After four years of negotiations, European lawmakers agreed on June 15 on a new EU Medical Devices Regulation (MDR).
The MDR is the equivalent to the FDA’s CDRH regulations in the United States and essentially specifies the applicable rules when importing medical devices into Europe, which is the world’s second-largest device market. Rules relate, for example, to product classification; quality system standards; pre-market authorization; and reporting of adverse events.
The final version of the MDR – a hefty 352 pages – was published on June 27 and is now reviewed by the EU’s legal editor for drafting or law-technical errors. It then needs to be translated into all EU member languages, followed by formal publication. After publication, expected in late 2016 or early 2017, there will be a three-year transition period as the medical device industry will need time to comply with the new requirements.
Some of the key changes are:
- New obligations on companies
Unique Device Identifiers (UDI) will be introduced gradually, similar to the system in place for the US market, to increase traceability of devices through the supply chain, and to facilitate product recalls if needed (similarly, all economic operators will have a single registration number or SRN). This may lead to the manufacturer having to change the product label (barcoding). Manufacturer will also be required to engage a medical device expert responsible for regulatory compliance management. Manufacturers will be required to take out an insurance policy for possible liability claims for defective devices.
Other operators in the supply chain aside from the manufacturer face also new obligations. For example, importers and distributors will need to verify compliance of the device; inform competent authorities in case of non-compliance; etc. This is in line with the greater emphasis in the MDR on companies having to follow up on quality, performance and safety of devices after they are placed on the market. Even the so-called for-profit, private ‘notified bodies’ (empowered at national level to approve new devices) will have the right and duty to carry out unannounced on-site audits and to conduct physical or laboratory tests on medical devices to ensure continuous compliance.
Pre-market approval, however, remains critical as well, and will become more ‘frontloaded’ than under the current system. The essential conformity requirements – now called ‘general safety and performance requirements’ – have grown, so manufacturers will need to review and update their existing quality systems and technical files. They will also need to be more active in collecting data to support safety and efficacy. This is certainly the case for clinical evaluation of devices, especially high-risk devices such as implantable devices. Increased post-market surveillance is also relevant in this context as manufacturers will have to draft so-called PMCFs (Post-Market Clinical Follow-Up) and PSUs (Periodic Safety Update reports) to ensure safety and performance throughout the expected lifetime of the device.
Other regulatory requirements will come into place in relation to a variety of business practices, such as, relabeling/repackaging; reprocessing of single-use devices; hospital produced (“home brew”) devices.
- Extended product scope
Certain products currently not qualified as a medical device, will now fall under the definition of a medical device and thus within the scope of the MDR such as products used for cleaning, disinfecting or sterilizing other medical devices (e.g. endoscope washer/disinfector) or devices for purposes of control or support of conception (e.g. condom). Their accessories will also be covered by the MDR (e.g. devices used to position or remove invasive or implantable contraceptives).
Even products without intended medical purposes but rather aesthetic or cosmetic ones such as contact lenses, liposuction or laser equipment for skin treatment are considered a medical device. The European Commission can add other products to this category and has to adopt so-called common specifications detailing safety and performance requirements for these products.
Whilst general purpose software or lifestyle/wellbeing software is not considered a medical device, all software and mobile health apps designed for any of the purposes included in the definition of medical devices (e.g. forecasting or prognosis of diseases) will be regulated.
In vitro diagnostics are not subject to the MDR but fall under the newly adopted stand-alone regulation.
- New classification rules
Medical devices are assigned to one of the four regulatory classes based on the intended purpose of the device and the risk the device poses to the patient and/or the user. Some devices will be “up-classified” according to new classification rules which in turn may lead to a new conformity assessment having to be carried out for the device concerned. This may be the case for nanotechnology and substance-based medical devices, specific orthopaedic implants, life-saving active medical devices, etc.
Increased access and transparency of data
The European Database for Medical Devices (Eudamed) – the equivalent of the US’s MAUDE database – holds information on medical devices collected from the European Commission and national authorities. Under current rules, only these authorities can access Eudamed. However, Eudamed access will be expanded now (partially) to market participants, incl. notified bodies; manufacturers; patients; healthcare professionals and the public. The accessible medical device data will encompass UDI and SRN data; post-market surveillance data; conformity assessment applications; safety and clinical performance summaries.
Preparing for the new MDR
There is no grandfathering from CE marked medical devices under the current medical device directive to the new MDR. So a conformity assessment will be required for all existing and new devices. While medical device companies have 3 years to become compliant, they should begin implementation of the adjustments under the MDR as soon as possible. This transition plan includes:
- prepare a gap assessment to juxtapose existing obligations against new or changed obligations under the MDR, especially in case of a possible new status and risk class for the device;
- review business agreements and processes to take into account the different roles and responsibility of market operators and supply chain regulation;
- update technical documentation, systems and processes regarding safety and performance requirements including labelling requirements (e.g. SRN, UDI);
- keep track of new or revised guidance issued by the European Commission and regulatory acts which further implement the MDR (and also old law that remain applicable (see preamble 70)