Digital health applications that are already officially listed had to submit corresponding proof of compliance with the security requirements by the beginning of 2025. A transitional period applies to new applications, during which the required certificates, such as the BSI Technical Guideline TR-03161 – Requirements for health applications in the testing process, can be submitted later. This deadline is now approaching with June 30, 2025. We recommend that manufacturers urgently get in touch with test centers to ensure timely implementation.
What is the TR-03161?
The BSI’s Technical Guideline TR-03161 is a central security standard for applications in the healthcare sector.
The aim of the guideline is to ensure the confidentiality, integrity and availability of sensitive medical data in a variety of applications. It is aimed in particular at manufacturers of:
- Mobile applications: Minimum requirements for the security of apps.
- Web applications: Protection against threats in the healthcare environment.
- Background systems: Security of cloud systems and backend infrastructures.
TR-03161 certification: Time is running out – act now!
The transition period for already listed digital health applications that still had to submit their safety certificates expires on June 30, 2025. Anyone who is unable to submit a TR-03161 certificate by then risks losing their approval.
However, new providers who want to launch digital health applications on the market should also deal with the safety requirements at an early stage. TR-03161 certification is a prerequisite for approval by the Federal Institute for Drugs and Medical Devices (BfArM). As the certification process takes time and comprehensive security requirements – such as ISO 27001 – must be taken into account, early preparation is crucial.
Manufacturers should think about safety certification as early as the development phase and contact us to ensure an efficient testing process.
Our services as a recognized inspection body
As a BSI-certified test center, we offer comprehensive support for manufacturers of digital health applications:
- Quick check and preliminary test: We check in advance whether your application meets the requirements of TR-03161 and identify potential weak points.
- Testing: Evaluation of manufacturer documents and application source code by our security experts
- Penetration test: The audit is supplemented by automated and manual tests and we evaluate your implementation of the guidelines and make recommendations for optimization.
- Certification: After a successful evaluation, we issue a comprehensive test report that supports the certification process at the BSI.
Why is certification so important?
Certification in accordance with TR-03161 offers you and your users numerous advantages:
- Fulfillment of legal requirements: Prerequisite for inclusion in the DiGA directory of the BfArM.
- Building trust: Strengthens the trust of users and partners in the data security of your application.
- Protection against attacks: Minimizes the risk of data theft or manipulation.
- Reputation protection: Prevention of potential reputational damage caused by security incidents.
Place your trust in our expertise
SRC Security Research & Consulting GmbH is recognized by the German Federal Office for Information Security (BSI) as an expert testing body for the “Technical Guideline TR-03161 Requirements for Health Applications”. With over 25 years of experience in IT security testing and compliance, SRC is your reliable partner on the way to TR-03161 certification. Our expert teams will work closely with you to ensure that your application meets all requirements – from initial analysis to successful certification.
Get in touch with us
Are you ready to take your digital health application to the next level of security? Contact us via the contact form or directly contact our colleague Mr. Andreas Sitter by e-mail for a non-binding consultation.
