Cyber-physical and software-intensive systems for public use typically are subject to various national regulations and EU regulations, like the General Data Protection Regulation (GDPR), the Medical Device Regulation (MDR), the Low Voltage Directive (LVD), the Radio Equipment Directive (RED), the Measuring Instruments Directive (MID), and others. According to the „New Approach“ to product safety in the EU, the party that places a product or service on the market is responsible to proactively assess the conformity of said product with all applicable regulations. Depending on the risk class of the product, a Notified Body (NB) must be involved during the conformity assessment process. Certain harmonized EU norms embody the current state of the art and carry the assumption of conformity if the norm is properly followed.

We support you in determining which regulations your system might be subject to, which harmonized norms are applicable, and which requirements resulting from these norms and regulations your design needs to fulfill. For specific regulations, we highly recommend to involve a specialized consultant early on, especially if conformity assessment must be handled by a Notified Body. We provide support to structure the entire development process such that conformity considerations are respected from the get go, and to efficiently communicate with both specialized consultants and official bodies.

No matter which regulations your system is subject to, at the core of the „New Approach“ is a risk analysis with respect to the essential requirements of these regulations. The manufacturer must demonstrate, by means of norms and technical documentation, that the new product does not pose a risk to the public. We provide support documenting the architecture of your system including the safety and security considerations, and we can take over parts of the general technical documentation. Jointly with your domain experts and technical experts, we perform a risk analysis that specifically targets the applicable essential requirements and follows best practices, e.g., Common Criteria (CC). With our independent and experienced outside view, we can spot critical design issues early on. Our technical documentation is sound, precise and easy to understand – an important mark of quality that helps to reduce the number of cost-intensive iterations with certification laboratories and Notified Bodies.

Once your system is put on the market, your organization is obliged to monitor its performance with respect to the essential requirements of the applicable regulations, and to eventually correct thus-discovered risks. For software-intensive systems, it seems obvious to set up a data-driven automated monitoring solution, which allows to quickly determine and localize potential problems. In setting up such a system, you can rely on our expertise as well.