The BfArM updates the DiGA guidelines regularly. Unfortunately, there is no detailed change history available for this yet. We therefore continuously review all changes to the DiGA guidelines and prepare them for you. We present all changes here with comments in a clear and concise manner.
The current DiGA guidelines from the BfArM are available here.
Table of Contents
- 1. Changes between Version 3.6 and Version 3.5 of the DiGA Guidelines
- 2. Changes between Version 3.5 and Version 3.4 of the DiGA Guidelines
- 3. Future Changes to the DiGA Guidelines
1. Changes between Version 3.6 and Version 3.5 of the DiGA Guidelines
The update to the DiGA guidelines dated December 10, 2025 (from version 3.5 to 3.6) is extensive. The guidelines have grown from 177 to 215 pages, and many relevant topics have been added.
The major changes include, for example:
- DigiG: New DigiG regulations have now also been incorporated into the DiGA guidelines (e.g., for DiGA in risk class IIb).
- DiGAV Update: New regulations from the draft bill for the 2nd DiGAV Amendment have been incorporated (primarily application-related performance measurement – AbEM).
- BSI TR-03161 as standard: Data security is fully covered by the BSI certificate. Proof of data security via the DiGAV checklist is no longer required.
- DiGA qualification clarified: Clearer distinction between DiGA and non-DiGA, including a new decision tree for DiGA capability (intended purpose, individualization, control of active medical devices, risk class IIb)
- Evidence requirements specified: details on study design, significance level (5%), randomization, study reports, and evaluation
- Interoperability update: Replacement of “vesta” by “INA” as reference for interoperable e-health infrastructure
- Process clarifications: More detailed regulations on deadlines, application portal, life cycle, obligations after listing and deletion
- Expanded scope and structure: Significant expansion of the guide (177 → 215 pages) with new chapters, FAQs, and examples.
In addition, there are many other minor to medium-sized changes. We have analyzed all changes and summarized them for you below. Due to the scope of the changes, we do not reproduce the exact wording here, but rather summarize the adjustments to each amended chapter in broad terms.
However, for internal product decisions, you should refer to the original wording in the DiGA guidelines. The following list is primarily intended to provide you with a structured overview.
1.1 PDF Document with all Changes (from Version 3.5 to 3.6)
To make it easier to review all changes, you can also use the following document. This document is the result of an automated comparison of the two versions (3.6 vs. 3.5) of the DiGA guidelines.
Download the comparison of all changes
1.2 List of all Changes (from Version 3.5 to 3.6)
List of abbreviations
The following abbreviations have been added:
- AbEM: Application-accompanying performance measurement
- CGI Scale: Clinical Global Impressions Scale
- DigiG: Digital Act
- J2R: Jump-To-Reference
- PGI-C: Patient Global Impression of Change
- PREMs: Patient-Reported Experience Measures
- PROMs: Patient-Reported Outcome Measures
- RCT: Randomized Controlled Trial
- SOP: Standard Operating Procedure
- INA: Gematik’s Interoperability Navigator
2.1 What is a DiGA and what is not?:
More precise distinction between DiGA and non-DiGA (individualization, consistency of intended purpose, control of active therapeutic medical devices, etc.); new “DiGA capability decision tree” as a graphic; inclusion of risk class IIb according to DigiG.
2.1.1.1 Reimbursement eligibility of hardware (new chapter):
Clarification that everyday items (e.g., smartwatches, smartphones, tablets) and aids pursuant to Section 33 of the German Social Code, Book V (SGB V) are not eligible for reimbursement via DiGA; specification of device categories (none, included, optional, necessary additional devices)
2.1.1.2 Freedom of choice for insured persons and freedom of treatment for physicians (new chapter):
Clarification that digital health applications must not create lock-in effects and must, in principle, be usable with comparable aids; exception in cases of mandatory binding to a specific, unlisted medical device for safety reasons.
2.1.2 Combination with services:
Specific new example that would not qualify as a DiGA (DiGA for pure data transmission to medical personnel)
2.1.3 Scope of DiGA:
Specification that proof of positive care effect must be provided without optional functions and that optional functions must be identified.
2.3 Provisional and permanent inclusion:
Clarification that DiGA devices in MDR risk class IIb cannot be listed provisionally or on a trial basis.
2.3.1 Application for permanent inclusion in the DiGA directory:
Additions for DiGA in MDR risk class IIb
3.1 Structure of the checklists for DiGA requirements:
Data security is no longer verified according to the DiGAV checklist, but by means of a BSI certificate.
3.2 Safety and functionality:
Specification that conformity assessment procedures for the medical device must be completed before submitting a DiGA application.
3.3 Data protection:
Data protection certification currently still not possible; reference to future obligation of certification as soon as this becomes possible.
3.3.2 Permissible data processing pursuant to Section 4 (2) sentences 1 and 2 DiGAV:
Addition of FAQ element on consent for external data platforms (e.g., Apple Health)
3.3.4 Outlook on data protection criteria pursuant to Section 139e (11) SGB V:
Update on the current status with regard to future data protection certification (currently still not possible)
3.4 Data security:
Much of the content has been removed and replaced with references to BSI TR-03161 and the associated certification process; the DiGAV checklist for data security no longer needs to be completed (instead, reference is made to TR-03161, etc.).
3.4.2 Security as a process:
Clarification that the BSI certificate fully covers data security and that a pen test is not additionally required for the DiGA application.
3.5.1.1 INA and MIOs as the basis for an interoperable e-health infrastructure:
“vesta” is being replaced by “INA” (more information here)
3.5.4.3 Data collection via medical devices, wearables, and other sensors:
“vesta” is being replaced by “INA” (more information here)
3.5.4.4 Entering DiGA into the ePA/implementation of the health ID:
Specifications for DiGA in the application process (or before)
4.1.2 Patient-relevant structural and procedural improvements (pSVV):
Extensive clarifications, examples, and FAQs regarding pSVV
4.3 General requirements for studies demonstrating positive effects on care:
Addition to the minimum significance level of 5%; additions regarding the handling of dropouts, language version, data from abroad, and intervention period and prescription period.
4.3.2 Principles for the evaluation and assessment of study results by the manufacturer (new chapter):
Clarification that the evaluation must be based on pre-specified, conservative analyses (in particular RCT intergroup comparisons); post-hoc analyses are to be evaluated only exploratively, with full consideration of the control group and inclusion of consistency and clinical relevance.
4.3.3 Selection and justification of the care pathway (new chapter):
Clarification that the care pathway determines the study design, including clear differentiation between monotherapy, bridging, and add-on scenarios, complete documentation of concomitant therapies, and, if necessary, subgroup analyses in the case of heterogeneous standard care.
4.3.4 Requirements for randomization procedures (new chapter):
Specification of requirements for valid, non-manipulable randomization, including prespecification in the protocol, documented stratification, suitable IT systems, auditable procedures, access restrictions, and measures to prevent predictability (e.g., variable block lengths).
4.3.5 Study design and methodological planning (new chapter):
Specification of robust study designs (including RCT requirements), conservative imputation of missing values (e.g., J2R), precise ITT definition, and obligation to fully document and report all deviations from the study protocol.
4.3.6 Application documents (new chapter):
Clarification of the versions to be submitted (before/after the start of studies), mandatory change logs (track changes & overview table), and formal requirements for completeness and file format.
4.3.7 Content and quality requirements for study reports (new chapter):
Specification of the presentation of results (original scales, CI, p-values, effect estimators); mandatory classification of clinical relevance; detailed drop-out analysis; clear separation of analysis populations; high requirements for transparency, tables, graphics, and consistency of reporting.
4.6.2 DiGA with diagnostic component:
Specifications regarding what a DiGA with diagnostic component may be; new FAQs
4.5.1 Justification for improving care and systematic data analysis:
Minor additions to study case number planning and statistical significance
5 Procedure:
Addition that decisions will be communicated via the application portal
5.1 Deadlines for applicants and BfArM:
Specific details regarding deficiency letters and deadlines
5.2 Life cycle of a DiGA in the directory:
Listing on the portal 5 days after a positive decision
5.2.2 Obligations of the manufacturer after inclusion of a DiGA in the DiGA directory:
Obligation to give advance notice of PZN changes
5.2.3 Prescription of a DiGA:
Obligation to report PZN changes in advance
5.2.5 Deleting a DiGA from the DiGA directory:
Addition to the obligation to notify users and delete data
5.4 Advice from the BfArM:
Recommendation for early consultation for risk class IIb-DiGA and DiGA with telemonitoring
6. Application-accompanying performance measurement (AbEM) (new chapter):
Comprehensive new chapter on AbEM from the draft bill of the 2nd DiGAV-ÄndV; detailed definition of data points, reporting periods, and deadlines; explanation of the planned expansion stages of AbEM.
Other Minor Changes
Minor changes have also been made in the following chapters: 2.3.4, 3.5.4, 4.3.8, 4.4.2, 5.2.4, 5.5
These are mostly editorial optimizations or minimal additions. We have therefore omitted them from the above list for the sake of clarity.
Subscribe to our newsletter to stay informed about future changes to the DiGA guidelines.
2. Changes between Version 3.5 and Version 3.4 of the DiGA Guidelines
Legend: Color coding to illustrate the changes
In the screenshots taken from the respective version of the DiGA guide, all changes are highlighted in color. The following colors are used to indicate the type of change.
| Color | Type of change |
 |
Additions |
 |
Deletions |
Changes in section 2.2.1.3 “Information for service providers”
The second last point in the list “Information relevant to the regulation” has been supplemented with the addition “and specified maximum amount.”
New version 3.5:
Old version 3.4:
pure addition of new information – no equivalent in old version
Änderungen im Kapitel 3.4.2 „Sicherheit als Prozess“
In the FAQ section, the requirement to perform penetration tests as part of the security process has been tightened.
New version 3.5:
Old version 3.4:
pure addition of new information – no equivalent in old version
Addition of a new section 3.5.4.4 “Writing the DiGA into the ePA/implementation of the Health ID”:
The new requirement for all manufacturers, namely to include DiGA in the ePA and implement the Health ID, is explained. The implementation deadline for this is April 30, 2024.
New version 3.5:
Old version 3.4:
No equivalent in old version, as new chapter
Changes to section 4.2.2 “Specification of the positive pension effect”:
A new note clarifies the BfArM’s requirement regarding the demonstration of multiple positive effects on healthcare. According to this, DiGA manufacturers must first demonstrate at least one positive effect on healthcare, as required by a BfArM decision during the provisional approval process, before further positive effects on healthcare can be taken into account.
New version 3.5:
Old version 3.4:
pure addition of new information – no equivalent in old version
Changes to Section 4.3 “Use of DiGA data”:
The possibility of using an analysis of one’s own, already prescribed DiGA during the trial period for the submission of evidence for final inclusion has been specified. It is permitted to use an analysis of your own data collected during the trial period in close proximity to care as support for providing evidence for permanent inclusion. It is important to ensure that the procedure has been defined in advance and described in detail in a separate study report.
New version 3.5:
Old version 3.4:
Changes to section 4.3.3 “Transferability of study results”:
In the section “Conduct of the study in Germany,” the BfArM has specified three criteria to demonstrate the transferability of the study results to the healthcare context in Germany.
New version 3.5:
Old version 3.4
Changes to section 5.2.2 “Change to the DiGA designation”:
It should be noted here that a change in the name of a DiGA constitutes a significant change and must be reported to the BfArM.
New version 3.5:
Old version 3.4:
pure addition of new information – no equivalent in old version
Changes to section 5.2.3 “Short name and PZN”:
A new note has been added to the “Pharmaceutical Central Number” sub-section: When the short name of a DiGA is changed, a new Pharmaceutical Central Number (PZN) is assigned.
New version 3.5:
Old version 3.4:
pure addition of new information – no equivalent in old version
Changes in section 5.2.4 “Reference to transition periods”
The new deadlines for the transition are listed in section 3.5.4.4.
New version 3.5:
Old version 3.4:
pure addition of new information – no equivalent in old version
3. Future Changes to the DiGA Guidelines
We update this article with every update to the DiGA guidelines.
Subscribe to our newsletter to stay informed about future changes to the DiGA guidelines.
