🚀 Join our free Zoom workshop: AI, Data & the Law: What Startups Need to Know 👉🏼 Register
In Australia, you might be surprised by what qualifies as a “medical device” under the Therapeutic Goods Act 1989. Under medical device regulation, it’s not just diagnostic wearables, implantable devices, or hospital machinery that are covered. Apps, AI-driven health software, or digital platforms can also fall under this regulated category if they are intended for:
Startups can be blindsided by regulatory issues. A founder launches a “health app,” assuming it is unregulated, only to discover later that it must comply with TGA medical device regulations.
At Allied Legal, our experienced medtech and healthtech practice group regularly reviews the functionality, marketing claims, and data flows of startup products to determine if they enter regulated territory. We assist founders in correcting course, achieving compliance, and protecting their growth trajectories.
In this article, we will explore the following topics:
To understand why a “health app” may be subject to regulation, it is important to be familiar with the legal standards that apply.
Medical devices in Australia are governed by the Therapeutic Goods Act 1989 (Cth) (TGA) and the Therapeutic Goods (Medical Devices) Regulations 2002 (Cth).
At the core of this framework is the TGA, which oversees the inclusion of medical devices on the Australian Register of Therapeutic Goods (ARTG) before they can be lawfully supplied or marketed unless a specific exemption or exclusion applies.
A product qualifies as a medical device, among other things, if it is intended for diagnosis, prevention, monitoring, prediction, prognosis, treatment, or alleviation of disease. This definition now extends to software and digital applications, reflecting the growing influence of technology in healthcare.
Software as a Medical Device (SaMD) refers to software that operates independently on devices like laptops, smartphones, or tablets and serves a medical purpose. This includes all types of software such as mobile apps, SaaS platforms, and web-based tools that are intended to diagnose, prevent, monitor, predict, or treat diseases or disabilities, compensate for injuries, or investigate the human body. Examples of SaMD include software that diagnoses conditions based on user input (eg, a questionnaire) and mobile apps that connect to medical devices, such as a Bluetooth-enabled blood pressure cuff, to monitor and track health data.
The TGA will regulate AI when it is used for medical purposes. AI-powered medical devices include tools such as apps, cloud analytics predicting patient condition, treatment chatbots, generative AI clinical support systems, and radiology image analysis for diagnosing.
For guidance on an AI startup’s legal basics, see our article How to Build a Legally Strong AI Company.
Once a product is within scope, it must be classified. Medical devices are classified according to their level of risk, such as Classes I, IIa, IIb and III. Each classification determines the type and depth of regulatory scrutiny required.
For example, an active medical device for diagnosis is one designed to provide information for detecting, diagnosing, monitoring, or treating health conditions. This includes devices that:
Accordingly, it is essential to correctly classify the device under the TGA’s rules, undertake a conformity assessment to demonstrate compliance with the Essential Principles of safety and performance and secure ARTG inclusion before commencing marketing or supply.
Here are some common patterns and pitfalls we observe in Australian healthtech and AI startups:
Many founders mistakenly believe that the term “medical device” only refers to physical hardware. They assume that software is inherently safe. However, in practice, the TGA classifies software as a medical device if it is intended for medical use. We often encounter this mismatch during due diligence or enterprise negotiations.
Some products are launched in a “beta” or internal phase without planning for TGA compliance. When the startup later tries to scale or secure an enterprise health contract, regulatory requirements can stall deployment.
Startups may make medical-sounding claims in their marketing materials or pitch decks without proper evidence or disclaimers. This lack of documentation poses a marketing risk and can lead to regulatory investigations.
When the risk level is medium or high, the TGA expects clinical evaluation or performance data, not just laboratory proof. Many startups mistakenly believe that demonstrating algorithmic accuracy is sufficient; however, that is often not the case.
Changes to software, such as the addition of new features, may alter its classification. In some instances, adding a feature can elevate a Class I application to Class IIa or IIb, which introduces new regulatory obligations.
Relying on third-party AI components, open-source models, or cloud providers can create compliance gaps if contracts do not clearly outline obligations, data control, and audit rights.
A mismatch between consumer and clinician claims can create compliance risks under medical device regulations in Australia. An application marketed to consumers for general wellness may initially fall outside strict oversight. However, if users begin using it for diagnostic or therapeutic purposes—or if the target audience shifts to clinicians—this change in intended use can trigger additional regulatory obligations.
To avoid being blindsided, here is a roadmap for founders building healthtech / AI software:
Once regulated, classify your software under Australia’s classification rules. Use TGA guidance for software-based (active) devices. Therapeutic Goods Administration (TGA)+2Therapeutic Goods Administration (TGA)+2
If your product evolves, reassess classification.
For Digital Health and SaMD, it is crucial to determine whether it qualifies as SaMD and whether the software may be exempt. Developers must also consider cybersecurity and data integrity standards, transparency in algorithmic decision-making and compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) when handling health information. These obligations often overlap with broader data protection and AI governance considerations, an area the TGA continues to refine.
All marketing claims must be:
Startups should implement internal advertising reviews before launching campaigns to avoid regulatory penalties.
Embedding compliance into corporate culture demonstrates to investors and partners that the company takes its regulatory responsibilities seriously.
This forward planning can significantly reduce the time-to-market when expanding internationally.
Here is what can happen if a startup overlooks or mishandles medical device regulation:
Regulatory enforcement: Supplying an unregistered medical device on the Australian Register of Therapeutic Goods (ARTG) can trigger fines or force a product recall.
Sales disruption: Enterprise clients or hospitals may refuse to proceed with deployment until compliance is confirmed.
Investor hesitation: During fundraising efforts, any legal or compliance issues can jeopardise deals or lead to reduced valuations.
Litigation exposure: Claimants may allege misleading claims, violations of consumer law, or negligence.
Rework costs: If reclassification is required midway through development, you may need to redo compliance, rewrite code, or redesign features.
Market access delays: Your rollout plans, launch timelines, and international expansion efforts can be significantly stalled.
For medtech founders, navigating Australia’s regulatory environment can seem daunting. However, with the right legal and operational framework, compliance can become a strategic differentiator.
Engaging early with the TGA, implementing robust quality systems, and maintaining transparent governance are key steps toward building a compliant, trustworthy, and globally competitive medtech business.
Allied Legal advises startups in medtech and health innovation on TGA compliance, privacy, and governance. Its healthtech team offers legal compliance audits for products that may qualify as medical devices. For tailored advice, contact hello@alliedlegal.com.au.
