Regulatory News

Overview of Changes

The new version of TR-007:2026(E) introduces several updates compared to TR-007:2025-1(E). Key changes include the addition of a definition for "Cybersecurity," the introduction of the Total Product Life Cycle (TPLC) concept for software medical devices, and revised content regarding software verification and validation, cybersecurity requirements, and post-market management.

Key Changes

• Introduction of "Cybersecurity" Definition: A new definition for "Cybersecurity" has been added in Clause 3.3, defining it as "a state where information and systems are protected from unauthorised activities, such as access, use, disclosure, disruption, modification, or destruction to a degree that the related risks to confidentiality, integrity, and availability are maintained at an acceptable level throughout the life cycle."
• Introduction of Total Product Life Cycle (TPLC): A new Clause 1.1.3 has been added stating: "The Total Product Life Cycle (TPLC) of a software medical device includes all phases in the life of a MD, from initial conception to end of support. Manufacturers are encouraged to integrate TPLC considerations into their development processes to ensure the quality, safety and performance of MD throughout a software life cycle and address cybersecurity concerns effectively."
• Software Verification and Validation Updates:
  • Clause 5.5.1.1 has been revised to state: "Applicants shall submit a software description and a system and software architecture diagram upon request to provide additional context for the verification and validation processes."
  • Clause 5.5.1.3 has been added: "If the software version tested in the validation report differs from the version to be listed, justification regarding the applicability and relevance of the report for the version to be listed shall be provided, as appropriate. The need for specific validation to address significant differences between the two versions should be considered."
• Cybersecurity Requirements Updates:
  • Clause 5.5.3.2 has been revised to include: "through the implementation of risk controls, which shall be verified and validated."
  • Clause 5.5.4.1 has been expanded with new sub-clauses (e) and (f):
    • "(e) a patching and updates plan outlining how software will be updated to maintain on-going performance and safety of the device either regularly or in response to an identified vulnerability."
    • "(f) a recovery plan for either the manufacturer, user, or both to restore the device to its normal operating condition following a cybersecurity incident."
• Introduction of Post-Market Management Section: A new section, "7. Post-market management of software medical devices," has been added. Clause 7.1 states: "Any software-related adverse event, including a cybersecurity incident that affects the performance or safety of the device, shall be reported by the LRP to the MDD. Please refer to Guidance Notes GN-03 (Guidance Notes for Adverse Event Reporting by Local Responsible Persons) for the requirements on the adverse event reporting by Local Responsible Persons."
• Revised Examples in Clauses:
  • Clause 4.1.1 (a) now reads: "Software for a blood glucose meter intended to read test strips for blood glucose/ketones, trend indication, dose logging and guide for insulin." (Previously: "Software that is intended to be used to operate a clinical chemistry analyser.")
  • Clause 4.1.4 (c) now reads: "Software that analyses images of urinalysis test strips from a smartphone camera to interpret color changes and report analyte results for screening urinary tract infections." (Previously: "Software that uses the microphone of a smart phone to detect interrupted breathing during sleep and sounds a tone to rouse the sleeper.")
  • Clause 4.1.4 (d) has been added: "Software that analyses diagnostic assays to aid in estimating the risk of congenital abnormalities, such as Down's Syndrome, Edward's Syndrome, Patau's Syndrome, and open Spina Bifida."
  • Clause 4.1.5 has been revised to provide examples of non-MD software, including "Hospital information systems / workflow management systems intended for communication and management in a clinical setting not related to patient therapy and diagnosis, such as appointment scheduling, billing and workflow management," "Electronic health records intended for storing and viewing patient information with no processing or analysis," and "Software intended for developing or maintaining general fitness, health or wellness of persons, without specific intention for the diagnosis of a disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease." (This section was not present in the previous version).
• Renumbering of Sections: Due to the addition of the "Post-market management" section, the "Enquiries" section is now Clause 8 and "References" is Clause 9.

Suggestions for SOP Updates

• Update SOP to include the new definition of "Cybersecurity" in Clause 3.3.
• Incorporate the concept of Total Product Life Cycle (TPLC) into relevant sections of the SOP, particularly those related to product development, risk management, and post-market surveillance. The SOP should emphasize that cybersecurity considerations must be integrated throughout the entire TPLC.
• Revise the "Software Verification and Validation" section of the SOP to reflect the requirement for submitting software descriptions and system/software architecture diagrams upon request. The SOP should also detail the process for justifying the applicability of validation reports for different software versions and when additional validation may be needed.
• Update the SOP's "Cybersecurity" section to incorporate the requirement for verification and validation of cybersecurity risk controls. The SOP should also include requirements for a patching and updates plan and a recovery plan following a cybersecurity incident.
• Create a new section or update an existing one in the SOP to cover "Post-market management of software medical devices," specifically addressing the reporting of software-related adverse events and cybersecurity incidents. Ensure this aligns with the requirements in Guidance Notes GN-03.
• Review and update any SOP sections that refer to the examples of SaMDs in Clause 4.1.4 to reflect the revised examples. Also, incorporate the new examples of non-MD software from Clause 4.1.5 into the SOP where relevant.
• Ensure all references to clause numbers within the SOP are updated to match the new numbering in TR-007:2026(E).

Overview of Changes

The new version, TR-008:2026(E), introduces significant updates to the requirements for listing Artificial Intelligence Medical Devices (AI-MD). Key changes focus on risk management, dataset and model rationale, labelling requirements, and the addition of two new clauses related to these areas.

Key Changes

• Dataset and Model Rationale:

  • The "Dataset" section now requires "Rationale of dataset appropriateness, adequacy of the dataset selected, and possible factors for influencing the output results." It also mandates addressing and managing "Any potential bias in selecting the training and validation dataset."
  • The "AI Model" section now requires "Rationale of model appropriateness" and an explanation of "Any limitation of the model and applicable mitigating measures to manage any shortcomings."
  • It is now explicitly stated that "The training and validation datasets should not overlap; justification should be provided if the two datasets duplicate."
  • Model evaluation must be conducted with a test dataset separate from the training dataset.

• Risk Management:

  • A new requirement mandates that "The risks associated with AI algorithm in the MD shall be addressed. Applicants shall conduct necessary risk management throughout the life cycle of the AI-MD in accordance with the principles in 'ISO 14971 Medical Devices – Application of Risk Management to Medical Devices', or equivalent." This is located in a new section, effectively Clause 4.4.

• Labelling Requirements:

  • A new requirement (effectively Clause 4.5) states that "Labelling of the AI -MD shall follow the requirements as stated in the Technical Reference TR -005 (Additional Medical Device Labelling Requirements). In addition, for AI -MD, manufacturers should consider providing the following information to users in the device labelling:
    • Intended user;
    • Warnings and precautions to avoid over-reliance on the MD by users;
    • Description of the scope of AI application in the MD;
    • Algorithm training summary;
    • Performance evaluation summary and clinical investigation summary (when applicable)."

• Clause Numbering Change:

  • The "Enquiries" section has moved from Clause 6 to Clause 7, and the "References" section has moved from Clause 7 to Clause 9. This is due to the addition of new clauses under section 4.

Suggestions for SOP Updates

• SOP Section: Dataset Requirements for AI-MD:

  • Update the SOP to include the requirement for providing the rationale behind the appropriateness and adequacy of training, validation, and test datasets.
  • Add a requirement for identifying and detailing measures to manage potential biases in dataset selection.
  • Incorporate the stipulation that training and validation datasets should not overlap, and require justification if they do.

• SOP Section: AI Model Requirements for AI-MD:

  • Update the SOP to mandate the provision of a rationale for the chosen AI model's appropriateness.
  • Include a requirement to describe any limitations of the AI model and the mitigating measures to address these shortcomings.
  • Add the requirement for model evaluation to be performed on a separate test dataset from the training dataset, with justification for any overlap.

• SOP Section: Risk Management for AI-MD:

  • Create a new section or significantly update an existing one to detail the requirement for comprehensive risk management for AI-MDs throughout their lifecycle, referencing ISO 14971 or equivalent.
  • Ensure the SOP outlines the process for identifying, evaluating, and controlling risks associated with AI algorithms in medical devices.

• SOP Section: Labelling of AI-MD:

  • Introduce new requirements for AI-MD labelling, specifying that manufacturers must consider including: intended user, warnings about over-reliance, scope of AI application, algorithm training summary, and performance/clinical investigation summary.
  • Ensure the SOP directs users to consult TR-005 for general labelling requirements and outlines these specific AI-MD considerations.

• SOP Section: Document References:

  • Update any cross-references within the SOP that point to TR-008 to reflect the new version number (TR-008:2026(E)).
  • If the SOP refers to specific clause numbers for AI-MD listing requirements, ensure these are updated to reflect the addition of new clauses in section 4.

Overview of Changes

The new version of the "Guidance Notes on the Application for Certificate for Clinical Trial/Medicinal Test" (Version January 2026) primarily introduces minor wording changes and updates to specific sections concerning the "stop-clock" mechanism and the submission of NMPA approval documents. The core content and regulatory requirements remain consistent.

Key Changes

• Section 5.1.13 - NMPA Approval Document: The phrase "Drug clinical trial approval document ( 藥物臨牀試驗通知書 )" has been updated to "Drug clinical trial approval document ( 藥物臨牀試驗批准通知書 )".
• Section 5.1.14 - NMPA Protocol Submission: The original document stated "A copy of the proposed protocol submitted to NMPA." The new version specifies "A copy of the proposed protocol approved by NMPA." Additionally, a remark has been added: "(Remarks: For studies which are under evaluation by the NMPA and approval is not yet available, an amendment application could be submitted at a later stage upon NMPA’s approval.)"
• Section 6.3 - Stop-Clock End Condition (Committee Consideration): The wording has been clarified. Previously, for applications requiring Committee consideration, the stop-clock ended upon "issuance of approval in principle letter." The new version states it ends "when the application is presented for consideration by the Committee for the first time."
• Section 6.4 - Applicant's Stop-Clock and Committee Consideration:
  • The phrase "within 60 working days for normal applications" in reference to the applicant's response time has been changed to "within 45 working days for general applications".
  • The phrase "within 60 working days for applications that require Committee consideration" has been clarified to "For applications that require consideration by the Committee, the total response time before the application is ready for presentation to the Committee for consideration should be within 60 working days."
  • A new sentence has been added: "For the application which the Committee considered additional information is required, the applicant must submit an initial response to the Committee's request within 30 working days; otherwise, the application would be brought forward to the Committee for consideration of refusal."
• Section 6.6 - Stop-Clock Illustration Reference: The reference to Appendix 2 has been updated from "illustration of the stop -clock mechanism for normal applications" to "illustration of the stop -clock mechanism for general applications".

Suggestions for SOP Updates

• Review Section X.X related to NMPA Submissions: Update the SOP to reflect the change in the required document from a "notice" (通知書) to an "approval" (批准書) for NMPA drug clinical trial approval. Also, incorporate the new remark regarding amendment applications for pending NMPA approvals.
• Update Section Y.Y on Stop-Clock Mechanism:
  • Clarify the precise end-point of the stop-clock for applications requiring Committee consideration, as per the revised Section 6.3.
  • Amend the applicant's response time for "general applications" to 45 working days, as per the revised Section 6.4.
  • Ensure the SOP accurately reflects the total response time requirement of 60 working days for applications requiring Committee consideration before presentation.
  • Add the new requirement for a 30-working-day initial response to requests for additional information from the Committee, as detailed in the revised Section 6.4.

Overview of Changes

The updated version of the Guidance Notes on Registration of Medical Gases (Version Jan 2026) includes a new section, "Compliance with the Prevention of Bribery Ordinance," which was not present in the previous version (Version June 2024). This new section outlines prohibitions against offering advantages to government officers or members of statutory organizations.

Key Changes

• New Section Added: A new section titled "Compliance with the Prevention of Bribery Ordinance" has been added on Page 7 of the new version.
• Content of New Section: This section states that "Applicants and their employees or agents must not offer an advantage as defined in the Prevention of Bribery Ordinance (Cap. 201) to any government officer or Members of statutory organisations (including but not limited to the Pharmacy and Poisons Board and its Committees) in connection with their applications or while having dealings of any kind with government departments or statutory organisations."

Suggestions for SOP Updates

• Introduce a new SOP section or update an existing one to incorporate the requirements related to the Prevention of Bribery Ordinance.
• Specifically mention the prohibition of offering advantages to government officers or members of statutory organizations in the context of applications and dealings with regulatory bodies.
• Clarify that this applies to applicants, their employees, and agents.
• Reference the Prevention of Bribery Ordinance (Cap. 201) as the governing legislation.

Overview of Changes

The new version of the "Guidance Notes on Registration of Biosimilar Products" (Jan 2026) introduces a new section, "Compliance with the Prevention of Bribery Ordinance," which was not present in the previous version (Aug 2021). This section outlines the prohibition of offering advantages to government officers or members of statutory organizations in connection with applications or dealings with these entities. All other sections and content appear to be identical between the two versions.

Key Changes

• New Section: "Compliance with the Prevention of Bribery Ordinance" has been added as a new section, appearing on Page 11 of the Jan 2026 version.
  • This section states: "Applicants and their employees or agents must not offer an advantage as defined in the Prevention of Bribery Ordinance (Cap. 201) to any government officer or Members of statutory organisations (including but not limited to the Pharmacy and Poisons Board and its Committees) in connection with their applications or while having dealings of an y kind with government departments or statutory organisations."

Suggestions for SOP Updates

• Add New Section: Incorporate the content of the new "Compliance with the Prevention of Bribery Ordinance" section into the SOP.
• Review Compliance Procedures: Review existing SOPs related to interactions with regulatory bodies and government officials to ensure they align with the principles outlined in the new "Compliance with the Prevention of Bribery Ordinance" section. This may involve:
  • Adding specific clauses or statements within the SOPs that reinforce the prohibition of bribery.
  • Potentially including training requirements for personnel who interact with regulatory authorities to ensure awareness of these requirements.
  • Ensuring that any gift or entertainment policies within the company explicitly comply with the Prevention of Bribery Ordinance as referenced in the guidance.

Overview of Changes

The revision history indicates a new version of the guidance notes, GN-09:2025(E), has been released, superseding GN-09:2024-2(E). The specific changes noted in the revision history are the addition of "Clause 6.2 (Renewal of listing)" and the revision of "Clause 6.1.1".

Key Changes

• Clause 6.1.1 Revised: The original Clause 6.1.1 stated: "If an application for inclusion on the List of Distributors is approved, the applicant will be included on the List for three (3) years. The listed Distributor should apply for renewal of its current inclusion on the List of Distributor (current listing) not less than three (3) months before its expiry through the submission of a renewal application form and requisite documents as specified by the MDD. If the current listing expires prior to a decision of its application for renewal is made by the MDD, its current listing shall remain in effect until there is a decision." The new version of Clause 6.1.1 in GN-09:2025(E) now reads: "If an application for inclusion on the List of Distributors is approved, the applicant will be included on the List for three (3) years."

• Clause 6.2 (Renewal of listing) Added: This is a new clause introduced in the latest version. The original document had a "Clause 6.2 Fees", which is now moved and renumbered as "Clause 6.3 Fees". The new "Clause 6.2 Renewal of listing" outlines the specific timeframe for submitting renewal applications.

  • New Clause 6.2.1: "The listed distributor shall submit an application for renewal of the listing to the MDD between 12 weeks and 1 year (inclusive) before the expiry of the three -year validity period. No renewal application will be accepted outside of this submission window."
  • New Clause 6.2.2: "Applicants shall submit a new application if the distributor listing has expired."

Suggestions for SOP Updates

1. Update SOP for Clause 6.1.1 Revision:

   • Locate the section in your SOP that addresses the validity period of distributor listing.
   • Revise the SOP to state that the listing is for three (3) years, and remove any specific guidance on the renewal application timeframe that was previously derived from the old Clause 6.1.1. The new SOP should reflect the simplified statement of initial approval duration.

2. Update SOP for New Clause 6.2 (Renewal of listing):

   • Create a new section in the SOP or update an existing section dedicated to "Renewal of Distributor Listing."
   • Incorporate the specific submission window for renewal applications: "between 12 weeks and 1 year (inclusive) before the expiry of the three-year validity period."
   • Explicitly state that applications submitted outside this window will not be accepted.
   • Include the requirement for a new application if the distributor listing has expired.

3. Review and Renumber Sections:

   • Ensure that any references within your SOP to sections under "6. Administrative Provisions" are updated to reflect the renumbering caused by the introduction of the new "Clause 6.2 Renewal of listing" and the relocation of "Fees". Specifically, the original "Clause 6.2 Fees" is now "Clause 6.3 Fees", "Clause 6.3 Undertaking by Applicant" is now "Clause 6.4 Undertaking by Applicant", "Clause 6.4 Delisting of Distributors" is now "Clause 6.5 Delisting of Distributors", "Clause 6.5 The List of Distributors" is now "Clause 6.6 The List of Distributors", and "Clause 6.6 Appeal" is now "Clause 6.7 Appeal". The table of contents and all internal cross-references within the SOP should be adjusted accordingly.