Skip to content

Medicines and Healthcare products Regulatory Agency

The MHRA is the Medicines and Healthcare products Regulatory Agency, the UK government regulator responsible for ensuring that medicines and medical devices placed on the UK market are safe, effective, and of acceptable quality.

In UK regulatory terms, the MHRA is the primary authority for healthcare products, including software-based medical technologies.

What the MHRA Is

  • An executive agency of the Department of Health and Social Care (DHSC)
  • Operates across England, Scotland, Wales, and Northern Ireland
  • Regulates products, not clinical practice

Its remit is comparable to the FDA (US) for medicines and devices, but within the UK legal framework.

What the MHRA Regulates

Medicines and Biological Products

  • Prescription and over-the-counter medicines
  • Vaccines
  • Blood components
  • Clinical trials of medicines

Medical Devices

  • Physical medical devices
  • Software as a Medical Device (SaMD)
  • In vitro diagnostic devices (IVDs)
  • AI-driven medical technologies

Healthcare Product Safety

  • Post-market surveillance
  • Adverse incident reporting (Yellow Card scheme)
  • Recalls and safety notices

MHRA and Software

The MHRA is directly relevant to software and digital health teams.

Software is regulated where it has a medical purpose, such as:

  • Diagnosis
  • Monitoring
  • Prediction
  • Treatment recommendation

Examples:

  • Clinical decision support tools
  • Diagnostic AI
  • Risk-scoring systems used in care pathways

Regulatory Framework (Post-Brexit)

Since Brexit, the MHRA operates a UK-specific regulatory regime:

  • UKCA marking (replacing CE marking in Great Britain)
  • Transitional acceptance of CE marks (time-limited)
  • UK Responsible Person requirement for non-UK manufacturers

The MHRA is increasingly diverging from EU regulation while remaining broadly aligned.

How MHRA Regulates Medical Devices

Risk-Based Classification

  • Class I (low risk)
  • Class IIa / IIb (medium risk)
  • Class III (high risk)

Higher risk means:

  • More clinical evidence
  • Stronger quality management
  • Greater regulatory scrutiny

Relationship to Other UK Frameworks

Framework Relationship
UK GDPR Data protection (separate but overlapping)
NHS DSP Toolkit Operational data security
NICE Clinical and cost effectiveness guidance
CQC Provider regulation
ISO 13485 Common quality standard

MHRA focuses on product safety and performance, not data governance or service delivery.

Common Misunderstandings

  • “MHRA approval covers data protection” → Incorrect; UK GDPR applies separately.

  • “All healthcare software needs MHRA approval” → False; only software with a medical purpose.

  • “MHRA regulates hospitals” → Incorrect; it regulates products, not providers.

Why MHRA Matters Practically

  • Required to legally market medical devices in the UK
  • Essential for digital health and AI products
  • Influences product design, documentation, and release processes
  • Non-compliance can block market access or lead to enforcement

One-Sentence Summary

The MHRA is the UK government regulator responsible for ensuring that medicines and medical devices—including software with a medical purpose—are safe, effective, and legally placed on the UK market.