The Crosswalk

    KDA

    Flag of KuwaitKuwait — KDA

    GuidanceLast updated · 2024Verified · 2026-05-28

    MoH Medical Device Registration with GHC Reference Route

    Authority

    Kuwait Drug and Food Control / Ministry of Health (KDFC)

    Enforced

    2017 (KDFC medical device circulars)

    Legal framework

    Ministry of Health KDFC medical device registration circulars; Gulf Health Council (GHC) Centralized Registration Procedure available as a regional pathway across GCC. Cyber overlay relies on Kuwait Data Privacy Protection Regulation (CITRA, 2021) and CITRA's national cybersecurity strategy.

    FDA package reuse

    ~80%

    Scope

    All medical devices placed on the Kuwaiti market. GCC manufacturers may use the centralised GHC route covering KW, SA, AE, BH, OM, QA in a single dossier.

    Pre-market

    Reliance-based on reference-country approvals (FDA, CE, Health Canada, TGA, PMDA, MHRA). No standalone medical-device cybersecurity guideline; connected-device posture inherited from reference-country evidence.

    Post-market

    Vigilance reporting to KDFC; CITRA handles ICT-incident coordination for connected devices in healthcare networks.

    SBOM

    Not specified

    Not required by KDFC today; CE/FDA SBOMs accepted as supporting evidence.

    Vulnerability disclosure

    CITRA National CERT for ICT incidents; no medical-device-specific CVD requirement.

    Penalty

    Registration cancellation, market withdrawal, fines under MoH and CITRA orders.

    Unique requirements

    • 01Kuwaiti authorised local agent
    • 02Arabic-language IFU and labelling
    • 03GHC route subject to per-country acceptance

    Highlights

    • GHC central route covers 6 GCC markets in one dossier
    • Reference-country reliance is the dominant route
    • CITRA data-protection overlay for connected devices

    Aligns with

    GHC Centralized Registration Procedure ISO 13485 IMDRF N60 (via reference countries)

    Timeline

    1. 2017

      KDFC medical device registration circulars

    2. 2021

      CITRA Data Privacy Protection Regulation in force

    3. 2024

      GHC centralised registration scope expanded

    Key documents

    Related markets

    Frequently asked about Kuwait

    Is SBOM required for medical devices in Kuwait?

    Not specified. Not required by KDFC today; CE/FDA SBOMs accepted as supporting evidence.

    What does KDA require for pre-market cybersecurity?

    Reliance-based on reference-country approvals (FDA, CE, Health Canada, TGA, PMDA, MHRA). No standalone medical-device cybersecurity guideline; connected-device posture inherited from reference-country evidence.

    What are the post-market cybersecurity obligations under KDA?

    Vigilance reporting to KDFC; CITRA handles ICT-incident coordination for connected devices in healthcare networks.

    What is the penalty for non-compliance with KDA cybersecurity rules?

    Registration cancellation, market withdrawal, fines under MoH and CITRA orders.

    How much of my FDA cybersecurity package is reusable in Kuwait?

    Roughly 80% — an editorial estimate based on overlapping evidence requirements (threat model, SBOM, security risk assessment, pen-test report).