the regulation of software · • the presentation is not legislative in nature and should not be...
TRANSCRIPT
![Page 1: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/1.jpg)
The regulation of software Medicines, biologicals, blood, tissues, and devices
David Wotton and Dr Elizabeth McGrath | 27 May 2015
Presentation to MSIA and MTAA
![Page 2: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/2.jpg)
Presentation to:
• the Medical Software Industry Association (MSIA) of Australia • the Medical Technology Association of Australia (MTAA)
2
![Page 3: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/3.jpg)
Disclaimer • The Australian Government Department of Health (of which the TGA is a part) advises that:
(a) this presentation should not be relied upon in any way as representing a comprehensive description of regulatory requirements, and
(b) cannot guarantee, and assumes no legal liability or responsibility for, the accuracy, currency or completeness of the information contained in the presentation paper or auditory statements.
• The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way.
• The presentation is not intended to be representative of the views of the International Medical Device Regulators’ Forum and should not be taken to be statements of the forum’s policy or position in any way.
3
![Page 4: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/4.jpg)
Today
Regulated by the TGA
IMDRF SaMD Project
A systems approach
4
Key messages and Q&A
![Page 5: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/5.jpg)
Regulated by the TGA
Administered by the TGA Legislation • Therapeutic Goods Act 1989 • Therapeutic Goods Regulations 1990 • Therapeutic Goods (Medical Devices) Regulations 2002 • Other legislative instruments including excluded and
exempt goods orders
5
![Page 6: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/6.jpg)
Regulated by the TGA
Software with a
therapeutic purpose (medical device
software)
Software used in manufacturing
Software for maintaining quality
management systems
Software, systems, and toolsets
applicable to all
6
![Page 7: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/7.jpg)
Regulated by the TGA Software with a
therapeutic purpose (medical device
software) Infusion pumps and blood-pressure monitors
IVD instruments and equipment (e.g., analysers, pregnancy testers)
Portable electronic devices, e.g., pacemakers, hearing aids, defibrillators
Patient monitors, ECGs, MRIs, and radiation-therapy machines
And many more…
7
![Page 8: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/8.jpg)
Regulated by the TGA Software with a
therapeutic purpose (medical device
software)
Embedded software (firmware, EPROM, etc)
Mobile, server (incl. cloud), desktop programs and apps
Programmable hardware (e.g., FPGAs)
Software that drives or controls other medical devices
8
![Page 9: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/9.jpg)
Regulated by the TGA
Software used in manufacturing Building-management systems
Production, sterilisation, water, and cleaning systems…
Statistical-process control systems
Lab equipment used in manufacturing
Applies only to systems used for or affecting production (manufacture)
9
![Page 10: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/10.jpg)
Regulated by the TGA Software for
maintaining quality management
systems
Enterprise resource planning systems
Documentation management systems
Corrective Action Preventive Action systems
Training and record-keeping systems
Other compliance systems
Applies only to QMS/GMP/compliance (not divorced business) systems 10
![Page 11: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/11.jpg)
Regulated by the TGA Software, systems,
and toolsets applicable to all Backup, fail-over, and redundant systems
Infrastructure and security systems (networks, firewalls, etc.)
Software-development toolsets (IDEs, compilers, etc.)
Monitoring and management systems (including load, performance, analysis)
Easily overlooked but important aspects of QMS/GMP, performance, and safety
11
![Page 12: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/12.jpg)
Regulated by the TGA Software with a
therapeutic purpose (medical device
software)
Medical devices Therapeutic Goods Act 1989, section 41BD:(1) A medical device is:
a) any instrument, apparatus, appliance, material or other article (whether used alone or in combination, and including the software necessary for its proper application) intended, by the person under whose name it is or is to be supplied, to be used for human beings for the purpose of one or more of the following: i. diagnosis, prevention, monitoring, treatment or alleviation of
disease; ii. diagnosis, monitoring, treatment, alleviation of or compensation
for an injury or disability; cont(…)
12
![Page 13: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/13.jpg)
Regulated by the TGA Software with a
therapeutic purpose (medical device
software)
The intended purpose Section 41BD (2) states that the intended purpose is to be derived from labelling, instructions, advertising material, and technical documentation provided by the legal manufacturer. NOTE: • The Secretary may declare particular things, devices,
classes, types, or articles to be medical devices or not. • Such a declaration under this section does not stop articles
from being therapeutic goods.
13
![Page 14: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/14.jpg)
Regulated by the TGA Software with a
therapeutic purpose (medical device
software)
When software becomes a medical device Software becomes a medical device when it meets the definition, that is, when the legal manufacturer intends for the software to be used in:
• diagnosis; • prevention; • monitoring; • treatment; or • alleviation of disease, disability, etc.
The manner, form, material not relevant to whether an item meets the definition. 14
![Page 15: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/15.jpg)
Regulated by the TGA Software with a
therapeutic purpose (medical device
software)
How medical device software is regulated in Australia Software is regulated under the medical devices regulatory framework
• Regulation is risk based • Manufacturers are required to demonstrate that their devices meet
the Essential Principles of Safety and Performance • Manufacturers apply Conformity Assessment procedures • Different classes require different Conformity Assessment
procedures to be applied by the manufacturer
For further information, refer to: • the Australian Regulatory Guidelines for Medical Devices (ARGMD) • Regulation of medical software and mobile medical 'apps'. 15
![Page 16: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/16.jpg)
Today Regulated by the TGA
IMDRF SaMD Project
A systems approach
Key messages and Q&A
16
![Page 17: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/17.jpg)
IMDRF SaMD Project
Software as a Medical Device guidance documents 1. Software as a Medical Device (SaMD): Key Definition 2. Software as a Medical Device: Possible Framework for Risk
Categorization and Corresponding Considerations 3. Software as a Medical Device (SaMD): Application of Quality
Management System (consultation underway)
17
![Page 18: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/18.jpg)
IMDRF SaMD Project
1. IMDRF definition of Software as a Medical Device
Software as a Medical Device (SaMD) is defined as software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.
This includes: • mobile phone and tablet apps, • desktop applications (e.g., radiation treatment planning SW), • software that runs in the cloud (e.g., Web applications), and • software that runs on any other general-purpose computing platform
(smart watches, smart eyewear, etc.)
18
![Page 19: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/19.jpg)
IMDRF SaMD Project
1. IMDRF definition of Software as a Medical Device
The SaMD definition excludes: • embedded device SW • SW that controls or drives hardware devices • SW used for maintaining quality systems • SW for manufacturing control & monitoring systems
• production, sterilisation, and cleaning systems • building management systems • etc.
19
![Page 20: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/20.jpg)
IMDRF SaMD Project
The definition of SaMD in context
Health IT
TGA/IMDRF Software
Scope
Medical Device
Software
SaMD
20
![Page 21: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/21.jpg)
IMDRF SaMD Project
1. IMDRF definition of Software as a Medical Device
SaMDs predominantly manage information rather than (directly) controlling the administration of energy or substances to or from a patient. The information is then used directly for diagnosis or indirectly for treatment*. The GHTF/IMDRF regulatory model makes minimal reference to information as a potential source of harm.
*Cognitive behavioural therapy applied by an SaMD would be considered by the TGA to be direct treatment. 21
![Page 22: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/22.jpg)
IMDRF SaMD Project
2. Proposed risk categorisation and considerations document
Objective is to introduce: • a foundational approach, • establish a common understanding for SaMD, • harmonised vocabulary, and • general and specific considerations
for manufacturers, regulators, and users Notes • No intention to replace or modify existing regulatory classification schemes
or requirements. Further efforts required prior to regulatory use. 22
![Page 23: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/23.jpg)
IMDRF SaMD Project
2. Proposed risk categorisation and considerations document
Contents • Introduction • Scope (including objectives) • Definitions • SaMD Definition Statement • Framework principles • General considerations
• Design and development • Changes
• Specific considerations • Socio-technical environment
• Technology and system
environment • Information security with
respect to safety • Appendices
• Clarification of definition of SaMD
• Analysis of SaMD framework with existing classifications
• References 23
![Page 24: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/24.jpg)
IMDRF SaMD Project
2. Proposed risk categorisation and considerations document
Some challenges with software Highly connected and dependent nature of software means that disruption in the ecosystem can result in loss of information, delayed, corrupted, or mixed patient information, or inaccurate information which may lead to incorrect or inaccurate diagnoses and/or treatments. Recent example:
A change to the firewall rules on a hospital network made by IT staff resulted in the alarm signals from patient monitors in ICU not being delivered to the nurses’ station.
24
![Page 25: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/25.jpg)
IMDRF SaMD Project
2. Proposed risk categorisation and considerations document
Software-related ‘failures’ => Where software is involved in an adverse event • Most relate to problems with requirements (incomplete or flawed assumptions) • Changes in socio-technical environment • System errors mis-attributed as ‘user errors’ (errors following user actions) • Insufficient controls for maintaining safety • The software behaved exactly as designed… • Traditional safety engineering approaches based on probability analysis
(FMEA, FTA, HAZOP, etc.) have limited applicability to complex systems • Emergent properties (safety is an emergent property)
25
![Page 26: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/26.jpg)
IMDRF SaMD Project
2. Proposed risk categorisation and considerations document
SaMD Categories
State of Healthcare situation or condition
Significance of information provided by SaMD to Healthcare decision
Treats or Diagnoses
Drives clinical management
Informs clinical management
Critical IV III II
Serious III II I
Non-Serious II I I 26
![Page 27: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/27.jpg)
IMDRF SaMD Project
2. Proposed risk categorisation and considerations document
• SaMD Definition Statement • Socio-technical environments • Technology and system environments • Information security with respect to safety • Reduced (external) verification options • Importance of a methodical and systematic
development process
27
![Page 28: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/28.jpg)
IMDRF SaMD Project
2. Proposed risk categorisation and considerations document
The proper and safe functioning of SaMD is highly dependent on a sufficient and common understanding of the socio-technical environment that includes the manufacturer and the user.
Software that is highly reliable and correct can be unsafe.
28
![Page 29: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/29.jpg)
IMDRF SaMD Project
3. Software as a Medical Device (SaMD) mapped to ISO 13485
The objective of this third document is to provide guidance on the application of existing, standardised, and generally accepted quality management system (QMS) practices to SaMD. Consultation out now (closes Monday 1 June 2015)
29
![Page 30: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/30.jpg)
Today Regulated by the TGA
IMDRF SaMD Project
A systems approach
Key messages and Q&A
30
![Page 31: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/31.jpg)
A systems approach
The TGA approaches inspections and reviews by: • taking a holistic rather than reductionist view • treating safety and performance as a dynamic control
problem rather than a reliability problem • identifying system behaviour safety constraints • assessing the sufficiency and adequacy of controls
put in place by manufacturers
Safe May include specific
performance requirements
(e.g., timing in a pacemaker)
31
![Page 32: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/32.jpg)
A systems approach
Some of the lifecycle steps
Design
Develop
Monitor
Improve
Report
The TGA looks to see that the manufacturer: • designs for safety and performance • develops for quality, robustness,
resilience, and predictability • monitors, reports, and improves using appropriate, sufficient, robust, and
defensible tools, approaches, and methods.
With sufficient breadth and depth of expertise. 32
![Page 33: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/33.jpg)
A systems approach
Safe state(s)
Safety-constraint examples: • Temperature limits • Toxicity limits • Timing limits • Accuracy, specificity • Voltage, current, frequency of
applied energy
Types of controls: • technical, • process (e.g., procedures), • social (people), • environmental, • etc.
Example controls: • Visual inspection procedures for
steps in manufacture • PCDs, monitoring of temperature,
humidity, and vacuum for EtO sterilisation machine
• Real-time ECG monitoring for patient monitor
• Database integrity constraints
33
![Page 34: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/34.jpg)
A systems approach
Review of safety controls
The TGA will look at controls that might affect safety, e.g.: 1. An unsafe control action is provided that creates a hazard 2. A required control action is not provided to avoid a hazard 3. A potentially safe control action is provided too late, too early,
or in the wrong order 4. A continuous safe control action is provided too long or is
stopped too soon 5. A control action required to enforce a safety constraint (avoid
a hazard) is provided but not followed (e.g., a procedure or instruction provided by the manufacturer).
34
![Page 35: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/35.jpg)
A systems approach
Where applicable, the TGA might look for: • Necessary and sufficient technical (including clinical) competence • Understanding of safe system states and constraints • Resilience engineering (robust, resilient designs) • Use of appropriate and sufficient risk-management tools, e.g., STPA • Methodical and systematic design and development
(e.g., design patterns and contracts)
Designs for safety and performance
—ISO/IEC/IEEE 29148; IEC 62304; ISO 14971; IEC/TR 80002-1; and IEC 62366. 35
![Page 36: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/36.jpg)
A systems approach
Where applicable, the TGA might look for: • Lifecycle development of software (i.e., IEC 62304) • Use of good software- and systems-engineering practice • Understanding of benefits and limitations of chosen development tools • Use of appropriate and sufficient risk-management tools • Methodical and systematic design and development
(e.g., design patterns and contracts)
Development for quality, predictability
—ISO 13485; ISO/IEC/IEEE 29148; IEC 62304; ISO 14971; and IEC/TR 80002-1. 36
![Page 37: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/37.jpg)
A systems approach
The TGA might also look for: • Signal monitoring and analysis (ISO 13485, leading safety indicators) • Understanding of limitations of monitoring processes
(shadow faults, medical and domain context of use) • Adverse-event and fault reporting (transparency) and investigations • Trends analysis • Corrections, corrective actions, and preventive actions
Monitoring, reporting, and continual improvement
—ISO 13485; ISO/IEC/IEEE 29148; IEC 62304; ISO 14971; and IEC/TR 80002-1.
![Page 38: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/38.jpg)
A systems approach Post-market monitoring, surveillance, and action
• Capturing and tracking incidents and complaints involving software is a significant challenge.
• Manufacturers are expected to identify leading safety indicators and are required to link incidents to CAPA and risk management activities—closing of the feedback loop…
• Recognise, Retain, and Report campaign
Not easily detectable after
supply
Easily detectable after supply
Difficult but possible to detect
after supply Essentially undetectable
(not possible to identify SW system
failure as the cause)
38
![Page 39: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/39.jpg)
Please report adverse events (incidents)…
Large datasets are needed for the identification of shadow faults.
TGA In addition to the direct management of safety issues, the data reported to us helps us to see trends and better understand the causes of adverse events where software is involved.
Your reporting helps us to identify and respond to safety matters.
www.tga.gov.au 39
![Page 40: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/40.jpg)
Today Regulated by the TGA
IMDRF SaMD Project
A systems approach
Key messages and Q&A
40
![Page 41: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/41.jpg)
Recap
Key messages and Q&A The TGA regulates a
broad range of software systems.
A holistic systems-engineering approach
is used
Many factors may be reviewed during an inspection or review
Lifecycle, design and development, monitoring,
and reporting are very important elements for
safety
Please help by reporting adverse events
41
![Page 42: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/42.jpg)
Q&A
Key messages and Q&A
www.tga.gov.au
TGA information services: • Safety alerts • Recall actions • Medicines Safety Update • Medical Devices Safety Update • Consultations • Publications • Scheduling
42
![Page 43: The regulation of software · • The presentation is not legislative in nature and should not be taken to be statements of any law or policy in any way. • The presentation is not](https://reader033.vdocuments.us/reader033/viewer/2022051814/6039855be68fd879637d1400/html5/thumbnails/43.jpg)