The certification of health apps

Date of creation or latest update
Date: 4 December 2023
Lead authors: Dipak Kalra, Zoi Kolitsi

Relevance of this topic to Digital Health

There is growing adoption, although at a slow pace, of digital health apps and monitoring devices for the management of long term conditions and the prevention of health risk situations. Health systems across Europe are introducing methods of assessing health apps, usually through App Assessment organisations and Health Technology (HTA) bodies which assess evidence (from the developer and other publicly available evidence) to verify the safety and effectiveness of new digital health solutions, against set criteria. This evidence enables them to determine the product’s safety, reliability, security, accessibility, usability, its expected contribution to improved care and outcomes, its value for money and fit within the health ICT infrastructure of the health system. If approved, an app may qualify for reimbursement, sometimes requiring a separate application and decision-making process.

In order for health apps to be trusted to play important decision-influencing roles in health care, the developers need to demonstrate that they have designed their solution on the basis of relevant and up to date clinical evidence, that the implementation is robust, that it has been shown to be usable and safe, that it is effective in delivering the intended positive impacts on health and care, that it protects data and the user from cyber-threats and that it can share its data with other relevant health ICT systems. Developers need to adopt good practices throughout the design, development and evaluation lifecycle to assure these areas, and collect evidence during this process for later submission.

Developers need to be prepared to invest in the skills and capabilities within their teams to be able to design and develop high quality and safe products, and in the necessary quality assurance steps to implement and evidence this quality. However, they need guidance on what quality standards to aim for, which now partly exist and are partly forthcoming.

Current focus of policy, legislation, standards, emerging practices in this landscape

The Medical Device Regulation (MDR) applies to medical devices, including some health apps that provide diagnostic or therapeutic functionalities. Health apps falling under the definition of a medical device may, if classified as IIa or above, need to undergo conformity assessments and to obtain CE marking. For these apps, this is a precondition for placing an app into the EU market, which however does not also mean adoption by health systems. Member States being responsible for the definition of their health policy and for the organisation and delivery of health services and medical care impose additional HTA evaluation of clinical and socioeconomic benefit to introduce these apps into the health systems, which re-introduces market fragmentation.

The HTA Regulation takes a major step towards health technology market defragmentation, through enabling voluntary Member State cooperation on HTA through undertaking joint scientific consultations and clinical assessments of high-risk medical devices based on commonly agreed criteria and issue a single assessment report which is accepted at Union level. Health and wellness apps do not fall under the current scope of the Regulation; however, this important legal intervention provides a general framework and vision of EU app assessment harmonisation.

CEN-ISO Technical Specification 82304 Part 2 (financially supported by the EC and published in 2021) specifies quality requirements for health and wellness apps. It provides a general overview of why the quality of these apps is important and lists 67 quality requirements in the overarching quality aspects ‘healthy and safe’, ‘easy to use’, ‘secure data’ and ‘robust build’. It also specifies a standardised scoring and the presentation of a health app quality label (inspired by the EU Energy label and Nutri-Score design).

The EC funded project Label2Enable is developing a comprehensive assessment scheme against this CEN-ISO Technical Specification that can be used by assessment bodies to verify the conformance of a digital health product to the ISO requirements, and for approved certification bodies to be able to issue a certificate of conformity. The objective is to create the conditions for market uptake of the label including through creating a network of TS 82304-2 Conformity Assessment bodies and hence capacity to deliver at scale. Its activities include roundtables on the reimbursement of health apps, the development of educational communication of the label as well as healthcare professional guidance on the level of detail of the related health app quality report.

Led by EIT Health and involving HTA bodies across Europe, work is in progress on a Digital Medical Devices project towards a more harmonised European approvals process and cross-recognition of approvals between EU Member States. This work does not formally include endorsement of CEN-ISO TS 82304-2, but may do so in the future. Forthcoming European projects will tackle the development of specialised assessment methods for innovations such as AI and telemedicine / telehealth and will seek European harmonisation of these.

It should be noted that this Digest does not cover the Medical Device Regulation requirements and CE marking against that, which is a large topic on its own. Developers will need to establish if their innovation is considered a medical device and, if so, prepare for and undertake CE marking for that Regulation. This is a much more complex assessment, and most developers will need to engage a regulatory expert or assessment company to assist them.

Implications for digital health uptake

  • This emerging landscape should provide developers of digital health solutions with more predictable and unambiguous expectations and evidence requirements for building quality into their design and for building the evidence when seeking approvals, including more fit for purpose assessments of AI; harmonisation of assessments across Europe, will open up a pan-European market for their products.
Enabling Actors
  • Standardisation bodies should find that the requirements for the interoperability and security of personal health data within apps make better use of their published standards.
  • HTA bodies should find a better and more fit for purpose assessment methodology they can use, as well as being able to accept the assessment decisions of other European HTA bodies.
Payers and procurers
  • The availability and use of a fit for purpose certification scheme for health and wellness apps, and its European harmonisation, should increase confidence in procurement and open up a wider European market for trustworthy products to procure.
  • End users of certified digital health products should have greater confidence in their reliability, usability, their effectiveness and protection of data. Professional medical associations should be able to mainstream the use of apps into clinical guidelines.

Remaining gaps and issues

The present assessments performed by HTA and other governmental agencies vary across Europe and the expectations for successful approval are not always well and precisely specified. This makes it problematic for developers to know what criteria they need to meet and have evidence for, and creates the burden of having to present different evidence per country even within the EU.
A further challenge is that existing assessment methodologies are not well suited to innovative products such as those incorporating AI, and are not well suited to assessment of digital health services that embed a technology product into a modified method of delivering care, such as telemedicine, where the intervention is not only to introduce the technology.
Better and more fit for purpose assessment methods are required for innovative technologies, and the methods and evidence requirements need to be harmonised, at least within the EU, to enable a single market for digital health.

Legislative, regulatory, policy or standardisation instrument, or good practice

CEN-ISO TS 82304-2: Health software Part 2:
Health and wellness apps Quality and reliability

Instrument status:
International ISO Technical Specification

Publisher or source:
The International Organisation for Standardization (ISO)

Summary of the instrument

This Technical Specification primarily defines requirements that should be considered by any health and wellness app in order to be effective, reliable, usable and safe. It is primarily organised as a series of requirements, along with the nature of the developer response or evidence to be furnished that would be considered as meeting conformance. Apart from basic descriptive information about the developer and the app, these requirements cover:

  • Whether the app is also a medical device, requiring Medical Device Regulation certification
  • Specifying the patient demographic for whom it is intended
  • Whether research evidence or published guidelines have informed its design
  • The extent of relevant health professional involvement in its design
  • Documented product functional requirements
  • Risk assessments performed
  • Ethical assessments performed
  • Sources of funding obtained to develop the app
  • A transparent declaration of any costs to customers, users
  • The nature of the health and care interventions delivered, including the use of algorithms
  • Any required roles of health professionals in supporting its use by patients
  • The evidence of benefits from use
  • Usability standards and practices adopted
  • User involvement in the design and evaluations
  • The provision of suitable user instructions and guidance
  • Error checking and risk assessments performed
  • Data protection measure including data minimisation, data retention
  • How consent to use and reuse the data is communicated and collected
  • Information security risk assessments
  • Cybersecurity checks
  • Secure coding practices
  • Resilience, threat and load testing
  • Documented installation and deployment information
  • Documented maintenance, updating and release strategy
  • APIs available for data access and data sharing with other apps and health infrastructures
  • Data portability


These areas are linked to a method for scoring the developer and product. It is envisaged as third-party assessment but can also be used in the build phase to guide the development of the health apps. The weighted scores are used to tailor a graphical quality label that depicts the scores as coloured bars on rating scales, similar to the European energy label. This is intended to give potential adopters a simple visual presentation of the quality profile of the app, potentially making it easy to compare multiple apps.
Conformance to this CEN-ISO Technical Specification is determined on the basis of developer documentation against the requirements, and the open display by the developer of the independently calculated label.

Implication for digital health stakeholders
  • This Technical Specification offers developers a guide and checklist for defining developmental and quality processes that they should consider incorporating into their design, implementation, testing and maintenance processes.
  • It informs them of the nature and extent of documentation they should compile, from the start, in order to evidence the quality of their app product.
  • It offers developers a certified graphic they can use for differentiation within the market.
  • It informs adopters of the quality standards they may expect from an app and the evidence of that quality that was provided to assessment bodies, and which they should look for.


Instrument status:
European Commission funded project, running from 2022 to 2024
A certification scheme for CEN-ISO/TS 82304-2 (to be published)

Publisher or source:
The Label2Enable project

Summary of the instrument

By the end of the first quarter 2024 the project is going to deliver a tested and validated CEN-ISO/TS 82304-2 certification scheme (conforming to the ISO/IEC 17065 standard for certification schemes). This scheme specifies how a European ecosystem of assessment bodies and certification bodies can enable the wide scale formal assessment and certification of health and wellness apps conforming to CEN-ISO/TS 82304-2. It effectively transforms the content of the Technical Specification into a process and governance framework for independent app assessment and labelling that ensures consistency of the assessments across Europe.

This will be accomplished through a process of accrediting assessment organisations to implement this scheme, and the delivery of a handbook for such organisations to ensure the consistency of their assessments. The project is also establishing an oversight framework, and a process for monitoring uptake. This includes a process for identifying improvements and new areas of requirement that are needed, maintaining the scheme and handbook, and a method for feeding this into CEN and ISO to inform future updates of the Technical Specification.

The project is also engaging with health professionals and patient organisations to co-create educational communication on the label, to explore the potential of 82304-2 for uptake of (quality requirements for specific types of) apps in clinical guidelines, and how the availability of an app quality label could support clinical decision-making. This includes finding out what healthcare professionals need in the detailed health app quality report to be able to recommend health apps for use by their patients and how developers should display their label effectively in app stores, app libraries and trusted sources. It will explore with health insurers and HTA bodies how the Label2Enable assessment framework can help in their decision-making on reimbursement of health apps.

The project is also undertaking extensive communication and promotion about the importance of quality labelling health and wellness apps.

Implication for digital health stakeholders
  • The forthcoming introduction of an app certification scheme will allow developers a route to formally demonstrate the quality of their apps to approval bodies such as HTA and to purchasers such as health systems.
  • App developers also need to take on board that they will need to demonstrate the quality of their products through certification and the label, as this will become an increasing and competitive expectation in the market, for approval bodies and purchasers.