In the UK, a potential regulatory gap has emerged, with many FemTech apps operating outside the boundaries of formal healthcare oversight. This could be worrisome for users given the highly sensitive nature of the data they collect - from menstrual tracking to fertility predictions - combined with the growing influence these tools have on users' health decisions. While the sector offers real promise in addressing long-neglected areas of women’s health, the lack of tailored regulation could leave users exposed to risks around data privacy, clinical accuracy and safety. To ensure FemTech delivers on its potential without compromising trust or wellbeing, a more robust and specific regulatory framework may be required.
The regulatory loophole between ‘wellness’ and ‘health’ applications
Applications which serve a medical purpose generally fall into two categories: medical devices or in vitro diagnostic medical devices (IVDs). Whether a product has a medical purpose is largely determined by its labelling, instructions for use, and promotional materials. This gives manufacturers significant discretion in defining the intended purpose of their product. As a result, many developers market their apps as ‘non-medical’ or ‘wellbeing’ tools to avoid the stricter scrutiny of the medical device regulatory framework.
However, this discretion is not without limits. The manufacturer’s stated intent is not the sole factor regulators will consider. If the app’s real-world use and context indicate a medical function, it may still be deemed a medical device - regardless of how it's marketed. A notable example came in 2021, when the MHRA confirmed that several baby breathing and movement monitors - sold as general consumer products - were, in fact, medical devices. It is entirely possible the MHRA could apply the same logic to certain wellbeing apps in the future.
False claims in FemTech
Regardless of whether FemTech apps are categorised as medical devices or not, manufacturers must refrain from publishing false or misleading claims in relation to their product. Article 7 of the Medial Device Regulations (MDR) and Article 7 of the In Vitro Diagnostic Regulations (IVDR) prohibits the use of text, names, trademarks, pictures and figurative or other signs that may mislead the user or the patient with regard to the device’s intended purpose, safety and performance. Furthermore, the Advertising Standards Authority (ASA) enforces advertising codes that prohibit misleading claims and provides mechanisms for requiring amendments or withdrawal of marketing communications.
While these existing frameworks can help challenge and remove false claims made by FemTech providers, further regulatory clarity may be needed - particularly for ‘wellbeing’ apps that sit outside formal healthcare regulation. Marketing messages that fail to clearly communicate an app’s limitations or reliability can have serious consequences, potentially undermining trust and, more importantly, putting women’s health at risk.
Safeguarding sensitive data
FemTech apps and devices often rely on users inputting highly sensitive personal data to function effectively. This data plays a crucial role in driving innovation and improving the quality of products and services designed to support women’s health and wellbeing. However, as with any software that handles large volumes of personal information, there are potential risks around data misuse, security breaches and user profiling.
Under the UK GDPR, data controllers must ensure personal data is collected and processed lawfully, fairly and transparently, and only for specific, legitimate purposes. Data subjects also have the right to access their personal information on request.
Stricter obligations apply when processing ‘special category data’ - a type of personal data that FemTech apps commonly collect. This may include genetic and biometric recognition information, as well as data relating to health, sex life, sexual orientation, political beliefs, religion, race or ethnicity. In many cases, manufacturers will be required to obtain the user’s explicit consent before processing such data. These requirements are vital safeguards against misuse. However, given the scale and sensitivity of data involved, regulators may need to go further to address risks unique to FemTech and ensure full compliance with UK GDPR standards.
Considerations for Manufacturers
While positioning an app as a ‘wellbeing’ tool might seem like a shortcut to market, it carries significant legal, ethical and reputational risks. Developers must critically assess whether their product meets the threshold of a medical device - and ensure that any claims made are accurate, evidence-based, and transparent about limitations.
In an industry built on trust and personal data, regulatory compliance shouldn’t be seen as a barrier but as a foundation for sustainable growth. Clearer, more tailored regulation would help ensure consistency across the sector, protect users from harm, and give genuinely innovative products the credibility they deserve. By embracing compliance and transparency from the outset, FemTech developers can not only mitigate risk, but also build stronger brands, attract investment, and lead the way in shaping a more trustworthy future for female digital health.
This article, written by Erin Thomson, Trainee Solicitor in MFMac's Commercial team, was also featured in Digital Health. Read the original version here.
