Insure24 Blog

Insurance for Class I vs Class II vs Class III Medical Devices: What Changes, What Doesn’t, and How

A practical UK guide to insurance for Class I, Class II and Class III medical devices. Learn how device classification affects product liability, clinical trials, recall cover, cyber, and regulatory r

10 April 2026 By Insure24 Medical Device Manufacturing

Insurance for Class I vs Class II vs Class III Medical Devices: What Changes, What Doesn’t, and How to Buy the Right Cover (UK)

Introduction

If you manufacture, import, distribute, or brand medical devices in the UK, you already know that “medical device” is not one risk category. A Class I device and a Class III implant can sit in the same portfolio, but the insurance conversation should not look the same.

Device classification (Class I, IIa/IIb, III) is mainly about patient risk and regulatory controls. Insurance is about financial risk: injury claims, regulatory action, recalls, cyber incidents, and business interruption. The two are linked. In general, as the class increases, the potential severity of claims rises, the scrutiny increases, and insurers will ask more questions.

This guide explains what typically changes between Class I, Class II and Class III devices, which insurance policies matter most, and what information you’ll need to secure competitive terms.

Quick refresher: what Class I, Class II and Class III mean

Medical device classes indicate the level of risk to the patient and the level of regulatory control required.

  • Class I: Generally low risk devices (often non-invasive). Many are self-declared, with some exceptions.
  • Class II (IIa and IIb): Medium risk devices. Typically require more robust conformity assessment and oversight.
  • Class III: Highest risk devices (often implantable, life-supporting, or long-term invasive). Highest level of assessment and post-market expectations.

Classification is not just a label. It affects:

  • Who signs off your conformity assessment
  • The level of clinical evidence expected
  • Post-market surveillance and vigilance workload
  • How a claim might be argued if something goes wrong

The core insurance policies medical device businesses should consider

Most device companies need a blend of covers. The right mix depends on your role (manufacturer vs distributor), where you sell, and how the device is used.

1) Product liability (and public liability)

This is the backbone policy for device businesses. It covers claims alleging injury or property damage caused by your product.

Key points insurers focus on:

  • Intended use and patient population
  • How the device is used (home use vs clinical setting)
  • Instructions for use (IFU), warnings, training, and labelling
  • Quality management system (often ISO 13485)
  • Complaint handling, CAPA, and traceability
  • Countries of sale (UK only vs UK/EU/US/global)

2) Product recall / product contamination / corrective action costs

A recall can be financially painful even without injury claims. Recall cover can help with costs such as:

  • Notifying customers
  • Shipping and logistics
  • Disposal
  • Replacement or repair programmes
  • Crisis communications

For higher class devices, insurers may also ask about:

  • Field Safety Corrective Actions (FSCA)
  • Field Safety Notices (FSN)
  • Vigilance reporting processes

3) Professional indemnity (PI)

PI is relevant when you provide advice, design services, software configuration, or consultancy—especially for connected devices and software-driven products.

Examples:

  • Design and development services for third parties
  • Risk management files and technical documentation support
  • Implementation/configuration of device software in hospitals

4) Clinical trials / clinical investigation insurance

If you run clinical investigations (or support sponsors), specialist cover may be required. This is more common as you move into Class IIb and Class III, but it can apply earlier depending on your evidence strategy.

5) Cyber insurance

Medical devices increasingly involve software, connectivity, cloud dashboards, and patient data. Cyber cover can help with:

  • Incident response and forensic support
  • Business interruption from cyber events
  • Liability and regulatory costs

6) Employers’ liability (EL)

A legal requirement in the UK for most employers. Often straightforward, but still important.

7) Directors’ and officers’ (D&O)

Useful for leadership teams, especially where you have investors, rapid growth, or regulatory exposure.

8) Property and business interruption

Covers your premises, stock, equipment, and loss of income following insured events. For device companies, consider:

  • Clean rooms and specialist equipment
  • Calibration and validation equipment
  • Temperature-controlled stock

How classification affects insurance: Class I vs Class II vs Class III

Classification is not the only factor, but it’s a strong signal of potential claim severity.

Class I devices: typical insurance profile

Common risk pattern: High volume, lower severity per claim, but still capable of causing harm if labelling, materials, or manufacturing controls fail.

Insurers will still care about:

  • Materials and allergens (latex, nickel, adhesives)
  • Sterility claims (if applicable)
  • Misuse risk for consumer-facing devices
  • Supply chain controls (especially if you import)

Insurance focus:

  • Product liability with appropriate limits
  • Recall cover if you ship at scale
  • PI if you provide advice or design services

Typical insurer questions:

  • Are you the legal manufacturer or a distributor?
  • Do you hold full traceability (batch/serial)?
  • Any history of complaints, returns, or corrective actions?

Class II devices (IIa and IIb): typical insurance profile

Common risk pattern: Moderate to high severity potential, more clinical use, more reliance on correct use, training, and maintenance.

Insurers often dig deeper into:

  • Clinical evaluation and evidence
  • Training programmes and user competency
  • Maintenance schedules, servicing, and calibration
  • Human factors and usability testing

Insurance focus:

  • Higher product liability limits than Class I (often)
  • Recall/FSCA cover becomes more relevant
  • Cyber becomes more important if connected
  • PI if you provide training, implementation, or software configuration

Typical insurer questions:

  • Where are devices used (NHS, private hospitals, home)?
  • What is the failure mode and effect analysis (FMEA) approach?
  • Do you have a robust post-market surveillance plan?

Class III devices: typical insurance profile

Common risk pattern: Low volume, very high severity potential. Claims can involve life-changing injury, long-tail litigation, and significant legal costs.

Insurers will expect strong controls around:

  • Clinical evidence and ongoing monitoring
  • Supplier qualification and change control
  • Sterility assurance (where relevant)
  • Implant tracking and traceability
  • Vigilance reporting and rapid escalation

Insurance focus:

  • Product liability limits and wording become critical
  • Recall/FSCA cover is often essential
  • Clinical investigation cover may be required depending on your pipeline
  • D&O becomes more relevant due to governance and regulatory exposure

Typical insurer questions:

  • What is the implantable/long-term invasive profile?
  • What is your adverse event escalation timeline?
  • Which markets do you sell into (UK/EU/US), and what contractual indemnities do you accept?

The “role” question: manufacturer vs importer vs distributor

Two businesses can sell the same device class and need different insurance.

  • Manufacturer (legal manufacturer): Highest exposure. You control design, manufacturing, and labelling.
  • Importer: You may inherit exposure if the overseas manufacturer cannot respond to claims.
  • Distributor/wholesaler: Exposure depends on contracts, how you market the product, and whether you modify or re-label.

A key point: if you private label or “own brand” a device, you can become the party a claimant targets first.

Limits of indemnity: how much is “enough”?

There is no one-size-fits-all limit. The right level depends on:

  • Device class and severity potential
  • Patient population and usage setting
  • Contractual requirements (NHS frameworks, hospital groups, distributors)
  • Geographic reach (UK only vs international)

As a starting point, many device businesses look at:

  • Product liability: limits that match worst-case injury scenarios and contractual requirements
  • Recall: limits that match your realistic “units in field” exposure

The best approach is to model a scenario: “If we had to correct or recall our top product, what would it cost?” and “If a serious injury claim occurred, what would defence and settlement look like?”

Common exclusions and pitfalls to watch

Insurance can fail you when wording doesn’t match your real-world operations. Watch for:

  • Territory and jurisdiction limits: Selling into the US or Canada can change the risk profile and pricing significantly.
  • Clinical trials exclusions: Standard product liability may exclude clinical investigations.
  • Known defects / prior circumstances: If you’re aware of an issue before policy inception, it may not be covered.
  • Contractual liability: If you accept broad indemnities in contracts, you may take on uninsured exposure.
  • Cyber exclusions: Some liability policies exclude cyber-triggered bodily injury claims; coordinate cyber and liability policies.

What underwriters want to see (and how to present it)

Better information usually means better terms.

Prepare a simple underwriting pack:

  • Product list with classification (I, IIa, IIb, III), intended use, and countries sold
  • Your role (manufacturer/importer/distributor) and key contracts
  • Quality certifications (e.g., ISO 13485) and audit history
  • Complaint handling process and claims history (even if “nil”)
  • Recall/FSCA history (even if “none”) and your recall plan
  • Post-market surveillance overview
  • Cyber controls if devices are connected (MFA, patching, incident response)

Practical examples: how the insurance conversation changes

  • Class I disposable device sold at high volume: Focus on product liability, batch traceability, and recall logistics.
  • Class IIb diagnostic device used in clinics: Add emphasis on training, maintenance, and PI if you provide implementation.
  • Class III implant: Expect deeper scrutiny, higher limits, and careful review of clinical evidence and vigilance processes.

Buying insurance: a simple step-by-step

  1. Map your products and roles (what you make vs what you distribute).
  2. List where you sell (UK only vs international).
  3. Identify your top loss scenarios (injury claim, recall, cyber outage).
  4. Choose the core covers (product liability, recall, cyber, PI as needed).
  5. Check contracts for required limits and indemnities.
  6. Get specialist advice from a broker who understands medtech.

Final thoughts

Class I, Class II and Class III devices can all create serious claims, but the probability and severity profile changes as classification rises. The goal is not to buy the most insurance—it’s to buy the right cover, with wording that matches your operations, and limits that reflect your real exposure.

If you want, share your device class mix, where you sell, and whether you’re the legal manufacturer or distributor. I can help you outline a clean insurance checklist and a short underwriting summary you can send to insurers.

Call to action

If you manufacture, import, or distribute medical devices in the UK and want a clear insurance review, speak to Insure24. We’ll help you identify gaps, align cover to your device class and markets, and put robust protection in place as you grow.

Related articles

More reading from the same topic area to help you compare risks, cover options and practical next steps.