EU MDR CE Certification

EU MDR CE Certification

Our service covers all activities, required for the EU MDR CE Certification including:

• CE MDR Review & Gap Analysis
• MDD-MDR transition
• Initial MDR CE certification
• CE marking for Class I manufacturers
• Pre-review of Technical Files
• Writing of Clinical Evaluation, Literature, and PMS-PMCF plan & report
• CE audit management
• PRRC (Person Responsible for Regulatory Compliance) service
• Liaison with regulatory authorities (NBs, ARs, CAs)
• EU-MDR auditing & training
• Medical device classification
• Verification of applicable standards and testing requirements
• Writing MDR or IVDR Technical Documentation or review
• Review of Labeling & UDI
• Verification of compliance with General Safety and Performance Requirements
• Writing Post Market Surveillance (PMS) Plan & Report
• Writing Post Market Clinical Follow-up (PMCF) Plan & Report
• Writing Literature Search Plan & Report
• Writing Clinical Evaluation Plan & Report
• EUDAMED Actors and Products registration
• Building, modification, and maintenance of a quality system (ISO 13485)
• Risk assessment and management (ISO 14971:2019) Plan & Report
• Development of Clinical Evaluation, Vigilance and PMS procedures

A recent (17 May 2024) NB survey on MDR/IVDR certifications and applications tells us that most MDR application refusals could be easily avoided as they are either administrative in nature – applications are not complete or due to incorrect product qualification and classifications – where our experienced team could help.

Frequently Asked Questions

Question: I searched for the UDIs for medical devices approved under MDR in Eudamed. Unfortunately, many products have not yet registered UDIs. Could you please explain the reason for this?

Answer: A Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2017/745 and (EU) 2017/746 as regards a gradual roll-out of EUDAMED is published on 24 January 2024. The new proposal aims to enable the gradual implementation of individual EUDAMED modules once they have been audited and declared functional. This replaces a concept where EUDAMED is mandatory only after all modules (including Clinical investigations/Performance studies, which are delayed) become fully functional—which, according to this, would be required only in 2029. According to this new proposal, mandatory use of several modules could then start as early as Q4 2025. Meanwhile, they are voluntary.

Question: Our company imports medical devices from third countries onto the Union market and also repackages for some companies. Do we have any specific responsibilities under MDR due to our repackaging activity?

Answer: According to MDR (IVDR) Article 16, the obligations of manufacturers (as per MDR Art.10) only apply to the importer (or distributor) which:
• changes the intended purpose of a device already placed on the market or put into service;
• modifies a device already placed on the market or put into service so that compliance with the applicable requirements may be affected.

Some modifications do notaffect compliance including:
• relabeling -supplying of information, translation of information supplied by the manufacturer, including the Instructions for Use, necessary to market the device in the Member State in question (MDR, Art 16.2a)
• repackaging -changes to the outer packaging of a device already placed on the market, necessary to market the device in the Member State in question (MDR, Art 16.2b).

Therefore, your company would not have the manufacturer’s obligations(unless you repackage sterile devices).
However, if you repackage the device, you must indicate that on the device (or, where that is impracticable, on its packaging or in a document accompanying the device)with your company’s trade name or trademark and business address.
You should also ensure that you have a quality management system (QMS) in place to preserve the device’s original condition (Art.16.3).For more info on the QMS required, please review guidance MDCG 2021-23.
Likewise, you should review Q&A guidance MDCG 2021-26 on repackaging & relabelling activities under Article 16 of MDR & IVDR.

Question: A medical device manufacturer asked whether clinical trials outside the European Union are allowed according to EU-MDR (IVDR)? Article 62 4a): “the clinical investigation is the subject of an authorization by the Member State(s) in which the clinical investigation is to be conducted, in accordance with this Regulation, unless otherwise stated; ”

Answer: Article 80 (3) states:
The sponsor shall also report to the Member States in which the clinical investigation is being conducted any event referred to in paragraph 2 of this Article that occurred in third countries in which a clinical investigation is performed under the same clinical investigation plan as the one applying to a clinical investigation covered by this Regulation by means of the electronic system referred to in Article 73.
Also, Annex XV (1.8) states that: identification of the Member States and third countries in which the clinical investigation is to be conducted as part of a multicentre or multinational study at the time of application;
See also MDCG_2021-8_annex1_0 (1.6)

Therefore, MDR allows for non-EU clinical studies. However, the situation regarding the single-centered non-EU studies is still unclear, and we advised the company to consult their NB whether a non-EU clinical study could be performed even if it is a single-center study (no other studies in the EU are involved).

Question: We are planning a feasibility clinical investigation in the EU. In the past, our device failed the IEC60601 testing. Would NB accept such a test?

Answer: If this is your only testing, based on which you claim product safety and performance, we doubt NB will accept it.

Question: For the Class I Sterile device, for which the MDR compliance date has been shifted to 2027, what documentation is required from the manufacturer to adhere to this extension?

Answer: Devices delivered in a sterile state shall be designed, manufactured, and packaged in accordance with appropriate procedures to ensure that they are sterile when placed on the market and that, unless the packaging intended to maintain their sterile condition is damaged, they remain sterile under the transport and storage conditions specified by the manufacturer until that packaging is opened at the point of use. It shall be ensured that the integrity of that packaging is clearly evident to the final user.
Manufacturers of class I devices, other than custom-made or investigational devices, shall declare the conformity of their products by issuing the EU declaration of conformity referred to in Article 19 after drawing up the technical documentation set out in Annexes II (see section 3 for Design & Manufacturing information) and III (Page 147 for PMD Technical Documentation). If those devices are placed on the market in sterile condition, have a measuring function, or are reusable surgical instruments, the manufacturer shall apply the procedures set out in Chapters I and III of Annex IX or in Part A of Annex XI.

Question: What information should be included in MDR Technical Documentation (TD) for the Class I medical device?

Answer: TD requirements are organized into seven main sections and include: Device description and specification; Labeling and instruction for use; Design & Production
GSPRs – General Safety and Performance Requirements; Risk Management; Verification & Validation (including Clinical Evaluation); and PMS & PMCF.

Question: What info should we include in the Verification & Validation section of product Technical Documentation?

Answer: yOU should include: Biocompatibility (& Biological evaluation); Physical, chemical & microbiological testing; Electrical safety and electromagnetic compatibility (if applicable); Software verification & validation (if applicable); Stability, including shelf life; Evidence of safety and performance; usability; Clinical evaluation & other. Verification reports provided should be complete, i.e. not a report with subsequent amendments/revisions as the device was changed.

Question: The manufacturer wrote: We always advise users of what the device is indicated for and do not advise using the device outside of that indication for off-label use. Is it enough to sign an agreement with the product distributors that states, among other things, that if they use it off-label and an event occurs, we, as a manufacturer, are not liable?

Answer: If you know that the product will be used off-label, then your responsibility would be to change related intended use, labeling, or IFU. In other words, if a new intended use is created by professional users and you know about it, you must provide adequate labeling. In addition, such off-labels may fall under “reasonably foreseeable misuse” and should be covered through risk management. You could also review Team-NB-PositionPaper on Off-Label Use (2022).

Question: A services provider to medical device manufacturers wrote that one of their customers was audited by a Notified Body (NB). They told them that our ISO 13485:2016 certificate was invalid as it had not been issued by an NB. They explain that non-NB parties are not aware of MDR quality issues. Is the approach of NB correct?

Answer: We received similar complaints from our clients. NBs could be concerned about everything. However, such concern doesn’t give them right to “invalidate” the ISO 13485 certificate issued by the non-NB accreditation body. If NB suspects that the non-NB party that issued the ISO 13485 certificate is unaware of MDR-related quality aspects, they should check them during their annual audit. After all, the manufacturer is expected to meet quality MDR expectations, and it can summarize them, e.g., in the Strategy for regulatory compliance procedure, which may include the control of your service providers.

Question: Since accessories are also referred to as devices (Article 1:4), they are not excluded from the definition of “clinical benefit” in the MDR, and therefore, we thought we should assess “clinical benefit” for each accessory in our product. Is our approach correct?

Answer: We understand your logic; however, if you follow it to its full potential, you will have to do GSPR, PMS, PMCF, Risk, etc., for each accessory of the product, which was not, in our opinion, the legislator’s intention.   Each accessory contributes to the final product’s overall “clinical benefit,” benefit-risk ratio, etc. of the product, and we can describe such contributions in TD. Still, we would reserve the term “clinical benefit” for the final product only. I think that your approach may apply to a greater extent to the products contained in the “Procedure pack” (MDR 2(10) or “System” (MDR 2(11)). Similarly, for devices incorporating a medicinal product (Rule 14), you need to justify (clinical benefit, etc.) the addition of medicinal substance(s).

Question: What device could be a candidate for Orphan Device status?

Answer:  As per  MDCG 2024-10 Clinical evaluation of orphan medical devices, an “orphan device” (or OD) is a medical device or an accessory for a medical device should meet the following criteria:
• the device is specifically intended to benefit patients in the treatment, diagnosis, or prevention of a disease or condition that presents in not more than 12,000 individuals in the European Union per year, and at least one of the following criteria is met: there is insufficiency of available alternative options for the treatment, diagnosis, or prevention of this disease/condition, or the device will offer an option that will provide an expected clinical benefit compared to available alternatives or state of the art for the treatment, diagnosis, or prevention of this disease/condition, taking into account both device and patient population-specific factors.

Question: According to EU-MDR, what is considered a non-significant change for medical devices?

Answer: This should be assessed for each concrete case, but generally, we can say that non-significant changes include (assuming risk/benefit ratio of the device is not negatively affected) the following:

• Change that doesn’t alter built-in control mechanism, operating principle
• Replacement of a component with the same specifications
• New supplier/producer of a material within the defined specifications
• Security updates (e.g. cyber-security enhancements)
• Updates/upgrades of operating systems, e.g., Microsoft Windows, iOS, and others

Question:  In which cases could software driving or influencing the use of a (hardware) medical device be qualified as accessory for such device?

Answer: According to Regulation MDR, Article 2(2) “Accessory for a medical device” means:

an article which, whilst not being itself a medical device, is intended by its manufacturer to be used together with one or several particular medical device(s) to specifically enable the medical device(s) to be used in accordance with its/their intended purpose(s) or to specifically and directly assist the medical functionality of the medical device(s) in terms of its/their intended purpose(s).

In carrying out risk activities manufacturers shall:
(a) establish and document a risk management plan for each device;
(b) identify and analyse the known and foreseeable hazards associated with each device;
(c) estimate and evaluate the risks associated with, and occurring during, the intended use and during reasonably foreseeable misuse;
(d) eliminate or control the risks;
(e) evaluate the impact of information from the production phase and, in particular, from the PMS system, on hazards and the frequency of occurrence thereof, on estimates of their associated risks, as well as on the overall risk, benefit-risk ratio, and risk acceptability; and
(f) based on evaluating the impact of the information referred to in point (e), if necessary amend control measures in line with the requirements of Section 4.

Risk management and clinical data should feed into the PMS plan.

Question: Is Design information included in the Risk Management?

Answer: The risk documentation shall include a design risk assessment that documents the risk assessment for the device’s design aspects. The design risk assessment may address whether any design changes add new hazards or reduce the likelihood of occurrence of existing hazards, regardless of whether the risk assessment has changed.

Question: The manufacturer wrote: We always advise users of what the device is indicated for and do not advise using the device outside of that indication for off-label use. Is it enough to sign an agreement with the product distributors that states, among other things, that if they use it off-label and an event occurs, we, as a manufacturer, are not liable?

Answer: If you know that the product will be used off-label, then your responsibility would be to change related intended use, labeling, or IFU. In other words, if a new intended use is created by professional users and you know about it, you must provide adequate labeling. In addition, such off-labels may fall under “reasonably foreseeable misuse” and should be covered through risk management. You could also review Team-NB-PositionPaper on Off-Label Use (2022). If such new off-label use is considered, you would also need to address it in your PMCF plan.

Question: Since accessories are also referred to as devices (MDR Article 1:4), we plan to perform a “risk evaluation” for each accessory in our product. Is our approach correct?

Answer: We understand your logic; however, if you follow it to its full potential, you will have to do GSPR, PMS, PMCF, clinical evaluation, etc., for each accessory of the product, which was not, in our opinion, the legislator’s intention.   Each accessory contributes to the overall risk of the product and may include specific risks related to the accessory. Still, we would reserve the term “risk evaluation” for the final product only. I think that your approach may apply to a greater extent to the products contained in the “Procedure pack” (MDR 2(10) or “System” (MDR 2(11)). Similarly, for devices incorporating a medicinal product (Rule 14), you need to justify (risk, clinical benefit, etc.) the addition of medicinal substance(s).

Question: During the audit our Notified Body (NB) reviewer asked to see CE certification (according to MDR Article 23) for the critical part included in our device. We don’t agree with such an opinion. Is our NB correct?

Answer:  According to MDR Article 23 (Parts and components) only “An item that is intended specifically to replace a part or component of a device and that significantly changes the performance or safety characteristics or the intended purpose of the device shall be considered to be a device” and needs to comply with MDR.
This means that company which repairs the device by replacing a part or component of a device that significantly changes the performance or safety characteristics or the intended purpose of the device – such item/part/component will be considered medical device and be CE certified; and such entity would be regarded as – a legal entity.

Question: Does a company need to designate a person or persons responsible for cybersecurity within the company?

Response: According to IEC 81001-5-1: 2021-12 Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle (see clause 4.1.2) – the Company needs to designate a person (personnel) responsible for the cybersecurity, same as for other organizational roles. Likewise, a Company should define and document all cybersecurity activities and processes in the Company.

Question: Does the personnel carrying out cybersecurity tasks need to have appropriate education, experience and/or training?

Answer: Certainly, like for all other job positions in the Company. This is ISO 13485 (6.2 Human Resources) requirement: “Personnel performing work affecting product quality shall be competent with appropriate education, training, skills, and experience. The organization shall document the process(es) for establishing competence, providing needed training, and ensuring awareness of personnel.”

Question: Do penetration testing laboratories (suppliers), must be accredited?

Answer: The recommendation is to use Penetration testing laboratories which are accredited, if possible.  The company is usually not requested to audit these suppliers. Instead, for the criteria for evaluation and selection of suppliers (as per ISO 13485 cl. 7.4.1), the company could use other means for rating performance and ability of penetration-testing suppliers, such as penetration test report reviews and questionnaires.

 

See more about MDR-IVDR Consulting  here.