Products Intelligence Pricing Methodology Contact
TRADE & GEOPOLITICAL RISK

Medical device cybersecurity

Medical device cybersecurity sits at the intersection of Trade and Geopolitical Risk in ways that compliance teams can no longer treat as a secondary concern. The U.S. Food and Drug Administration's 2023 refusal-to-accept policy for premarket submissions without a cybersecurity plan, combined with active scrutiny from the European Commission's Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs under the EU Medical Device Regulation, has created a dual-jurisdiction pressure point for any device with cross-border supply chains or foreign component sourcing. Firms with exposure to Asia-Pacific markets are also tracking the Pharmaceuticals and Medical Devices Agency of Japan as it tightens post-market cybersecurity expectations tied to software updates from foreign vendors.

Watch

  • FDA's refusal-to-accept policy: premarket submissions require a Software Bill of Materials
  • EU MDR Article 5 enforcement actions against devices with unpatched legacy software components
  • PMDA draft guidance on foreign vendor software update disclosures, expected Q3 review cycle
  • U.S. Commerce Department export controls potentially restricting dual-use cybersecurity tooling embedded in devices

Recent material activity in Trade & Geopolitical Risk

  • Apr 13, 2026 MATERIAL

    OFAC designates 14 entities linked to Russian defense procurement network

    The Treasury Department's Office of Foreign Assets Control added 14 entities and 6 individuals to the Specially Designated Nationals list for their roles in procuring critical technology components for Russia's defense i…

    Read a full sample brief →
  • Apr 10, 2026 MATERIAL

    BIS adds 22 Chinese semiconductor entities to Entity List for advanced chip diversion

    The Bureau of Industry and Security expanded export controls targeting Chinese semiconductor entities found to be diverting advanced computing chips through third-country intermediaries. New license requirements affect i…

    Read a full sample brief →