Navigating NMPA Approval for Mobile Medical Devices: A Review of the Renewed Guideline

NMPA published the “Guideline for Registration of Mobile Medical Devices” on May 7, 2025, replacing the 2017 version. This updated guideline is to facilitate manufacturers with local type testing and regulatory submission, and to provide reference criteria for quality system inspections. It forms an integral part of China’s Digital Health regulatory framework and serves as a supplement to other software & AI related documents, such as those on medical device software, cybersecurity, AI-assisted software, and human factors engineering.

The guideline references international recognized guidance and standards such as FDA’s “Policy for Device Software Functions and Mobile Medical Applications”, EC’s “Qualification and Classification of Standalone Software” and ISO’s “82304-2:2021 Health software – Part 2: Health and wellness apps – Quality and reliability”.

Please click HERE for our technical review on AI-aided Software Guideline. The article was published on BioWorld, a Hong Kong-based biotech magazine.

Click HERE for our webinar on “SaMD Registration Requirements: China & US Perspectives”

Click HERE for our webinar on “Key Takeaways and Best Practices of China Human Factor/Usability”

Scope of Application

The guideline applies to the registration of Class II and Class III mobile medical devices, including in vitro diagnostic (IVD) devices. Implantable and invasive devices are generally excluded from the definition of mobile medical devices; however, if such products utilize mobile computing terminals, relevant elements of this guideline may still be referenced.

Key Definitions and Classification

A mobile medical device is defined as a medical device that achieves one or more intended medical purposes through the use of non-invasive mobile computing technologies. These devices rely on mobile computing terminals—commonly referred to as smart terminals—used by healthcare professionals or patients. Mobile computing terminals may be classified as:

• Medical terminals, which are developed or customized by the applicant and form part of the product composition; or
• General-purpose terminals, which are commercially available devices procured by the applicant and do not form part of the registered product.

Based on their functional characteristics, mobile medical devices are categorized into three main types:

1. Mobile medical devices, which are medical electrical devices using mobile terminals and integrated or externally connected sensors to achieve medical functions comparable to conventional devices, such as mobile ultrasound systems or ambulatory ECG recorders.
2. Mobile standalone software, which operates on general-purpose mobile terminals (including built-in sensors) to independently achieve medical purposes, such as mobile image processing or ECG analysis software.
3. Mobile medical accessories, which are mobile terminals functioning as accessories to medical devices. These are further divided into control-type accessories, which directly control device operation and must be registered together with the parent device, and data-type accessories, which exchange or display medical data and may be registered either jointly or independently depending on their functionality.

The guideline clarifies that devices using mobile terminals solely for non-medical purposes are not considered mobile medical devices. Similarly, transferable medical devices that do not rely on mobile computing technology fall outside the scope of this guideline.

Fundamental Regulatory Principles

The guideline is built upon three core principles:

1. Technology-based evaluation: As mobile medical devices combine mobile computing technologies with traditional medical device functions, their safety and effectiveness assessments must address both conventional medical device risks and risks arising from mobile computing terminals.
2. Risk-based approach: Risk management must consider device type, intended use, user population, use environment, and the technical characteristics of the mobile terminal. Risks specific to mobile platforms—such as limited display size, variable lighting conditions, battery constraints, and open software environments—must be systematically identified and controlled.
3. Lifecycle quality management: Mobile medical devices are subject to full lifecycle quality control, encompassing pre-market verification and validation as well as post-market surveillance to identify and mitigate unforeseen risks.

Key Technical Considerations

The guideline highlights several technical areas that require particular attention during design, development, and registration:

• Product naming must comply with general medical device naming conventions, with “mobile” permitted as a descriptive modifier.
• Display performance requirements vary depending on clinical risk. Decision-support software generally requires higher display specifications, including minimum screen size, resolution, brightness, and touch responsiveness.
• Environmental lighting adaptability is critical due to variable use settings. For higher-risk applications, features such as ambient light detection and automatic brightness adjustment may be required.
• Battery capacity and endurance must be sufficient to meet clinical needs, particularly for long-duration monitoring applications, and include low-battery alerts.
• Openness of the external software environment must be controlled to prevent unintended operation, especially on general-purpose terminals with uncontrolled operating systems.
• Non-professional and home use scenarios require enhanced human factors engineering and user confirmation mechanisms to reduce misuse.
• Wearable computing technologies, such as flexible or body-worn devices, require additional consideration of usability, reliability, and wear-related risks.
• Cybersecurity capabilities must address data protection, access control, and secure data exchange in accordance with medical device cybersecurity guidance.

Registration Units and Clinical Evaluation

The guideline specifies how registration units and testing units should be defined for different types of mobile medical devices, generally referencing existing rules for equivalent conventional devices or standalone medical software. Clinical evaluation principles follow those applicable to medical device software. Where appropriate, equivalence-based clinical evaluation may reference either approved mobile medical devices or conventional devices with equivalent intended uses and core functions.

Mobile Computing Terminal Study Report

A dedicated Mobile Computing Terminal Study Report is required and should include terminal selection rationale, technical characteristics, risk management, requirement specifications, verification and validation activities, traceability analysis, and overall conclusions on safety and effectiveness. This report may be integrated into broader software documentation where appropriate, provided traceability is clearly demonstrated.

Registration Documentation Requirements

The guideline provides differentiated documentation requirements for mobile medical devices, mobile standalone software, and mobile medical accessories. In all cases, registration dossiers must integrate software studies, cybersecurity documentation, performance specifications, stability data, and clear labeling and instructions for use, with particular emphasis on terminal performance requirements and user risk warnings.

Takeaways from the AI & Software Guidelines

The mobile medical device guideline adopts and aligns with the principles and requirements set forth in related software & AI guidelines, including those on medical device software, cybersecurity, AI-assisted software, and human factors engineering.

During the review, the regulators will look at how the software is intended to be used, in what scenarios it is used and what core functions it has to ensure its safety and effectiveness:

1. Reviewers place emphasis on how the software controls data quality and enables generalizations that allow an algorithm to be effective across a range of inputs and applications, as well as what clinical risks may arise. The risks arising from the software can lead to late or unnecessary diagnosis and treatment.
2. Companies should submit clinical data that supports their software. Clinical institutions must meet the requirements for collecting, pre-processing and labeling data, and building datasets. For example, data masking and cleansing are required.
3. Data used by the software for trial runs must be sourced from legitimate third-party databases to ensure the data is accurate, standardized and diverse.
4. Developers must provide the ethnic and epidemiological variations in the data. If they cannot ensure the software’s safety and effectiveness if used in China, they must conduct clinical trials in the country to prove its reliability within China.
5. For algorithm design, reviews will look at algorithm selection, training and performance assessment as well as cybersecurity to ensure its interpretability.
6. Any algorithm-driven software updates would be considered major ones, which will require the regulators to re-assess the algorithm performance and clinical evaluation of the software to ensure its safety and effectiveness.
7. Manufacturers need to enhance the generalization ability of algorithms by diversifying datasets, strictly controlling the collection, pre-processing, and labeling process of the datasets, while also conducting risk analysis, risk control and documentation for the entire process.