R-TF Summary of Technical Documentation (STED)

Table of contents

• Administrative and Device Data
  • Device Identification
  • Manufacturer Information
  • Classification
  • Conformity Assessment Route
  • Notified Body
• Device Description and Specifications
• Principle of Operation
• Design Summary
• Variants and Models
• Medical Conditions Addressed
• GSPR Compliance Summary
• Applied Standards
• Design and Manufacturing summary
• Design and Development Process
• Novel Features
• Similar Devices on the Market
• Product History and Design Evolution
• Risk Management Conclusions
• Verification and Validation
  • Non-Clinical Testing Summary
  • Usability Evaluation
  • Cybersecurity Validation
  • Validation Conclusions
• Clinical Evaluation Report Summary
  • State of the Art Analysis
  • Clinical Investigation Evidence
  • Clinical Performance and Safety Conclusions
• Information Supplied by Manufacturer Summary
  • Key Warnings and Precautions
• Post-Market Surveillance and Vigilance
• Vigilance System
• Quality Management System
  • Key QMS Procedures Supporting Device
  • Suppliers and Subcontractors
  • Traceability
• Conclusion

Purpose of this document

This Summary of Technical Documentation (STED) provides a concise overview of the complete technical documentation for Legit.Health Plus as required for BSI (Notified Body) review under MDR 2017/745. This document follows the structure recommended by GHTF/IMDRF and facilitates the understanding of the device's safety, performance, and regulatory compliance without requiring immediate review of every detailed report.

Administrative and Device Data

Device Identification

	Information
Device name	Legit.Health Plus (hereinafter, the device)
Model and type	NA
Version	1.1.0.0
Basic UDI-DI	8437025550LegitCADx6X
Certificate number (if available)	MDR 792790
EMDN code(s)	Z12040192 (General medicine diagnosis and monitoring instruments - Medical device software)
GMDN code	65975
EU MDR 2017/745	Class IIb
EU MDR Classification rule	Rule 11
Novel product (True/False)	TRUE
Novel related clinical procedure (True/False)	TRUE
SRN	ES-MF-000025345

Manufacturer Information

Manufacturer:

	Manufacturer data
Legal manufacturer name	AI Labs Group S.L.
Address	Street Gran Vía 1, BAT Tower, 48001, Bilbao, Bizkaia (Spain)
SRN	ES-MF-000025345
Person responsible for regulatory compliance	Alfonso Medela, Saray Ugidos
E-mail	office@legit.health
Phone	+34 638127476
Trademark	Legit.Health

Authorized Representative: Not applicable (manufacturer is based in EU)

Single Registration Number (SRN): ES-MF-000025345

Classification

Device Class: Class IIb

Classification Rule Applied: Rule 11 (MDR 2017/745 Annex VIII)

Justification: Software intended to provide information which is used to take decisions with diagnostic purposes. The decisions have impact that may cause a serious deterioration of a person's state of health or a surgical intervention, therefore it is classified as Class IIb.

Detailed classification analysis is available in Device Description and Specifications.

Conformity Assessment Route

Route: MDR 2017/745 Annex IX (Quality assurance based on full quality assurance and examination of the design documentation)

• Annex IX Part I: Quality Management System + Technical Documentation
• Annex IX Part III: Surveillance and assessment
• Part II of Annex IX does not apply according to the device's risk classification

Notified Body

Notified Body: BSI Group The Netherlands B.V.

Notified Body Number: 2797

Certificate Number: MDR 792790 (if applicable)

Device Description and Specifications

The device, Legit.Health Plus, is a software medical device (SaMD) designed to assist healthcare practitioners in the analysis and evaluation of dermatological images. It utilizes advanced artificial intelligence (AI) algorithms to process images of skin lesions and conditions, providing quantitative assessments and diagnostic support.

Intended use

The device is a computational software-only medical device leveraging computer vision algorithms to process images of the epidermis, the dermis and its appendages, among other skin structures, enhancing efficiency and accuracy of care delivery, by providing:

• an interpretative distribution representation of possible International Classification of Diseases (ICD) categories that might be represented in the pixels content of the image
• quantifiable data on the intensity, count and extent of clinical signs such as erythema, desquamation, and induration, among others

Quantification of intensity, count and extent of visible clinical signs

The device provides quantifiable data on the intensity, count and extent of clinical signs such as erythema, desquamation, and induration, among others; including, but not limited to:

• erythema,
• desquamation,
• induration,
• crusting,
• xerosis (dryness),
• swelling (oedema),
• oozing,
• excoriation,
• lichenification,
• exudation,
• wound depth,
• wound border,
• undermining,
• hair loss,
• necrotic tissue,
• granulation tissue,
• epithelialization,
• nodule,
• papule
• pustule,
• cyst,
• comedone,
• abscess,
• hive,
• draining tunnel,
• non-draining tunnel,
• inflammatory lesion,
• exposed wound, bone and/or adjacent tissues,
• slough or biofilm,
• maceration,
• external material over the lesion,
• hypopigmentation or depigmentation,
• hyperpigmentation,
• scar,
• scab,
• spot,
• blister

Image-based recognition of visible ICD categories

The device is intended to provide an interpretative distribution representation of possible International Classification of Diseases (ICD) categories that might be represented in the pixels content of the image.

Device description

The device is a computational software-only medical device leveraging computer vision algorithms to process images of the epidermis, the dermis and its appendages, among other skin structures. Its principal function is to provide a wide range of clinical data from the analyzed images to assist healthcare practitioners in their clinical evaluations and allow healthcare provider organisations to gather data and improve their workflows.

The generated data is intended to aid healthcare practitioners and organizations in their clinical decision-making process, thus enhancing the efficiency and accuracy of care delivery.

The device should never be used to confirm a clinical diagnosis. On the contrary, its result is one element of the overall clinical assessment. Indeed, the device is designed to be used when a healthcare practitioner chooses to obtain additional information to consider a decision.

Intended medical indication

The device is indicated for use on images of visible skin structure abnormalities to support the assessment of all diseases of the skin incorporating conditions affecting the epidermis, its appendages (hair, hair follicle, sebaceous glands, apocrine sweat gland apparatus, eccrine sweat gland apparatus and nails) and associated mucous membranes (conjunctival, oral and genital), the dermis, the cutaneous vasculature and the subcutaneous tissue (subcutis).

Intended patient population

The device is intended for use on images of skin from patients presenting visible skin structure abnormalities, across all age groups, skin types, and demographics.

Intended user

The medical device is intended for use by healthcare providers to aid in the assessment of skin structures.

User qualifications and competencies

This section outlines the qualifications and competencies required for users of the device to ensure its safe and effective use. It is assumed that all users already possess the baseline qualifications and competencies associated with their respective professional roles.

Healthcare professionals

No additional official qualifications are required for healthcare professionals (HCPs) to use the device. However, it is recommended that HCPs possess the following competencies to optimize device utilization:

• Proficiency in capturing high-quality clinical images using smartphones or equivalent digital devices.
• Basic understanding of the clinical context in which the device is applied.
• Familiarity with interpreting digital health data as part of the clinical decision-making process.

The device may be used by any healthcare professional who, by virtue of their academic degree, professional license, or recognized qualification, is authorized to provide healthcare services. This includes, but is not limited to:

• Medical Doctors (MD, MBBS, DO, Dr. med., or equivalent)
• Registered Nurses (RN, BScN, MScN, Dipl. Pflegefachfrau/-mann, or equivalent)
• Nurse Practitioners (NP, Advanced Nurse Practitioner, or equivalent)
• Physician Assistants (PA, or equivalent roles such as Physician Associate in the UK/EU)
• Dermatologists (board-certified, Facharzt für Dermatologie, or equivalent)
• Other licensed or registered healthcare professionals as recognized by local, national, or European regulatory authorities

Each HCP must hold the academic title, degree, or professional registration that confers their status as a healthcare professional in their jurisdiction, whether in the United States, Europe, or other regions where the device is provided.

IT professionals

IT professionals are responsible for the technical integration, configuration, and maintenance of the medical device within the healthcare organization's information systems.

No specific official qualifications are mandated. Nevertheless, it is advisable that IT professionals involved in the deployment and support of the device have the following competencies:

• Foundational knowledge of the HL7 FHIR (Fast Healthcare Interoperability Resources) standard and its application in healthcare data exchange.
• Ability to interpret and manage the device's data outputs, including integration with electronic health record (EHR) systems.
• Understanding of healthcare data privacy and security requirements relevant to medical device integration, including GDPR (Europe), HIPAA (US), and other applicable local regulations.
• Experience with troubleshooting and supporting clinical software in a healthcare environment.
• Familiarity with IT standards and best practices for healthcare, such as ISO/IEC 27001 (Information Security Management) and ISO 27799 (Health Informatics—Information Security Management in Health).

IT professionals may include, but are not limited to:

• Health Informatics Specialists (MSc Health Informatics, or equivalent)
• Clinical IT System Administrators
• Healthcare Integration Engineers
• IT Managers and Project Managers in healthcare settings
• Software Engineers and Developers specializing in healthcare IT
• Other IT professionals with relevant experience in healthcare environments, as recognized by local, national, or European authorities

Each IT professional should possess the relevant academic degree, professional certification, or demonstrable experience that qualifies them for their role in the healthcare organization, in accordance with the requirements of the United States, Europe, or other regions where the device is provided.

Use environment

The device is intended to be used in the setting of healthcare organisations and their IT departments, which commonly are situated inside hospitals or other clinical facilities.

The device is intended to be integrated into the healthcare organisation's system by IT professionals.

Operating principle

The device is computational medical tool leveraging computer vision algorithms to process images of the epidermis, the dermis and its appendages, among other skin structures.

Body structures

The device is intended to use on the epidermis, its appendages (hair, hair follicle, sebaceous glands, apocrine sweat gland apparatus, eccrine sweat gland apparatus and nails) and associated mucous membranes (conjunctival, oral and genital), the dermis, the cutaneous vasculature and the subcutaneous tissue (subcutis).

In fact, the device is intended to use on visible skin structures. As such, it can only quantify clinical signs that are visible, and distribute the probabilities across ICD categories that are visible.

Explainability

For visual signs that can be quantified in terms of count and extent, the underlying models not only calculate a final value, such as the number of lesions, but also determine their locations within the image. Consequently, the output for these visual signs is accompanied by additional data, which varies depending on whether the quantification involves count or extent.

• Count. When a visual sign is quantifyed by counting, the device generates bounding boxes for each detected entity. These bounding boxes are defined by their x and y coordinates, as well as their height and width in pixels.
• Extent. When a visual sign is quantifyed by its extent, the device outputs a mask. This mask, which is the same size as the image, consists of 0's for pixels where the visual sign is absent and 1's for pixels where it is present.

The explainability output can be found with the explainabilityMedia key. Here is an example:

{
  "explainabilityMedia": {
    "explainabilityMedia": {
      "content": "base 64 image",
      "detections": [
        {
          "confidence": 98,
          "label": "nodule",
          "p1": {
            "x": 202,
            "y": 101
          },
          "p2": {
            "x": 252,
            "y": 154
          }
        },
        {
          "confidence": 92,
          "label": "pustule",
          "p1": {
            "x": 130,
            "y": 194
          },
          "p2": {
            "x": 179,
            "y": 245
          }
        }
      ]
    }
  }
}

Complete Description:

The device is a computational software-only medical device leveraging computer vision algorithms to process images of the epidermis, the dermis and its appendages, among other skin structures. Its principal function is to provide a wide range of clinical data from the analyzed images to assist healthcare practitioners in their clinical evaluations and allow healthcare provider organisations to gather data and improve their workflows.

The generated data is intended to aid healthcare practitioners and organizations in their clinical decision-making process, thus enhancing the efficiency and accuracy of care delivery.

Critical Usage Information

The device should never be used to confirm a clinical diagnosis. On the contrary, its result is one element of the overall clinical assessment. Indeed, the device is designed to be used when a healthcare practitioner chooses to obtain additional information to consider a decision.

Principle of Operation

The device operates as a cloud-based API (Application Programming Interface) that processes digital images of skin structures using artificial intelligence algorithms, specifically deep learning technologies, to provide clinical decision support to healthcare professionals.

Core Operating Principles:

1. Image Reception: The device receives digital images of skin structures through a REST API interface
2. Image Quality Assessment: Images are first assessed for quality and domain appropriateness
3. AI Processing: Validated images are processed through multiple deep learning models:
   • Vision Transformer (ViT) architecture for ICD category recognition
   • Object detection models for counting clinical signs
   • Semantic segmentation models for extent measurement
   • Image recognition models for intensity quantification
4. Output Generation: The device generates structured output in HL7 FHIR® format containing:
   • Probabilistic distribution across ICD-11 categories
   • Quantitative measurements of clinical signs (intensity, count, extent)

Mode of Action:

The device's mode of action is purely informational and analytical. It does not have pharmacological, immunological, or metabolic effects. The device:

• Analyzes visual patterns in digital images using trained neural networks
• Compares observed patterns against learned representations from validated training datasets
• Generates quantitative and probabilistic outputs based on mathematical computations
• Provides information to support healthcare professionals' clinical decision-making

The device does not make autonomous decisions, does not directly interact with patients, and does not replace the clinical judgment of healthcare professionals.

The device leverages deep learning algorithms trained on extensive datasets of dermatological images to analyze skin lesions and conditions. The AI-based processing enables pattern recognition and quantitative assessment of clinical signs, providing objective measurements to support clinical decision-making.

Design Summary

Software Architecture: The device consists of:

• HTTP API for secure data transmission
• Image Processors utilizing deep learning models
• Orchestrator for workflow management
• Report Builder for generating structured clinical output

Version: 1.1.0.0

Software Safety Classification (IEC 62304): Class B

Main Components:

• JSON data processing
• RESTful API interface
• Deep learning inference engine
• Clinical report generation system

Detailed architecture is documented in R-TF-012-029 Software Architecture Description.

Variants and Models

The device does not have any variants. It is a unique model with a single configuration.

Medical Conditions Addressed

The device addresses medical conditions pertaining to ICD-11 code 14 - Diseases of the skin.

As mentioned, the image-based recognition processor provides an interpretative distribution of probabilities of visible ICD categories. In other words, the device does not provide a true positive or true negative for any specific condition, like diagnostic tests. On the contrary, the device provides the full list of ICD categories and the probability distributed across all the categories.

More information regarding ICD categories can be found in the International Classification of Diseases 11th Revision.

Indications for Use

The device provides two types of information to healthcare professionals:

1. Severity Measurement: quantifiable data on the intensity, count and extent of clinical signs such as erythema, desquamation, and induration, among others
2. Diagnostic Support: interpretative distribution representation of possible International Classification of Diseases (ICD) categories that might be represented in the pixels content of the image

Contraindications:

• Skin structures located at a distance greater than 1 cm from the eye, beyond the optimal range for examination.
• Skin areas that are obscured from view, situated within skin folds or concealed in other manners, making them inaccessible for camera examination.
• Regions of the skin showcasing scars or fibrosis, indicative of past injuries or trauma.
• Skin structures exhibiting extensive damage, characterized by severe ulcerations or active bleeding.
• Skin structures contaminated with foreign substances, including but not limited to tattoos and creams.
• Skin structures situated at anatomically special sites, such as underneath the nails, requiring special attention.
• Portions of skin that are densely covered with hair, potentially obstructing the view and hindering examination.

Warnings:

Critical Understanding:

The device outputs a probabilistic distribution across all ICD-11 categories related to skin diseases. Unlike diagnostic tests (e.g., COVID-19 or HIV tests) that provide binary results (positive/negative), the device provides an array of ICD categories with distributed probabilities.

Device	Result type	Output
Diagnostic test	Binary confirmation	Boolean (TRUE/FALSE)
Legit.Health Plus	Probabilistic distribution	Array of ICD categories and distributed probabilities

The device cannot confirm the presence of a condition. This is a fundamental characteristic of its operation. The probabilistic distribution may be concentrated (leptokurtic) or dispersed (platykurtic) across categories, but the output is always a distribution across all ICD categories, never a binary result.

The device serves as a clinical decision support tool that complements healthcare professionals' expertise. Diagnostic decisions remain with the healthcare professional who combines clinical knowledge, patient history, laboratory results, and other sources of information, including the device output.

GSPR Compliance Summary

A comprehensive analysis of all applicable General Safety and Performance Requirements from MDR 2017/745 Annex I has been conducted. The complete GSPR checklist demonstrates compliance with all applicable requirements.

Key GSPR Addressed:

• GSPR 1: Safety and performance - Device achieves intended performance without compromising patient/user safety
• GSPR 2-4: Risk management - Comprehensive risk management system implemented per ISO 14971
• GSPR 5-6: Use error mitigation and usability - Evaluated per IEC 62366-1
• GSPR 14-17: Software-specific requirements - Full lifecycle per IEC 62304
• GSPR 23: Information supplied by manufacturer - Complete labeling and IFU per ISO 20417

Non-Applicable GSPR: Requirements related to sterility, biocompatibility, chemical/physical properties, and packaging do not apply as this is a standalone software medical device (SaMD).

Reference Document: R-TF-008-001 GSPR Analysis provides the complete mapping of each GSPR to applicable standards, procedures, and evidence.

Applied Standards

The device complies with the following harmonized standards and recognized guidance:

Quality Management:

• ISO 13485:2016 - Medical devices - Quality management systems - Requirements for regulatory purposes (Certificate in progress with BSI)

Risk Management:

• ISO 14971:2019 - Medical devices - Application of risk management to medical devices

Software Development:

• IEC 62304:2006+A1:2015 - Medical device software - Software life-cycle processes (Class B)
• IEC 82304-1:2016 - Health software - General requirements for product safety

Usability:

• IEC 62366-1:2015+A1:2020 - Medical devices - Application of usability engineering to medical devices

Clinical Evaluation:

• ISO 14155:2020 - Clinical investigation of medical devices for human subjects - Good clinical practice

Information Provided:

• ISO 15223-1:2021 - Medical devices - Symbols to be used with information to be supplied by the manufacturer
• ISO 20417:2021 - Medical devices - Information to be supplied by the manufacturer

Cybersecurity:

• ISO 81001-1:2023 - Health software and health IT systems safety, effectiveness and security

Key Guidance Documents Applied:

• MDCG 2019-11: Guidance on Qualification and Classification of Software
• MDCG 2020-1: Clinical Evaluation of Medical Device Software
• MDCG 2020-3 Rev.1: Guidance on Significant Changes for Medical Devices
• MDCG 2019-16: Guidance on Cybersecurity for medical devices

Gap Analysis: For standards not yet harmonized under MDR (ISO 13485:2016, ISO 14971:2019, IEC 62304:2006+A1:2015, IEC 62366-1:2015+A1:2020, ISO 14155:2020, ISO 20417:2021), detailed gap analyses have been performed demonstrating that the applied versions provide equivalent or superior compliance to MDR requirements. These analyses are documented in the Design and Manufacturing section of this STED.

Design and Manufacturing summary

Manufacturing License: Spanish manufacturing license obtained on 24th November 2020 for dermatology support software based on computer-assisted diagnosis.

Manufacturing Location:

• Design and Development: AI Labs Group SL, Gran Vía 1, BAT Tower, 48001, Bilbao, Spain
• Software Manufacturing (compilation and deployment): AI Labs Group SL, Gran Vía 1, BAT Tower, 48001, Bilbao, Spain

Quality Management System: ISO 13485:2016 certification in progress with BSI (Notified Body 2797).

Design and Development Process

The device has been designed and developed following a structured software lifecycle approach as documented in GP-012 Design, Redesign and Development procedure.

Design Methodology:

• Agile development methodology with iterative design cycles
• Risk-driven development approach
• Continuous integration and testing
• Version control and configuration management

Key Development Documents:

• R-TF-012-023 Software Development Plan
• R-TF-012-028 Software Requirement Specification
• R-TF-012-029 Software Architecture Description
• R-TF-012-030 Software Configuration Management Plan
• R-TF-012-033 Software Tests Plan
• R-TF-012-043 Traceability Matrix

Software Development Standards Applied:

• IEC 62304:2006+A1:2015 Class B requirements fully implemented
• ISO 13485:2016 design and development requirements (sections 7.3.x)
• ISO 14971:2019 risk management throughout software lifecycle
• ISO 82304-1:2016 health software safety requirements
• ISO 81001-1:2021 health software cybersecurity requirements

Software Safety Classification (IEC 62304):

Classification: Class B - Non-serious injury is possible from software failure.

Justification: The device is used as a clinical decision support tool under healthcare professional supervision. External mitigation measures (clinical oversight, alternative assessment methods, user training) reduce risks. While software failure could theoretically lead to incorrect diagnostic support, the clinical context and professional judgment provide significant risk mitigation. Detailed classification rationale is documented in R-TF-012-041 Software Classification 62304.

Class B Development Requirements Applied:

• Software development planning and documentation
• Risk-based software architecture
• Software unit implementation and verification
• Software integration testing and verification
• Software system testing
• Software release procedures

Configuration Management:

• Software versioning per MDCG 2020-3 Rev.1 guidance (documented in GP-012)
• Version control using Git repositories

Novel Features

The device incorporates artificial intelligence (AI), specifically deep learning algorithms, as its core technology.

The device introduces <strong>moderate novelties with moderate clinical impact</strong> in dermatological practice.

Clinical Novelties:

1. Mode of Use: Assessment of skin conditions is performed using AI-powered analysis of digital images rather than solely visual inspection, enabling primary care practitioners to assess conditions with higher diagnostic accuracy
2. Treatment/Management Option: Provides reliable non-invasive analysis for benign pathologies, introducing clinical pathways to potentially avoid invasive procedures such as biopsies
3. Interaction and Control: Shifts the diagnostic process from purely human assessment to an interaction between practitioners and artificial intelligence analysis
4. Clinical Workflow: Assists practitioners in decision-making by providing additional clinical information that enables faster diagnosis and improved referral decisions, reducing workload and waiting times

Device-Related Novelties:

1. Medical Purpose: Addresses previously unmet medical needs in the diagnosis of rare dermatological conditions (e.g., Generalised Pustular Psoriasis, Pemphigus Vulgaris, Palmoplantar pustulosis) where reliable and objective diagnostic tools are scarce
2. Design: Novel AI algorithms trained to provide physicians with additional information about suspected diagnosis, disease severity, and referral prioritization:
   • Vision Transformer (ViT) architecture adapted for dermatological images
   • Multi-modal analysis combining object detection, semantic segmentation, and image recognition
   • Model calibration using temperature scaling for interpretable probability distributions
   • Test-time augmentation for enhanced prediction stability
   • Dermatology Image Quality Assessment (DIQA) for specialized quality control
   • Domain verification for automated image validation
3. Components: Proprietary AI algorithm constitutes the core innovative component, custom-trained on 181,591 dermatological images to achieve specific clinical performance for the intended medical purpose

Conclusion:

The device introduces moderate novelties with moderate clinical impact in dermatological practice. It offers a new AI-powered methodology that provides additional clinical information to healthcare professionals, improving diagnostic accuracy and clinical workflow. However, it does not introduce new treatment approaches, modify standard clinical procedures, or create new medical intervention categories. The device acts as a clinical decision support tool that complements existing diagnostic methods (visual examination, dermatoscope, biopsies) without replacing clinical judgment.

For complete novelty analysis, refer to R-TF-015-001 Clinical Evaluation Plan Legit.Health Plus.

As explained in R-002-007 Process validation card, deep learning has the ability to analyze complex and large-scale medical datasets. It enables the medical device to recognize patterns and make accurate predictions, leading to improved diagnostic capabilities for skin diseases. By leveraging this advanced technology, the device offers more reliable results and enhanced patient outcomes.

AI/ML Characteristics:

• Type: Deep convolutional neural networks (CNNs)
• Training Data: Extensive datasets of dermatological images with expert annotations
• Validation: Performance validated against clinical ground truth per MDCG 2020-1
• Continuous Learning: The device does NOT implement continuous learning; models are locked after validation

AI Development Process: Documented in GP-028 AI Development procedure.

Similar Devices on the Market

State-of-the-art analysis has been conducted. Several similar devices exist on the market, but they are mainly focused on serving patients directly; whereas our approach is to help HCPs help their patients. Main competitors documented in R-TF-007-002 Post-Market Clinical Follow-up (PMCF) Plan include:

• Dermengine - Support tool for diagnosis of skin cancer
• Fotofinder hadyscope pro app - Patient management and skin microimages documentation
• Skinscreener - Skin lesions' risk assessment mobile application
• Skinvision - Skin cancer risk indication service
• Triage - Early detection and monitoring of skin conditions

Product History and Design Evolution

Previous Generation: The predecessor device was named Legit.Health. The new generation differs in that it's meant to integrate into organisation's software systems via server-to-server communication, allowing focus on interoperability and documentation.

Manufacturing License: Spanish manufacturing license obtained on 24th November 2020.

Regulatory History:

• According to Directive 93/42/EC, Rule 12 applies (Class I device)
• Declaration of Conformity issued December 2020 (valid until December 2028 per Regulation 2023/603)
• According to MDR 2017/745 Annex VIII, Rule 11 applies (Class IIb device)

Commercial Experience: Since launch in 2020, partnered with 21 customers (government-run and for-profit care providers), generating over 4,500 diagnostic reports by more than 500 professionals for over 1,000 patients.

Risk Management Conclusions

A comprehensive risk management process has been implemented per ISO 14971:2019 and documented in GP-013 Risk Management procedure.

Risk Management Plan: R-TF-013-001 Risk Management Plan establishes:

• Risk acceptability criteria
• Risk evaluation and control procedures
• Residual risk management approach
• Benefit-risk analysis methodology

Risk Analysis Conclusions:

All known and foreseeable hazards have been identified, analyzed, and evaluated. Risk control measures have been implemented and verified for all identified risks. The key findings include:

Main Hazard Categories Identified:

1. Software Errors: Incorrect diagnostic suggestions due to algorithm failures or data processing errors
2. Use Errors: Misinterpretation of device output by healthcare practitioners
3. Cybersecurity Risks: Unauthorized access, data breaches, or system availability issues
4. Integration Risks: Compatibility issues with customer IT systems
5. AI/ML Specific Risks: Model degradation, dataset bias, or performance in edge cases

Risk Control Hierarchy Applied:

1. Inherent Safety by Design: Algorithm validation, software verification, robust architecture
2. Protective Measures: User warnings, access controls, cybersecurity measures, monitoring systems
3. Information for Safety: Comprehensive IFU, user training materials, clear output labeling

Residual Risk Assessment:

All residual risks have been evaluated and are judged acceptable when weighed against the clinical benefits provided by the device. The overall benefit-risk ratio is positive.

Key Residual Risks:

• False negative/positive diagnostic suggestions (mitigated by clear labeling that device is for support only, not standalone diagnosis)
• Cybersecurity vulnerabilities (mitigated by regular security updates and monitoring)
• Use errors (mitigated by comprehensive user training and clear IFU)

Documentation:

• R-TF-013-002 Risk Management Record - Complete risk analysis with all identified hazards, hazardous situations, risk estimations, control measures, and verification
• R-TF-013-003 Risk Management Report - Annual risk management activity report with conclusions and benefit-risk analysis

Post-Market Risk Monitoring:

Risk management is a continuous process throughout the device lifecycle. Post-market surveillance data feeds back into risk management per GP-007 Post-Market Surveillance, ensuring:

• New hazards are identified and evaluated
• Effectiveness of risk control measures is monitored
• Risk acceptability criteria remain valid
• Benefit-risk ratio is continuously reassessed

Verification and Validation

Non-Clinical Testing Summary

Comprehensive verification and validation activities have been conducted per GP-012 Design, Redesign and Development procedure.

Performance Testing:

• Scope: Periodic review throughout product lifecycle
• Purpose: Ensure device meets technical specifications
• Documentation: Legit.Health Plus DHF

Verification Testing:

• Scope: Unit testing, integration testing, system testing
• Purpose: Confirm device works according to technical specifications after every modification
• Standard: IEC 62304:2006+A1:2015 Class B requirements
• Test Plan: R-TF-012-033 Software Tests Plan
• Results: All verification tests passed; device meets all specified requirements

Validation Testing:

• Scope: End-to-end system validation
• Purpose: Confirm device works as expected based on intended use
• Results: Device performs intended functions correctly and safely

Software Quality Assurance:

• Static code analysis
• Code reviews
• Automated testing (unit, integration, regression)
• Performance testing
• Security testing per MDCG 2019-16 cybersecurity guidance

SOUP Verification:

• All Software of Unknown Provenance (SOUP) components verified per R-TF-012-019
• Test coverage and common usage criteria evaluated
• Known anomalies documented and risk-assessed

Usability Evaluation

Comprehensive usability engineering process conducted per IEC 62366-1:2015+A1:2020 and documented in GP-025 Usability and Human Factors Engineering.

Usability Engineering File: R-TF-025-001 Usability Plan establishes the complete usability process including identification of use scenarios, hazard-related use scenarios, and selection criteria for summative evaluation.

Formative Evaluation:

• Report: R-TF-025-002 Formative Evaluation Report
• Purpose: Identify and mitigate use-related risks early in development
• Methodology: Task analysis, user interviews, prototype testing with representative users
• Results: Use errors identified and mitigated through iterative design improvements

Summative Evaluation:

• Protocol: R-TF-025-004 Summative Evaluation Protocol
• Report: R-TF-025-007 Summative Evaluation Report
• Purpose: Validate safety and effectiveness of user interface in simulated use environment
• Participants: Representative healthcare practitioners from intended user population
• Scope: All hazard-related use scenarios tested
• Results: Device demonstrated safe and effective usability; no critical use errors observed in final design

Validation Report: R-TF-025-004 Usability Validation Report confirms that use-related risks are acceptably controlled.

Key Findings:

• User interface (API integration) is appropriate for intended users (healthcare IT systems)
• Device output is clearly structured and interpretable
• Warnings and precautions are appropriately communicated in IFU
• Device integrates successfully into clinical workflows
• Use-related risks controlled through design, protective measures, and user information

Cybersecurity Validation

Cybersecurity requirements validated per MDCG 2019-16 and ISO 81001-1:2021:

Security Controls Implemented:

• Secure data transmission (HTTPS/TLS encryption)
• Authentication and authorization controls (OAuth/JWT)
• Data encryption at rest and in transit
• Audit logging and monitoring
• Vulnerability management process
• Security update procedures

Software Bill of Materials (SBOM):

A comprehensive SBOM has been generated using CycloneDX format to support cybersecurity vulnerability management and supply chain transparency. The SBOM documents all software components, dependencies, and their versions, enabling rapid identification and response to security vulnerabilities throughout the device lifecycle.

Documentation:

• R-TF-030-002 Software Bill of Materials
• R-TF-030-001 to R-TF-030-005 Cybersecurity validation and risk assessment documentation

Cybersecurity Management: Ongoing security monitoring and update process per GP-030 Cybersecurity Management

Validation Conclusions

All verification and validation activities confirm that Legit.Health Plus:

1. Meets all specified requirements (verification)
2. Fulfills its intended use safely and effectively (validation)
3. Can be used safely by intended users in intended environments (usability)
4. Maintains appropriate cybersecurity posture (security validation)

The device is ready for safe clinical use and meets all MDR 2017/745 requirements for market placement.

Clinical Evaluation Report Summary

A comprehensive clinical evaluation has been conducted per MEDDEV 2.7/1 Rev 4, MDCG 2020-1 (Clinical Evaluation of Medical Device Software), and GP-015 Clinical Evaluation procedure.

Clinical Evaluation Plan: R-TF-015-001 Clinical Evaluation Plan

Clinical Evaluation Report: R-TF-015-003 Clinical Evaluation Report

State of the Art Analysis

Comprehensive literature review conducted covering:

• Current knowledge and state of the art in dermatological diagnosis support
• Natural course of target skin conditions
• Alternative treatment and diagnosis options
• Technological context and advancements in AI/ML for medical imaging

Conclusion: The device represents current state of the art in AI-assisted dermatological diagnosis support software.

Clinical Investigation Evidence

Multiple clinical investigations conducted in accordance with EN ISO 14155:2020 demonstrating device safety and performance in European clinical settings.

Clinical Development Plan: R-TF-015-008 Clinical Development Plan provides overview of clinical evidence generation strategy.

Peer-Reviewed Publications:

Several peer-reviewed publications in dermatology and medical imaging journals demonstrate clinical validity:

• Automatic severity scoring systems for various dermatological conditions
• Image quality assessment for remote dermatology
• Validation studies comparing device performance against clinical reference standards
• Studies published in journals including JEADV, Journal of Investigative Dermatology, and others

Clinical Investigations:

Multiple prospective clinical investigations conducted at European healthcare facilities:

• Studies across various dermatological conditions and patient populations
• Comparison against established clinical scoring methods and expert assessment
• Real-world clinical workflow optimization studies
• Studies conducted in Spain and other EU member states

Medical Congress Activity:

Substantial presentation of results at European and international dermatology conferences including EADV (European Academy of Dermatology and Venereology) and national dermatology society meetings.

Clinical Evidence Conclusion:

The body of clinical evidence demonstrates that the device:

• Provides reliable and reproducible results
• Supports healthcare professionals in clinical decision-making
• Offers acceptable benefit-risk ratio
• Performs safely and effectively in intended use conditions across diverse European healthcare settings
• Evidence presented to clinical community and peer-reviewed

Clinical Development Plan: R-TF-015-008 provides complete overview of clinical investigation strategy.

Clinical Performance and Safety Conclusions

Clinical Safety: No adverse effects or serious incidents identified in clinical data. Device demonstrates acceptable safety profile for intended use.

Clinical Performance: Device demonstrates:

• High accuracy in severity measurement of skin conditions
• Reliable diagnostic support across multiple dermatological conditions
• Consistency and reproducibility of measurements
• Clinical utility in supporting healthcare practitioner decision-making

Benefit-Risk Analysis: The clinical benefits of improved diagnostic support, objective measurements, and enhanced workflow efficiency significantly outweigh the acceptably controlled residual risks. Benefit-risk ratio is positive.

Clinical Evidence Adequacy: The body of clinical evidence (literature, clinical investigations, post-market data) is sufficient to demonstrate conformity with relevant GSPRs and to support the device's claims of safety and performance.

Information Supplied by Manufacturer Summary

Complete information has been prepared per ISO 20417:2021 and MDR 2017/745 Annex I Chapter III.

Instructions for Use (IFU):

• Location: https://apidocs-draft.legit.health/ (draft); will be published at https://apidocs.legit.health upon certification
• Languages: Available in English, Spanish, German, French, Portuguese (as required by target markets)
• Content: Complete instructions covering:
  • Device description and intended use
  • Indications, contraindications, and warnings
  • User qualifications and training
  • Operating instructions
  • Output interpretation guidance
  • Cybersecurity recommendations
  • Technical specifications
  • Customer support information

Label:

• Document: R-TF-001-008 Label
• Compliance: Per ISO 15223-1:2021 symbol standards
• Key Information:
  • Device name: Legit.Health Plus
  • UDI: (01)8437025550005(10)1.1.0.0(11)YYYYMMDD
  • Basic UDI-DI: 8437025550LegitCADx6X
  • Classification: Class IIb per MDR 2017/745
  • CE marking with Notified Body 2797 (upon certification)
  • Manufacturer information

IFU and Label Validation:

• Validation Record: R-TF-001-006 IFU and label validation
• Process: Per GP-001 Control of Documents
• Results: IFU and labeling validated for comprehension, accuracy, and completeness

Key Warnings and Precautions

Critical Usage Information:

• Device provides diagnostic support only; not for standalone diagnosis
• Results must be interpreted by qualified healthcare practitioners
• Device output is one element of overall clinical assessment
• Users must be trained in device operation and output interpretation
• Cybersecurity best practices must be followed

Contraindications:

• Skin structures located at a distance greater than 1 cm from the eye, beyond the optimal range for examination.
• Skin areas that are obscured from view, situated within skin folds or concealed in other manners, making them inaccessible for camera examination.
• Regions of the skin showcasing scars or fibrosis, indicative of past injuries or trauma.
• Skin structures exhibiting extensive damage, characterized by severe ulcerations or active bleeding.
• Skin structures contaminated with foreign substances, including but not limited to tattoos and creams.
• Skin structures situated at anatomically special sites, such as underneath the nails, requiring special attention.
• Portions of skin that are densely covered with hair, potentially obstructing the view and hindering examination.

Warnings:

Critical Understanding:

The device outputs a probabilistic distribution across all ICD-11 categories related to skin diseases. Unlike diagnostic tests (e.g., COVID-19 or HIV tests) that provide binary results (positive/negative), the device provides an array of ICD categories with distributed probabilities.

Device	Result type	Output
Diagnostic test	Binary confirmation	Boolean (TRUE/FALSE)
Legit.Health Plus	Probabilistic distribution	Array of ICD categories and distributed probabilities

The device cannot confirm the presence of a condition. This is a fundamental characteristic of its operation. The probabilistic distribution may be concentrated (leptokurtic) or dispersed (platykurtic) across categories, but the output is always a distribution across all ICD categories, never a binary result.

The device serves as a clinical decision support tool that complements healthcare professionals' expertise. Diagnostic decisions remain with the healthcare professional who combines clinical knowledge, patient history, laboratory results, and other sources of information, including the device output.

Post-Market Surveillance and Vigilance

Comprehensive post-market surveillance system implemented per GP-007 Post-Market Surveillance procedure.

Post-Market Surveillance Plan: R-TF-007-001 PMS Plan

Post-Market Clinical Follow-up Plan: R-TF-007-002 PMCF Plan

Periodic Safety Update Report (PSUR): R-TF-007-003 PSUR

Evaluation Reports:

• R-TF-007-004 PMS Evaluation Report
• R-TF-007-005 PMCF Evaluation Report

Data Sources:

• Customer feedback per GP-014 Feedback and Complaints
• Incident reports and vigilance data per GP-004 Vigilance System
• Clinical performance data from ongoing device use
• Literature monitoring
• Competitor and similar device monitoring
• Regulatory updates and guidance changes

Objectives:

• Confirm continued safety and performance
• Identify emerging risks or previously unknown hazards
• Detect adverse trends
• Support benefit-risk re-evaluation
• Generate data for Clinical Evaluation updates

Vigilance System

Vigilance system established per GP-004 Vigilance System procedure to ensure:

• Prompt detection and investigation of incidents
• Appropriate reporting to competent authorities per MDR requirements
• Root cause analysis and corrective actions per GP-006 Non-Conformity, Corrective and Preventive Actions
• Trend analysis of safety signals

Serious Incident Reporting: Processes in place to report serious incidents to BSI and competent authorities within required timeframes.

Quality Management System

ISO 13485:2016 Certification: In progress with BSI (Notified Body 2797)

QMS Documentation: Complete quality management system documented including:

• Quality Manual
• QMS procedures covering all regulatory requirements
• Work instructions
• Record control and document control per GP-001
• Management review process
• Internal audit program
• Corrective and preventive action system (GP-006)

Key QMS Procedures Supporting Device

• GP-001 Control of Documents
• GP-004 Vigilance System
• GP-006 Non-Conformity, Corrective and Preventive Actions
• GP-007 Post-Market Surveillance
• GP-008 Product Requirements
• GP-009 Sales
• GP-010 Purchases and Suppliers Evaluation
• GP-011 Provision of Service
• GP-012 Design, Redesign and Development
• GP-013 Risk Management
• GP-014 Feedback and Complaints
• GP-015 Clinical Evaluation
• GP-016 Traceability and Identification
• GP-017 Technical Assistance Service
• GP-018 Infrastructure and Facilities
• GP-025 Usability
• GP-028 AI Development
• GP-029 Software Delivery and Commissioning
• GP-030 Cybersecurity Risk Management

Suppliers and Subcontractors

Supplier Management: Per GP-010 Purchases and Suppliers Evaluation

Supplier Evaluation: R-010-001 Suppliers Evaluation 2023_001

Key Suppliers:

• Cloud infrastructure provider (evaluated and approved)
• Development tools and SOUP components (documented in R-TF-012-019)

All critical suppliers have been evaluated for quality, reliability, and regulatory compliance.

Traceability

Traceability System: Per GP-016 Traceability and Identification

Objective: Ensure all customers use latest version of the medical device

UDI System: Implemented per EU MDR 2017/745 requirements

• Basic UDI-DI: 8437025550LegitCADx6X
• UDI-DI format: (01)8437025550005(10)1.1.0.0(11)YYYYMMDD

Conclusion

This Summary of Technical Documentation (STED) provides an executive overview of the complete technical documentation for Legit.Health Plus version 1.1.0.0. The device has been designed, developed, verified, validated, and clinically evaluated in accordance with MDR 2017/745 and applicable harmonized standards.

Key Conclusions:

1. Safety and Performance: Device meets all applicable General Safety and Performance Requirements (GSPR)
2. Risk Management: Comprehensive risk management process implemented; all residual risks acceptable
3. Clinical Evaluation: Robust clinical evidence demonstrates safety and performance; benefit-risk ratio is positive
4. Quality System: ISO 13485:2016 QMS implemented and undergoing BSI certification
5. Post-Market Surveillance: Comprehensive PMS and PMCF plans in place to monitor continued safety and performance

The device is ready for MDR certification and market placement as a Class IIb medical device under the supervision of BSI (Notified Body 2797).

For complete detailed documentation, please refer to the full Technical File for Legit.Health Plus version 1.1.0.0.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

• Author: Team members involved
• Reviewer: JD-003, JD-004
• Approver: JD-001