DMP / Helsetilsynet
Norway — DMP / Helsetilsynet
Forskrift om medisinsk utstyr (mirrors EU MDR)
Authority
Norwegian Medical Products Agency (Direktoratet for medisinske produkter)
Enforced
May 2021
Legal framework
Norwegian MD Regulation + EU MDR (via EEA) + NSM cybersecurity guidance
Scope
All medical devices marketed in Norway via EEA agreement; full EU MDR equivalence including SBOM and CRA pipeline.
Pre-market
EU MDR Annex I §17.2 evidence; Notified Body conformity assessment.
Post-market
Vigilance to DMP; NSM coordination for critical-infrastructure devices.
SBOM
RecommendedMirrors EU; CRA timeline applies via EEA.
Vulnerability disclosure
NSM NCSC coordinated disclosure recommended.
Penalty
EEA-aligned market removal and national fines.
Unique requirements
- 01Norwegian or EU Authorised Representative
- 02Norwegian-language IFU and labelling
- 03Helsetilsynet inspections
Highlights
- Full EU MDR equivalence via EEA
- NSM overlay for hospital-deployed devices
- CRA applies through EEA mechanism
Aligns with
Timeline
-
May 2021
MDR applicable via EEA
-
Dec 2027
CRA full compliance via EEA
Key documents
Related markets
Frequently asked about Norway
Is SBOM required for medical devices in Norway?
Recommended. Mirrors EU; CRA timeline applies via EEA.
What does DMP / Helsetilsynet require for pre-market cybersecurity?
EU MDR Annex I §17.2 evidence; Notified Body conformity assessment.
What are the post-market cybersecurity obligations under DMP / Helsetilsynet?
Vigilance to DMP; NSM coordination for critical-infrastructure devices.
What is the penalty for non-compliance with DMP / Helsetilsynet cybersecurity rules?
EEA-aligned market removal and national fines.
How much of my FDA cybersecurity package is reusable in Norway?
Roughly 60% — an editorial estimate based on overlapping evidence requirements (threat model, SBOM, security risk assessment, pen-test report).