Medsafe

New Zealand — Medsafe

GuidanceLast updated · 2024Verified · 2026-05-28

Medicines Act 1981 + WAND notification + therapeutic products reform

Authority

New Zealand Medicines and Medical Devices Safety Authority

Enforced

WAND active; reform Bill in progress

Legal framework

Medicines Act 1981 + WAND database + Therapeutic Products Act (in implementation)

FDA package reuse

~90%

Editorial estimate · how →

Scope

All medical devices supplied in NZ require WAND notification within 30 days. Cybersecurity addressed via reform programme and CERT NZ guidance.

Pre-market

Notification only at present; full pre-market regime arrives with Therapeutic Products Act implementation.

Post-market

Adverse-event reporting to Medsafe; CERT NZ coordination for incidents.

SBOM

Recommended

Encouraged via FDA / TGA alignment for trans-Tasman manufacturers.

Vulnerability disclosure

Encouraged via CERT NZ coordinated disclosure.

Penalty

Withdrawal from WAND, sanctions under incoming Therapeutic Products Act.

Unique requirements

01WAND notification within 30 days of supply
02NZ Sponsor required
03Awaiting Therapeutic Products Act implementation

Highlights

Light-touch regime, reform incoming
Trans-Tasman alignment with TGA
FDA / CE / TGA approvals widely accepted

Aligns with

TGA Guidance IMDRF N60 ISO 13485

Timeline

2003

Medical Devices Regulations enacted
Jul 2023

Therapeutic Products Act passed
2024–26

Implementation phase, cyber rules expected

Key documents

Medsafe Medical Devices

https://www.medsafe.govt.nz/regulatory/DevicesNew/

Medsafe Safety Communications

https://www.medsafe.govt.nz/safety/SafetyCommunications.asp

WAND Database (Web-Assisted Notification of Devices)

https://www.medsafe.govt.nz/regulatory/DevicesNew/3WANDIntro.asp

Related markets

Singapore

~90% FDA reuse

Mexico

~90% FDA reuse

Hong Kong

~90% FDA reuse

Australia

~85% FDA reuse

Frequently asked about New Zealand

Is SBOM required for medical devices in New Zealand?

Recommended. Encouraged via FDA / TGA alignment for trans-Tasman manufacturers.

What does Medsafe require for pre-market cybersecurity?

Notification only at present; full pre-market regime arrives with Therapeutic Products Act implementation.

What are the post-market cybersecurity obligations under Medsafe?

Adverse-event reporting to Medsafe; CERT NZ coordination for incidents.

What is the penalty for non-compliance with Medsafe cybersecurity rules?

Withdrawal from WAND, sanctions under incoming Therapeutic Products Act.

How much of my FDA cybersecurity package is reusable in New Zealand?

Roughly 90% — an editorial estimate based on overlapping evidence requirements (threat model, SBOM, security risk assessment, pen-test report).