Abstract
The Medical Device Coordination Group (MDCG) 2019-16 guidelines provide a structured framework for cybersecurity in Connected Medical Devices (CMDs) throughout their lifecycle, offering guidance on how to fulfil all the relevant essential requirements outlined in Annex I of both the Medical Device Regulation (MDR) and the In Vitro Diagnostic Medical Devices Regulation (IVDR). This paper evaluates the practical applicability and limitations of these guidelines based on feedback from six Horizon Europe (HEU) projects. Each project employed case studies reflecting diverse CMD environments and operational contexts to assess the guidelines’ relevance and effectiveness in real-words scenarios. The paper identifies gaps in the practical application of the guidelines and explores their impact on different stages of the CMD lifecycle, from design and development to deployment and post-market activities. Based on these findings, the paper proposes targeted recommendations aimed at enhancing the usability and effectiveness of the MDCG 2019-16 guidelines. The insights contribute to the ongoing evolution of cybersecurity practices in medical technology, ensuring the guidelines are better aligned with the needs of CMD stakeholders, including manufacturers, integrators, and operators, while supporting the development of more resilient and secure medical devices.