EU Medical Device Regulation (MDR) Compliance: The Full Guide

Updated - 20 Nov 2024 12 min read
xtatic logo green
Delyan Hristov Copywriter & Co-founder XTATIC HEALTH
Adapting to Change: How New Medical Device Regulations are Impacting the Health Tech Industry?

Medical device regulations constantly evolve to keep pace with advancements and safety standards. These changes significantly impact manufacturers, healthcare professionals, and patients.

The European Union Medical Device Regulation (MDR), enforced in May 2021, marks a major update to the legal framework for medical devices in Europe. It replaced the Medical Device Directive (MDD) to better address current challenges in patient safety and technological advancements.

This article will outline the main elements of the MDR, its effects on the medical device industry, and what stakeholders must do to remain compliant.

Introduction to EU MDR

Overview of the new medical device regulation (MDR) in the EU

EU MDR introduced major updates to how medical devices are produced and distributed in Europe. Adopted in April 2017 and fully implemented in May 2021, it replaced the previous Medical Devices Directive (93/42/EEC) and the Directive on Active Implantable Medical Devices (90/385/EEC).

In Europe, this regulation aims to improve health and safety for EU citizens using medical devices. It enhances transparency through better device traceability and strengthens the overall regulatory framework to ensure higher standards of effectiveness and safety.

EU MDR introduces stricter requirements for medical device manufacturers, particularly regarding clinical evidence and post-market surveillance. The next paragraph will explain the key changes from previous regulations in more detail and depth. 

Key changes from previous regulations

This new regulation replaced the MDD with a more comprehensive framework. It aims to enhance patient safety and adapt to modern technological advancements in medical devices. The change reflects a commitment to higher safety standards and greater control over the lifecycle of medical devices.

Here are the key changes:

  • Regulatory adaptation: The MDR updates regulations to keep pace with technological advancements, ensuring the legislative framework remains relevant and effective.
  • Hazard protection: Enhanced rules are in place to reduce risks associated with medical devices and prevent harm to users.
  • Enhanced patient safety: Stricter clinical evaluations, pre-market controls, and post-market surveillance ensure devices are safe both before and after they enter the market.
  • Rigorous assessments: More thorough assessment procedures and continuous lifecycle monitoring help maintain high standards for safety and efficacy throughout a device’s market life.
  • Innovation flexibility: Despite stricter rules, the framework is adaptable to future technological innovations without compromising safety.
  • Expanded device definition: The definition of medical devices now includes non-medical, cosmetic, and aesthetic products that resemble traditional devices, ensuring comprehensive oversight.
  • Comprehensive clinical data: Manufacturers must provide extensive clinical evidence to prove device safety and performance before market approval.
  • Tighter equivalency standards: Stricter requirements for demonstrating equivalency with existing devices ensure new products meet established safety and efficacy benchmarks.
  • Unique Device Identification (UDI): The UDI system improves traceability and recall management, thus contributing to better patient safety.
  • Expanded database (EUDAMED): A more comprehensive database increases transparency and makes device information accessible to the public for informed healthcare decisions.
  • Increased post-market surveillance: Stricter monitoring of devices after market entry ensures ongoing safety and effectiveness.

This regulatory framework maintains up-to-date oversight of medical devices in line with technological advances to ensure patient safety and product effectiveness. It broadens the definition of certain devices and reinforces clinical requirements. Ultimately, this ensures thorough protection while supporting innovation.

Classification of medical devices

 

Under the MDR, many medical devices have been reclassified into higher-risk categories, and reusable surgical tools now have their own classification. These changes highlight the growing focus on improving performance and safety in the fast-evolving medical device industry.

Medical devices are divided into four risk classifications (I, IIa, IIb, and III) according to their intended use and inherent dangers. This categorization scheme determines the conformity assessment protocols that manufacturers need to follow. 

Here is a list of all medical device classifications:

  • Class I devices, such as reusable surgical instruments, pose the lowest risk. Most manufacturers of Class I devices typically self-certify their products by issuing an EU declaration of conformity after compiling the necessary technical documentation.
  • Class IIa devices, like non-invasive devices intended for channeling or storing blood, represent a slightly higher risk. Certain types of Class IIa manufacturers can choose between self-certifying, as with Class I.
  • Class IIb devices, including surgically invasive devices for short-term use (unless they interact with the heart, central circulatory system, or central nervous system), carry a higher risk profile.
  • Class III devices, including active implantable devices and those incorporating medicinal substances with ancillary action, present the highest risk. 

Annex VIII of the MDR provides 22 classification rules that consider factors like the duration of use (transient or short-term) and the part of the body the device interacts with. 

The classification procedure finds the most pertinent rules and sub-rules, and then applies the tightest rule to establish the appropriate risk class. It does this by using the medical devices intended function as a guide.

With the help of this system, devices that pose a greater danger are subjected to a more stringent examination procedure prior to being released onto the market.

Scope and applicability of EU MDR

All medical devices must comply with the regulatory requirements for full lifecycle traceability, which covers all phases of development and post-market operations. This method is called closed-loop traceability. It entails monitoring and recording each phase of a medical device’s lifetime.

The goal is to create a comprehensive, uninterrupted data record that allows for continuous monitoring of device performance and immediate troubleshooting.

Manufacturers have to maintain comprehensive, interconnected quality systems that are transparent and capable of demonstrating compliance at any point during a device’s lifecycle​​. Additionally, the MDR establishes a new system for all manufacturers and distributors of new medical devices.

Steps to achieve MDR compliance

To comply with the MDR, manufacturers must follow a series of steps to ensure their products meet the strict safety and performance standards.

Here is a refined MDR compliance checklist for manufacturers:

  • Determine applicability and device classification: The first step is to confirm if the product qualifies as a medical device under the MDR. This includes items not traditionally viewed as medical devices, such as cleaning and disinfection supplies, along with medical equipment and reprocessed single-use items.
  • Establish a quality management system (QMS): The MDR mandates that manufacturers implement and document a QMS covering all aspects of their operations. This includes product design, manufacturing, and post-market surveillance activities.
  • Conduct a clinical evaluation: Manufacturers must systematically review existing clinical data to demonstrate product safety and performance. This includes analyzing post-market clinical follow-up data and conducting any necessary clinical studies.
  • Implement a UDI system and maintain technical documentation: Each device must have a Unique Device Identifier (UDI) for traceability. The UDI must be displayed on the label and packaging and registered in the European Database for Medical Devices (Eudamed).
  • Meet post-market surveillance requirements: Manufacturers must set up and maintain a post-market surveillance system that aligns with the risk classification of their device. This system facilitates proactive data collection and evaluation, enabling preventive or corrective actions, including reporting to regulatory authorities.

Complying with the EU MDR can be complex, especially for smaller manufacturers. Instead of relying solely on internal resources, companies can leverage external support like the Medical Device Coordination Group (MDCG). Following harmonized standards can also simplify the process and ensure regulatory alignment.

Clinical evaluation and investigation in MDR

The MDR places a much stronger focus on clinical data when it comes to regulating medical devices. One of the key changes is that manufacturers now need to continuously gather and evaluate clinical data after their devices are on the market. This data includes real-world information on how the device performs and its safety in everyday use.

For companies selling medical devices in Europe, the new regulations mean stricter requirements for data collection and ongoing clinical evaluations throughout the device’s lifespan. Manufacturers need solid documentation and clinical evidence to prove their devices are both safe and effective.

The MDR defines clinical data as information about a device’s safety or performance, which can come from clinical studies or published research

The regulation also highlights the importance of post-market clinical follow-up (PMCF) studies. These studies help manufacturers collect structured data after the device is in use, ensuring its continued safety and effectiveness over time.

Technical documentation requirements

The MDR sets strict requirements for technical documentation for medical devices sold in the European Union. This documentation proves that the device complies with safety and performance standards and must be clear, well-organized, and easy to understand

Manufacturers are required to keep this documentation for at least 10 years after the last device covered by the EU declaration of conformity is placed on the market. For implantable devices, this retention period extends to at least 15 years. 

Upon request, manufacturers must provide the full documentation or a summary to the relevant authorities.

The technical documentation must include:

  • A detailed description of the device, including its intended purpose, risk classification, and technical specifications;
  • Information related to the device’s design and manufacture, including the manufacturing processes, materials used, and sterilization methods;
  • A comprehensive risk assessment demonstrating that potential risks associated with the device have been identified and mitigated;
  • Results and analyses from all verification and validation tests, particularly those related to the device’s safety and performance;
  • A clinical evaluation report detailing the clinical evidence supporting the device’s safety and performance, along with the clinical evaluation plan and post-market clinical follow-up (PMCF) plan;
  • A PMS plan outlining the procedures for monitoring the device’s performance and general safety once it is on the market;
  • A list of all UDIs assigned to the device.

This documentation is critical for notified bodies to assess a device’s compliance with the MDR and for manufacturers to demonstrate that they continue to ensure compliance.

Navigating post-market surveillance requirements under new regulations

Post-market surveillance

Manufacturers must implement a post-market surveillance plan as part of their technical documentation under the MDR. This plan is essential for continuously monitoring the device’s performance and safety and ensures timely corrective actions are taken throughout its lifecycle. 

Post-market surveillance involves systematically collecting and analyzing data on the device after it’s been released to the market. This process helps manufacturers identify potential issues early, maintain regulatory compliance, and take necessary actions to address risks.

For class IIa, IIb, and III medical devices, as well as class C and D in-vitro devices, the MDR requires Periodic Safety Update Reports (PSURs). These reports must include a benefit-risk assessment, key findings from post-market clinical or performance follow-up, sales data, and details on the user population and usage frequency.

Quality Management Systems (QMS) in MDR

A Quality Management System is a codified system that helps organizations manage their processes and responsibilities to meet quality goals. It serves as a complete framework for an organization’s operations and ensures that goods or services continuously fulfill consumer and regulatory standards.

For medical device manufacturers, the QMS must cover all parts of the organization involved in day-to-day operations, ensuring they comply with MDR requirements. This system is important for keeping devices safe and effective in the EU market. 

By having a solid QMS in place, manufacturers can catch potential issues early and prevent any adverse events from occurring. 


The role of regulatory affairs professionals in the new medical device regulatory landscape 

Maintaining MDR compliance

To remain up with the requirements, manufacturers must develop a proactive and comprehensive EU MDR strategy for regulatory compliance that tackles all areas of device lifecycle management.

Here is what to consider as a part of your ongoing compliance strategy:

  • Develop a strong Quality Management System (QMS): The QMS should cover all production aspects, including regulatory compliance, risk management, and clinical evaluation. Maintain technical documentation, EU declarations of conformity, and certifications for at least 10 years (15 years for implanted devices).
  • Implement proactive risk management: The new EU MDR requires manufacturers to establish and maintain a system that identifies and mitigates risks throughout the device’s lifecycle. This system must be regularly updated to address any new risks.
  • Conduct clinical evaluations and postmarket surveillance: Manufacturers must prove their device’s safety and performance using clinical data. If necessary, clinical investigations should be conducted. Clinical evaluations should be updated regularly with data from post-market surveillance and clinical follow-up. Periodic safety update reports must summarize the results of post-market surveillance.

Vigilance reporting is mandatory, and remaining MDR compliant is an ongoing process. 

Regulatory changes can impact EU MDR requirements for medical device companies and require timely adjustments. To stay compliant, companies should maintain a good working relationship with their Notified Bodies, ensuring they are informed of any updates and can implement changes as needed.

Labeling and UDI requirements

The new MDR outlines comprehensive performance requirements, along with stringent labeling and Unique Device Identification (UDI) standards. It mandates that all medical devices, excluding custom-made and investigational devices, must carry a UDI on their label and packaging to enhance traceability and patient safety

The UDI system consists of a device identifier (UDI-DI) specific to the manufacturer and device, and a production identifier (UDI-PI) detailing the unit of production. 

Additionally, devices must meet the necessary CE marking standards to be legally marketed within the EU. The CE markings on the label confirm compliance with these requirements.

This information is submitted to Eudamed, the central database for medical device information. Other sources of data, such as specific labeling requirements, are also outlined. Detailed information must be included on both the device label and the instructions for use. 

The UDI-DI includes details like the device’s model or version and the manufacturer’s information, which remain consistent for that device. The UDI-PI provides production-specific data, such as batch or serial number, manufacturing date, and expiration date. 

If the device includes software, the UDI-PI will also include the software version.

Notified Bodies and certification

Under the MDR, Notified Bodies, which are independent organizations, are responsible for assessing the conformity of medical devices before they can be marketed.

Organizations seeking designation as Notified Bodies must apply to the relevant competent authority. This designation process includes an assessment by experts from various national and European authorities to ensure only qualified organizations are authorized to conduct conformity assessments. 

Notified Bodies are held to stringent criteria, particularly regarding clinical expertise, to ensure high levels of safety and health protection.

The certification process involves reviewing technical documentation, conducting audits, and performing tests—activities that fall within the Notified Body capacity. Upon successful conformity assessments, Notified Bodies issue certificates of conformity, allowing manufacturers to legally market their devices within the European Union.

pattern

Maintain regulatory compliance throughout your medical device’s lifecycle.

Speak to an expert today, and see how our on-demand IT talent and augmented teams can efficiently deliver value at every step of your roadmap.

Get a free consultation See our case studies
iso certifications logo hl7 logo hippa logo gmp logo fda logo gdpr logo

Continuous Compliance and Audits

The MDR places a strong emphasis on methodical data gathering and analysis. To prove conformity with these standards, producers must be prepared for audits.

Firms involved in device distribution must meet a range of requirements, including:

  • Tracking systems;
  • Reporting device malfunctions, serious injuries, or deaths;
  • Registering establishments where devices are produced or distributed.

The medical device industry has experienced significant changes since the European Medical Device Regulation went into effect. The requirements of the MDR have introduced compliance challenges and are expected to reshape how new regulations impact the health technology sector. 

These changes are likely to increase costs and operational complexities for you and your company. However, the MDR also presents opportunities for innovation through digital transformation and data utilization throughout the device lifecycle.

These regulatory shifts highlight the urgent need for continuous adaptation in the industry, balancing compliance with ongoing innovation to enhance patient safety and care.

xtatic logo green

Delyan Hristov

Delyan Stoyanov, co-founder of XTATIC Health, combines his background in medical education with specialized expertise in medical copywriting and marketing.

What’s your goal today?

wyg icon 01

Hire us to develop your
product or solution

Since 2008, BGO Software has been providing dedicated IT teams to Fortune
100 Pharmaceutical Corporations, Government and Healthcare Organisations, and educational institutions.

If you’re looking to flexibly increase capacity without hiring, check out:

On-Demand IT Talent Product Development as a Service
wyg icon 02

Get ahead of the curve
with tech leadership

We help startups, scale-ups & SMEs create cutting-edge healthcare products and solutions by providing them with the technical consultancy and support they need to break through.

If you’re looking to scope and validate your Health solution, check out:

Project CTO as a Service
wyg icon 03

See our Case Studies

Wonder what it takes to solve some of the toughest problems in Health (and how to come up with high-standard, innovative solutions)?

Have a look at our latest work in digital health:

Browse our case studies
wyg icon 04

Contact Us

We help healthcare companies worldwide get the value, speed, and scalability they need-without compromising on quality. You’ll be amazed of how within-reach top service finally is.

Have a project in mind?

Contact us

Read this next

chat user icon

Hello!

Did you know that BGO Software is one of the only companies strictly specialising in digital health IT talent and tech leadership?

Our team has over 15 years of experience helping health startups, Fortune 100 enterprises, and governments deliver leading healthcare tech solutions.

If you want to explore your options, would you like to book a free consultation call today?

Yes

It’s a free, no-obligation, fact-finding opportunity. You’ll have a friendly chat with our team, ask any questions, and see how we could help in detail.