While the focus of EU regulatory compliance for medical devices and IVDs over the last few years has been firmly on the MDR and IVDR, it is important to remember that depending upon their characteristics, devices may fall within the scope of other EU legislation. Both the MDR and IVDR include several references to other EU legislation and requirements related to regulatory conformity to other applicable EU legislation. Particularly in the case of devices self-certified under the MDD/MDR/IVDD/IVDR, we continue to encounter instances where manufacturers have not considered, when applicable, addressing device conformity with other EU regulatory requirements.
EU regulatory compliance regarding medical devices and IVDs
In this article, we will briefly discuss some observations regarding device regulatory compliance.
1. Declaration of conformity
Annex IV of the MDR/IVDR establishes the minimum content requirements for EU declarations of conformity for devices, which include:
“A statement that the device that is covered by the present declaration is in conformity with this Regulation and, if applicable, with any other relevant Union legislation that provides for the issuing of an EU declaration of conformity.”
Therefore, when preparing a device for EU regulatory compliance (including accessories), manufacturers must identify any such other EU legislation applicable to their device. Currently, other EU legislation that provides for the issuing of an EU declaration of conformity that (depending upon their characteristics) devices may fall within scope include:
We continue to encounter scenarios where a device is clearly within the scope of at least one of the above directives only for the declaration of conformity and/or technical documentation file to not demonstrate conformity with the applicable legislation. Such observations have not been restricted to self-certified devices, as we have seen this scenario with higher risk devices, where the NB has not initially identified this as a non-compliance.
Furthermore, despite Article 5 of Decision 768/2008/EC establishing that a single declaration of conformity be drawn up with respect to all EU acts applicable to a product, it was not uncommon under the MDD and IVDD for manufacturers to prepare standalone declarations of conformity for each applicable EU legislative instrument. However, for conformity with the above requirement from the MDR/IVDR, only a single declaration must be drawn up by the manufacturer.
2. Electronic instructions for Use (e-IFU)
As no additional legislative instruments have been established for the supply of e-IFU for IVDs under the IVDR, EU regulatory compliance regarding e-IFU beyond the MDR/IVDR is a concern restricted to non-IVD devices.
In the case of non-IVD devices, GSPR 23.1(f) establishes that the provision of instruction for use in non-paper format (e.g. e-IFU) can only be performed to the extent and under the conditions set out in Regulation (EU) No 207/2012 or in any subsequent implementing rules adopted pursuant to this Regulation. Towards the end of 2021, Implementing Regulation (EU) 2021/2226 was published in the Official Journal of the European Union (OJEU) and while the latter is applicable to devices CE marked under the IVDR, under Article 10 of this implementing regulation, the former continues to apply for devices placed on the market or put into service in accordance with the transitional provisions of the MDR (i.e. legacy devices).
Both regulations are closely aligned and include requirements related to:
-
- Conditions for the exclusive provision of e-IFUs
- Device labelling for the exclusive provision of e-IFUs
- Risk assessments for the provision of e-IFUs
- Retention of e-IFUs
- Websites containing e-IFUs
Despite Regulation (EU) No 207/2012 having been published more than ten years ago and applicable to devices under the MDD, we continue to observe manufacturers not providing e-IFUs in a manner compliant with the applicable regulations. In particular, we have encountered scenarios where manufacturers (erroneously) believe that these regulations are only applicable to devices where the instructions for use are provided exclusively in a non-paper format.
As established under Article 9 of these e-IFU regulations, e-IFUs which are provided in addition to complete instructions for use in paper form, shall be consistent with the content of the instructions for use in paper form. Where such instructions for use are provided through a website, this website shall fulfill the requirements set out in:
Therefore, manufacturers that make available e-IFUs for their devices placed on the EU market via their company website (or other location), in addition, to complete paper-based instructions for use provided with the device, must ensure that the website where these e-IFUs are available fully complies with either of the EU e-IFU regulations, as applicable.
3. General data protection regulation (GDPR)
The reference to the GDPR (Regulation (EU) 2016/679), which supersedes Directive 95/46/EC, under Article 7(2)(d) of Regulation 2021/2226 in the table above is a good lead into the applicability of the GDPR to devices regarding EU regulatory compliance.
As noted previously, there are no standalone e-IFU regulations applicable for IVDs and these devices are clearly outside the scope of Regulation 207/2012 and Regulation 2021/2226, as established in each respective regulation. However, where e-IFUs are provided via a website, personal data collected via that website is clearly within the scope of the GDPR, just as it is for websites where non-IVD device e-IFUs are accessible to users in the EU. With the increasing ubiquity of medical device software (MDSW) that falls within the scope of the MDR or IVDR, manufacturers are also increasingly directing users to their websites for additional product information in addition to e-IFUs. Therefore, both IVD and non-IVD device manufacturers should ensure that websites hosting e-IFUs or providing other information on their devices placed on the EU market comply with the GDPR.
Additionally, where devices incorporate cloud-based computing platforms with artificial intelligence/machine learning capabilities, the collection of personal data must also be performed in a manner compliant with GDPR (and cybersecurity) requirements.
4. Chemical safety
Lastly, chemical safety (and related waste management) is another important area of EU regulatory compliance, highly regulated in the EU, under the remit of the European Chemicals Agency (ECA). In addition to the RoHS directive mentioned above, it is critical that device manufacturers comply with applicable chemical safety regulations, as relevant, including the following:
-
- Biocidal Products Regulation 528/2012 (BPR) (as amended)
- Classification, labeling and packaging of substances Regulation 1272/2008 (CLP) (as amended)
- Regulation 1907/2006 concerning the Registration, Evaluation, Authorisation, and Restriction of Chemicals (REACH) (as amended)
- Waste electrical and electronic equipment Directive 2012/19/EU (WEEE) (as amended)
- The Battery Directive 2006/66/EC (as amended)
Learn more about EU regulatory compliance with MedEnvoy
If you have any additional questions regarding EU regulatory compliance beyond MDR/IVDR, get in touch.