoid the need for distribution agreements, which would otherwise be unrealistic or unfeasible. “We’ve always viewed app stores as digital shelves,” says Marijn. “It didn’t always make sense to label them as distributors, and now the latest guidance supports this view.”

Practical compliance for SaMD vendors

So what should manufacturers do with this new clarity? Marijn outlines the most pressing actions for regulatory and QMS teams:

• Document the relationship: Clearly define app stores as intermediary service providers in your Technical Documentation and Quality Management System.
• Label properly: Include CE Markings, UDI, manufacturer information, and intended use in the app listing and in-app.
• Categorize your app: Differentiate between medical device software, and wellness and lifestyle components and apps. Although app stores haven’t fully addressed this yet, it’s now expected.
• Engage with app store compliance teams: If the platform doesn’t provide the tools needed to display legal information, raise it with them. “If enough manufacturers push, they are more likely to adapt,” says Marijn.

What about the legal risk?

App stores aren’t distributors, so responsibility still lies with the legal manufacturer. If there’s incorrect labeling or regulatory non-compliance, you are still accountable, not the platform.

“It’s almost always going to be your problem, not theirs,” cautions Marijn. “So get ahead of it. Ensure your app is clearly marked, compliant, and appropriately documented, even if the platform only provides partial support.”

The bigger picture – guidance vs. law

It’s worth noting that MDCG guidance documents aren’t legally binding. However, they are often treated as de facto standards by Notified Bodies and competent authorities. 

“Some auditors act like it’s law,” Marijn cautions. “And others take a totally different view. It can depend on their background, whether they come from pharma, food, or medtech.” 

In practice, guidance like MDCG 2025-4 gives manufacturers a solid foundation to justify their approach, even if the interpretation varies between audits.

Need help navigating compliance for SaMD?

At Peercode Regulatory Consultancy, we help SaMD manufacturers bring their products to market through digital marketplaces. From CE markings to app store compliance, we’re here to help if your team is unsure how to:

• Integrate this guidance into your QMS
• Communicate with app store compliance teams
• Structure your technical documentation for SaMD distribution

MDCG 2025-4 represents a welcome step forward for SaMD compliance in the EU. While not a legal overhaul, it removes years of ambiguity and gives manufacturers the clarity they’ve been asking for. As Marijn puts it: “Now we know.”

Does your compliance team know what to do next? Ensure your SaMD is compliant, clearly classified, and audit-ready on app stores and beyond. Contact Peercode’s team of regulatory consultants for a free discovery call today.