Medical Device Regulation (MDR)
The European Union's comprehensive framework for ensuring the safety and performance of medical devices throughout their lifecycle.
Specialist Medical Regulation - Overview Only
The Medical Device Regulation (MDR) is a highly specialized regulation targeting medical device manufacturers, healthcare software developers, and medical technology companies. This law requires deep expertise in medical device development, clinical evaluation, and healthcare regulatory compliance.
Note: This website provides educational overview content only for MDR. We do not offer compliance tools, templates, or detailed implementation guidance for this medical regulation.
Critical Compliance: MDR is already fully in effect. All medical devices placed on the EU market must comply with MDR requirements. Existing MDD certificates have limited validity and must be transitioned to MDR.
The Medical Device Regulation in Plain English
The MDR is the EU's law governing medical devices - from simple bandages to complex surgical robots. It ensures that any medical device sold in Europe is safe, works as intended, and continues to be monitored throughout its lifetime on the market.
The regulation replaced the older Medical Devices Directive (MDD) with much stricter requirements. It covers not just traditional medical devices, but also medical software, apps that diagnose conditions, and devices with artificial intelligence components. The key principle is that the higher the risk to patients, the more rigorous the requirements.
Who This Law Primarily Affects: Medical device manufacturers, healthcare software developers, medical technology companies, and organizations developing AI-powered health applications. Most healthcare organizations interact with MDR-compliant devices as purchasers and users rather than as regulated manufacturers.
Medical Device Risk Classifications
Class I (Low Risk)
Self-declaration possible:
- • Bandages and dressings
- • Non-sterile gloves
- • Walking aids
- • Simple medical software
- • Basic wellness apps
Class IIa (Medium-Low Risk)
Notified body involvement:
- • Blood pressure monitors
- • Hearing aids
- • Contact lenses
- • Some diagnostic software
- • Medical imaging equipment
Class IIb (Medium-High Risk)
Stricter notified body review:
- • Dialysis machines
- • Ventilators
- • Surgical lasers
- • AI diagnostic tools
- • Radiotherapy equipment
Class III (High Risk)
Most stringent requirements:
- • Heart valves
- • Pacemakers
- • Brain implants
- • Life-support systems
- • Advanced AI in critical care
Key MDR Requirements
Clinical Evidence
Much stronger clinical evidence requirements, including clinical evaluations and post-market clinical follow-up for higher-risk devices.
Unique Device Identification (UDI)
Every device must have a unique identifier for traceability throughout its lifecycle, from manufacturing to disposal.
Authorized Representative
Non-EU manufacturers must have an authorized representative in the EU who takes legal responsibility for the device.
Post-Market Surveillance
Continuous monitoring of device safety and performance once on the market, with mandatory reporting of incidents and trending.
Quality Management System
Comprehensive quality management system (ISO 13485) covering design, manufacturing, and post-market activities.
Cybersecurity Requirements
Software medical devices must demonstrate cybersecurity throughout their lifecycle, including regular security updates.
What This Means for Different Stakeholders
For Medical Device Manufacturers
- • Comprehensive compliance requirements
- • Determine device classification early in development
- • Invest in comprehensive clinical evidence
- • Implement robust quality management systems
- • Establish post-market surveillance systems
Note: Requires specialized medical device regulatory expertise and significant compliance investment.
For Healthcare Software Developers
- • Assess if software qualifies as medical device
- • Implement software lifecycle processes (IEC 62304)
- • Plan for cybersecurity throughout lifecycle
- • Consider usability engineering (IEC 62366)
- • Document software safety classification
Note: Most general business software and wellness apps are not medical devices under MDR.
For Healthcare Organizations
- • Limited direct compliance requirements
- • Verify CE marking before purchasing devices
- • Check UDI registration in EUDAMED database
- • Report serious incidents and device defects
- • Ensure staff training on device operation
Note: Healthcare providers primarily interact with MDR as purchasers and users of compliant devices.
Penalties and Enforcement
Administrative Penalties
- • Product recalls and market withdrawal
- • Suspension or withdrawal of CE certificates
- • Prohibition on placing devices on market
- • Mandatory corrective actions
- • Public warnings and notifications
Financial Consequences
- • Criminal penalties vary by EU member state
- • Civil liability for patient harm
- • Legal costs and regulatory fees
- • Lost revenue from market restrictions
- • Reputation damage and market loss
Common MDR Questions
Is my health app considered a medical device under MDR?
It depends on the app's intended purpose. If your app diagnoses, treats, prevents, or monitors medical conditions, it's likely a medical device. Apps that only provide general health information or lifestyle tracking typically aren't medical devices. The key test is whether the app has a medical purpose as intended by the manufacturer.
Can I still use devices with MDD certificates?
MDD certificates are being phased out. The validity depends on when the certificate was issued and the device class. Most MDD certificates are no longer valid for new devices placed on the market. Existing devices may continue to be sold until their MDD certificate expires, but no later than May 2024 for most devices.
Do I need a notified body for all medical devices?
No, only for Class I sterile/measuring devices, Class IIa, IIb, and Class III devices. Class I non-sterile devices can be self-declared by the manufacturer. However, the self-declaration process still requires comprehensive technical documentation and compliance with all MDR requirements.
What's the difference between MDR and FDA requirements?
MDR and FDA have different approaches: MDR focuses more on clinical evidence and post-market surveillance, while FDA emphasizes pre-market approval processes. If you're selling globally, you'll need to comply with both, though some clinical data and quality system elements can be shared between the two regulatory systems.