IEC 62366-1

IEC 62366-1 is the international standard that defines a usability-engineering process for medical devices. It specifies what activities must be performed, what records must be kept, and how the usability work integrates with the device's risk-management file. It is not a usability cookbook — it does not tell you how many participants to recruit or what protocol to run. It tells you what the process must contain and what evidence the regulator will look for.

The 2015 edition was a major rewrite from IEC 62366:2007, splitting the standard into 62366-1 (the requirements) and 62366-2 (the guidance, published as a Technical Report). The 2020 amendment incorporated lessons learned and aligned with the updated ISO 14971:2019.

The UEF is the central deliverable. It is a controlled compilation of every usability output — use specification, user-interface specification, hazard-related use scenarios, formative evaluations, summative evaluation, training and labelling decisions, and the linkage to risk-management outputs. It is the inspection-ready evidence that the standard has been applied.

Under EU MDR the UEF feeds the technical documentation directly. Under FDA, the UEF outputs land in the Design History File. Under PMDA and TGA, the UEF is reviewed during the conformity assessment for moderate- and high-risk devices.

The use specification describes the intended users, intended use environments, intended medical conditions and the operating principles of the device. It anchors every downstream decision: a device intended for trained ICU clinicians has a different usability bar from one intended for self-administration by patients with chronic disease.

The user-interface specification translates the use specification into requirements for the UI — alarms, controls, displays, labelling, instructions for use, training, packaging. Both are controlled documents in the UEF.

The standard requires the manufacturer to identify use scenarios that, if performed incorrectly, could result in harm. This is the explicit link to ISO 14971 — the use scenarios are the user-interface-related hazards in the risk-management file.

Hazard-related use scenarios are identified through task analysis, known-use-error databases (MAUDE, MORE), use-related risk analysis (URRA), and formative evaluations. The set is finalised before summative evaluation; the summative is designed around the highest-priority hazard-related scenarios.

Formative evaluations are iterative usability tests during design, used to identify and resolve use-error issues. They are not a regulatory submission deliverable in themselves but the records are part of the UEF and reviewed during inspection.

Typical pattern: 4-8 representative users per round, tested against a prototype or simulated environment, with iterative UI changes between rounds until the design has stabilised. The number of rounds is justified by the residual risk and the complexity of the UI.

Summative evaluation is the validation activity — a study with a final-form (or production-equivalent) device on representative users in a representative environment, designed to demonstrate that the device can be used safely and effectively. It is the headline deliverable that regulators read.

FDA's 2016 guidance and ISO 14971 effectively require a minimum of 15 representative users per distinct user group. The protocol must address every hazard-related use scenario. Use-errors observed during summative must be analysed, root-caused, and either mitigated (UI change, training, labelling) or justified as acceptable residual risk per ISO 14971.

Training and labelling are risk controls but the weakest in the hierarchy (inherent safety by design > protective measures > information for safety). 62366-1 explicitly de-prioritises 'add a warning to the IFU' as a mitigation. If a use-error is observed in summative, the first response is to redesign the UI, not to add an instruction.

UOUP is the usability cousin of SOUP. When a manufacturer reuses a UI element from a legacy or third-party source for which the original usability engineering records do not exist, the manufacturer must perform a documented usability evaluation of the UOUP component as if developing it new. The standard prohibits inheriting unverified UI elements wholesale.

Use-errors reported in complaints, vigilance and PMS feed back into the UEF. A use-error pattern that was not predicted in pre-market usability work triggers re-analysis, and may trigger UI changes. Significant UI changes require new formative work and potentially a new summative.

• UEF treated as a one-shot pre-submission document rather than a living file.
• Hazard-related use scenarios identified but not linked to the risk file.
• Summative evaluation performed on a non-final-form device.
• Use-errors mitigated by 'added a warning' rather than UI redesign.
• UOUP components inherited without documented evaluation.
• Training claimed as a control without evidence the training is effective.
• Post-market use-errors closed as complaints without feeding back into the UEF.