26 March 2026

The legal landscape of FemTech

Written by:Marco de Morpurgo Sarah Cunningham Kate Black Chloe Forster Naomi Pryde

Introduction

FemTech – “Female Technology” – has emerged rapidly in recent years as a distinct category in the health and technology landscape, reflecting a long‑overdue recognition that historical product development has often failed to meet women’s needs.

For decades, clinical research focused heavily on white, male subjects, resulting in the development of products that didn’t reliably serve 51% of the population.

This is a clear blind spot in the product development cycle and one that’s long overdue for correction.

Although our FemTech Now article series focuses on bringing together the legal, regulatory and commercial insight into the issues shaping FemTech, it’s useful to acknowledge the factors that contributed to today’s landscape. Historically, clinical trial sponsors were cautious about involving women of “child‑bearing” potential, citing both liability concerns and the added complexity (and cost) of accommodating hormonal variation in study design. This conservatism was reinforced by the thalidomide tragedy of the 1950s and 60s, which resulted in widespread birth defects and led to decades of excluding many women from trials. This exclusionary approach ultimately limited research into women’s health and contributed to persistent gaps in clinical evidence.

The rise of FemTech can be seen, in part, as a response to these shortcomings – accelerated in recent years by rapid technological innovation, digital health adoption and the effects of the COVID‑19 pandemic.

The FemTech sector has grown significantly in recent years, with global investment reaching unprecedented levels as developers and investors recognise the commercial and social value of addressing women’s health needs.

But this growth brings with it a complex web of legal and regulatory challenges that can determine whether innovative products reach the market – and whether they do so safely and ethically. From navigating medical device classification to protecting highly sensitive health data, FemTech developers must grapple with overlapping regulatory frameworks that are themselves evolving rapidly.

This FemTech Series aims to provide practical guidance on these intersecting issues, helping developers, investors and advisers to understand the legal landscape and to build compliant, sustainable businesses.

The legal landscape in which FemTech innovators operate is complex and multi-faceted. So colleagues across DLA Piper’s Life Sciences and Healthcare, Technology and Consumer Goods sector teams have contributed to this series to help businesses navigate it.

Subsequent articles in this series will examine privacy and data security – a particularly pressing concern given that FemTech products often collect intimate information about fertility, menstruation, pregnancy, and reproductive health.

We’ll also consider the ethical dimensions of FemTech, including informed consent, the use of AI in healthcare, and the potential for algorithmic bias in health data analytics. Further articles will address intellectual property protection, structuring collaborations and partnerships, investment considerations, and the governance challenges posed by AI and machine learning.

This series aims to give stakeholders a comprehensive understanding of how to bring FemTech products and services to market responsibly, lawfully and successfully.

For now though, we begin this series by taking a closer look at medical device regulation and how it applies to FemTech.

Article 1: FemTech and the role of medical device regulation

Why qualification matters for FemTech products

A pivotal early question for FemTech developers is whether a product will be classed as a “medical device” or not, as this then determines the regulatory requirements the developers need to consider.

In the UK (and the EU and most developed markets), medical devices are subject to a distinct and more stringent regime than non-medical devices. In the UK, these requirements are laid out in the UK Medical Devices Regulations 2002 (SI 618) (the UK MDR). The requirements are largely modelled on the former EU Directive 93/42/EEC on medical devices – now replaced by the EU Medical Device Regulation 2017/745 (the EU MDR).

Correctly identifying whether a product is a medical device and which risk class it falls into is essential for determining the required conformity assessment, documentation and regulatory approvals that might be needed to take the product in question to market. If a company identifies this information too late or incorrectly, it may need to revise design documentation, obtain new clinical evidence, or put in place additional quality controls, all of which introduce delays.

Determining whether a product is a medical device can be more complex than expected and requires a careful, case‑by‑case analysis. Many FemTech products are mobile apps or online services, meaning they’re software‑based, further complicating the issue.

In the UK (and under EU law), a medical device can include software, and software itself can be a medical device. Where software is intended by its legal manufacturer for a medical purpose, it’s regulated as “software as a medical device” (SaMD). If driven by AI, the term “AI as a medical device” (AIaMD) may also apply.

The UK’s Medicines and Healthcare products Regulatory Agency (MHRA) has recognised that existing regulations aren’t entirely fit for purpose and contain relatively few software‑specific provisions despite the rapid growth and increasing sophistication of digital health technologies. This can increase complexity for companies operating in the FemTech space.

In response to this problem, the MHRA launched the Software and AI as a Medical Device Change Programme, an evolving initiative designed to clarify expectations across the full product lifecycle, strengthen both pre‑market and post‑market requirements, and ensure AI adaptability. While this programme continues to roll out new guidance, for now, the transitional nature of the reforms can leave FemTech companies navigating a regulatory environment that lacks complete certainty.

To fall within the definition of a medical device, a product needs to have an “intended medical purpose.” This is true not only under UK and EU law, but under the regulation of most countries globally, which follow the definition of medical device provided by the Global Harmonization Task Force / International Medical Device Regulators Forum. Generally speaking, an intended medical purpose will typically be assumed where products are intended to:

diagnose, prevent, monitor, treat or alleviate disease;
diagnose, monitor, treat, alleviate or compensate for an injury or handicap; and/or
control conception.

The intended purpose of a product is determined by what the manufacturer communicates – for example, through labelling, instructions for use, and promotional materials. This means that the advertising landscape for FemTech has a direct bearing on regulatory classification.

In the UK, non‑broadcast promotions are governed by the advertising codes enforced by the Advertising Standards Authority, which set high evidential thresholds for health‑related claims. Statements that imply diagnosis, treatment, contraception or fertility prediction are likely to be treated as medical claims and must be supported by robust substantiation commensurate with the claim and the potential risk to users.

Regulators assess the overall impression rather than isolated words, so a period-tracking app marketed purely for “wellness” purposes may not be a medical device, but if promotional materials or influencer endorsements suggest it can help users “predict fertility” or “identify hormonal imbalances,” regulators may treat it as having a medical purpose – triggering full medical device requirements. These principles apply across channels, including websites, app‑store listings, push notifications, email campaigns and social media. They also apply to influencer content and affiliate marketing, where brands are responsible for the claims made on their behalf and must ensure paid relationships are made clear. Testimonials, reviews, and user stories can illustrate experience but cannot substitute clinical evidence or exaggerate likely outcomes.

Platform policies and sectoral rules impose additional constraints that are particularly acute for reproductive health. Major social and app platforms treat topics such as fertility, contraception, pregnancy and menopause as sensitive categories, often requiring age‑gating, restricted targeting, and careful content framing. And app stores may ask developers to disclose regulatory status where an app functions as a medical device.

Under UK and EU medical device regimes, labelling and advertising must not be misleading and must align with the product’s intended purpose and any approved indications; overstating accuracy, using before‑and‑after imagery, or suggesting features amount to diagnosis can both influence device classification and trigger additional obligations.

Cross‑border campaigns should be localised to reflect UK/EU divergence and the product’s authorisation status in each market, and marketing teams should ensure that AdTech practices don’t rely on, or infer, special‑category health data without an appropriate lawful basis.

These dynamics mean that messaging strategy, substantiation and media planning aren’t merely brand considerations for FemTech businesses, but core compliance determinants that shape how and where products can be promoted.

Developers have to navigate divergent classification rules

The UK’s regulatory landscape is particularly complex following Brexit. Great Britain’s (GB) rules are still based on the older EU Medical Device Directive (93/42/EEC), while the EU MDR applies in Northern Ireland and across the EU. The result is, at times, an uneven set of standards and some divergence, which adds complexity for any developers looking to navigate the legal landscape.

The UK is phasing in reforms to address this divergence: enhanced postmarket surveillance entered into force in June 2025, and core premarket changes are expected during 2026. In addition, the MHRA launched a public consultation in February 2026 on indefinite recognition of CE-marked medical devices in GB, which, if adopted, would allow products certified under the EU MDR to continue to be placed on the GB market without the need for separate UKCA certification. Greater convergence between the UK and EU frameworks will no doubt be well received, particularly to support market access, reduce burden on manufacturers, and maintain supply stability.

At present:

In GB, many SaMD fall into the lowest risk class, allowing self‑certification (though note that the MHRA’s ongoing reform programme signals that classification rules are likely to tighten as new pre‑market regulations are introduced and may result in up‑classifying software, which would in effect bring GB closer to the current EU’s stricter regime, which is nonetheless subject to revision).
Under the EU MDR, most SaMD currently fall into class IIa or higher, requiring assessment by a Notified Body. But this is subject to revision following a European Commission proposal dated 16 December 2025, which would amend the current MDR classification rules, resulting in a lower risk classification for certain products, including medical device software.

This divergence has significant practical implications for FemTech developers. Under the GB framework, self-certification for lower-risk devices means that manufacturers can assess their own compliance, prepare technical documentation, and affix the UKCA mark without third-party review –reducing both cost and time to market.

By contrast, the current EU MDR’s stricter classification rules mean that the majority of software-based products – including many period-tracking, fertility, and symptom-monitoring apps – require independent conformity assessment by a Notified Body before they can bear the CE mark and be placed on the EU market. In this context, the Commission proposal for a targeted revision of the MDR is positive news for industry.

Notified Body capacity has been a persistent challenge since the EU MDR came into full effect. The number of designated Notified Bodies fell sharply during the transition from the Medical Devices Directive to the MDR, as bodies faced more demanding designation criteria and audit requirements. Although capacity has gradually increased, demand continues to outstrip supply, resulting in extended lead times for conformity assessments – sometimes exceeding 12 months for initial certification. For FemTech developers, this bottleneck can delay product launches, increase costs, and complicate investment timelines.

Developers operating internationally will need to plan resourcefully. In practice, this means:

Engaging early: Initiating discussions with Notified Bodies well in advance of intended launch dates, ideally during the product development phase, to secure assessment slots and clarify documentation expectations.
Prioritising markets strategically: Where resources are constrained, developers may choose to launch first in GB – where self-certification may be available – while EU certification proceeds in parallel. This can generate early revenue and real-world evidence, though careful attention must be paid to ensuring that marketing and distribution don’t inadvertently extend into EU territory before certification is complete.
Preparing robust technical files: Notified Body review cycles are often prolonged by incomplete or inconsistent documentation. Investing in thorough technical files, clinical evaluation reports, and quality management systems from the outset can reduce queries and accelerate assessment.
Monitoring regulatory developments: The MHRA’s Software and AI as a Medical Device Change Programme is producing frequent guidance updates, and GB classification rules may tighten during 2026. Developers should build flexibility into their compliance strategies to accommodate potential up-classification.
Considering multiple Notified Bodies: Some manufacturers apply to more than one Notified Body to mitigate the risk of delays with any single assessor, though this approach involves additional cost and coordination.

Finally, it’s worth noting that while GB currently recognises CE-marked devices – meaning products certified under the EU MDR can be placed on the GB market – the EU doesn’t recognise UKCA-marked devices. UK developers seeking EU market access must therefore comply with EU MDR requirements and obtain certification from an EU-recognised Notified Body, regardless of their GB regulatory status. As of February 2026, the MHRA is consulting on indefinite recognition of CE-marked devices for GB, which, if adopted, would provide long-term certainty for manufacturers and help maintain supply stability.

The MHRA has issued helpful guidance for software developers, which should be revisited alongside the forthcoming legislative refresh. The guidance should help developers in the FemTech space establish whether their products could be classed as a medical device.

Beyond market entry – post-market obligations

Regulatory obligations don’t end once a product is approved. Medical devices in both the UK and EU are subject to robust post‑market surveillance (PMS) requirements (intended to ensure the safety and performance of medical devices after they’ve been placed on the market). Manufacturers must:

monitor safety and performance on an ongoing basis;
collect and analyse safety signals;
implement corrective actions where required; and
consider product withdrawal if risk/benefit becomes unfavourable.

The consequences of getting classification wrong can be severe

This is all important, because the consequences of misclassifying a FemTech product – or failing to recognise that it qualifies as a medical device at all – can be severe. Products placed on the market without the required conformity assessment may be subject to enforcement action, including market withdrawal, product recalls and prohibition notices.

Beyond regulatory sanctions, manufacturers may face civil liability if users suffer harm from an inadequately assessed product, particularly where safety signals weren’t identified through proper pre-market evaluation or post-market surveillance. Reputational damage in a sector built on trust – where products often handle intimate health data – can be especially acute and difficult to recover from.

Retrospective compliance is rarely straightforward: companies that discover a classification error late in the product lifecycle may need to revise design documentation, obtain new clinical evidence, engage a Notified Body, or implement additional quality controls – all of which introduce significant cost and delay.

For FemTech developers operating across both GB and EU markets, the risk is compounded by the divergence in classification frameworks; a product that self-certifies in GB might require Notified Body assessment in the EU, and failure to appreciate this distinction could result in unlawful distribution in one or both markets. Getting the regulatory assessment right from the outset isn’t merely a compliance exercise, but a commercial imperative.

Reform changes are helping to modernise regulation

Although GB currently recognises CE‑marked devices, the EU doesn’t recognise certifications issued by UK Approved Bodies (UKCA-marked devices). UK developers seeking EU market access also have to comply with EU MDR requirements. As of February 2026, the MHRA is consulting on indefinite recognition of CE-marked devices for GB, which would provide long‑term certainty for patients and manufacturers. Approximately 90% of medical devices currently used in GB are CE marked.

As discussed in further detail above, alongside this, the MHRA continues to implement its “Software and AI as a Medical Device Change Programme,” which comprises 11 work packages aimed at modernising the UK’s regulatory approach to SaMD and AIaMD. The programme is a central part of the wider UK medical device reform agenda and is producing frequent guidance updates – particularly relevant for FemTech developers working with software‑based products.

Understanding the frameworks gives developers the edge

For any FemTech developer, determining whether a product qualifies as a medical device is a pivotal step. In some cases the answer is obvious, but many software‑based products sit in a grey area requiring careful, early assessment. Getting this right matters – it will shape regulatory strategy, influence time to market, and ultimately determine whether (and where) a product can be lawfully sold.

Anyone looking to develop FemTech should:

Assess early whether your product has an “intended medical purpose” based on intended use, labelling and marketing claims.
Determine the applicable classification (Class I, IIa, IIb, or III) under both GB and EU frameworks.
Identify whether Notified Body or Approved Body involvement is required.
Build post-market surveillance obligations into your compliance programme from the outset.
Monitor MHRA and EU guidance updates, particularly under the Software and AI as a Medical Device Change Programme and the December 2025 European Commission proposal for a targeted revision of the classification rules under the MDR.

In a sector where innovation intersects with sensitive health issues, compliance with medical device laws is essential – not only to avoid enforcement risk, but to ensure that products genuinely reach the women who need them. Understanding the evolving UK and EU frameworks will place developers in the strongest position to harness opportunities in this fast‑growing and dynamic area.