Back to Blog

Security & Compliance

UpHill Achieves European Class IIa Medical Device Certification

UpHill has achieved Class IIa medical device certification, a testament to our commitment to delivering safe, reliable, and high-performance technology. Here’s what sets our software apart.

Matilde Ferreira

Matilde Ferreira

February 26, 2025 · 4 min read

UpHill has officially certified its software as a Class IIa medical device, marking a significant milestone in healthcare technology. This achievement places UpHill among the first European software companies to obtain this certification, reinforcing our leadership in care orchestration and automation fields. Over the past two years, the company has undergone an extensive evaluation process, led by independent international auditors, to ensure compliance with the highest industry standards.
Achieving Class IIa certification is a testament to UpHill’s commitment to delivering safe, reliable, and high-performance technology. The process represented not only a significant financial investment - approximately half a million euros - but also a major effort from the entire team. The certification reflects the company's vision and ongoing commitment to aligning with the highest regulatory standards, reinforcing patient safety and clinical excellence.
Eduardo Freire Rodrigues, co-founder and CEO of UpHill, emphasizes the significance of this certification:

Most certified software in the EU consists of telemonitoring solutions that collect and process patient data. However, care orchestration is far more complex. It involves automating workflows, supporting healthcare professionals in decision-making, and coordinating tasks across teams throughout a patient’s care journey. On the other hand, many companies choose Class I certification, which is self-declared and avoids the lengthy, in-depth audit process. In contrast, our software underwent a rigorous evaluation by EU-designated independent bodies, ensuring compliance with the highest standards of quality and safety.

Class I vs. Class IIa: Understanding the Distinction

In the European Union, medical devices are classified based on the level of risk they pose and the complexity of their function. As software becomes an integral part of modern healthcare, regulatory frameworks now recognize certain digital solutions as medical devices. However, not all software certifications are equal. While many companies opt for Class I certification due to its simpler process, UpHill took the extra step to achieve Class IIa, which involves a much more rigorous evaluation. Here’s what sets our software apart:
1. External Audit vs. Self-Declaration
  • Class I devices are typically self-certified, meaning the manufacturer assesses compliance internally without requiring external validation.
  • Class IIa devices, like UpHill’s software, undergo a rigorous audit by an independent Notified Body - a recognized regulatory entity responsible for ensuring compliance with EU medical device laws. This process includes detailed assessments of design, functionality, risk management, and clinical effectiveness.

2. Complexity and Clinical Impact of Software Features

  • Class I medical devices are often limited to basic monitoring or administrative functions.
  • Class IIa devices perform more clinically significant tasks, such as decision support, care coordination, and automation of clinical workflows. Because they influence patient outcomes, these devices require robust validation, risk assessment, and regulatory oversight.

3. Confidence in Results and Processes

  • Class I software may collect and display patient data, but without an external audit, its accuracy and reliability are not independently verified.
  • Class IIa software must demonstrate clinical accuracy, reliability, and safety, providing evidence-based decision support and automated workflows that directly impact patient care. UpHill’s certification ensures higher confidence in the system’s outputs and recommendations.

4. Risk Management Requirements

  • Class I software follows basic risk management protocols but does not require a structured risk assessment.
  • Class IIa software must comply with ISO 14971, the international standard for medical device risk management. This includes continuous monitoring, risk mitigation strategies, and formal documentation of potential hazards.

5. Post-Market Surveillance & Compliance

  • Class I devices require general monitoring, but no structured post-market surveillance (PMS) plan.
  • Class IIa software demands continuous data collection, safety reporting, and regulatory compliance updates. This ensures long-term safety and effectiveness even after deployment in real-world settings.

6. Clinical Validation & Evidence Requirements

  • Class I software typically does not require extensive clinical validation.
  • Class IIa certification mandates scientific evidence, usability studies, and performance evaluations to validate the software’s clinical impact.

7. Software Updates & Change Control

  • Class I devices can undergo software updates without needing regulatory approval unless a significant change is made.
  • Class IIa software updates must be validated and, in some cases, reviewed by regulatory authorities if they affect clinical functionality.

8. User Documentation & Safety Information

  • Class I software has minimal documentation requirements.
  • Class IIa software requires comprehensive technical documentation, including detailed user manuals, risk disclosures, and clinical usage guidelines.

What Does This Certification Mean for Hospitals?

For hospitals choosing a care orchestration solution, Class IIa certification serves as a crucial decision-making factor, as it guarantees that healthcare providers are investing in cutting-edge technology, independently validated, and designed to ensure maximum patient safety and operational efficiency.
  1. Compliance with the Highest Regulatory Standards
    Full confidence that the solution has been evaluated according to objective, internationally recognized standards.
  2. Reduced Legal and Regulatory Risks
    Lower exposure to compliance issues and potential failures that could compromise patient safety or lead to legal implications for the institution.
  3. Greater Safety and Reliability in Clinical Decision-Making and Care Automation
    UpHill directly impacts the patient journey by streamlining processes and supporting doctors and nurses in clinical decision-making.

A Step Forward for Care Automation

By securing Class IIa certification, UpHill has set a new standard in healthcare software, offering a level of credibility and robustness that few competitors can match. This milestone not only validates UpHill’s technology but also reassures healthcare providers that they are implementing a solution built on the highest safety and quality standards.
Matilde Ferreira

Matilde Ferreira

Content Strategy & Communication Manager

Graduated in Communication Sciences, early on fell in love with storytelling. Started off as a journalist and then pivoted to the public relations world, she was always driven to craft relevant stories and bring them to the stage.

Get the latest on UpHill resources.