Medical Device Manufacturer

Are you as a Medical Device manufacturer ready to face the new challenges?

Important questions:


  • Should you start implementing ISO 13485:2016 or wait until it is published in EU?
  • You plan to make a new product, should you plan for MDR compliance instead of MDD?
  • What about MDR timing and new Harmonized Standards or Common Specifications?
  • How long can you continue to place your product on the market?
  • Will your software (App) change classification due to MDR?
  • How does the new General Data Protection Regulation (GDPR) affect your products?
  • How will the new regulations affect your product portfolio?


A revised regulatory strategy is required to set up a plan considering all the changes in the various regulations. In general, the new strategy and plan will cover two or three timelines depending on whether the products deal with personal data as defined in the General Data Protection Regulation.


The first timeline covers the implementation of ISO 13485:2016 considering that March 1, 2019 is the critical date. That said, it is also relevant to consider the fact that the 2016 version will be “state of the art” to be used for showing compliance, when it is published in the Official Journal of EU.


The second timeline shall cover the transition from MDD to MDR, which in most cases will vary from one product to another depending on:

  • Planning to introduce new products, change existing products, or stay with unchanged products.
  • Classification. New rules in MDR, especially for software.
  • Clinical data. Maybe extensive clinical investigations are required.
  • When will harmonized standards or Common Specifications be published? Required to show compliance to the General Safety and Performance Requirements in Annex I of MDR.
  • Availability and capability of Notified Body. Some NB will only be able to access a limited type of medical devices.


The third timeline is very important if the products deal with personal data as defined in the General Data Protection Regulation that will apply from May 25, 2018. Relevant for devices with incorporated software, standalone software like Apps or software systems handling patient data. Observe that Personal Data and Information Security are also addressed in the MDR.



What could be the first steps right now:


  • For Class I products make a gap analysis to show what is required to comply with the new regulations. Obtaining compliance can be more time consuming than expected.
  • For Class IIa/b take a meeting with Notified Body as soon as possible. Make a gap analysis and a plan based on clear commitment from the NB, being extremely busy with the new regulations. Maybe it is even time to look for another NB.
  • Take a closer look at the new Clinical Data requirements in the DMR. In many cases, further clinical investigations are required to provide the vital clinical evidence. This may be time consuming and in some cases very difficult if the clinical data is based on equivalent or similar devices.
  • If the products deal with personal data as defined in the General Data Protection Regulation that will apply from May 25, 2018, it is about time to make a gap analysis showing which design changes will be required.


.We are for sure looking into a very exciting time with a lot of new challenges we have to face sooner or later.

© Copyright, All Rights Reserved