Digital health applications that are already officially listed had to submit corresponding proof of compliance with the security requirements by the beginning of 2025. A transitional period applies to new applications, during which the required certificates can be submitted later in the review process. This is now drawing ever closer with June 30, 2025. We recommend that manufacturers get in touch with test centers now to ensure timely implementation.
What is the TR-03161?
The BSI’s Technical Guideline TR-03161 is a central security standard for applications in the healthcare sector.
The aim of the guideline is to ensure the confidentiality, integrity and availability of sensitive medical data in a variety of applications. It is aimed in particular at manufacturers of:
- Mobile applications: Minimum requirements for the security of apps.
- Web applications: Protection against threats in the healthcare environment.
- Background systems: Security of cloud systems and backend infrastructures.
Since January 1, 2025, compliance with TR-03161 has been mandatory for the approval of digital health applications (DiGA) and digital care applications (DiPA) by the Federal Institute for Drugs and Medical Devices (BfArM).
Our services as a recognized inspection body
As a BSI-certified test center, we offer comprehensive support for manufacturers of digital health applications:
- Quick check and preliminary test: We check in advance whether your application meets the requirements of TR-03161 and identify potential weak points.
- Testing: Evaluation of manufacturer documents and application source code by our security experts
- Penetration test: The audit is supplemented by automated and manual tests and we evaluate your implementation of the guidelines and make recommendations for optimization.
- Certification: After a successful evaluation, we issue a comprehensive test report that supports the certification process at the BSI.
Why is certification so important?
Certification in accordance with TR-03161 offers you and your users numerous advantages:
- Fulfillment of legal requirements: Prerequisite for inclusion in the DiGA directory of the BfArM.
- Building trust: Strengthens the trust of users and partners in the data security of your application.
- Protection against attacks: Minimizes the risk of data theft or manipulation.
- Reputation protection: Prevention of potential reputational damage caused by security incidents.
Place your trust in our expertise
SRC Security Research & Consulting GmbH is recognized by the German Federal Office for Information Security (BSI) as an expert testing body for the “Technical Guideline TR-03161 Requirements for Health Applications”. With over 25 years of experience in IT security testing and compliance, SRC is your reliable partner on the way to TR-03161 certification. Our expert teams will work closely with you to ensure that your application meets all requirements – from initial analysis to successful certification.
Get in touch with us
Are you ready to take your digital health application to the next level of security? Contact us via the contact form or directly contact our colleague Mr. Andreas Sitter by e-mail for a non-binding consultation.
