Find a Lawyer

Healthcare Tech in the Middle East

by Andrea Tithecott - - - Abu Dhabi
Christina Sochacki - - - Dubai Maze Tower

Published: 06/10/2019

Ready to launch your digital health technology in the Middle East? Understanding how the regulatory, IP, and commercial pieces of the digital health puzzle fit together is essential, albeit not the most glamorous side of your business. Working with a team who has expertise and experience concerning the legal, regulatory, and policy issues that affect digital health technologies and services will be key; compliance with these topics can make or break your company.

Key regulatory issues across the Middle East include:

  1. Classification of software, devices, and combination products:
    1. Health authority classification of your product will determine the regulatory scheme under which it falls and the resulting obligations for registration, monitoring, reporting, and importation processes, for example. If your business plan relies on being able to simply ship your device through an international carrier direct to users, classification as a medical device might greatly impact your business model and time to market.
    2. Understanding existing regulatory frameworks allows digital health tech companies to design their product’s functions and claims (such as health-related apps, wearable technologies and other software devices) in such a way so as to avoid or minimise regulation as a medical device in the Middle East, and also create adequate compliance controls to avoid burdensome fines for non-compliance will local laws.


  1. Healthcare and e-commerce services regulation;
    1. Restrictions exist regarding the sale of certain healthcare products online, often requiring that the retailer have particular licenses. Further, healthcare advertising laws will impact what can be displayed on your website.
    2. Conducting business online adds additional dimensions, such as website terms and conditions, privacy policies, copyright, electronic signatures, and contracting considerations.


  1. Connected device regulations;
    1. Additional regulatory approvals and licenses will likely be required for any connected devices intended to be brought to market.
    2. For example, most telecommunications sector regulators requires that many wireless or electronic devices are “type approved” before they can be imported and sold.
    3. Further, each of the UAE and the Kingdom of Saudi Arabia have introduced regulations for Internet of Things devices


  1. Healthcare ICT regulatory obligations;
    1. There has been a shift in the Middle East to impose data transfer limitations on data moving outside the country, particularly on healthcare data. For example, a new healthcare ICT law was passed this year in the UAE, with executive regulation expected by the end of the year. We anticipate that this will increase the demand of locally hosted cloud servers as the transfer of health information to externally hosted servers, cloud storage services, even foreign providers for a second opinion, for example, will be prohibited.


  1. Privacy and data security;
    1. Laws, regulations and guidance documents that govern data collection, processing, storage and usage, are at the core of digital health solutions.
    2. In recent years, governments in the region have been implementing new data privacy and security requirements, with further developments expected in the coming year.


  1. Intellectual property protections, including procurement, defence, and enforcement; and
    1. Your intellectual property is not just your technology, but also your logo, algorithms, and wireframes. If you have plans to expand your portfolio trademark class in the future, consideration should be given to protecting those concepts now.


  1. Product liability and medical malpractice liability.
    1. Product liability may stem from defects in hardware or software. Knowing your reporting, recall, and market surveillance obligations is fundamental to avoiding running afoul of local consumer protection laws.
    2. Further, providing healthcare information, diagnoses, or connecting patients and healthcare practitioners could be seen as telemedicine and open your company to medical malpractice liability, whether directly or vicariously. Digital health tech companies ought to understand the bounds of what is considered the practice of medicine in each jurisdiction and whether telemedicine laws, such as those in the UAE and KSA, will apply.

At this time, the Middle East is seeking to keep pace with healthcare regulatory developments in other parts of the world but the maturity of healthcare regulations in the Middle East lags behind those of the US, UK, and EU, for example. At the moment, digital health tech companies are required to work within existing regulations. In recent years, we have seen rapid developments and focus of Middle East governments on the healthcare sector, thus, health tech companies ought to also be ready to embrace developing regulatory changes.

The frequency at which complex healthcare regulations are changing makes it very challenging for healthcare organisations to stay in compliance. Our Healthcare Practice – who acts across the sector for start-ups, private providers, digital health companies, pharmaceutical and medical device companies, and governmental organisations – combines experts from our full service firm including; technology; healthcare regulatory; IP; corporate; commercial; finance; and employment lawyers. Our trusted experts have supported digital health tech clients in a range of areas in the Middle East.

Should you have any questions about starting or expanding your digital health tech company in the Middle East, we would be pleased to support and work with you. Please contact us at to discuss.