The Crosswalk

    EDA

    Flag of EgyptEgypt — EDA

    GuidanceLast updated · 2024Verified · 2026-05-28

    EDA Medical Device Registration & PDPL Cyber Overlay

    Authority

    Egyptian Drug Authority

    Enforced

    2019 (Law 151/2019 — EDA establishment)

    Legal framework

    Law 151/2019 establishing the EDA + EDA medical device registration decrees; Personal Data Protection Law 151/2020 (PDPL) for connected-device data handling.

    FDA package reuse

    ~75%

    Scope

    All medical devices placed on the Egyptian market. SaMD reviewed under EDA's software-as-a-medical-device circulars. Connected devices subject to PDPL when processing patient data.

    Pre-market

    Registration dossier modelled on GHTF/IMDRF, with reliance on reference-country approvals (FDA, CE, Health Canada). No standalone medical-device cybersecurity guideline yet; cyber posture assessed via SaMD review.

    Post-market

    Vigilance reporting to EDA; PDPC handles data-breach notifications under PDPL.

    SBOM

    Not specified

    Not addressed by EDA today; CE/FDA SBOMs accepted as supporting evidence.

    Vulnerability disclosure

    EG-CERT coordination for healthcare ICT incidents; no medical-device-specific CVD requirement.

    Penalty

    Registration cancellation, market withdrawal, fines under Law 151/2019.

    Unique requirements

    • 01Egyptian authorised representative
    • 02Arabic-language labelling
    • 03Reliance dossier referencing reference-country approval

    Highlights

    • Reference-country pathway (FDA, CE, HC, TGA, PMDA)
    • Largest MENA market by population
    • PDPL data overlay for connected devices

    Aligns with

    IMDRF N60 ISO 13485 GHTF SG1

    Timeline

    1. 2019

      Law 151/2019 establishes EDA as independent authority

    2. 2020

      PDPL 151/2020 enacted

    3. 2024

      EDA reliance-pathway circulars expanded

    Key documents

    Related markets

    Frequently asked about Egypt

    Is SBOM required for medical devices in Egypt?

    Not specified. Not addressed by EDA today; CE/FDA SBOMs accepted as supporting evidence.

    What does EDA require for pre-market cybersecurity?

    Registration dossier modelled on GHTF/IMDRF, with reliance on reference-country approvals (FDA, CE, Health Canada). No standalone medical-device cybersecurity guideline yet; cyber posture assessed via SaMD review.

    What are the post-market cybersecurity obligations under EDA?

    Vigilance reporting to EDA; PDPC handles data-breach notifications under PDPL.

    What is the penalty for non-compliance with EDA cybersecurity rules?

    Registration cancellation, market withdrawal, fines under Law 151/2019.

    How much of my FDA cybersecurity package is reusable in Egypt?

    Roughly 75% — an editorial estimate based on overlapping evidence requirements (threat model, SBOM, security risk assessment, pen-test report).