The business law firm’s Digital Health Mid-Year Review 2025 covers legal and regulatory developments across the EU and UK and is available for download from its website.

Michaela Herron, head of life sciences at Mason Hayes & Curran, said: “Standalone software including AI systems and medical device apps are now treated like any other physical product under EU product liability law. That is a major shift and expands liability to more actors in the healthcare ecosystem.

“Our mid-year review outlines the implications for digital health companies and analyses other key regulatory changes across the sector.”

The review includes a detailed analysis of the revised EU Product Liability Directive, which now expands the definition of a ‘product’ to include software.

Developers of apps and digital platforms intended for use in a healthcare setting may now be liable for harm caused by defects in their products. This includes issues linked to software updates, self-learning capabilities or cybersecurity vulnerabilities.

Additionally, the review highlights new international guidance for AI medical devices. Published by the International Medical Device Regulators Forum (IMDRF), the framework sets out ten core principles for the safe design and deployment of AI-enabled devices.

The regulation of telemedicine remains an evolving area. A recent Advocate General’s opinion from the Court of Justice of the European Union considering the regulatory status of fully remote and hybrid delivery models under EU law is covered in the publication.

The European Health Data Space Regulation, adopted in early 2025, is also examined. This landmark legislation will give patients greater control over their data, while enabling secure, anonymised access for research, policymaking and innovation across member states.

Jamie Gallagher, life sciences regulatory partner at Mason Hayes & Curran, said: “Digital health companies operating in the EU need to know how to navigate overlapping rules governing product safety, product liability, the use of AI, data privacy and cybersecurity.

“Understanding how these regimes interact has become essential to managing regulatory risk. Our mid-year review helps to bring this all together in one place as a practical reference for legal and industry professionals alike.”