Skip to main content

Digital Therapeutics – Liability Mine Field

Av Alexander Klatt
Senior Underwriter Pharma Life Science

Since digital therapeutics are a new category of products, some of these risks pose new challenges for economic agents.

Digital therapeutics are one of the topics in the life sciences and healthcare industry. The possibilities range from digital diaries for chronically ill patients (e.g. digital diabetes management) to AI-based dosage recommendations, radiological image evaluations and prognoses for disease progression to software for monitoring vital body functions and biosensors connected to smart devices. The diversity of such digital technologies, which can complement or even completely replace traditional diagnostics and therapies, can hardly be broader.

According to some analysts, the market for digital therapeutics is growing rapidly. It is expected to reach approximately US $55 billion by 2025. It is therefore hardly surprising that, in addition to the well-known players from the pharmaceutical and medical products industry, new players such as start-ups or tech giants are increasingly entering the lucrative market of digital therapeutics. At the same time, regulatory requirements are also increasing, in particular for the approval and demonstration of clinical benefits of such products.

The enormous medical and technical possibilities offered by digital therapeutics for patients, doctors, nurses and other healthcare providers entail special challenges and liability risks for the developers, manufacturers, importers and distributors ("economic agents") of such products. Since digital therapeutics are a new category of products, some of these risks pose new challenges for economic agents.

What are digital therapeutics?

The variety of digital therapeutics differs not only with regard to the respectively claimed clinical indications and technical performance of the products. The regulatory requirements and liability risks can also vary in individual cases.

Digital therapeutics are often referred to as medical devices. These are medical devices, which manufacturers produce for use in humans. Unlike drugs, they are not pharmacologically, metabolically and/or immunologically active, but primarily physically active. Software (e.g. a health app) can also be a medical device if it is to be used for therapeutic or diagnostic purposes for humans. Digital therapeutics are to be distinguished from fitness apps, which, for example, record daily steps or count calories and are hardly regulated. Since such fitness apps usually do not pursue any specific diagnostic or therapeutic benefit in the narrower medical sense, they usually do not constitute medical devices. Therefore, they are subject to less stringent requirements.

According to the new European Medical Devices Regulation ("MDR"), medical devices are divided into four main classes based on risk: I, IIa, IIb and III. This also applies to digital therapeutics (software). The higher the risk potential for patients, the higher the class of digital therapeutics and thus the requirement for their approval as a medical device. For example, if digital therapeutics are only intended to provide the physician with certain data about patients that are intended to support medical diagnosis and/or therapy (e.g., digital diary of pain, diabetes or migraine), they are generally classified into a low risk class (I or IIa). However, if such data are vital signs (e.g. heart rate, blood pressure, respiration rate, oxygen saturation) measured by biosensors on the patient's body, which are directly involved in medical decision-making and which, if they do not function properly, can result in a deterioration of the patient's health status or even death, the product is regularly classified into higher risk classes (IIb, III).

Within the group of digital therapeutics, there is a special category of products that can be prescribed in Germany by doctors, dentists and psychotherapists and – since recently – are paid for by statutory health insurance companies ("GKV") ("apps on prescription"). These products are also referred to as “digital health applications” (digitale Gesundheitsanwendung “DiGA”). A prerequisite for registering a DiGA is, among other things, its classification as a low-risk medical device (Class I or IIa). In addition, the main function of the DiGA must essentially be based on digital technologies, e.g. supporting the doctor or the patient in the detection, monitoring, treatment or alleviation of diseases.

Statutory health insurance companies bear the costs for DiGA if these have been previously checked by the Federal Office for Drugs and Medical Devices ("BfArM") and included in the list of reimbursable digital health applications ("DiGA directory"). To be listed, BfArM checks, among other things, the compliance of the product with medical device requirements according to MDR (including CE certification, security, functionality), compliance with data protection and data security requirements as well as the accessibility of the product for patients with statutory health insurance. The relevance of the product to the German health system is also decisive in the sense of a benefit, i.e., the positive effects on health care, which the manufacturer has to prove through clinical studies. Since the end of 2019 with the entry into force of the Digital Care Act ("DVG") in Germany, more than 30 digital health applications (e.g., to support depression, digital diabetes management, therapy against anxiety, digital tinnitus counselling) have already been added to the DiGA directory (provisionally or permanently) and approved for medical prescription and reimbursement by the statutory health insurance companies. This makes Germany the world leader in "apps on prescription".

What liability risks can exist for economic agents?

Digital therapeutics is a novel category of medical devices. Relevant court decisions on liability issues have been lacking so far, for example, the specific requirements for the proof of clinical benefit and safety, which could provide greater legal certainty for manufacturers of digital therapeutics.

However, the following applies to all digital therapeutics: The liability risks that individual economic agents can take must be differentiated, in particular, between the (claimed) clinical indication, technical functionality and risk classification of the concrete digital therapeutics. Liability issues are primarily based on the question of the due diligence standard to be observed. In principle, the physician is liable for the selection of digital therapeutics and the manufacturer is responsible for their functionality. The necessary due diligence of the individual economic agents must therefore always be determined in individual cases and based on the concrete digital therapeutics. For example, the more a health app can affect the health of its user (patient), the more stringent compliance, safety and liability standards must be placed on the product. If the health app is to replace (in part) a visit to a doctor, e.g. by making a medical diagnosis, the standard of due diligence increases.

The manufacturer is obliged to comply with its obligations to inform and instruct the user. For example, this summarises appropriate educational information that is displayed to the user before the app is made available. This also includes the fact that the manufacturer must ensure that only those medical and technical services are claimed for its digital therapeutics that can be proven on the basis of clinical data. The more the digital therapeutics are intended to replace medical action and/or can harm the user, the higher the requirements placed on these obligations.

Possible liability cases can basically also result from any design, manufacturing and instruction errors in digital therapeutics. In addition, liability for software and hardware errors can be considered. There is also a risk of cyber attacks or other data protection incidents, particularly with highly sensitive health data that is regularly collected and processed by digital therapeutics. The manufacturer is therefore obliged to design the product in such a way that third-party access is at least considerably more difficult. In general, the manufacturer and other economic agents might also be responsible under data protection law in accordance with the General Data Protection Regulation ("GDPR"), which may entail further obligations and liability risks.

If a failure of digital therapeutics results in harm to users, the affected persons may be entitled to be indemnified and receive compensation for damages for pain and suffering. The manufacturer may be liable for personal injury caused by a defective product under the Product Liability Act up to a maximum amount of 85 million euros. In addition, recourse claims from the statutory health insurance companies are conceivable, for example if a technically faulty DiGA has been prescribed by a doctor and reimbursed by the health insurance companies.

If digital therapeutics are classified as medical devices of a higher risk class (IIb, III), this might entail additional liability risks in individual cases. If there is a high potential for harm and therefore a special need for protection of patients when using such products, the mere suspicion of a defect might suffice for the assumption of a product defect. This can be at the expense of the manufacturer in the liability process if he cannot refute this suspicion of defect.

However, the liability risks for DiGAs tested and reimbursable by the BfArM are likely to be more manageable on a regular basis. The prerequisite for registering these health apps as DiGA is the classification as a low-risk medical device (I, IIa). However, even after BfArM has gone through the test procedure for safety, functionality and quality, it can never be completely ruled out that (occasionally) there will be malfunctions in the DiGA, for which manufacturers would have to be responsible in case of doubt.

Partnership with a liability insurance company specialized in these topics is required to counter these possible liability risks of a manufacturer effectively.


Digital therapeutics is a novel category of medical devices. Relevant court decisions on liability issues are lacking until now.

In practice, economic agents should therefore first critically examine whether the individual claimed functions of the product merely constitute a "fitness feature" or whether they (might) already result in classification as a strictly regulated medical device from a regulatory point of view. In addition, the question of which specific risk class the products are to be classified into is essential for the possible liability of economic agents, whose digital therapeutics are to be classified as medical devices. On the other hand, convincing clinical data on the therapeutic benefits of digital therapeutics and strict compliance with MDR and privacy and data security requirements could minimise liability risks.

Especially the new liability issues in connection with digital therapeutics, which are not to be underestimated and which have so far only been addressed in case law, require a concrete analysis of possible risks and a corresponding safeguarding on an individual basis. To ensure the best possible insurance coverage, we recommend detailed consultation with an insurer specialised in these matters.