Bottleneck of bottlenecks for notified body capacity

Frank Drebin nothing to see.gifPeople that are downplaying the notified body bottleneck may need to start to revisit their position with notified body LRQA now also dropping out of the notified body pool for medical devices and IVDs. This is especially a problem with respect to IVDs, as LRQA is one of the notified bodies traditionally handling a large share of the currently CE certified IVDs in the EU. This expertise and capacity will now be lost and not be available for the IVDR transition and for soft transition under the IVDR. And the general medical devices capacity is also lost of course too.

The case of LRQA

The case of LRQA shows that notified bodies are not only suffering in the end of the long tail, but also at the beginning of the tail. Three things are happening now.

Schermafbeelding 2019-06-13 om 13.03.20

First, LRQA is ceasing its MDD and IVDD services – this means that its current customers need to transfer to another notified body. Customers that had relied on LRQA to support them for soft transition (2020-2024 under MDD or 2022-2024 under IVDD) have to find another currently notified notified body to support them. Since LRQA was servicing a large part of the IVD industry that need CE certificates currently, this will be difficult and a bottleneck in itself. A transfer to another notified body may take longer than you have until the date of application for the MDR (26 May 2020). Also, customers of LRQA will need to transfer as soon as they can, because when a notified body closes down, the certificates will be withdrawn – regardless of the expiry date on the certificate (this is something that many manufacturers still misunderstand). It means that customers of LRQA may need to massively apply for orphaning protection with competent authorities if they cannot complete their transfer before LRQA closes its doors for the directives (90 days as of 12 June 2019).

Secondly, LRQA is abandoning its pursuit of a notified body in the Netherlands – this means that their Brexit hedge is terminated and less of the current capacity of notified bodies in the UK ends up being transferred to the EU27, so less total capacity available.

Finally, they announce that they are not pursuing their MDR and IVDR notification. This means that this capacity will not be available for the IVDR transition, which is a pity given the enormous amount of currently non-CE certified IVDs that need to be CE certified under the IVDR.

LRQA will probably not be the last

Bladerunner tears in the rain.jpgSo, we are faced with the scenario that notified body capacity is rapidly decreasing, and a lot faster than new capacity is being added. In fact, new capacity is not being added because no new notified bodies are entering the market for certification services under the MDR and IVDR – the only new ones are UK notified bodies transferring to EU27, of which LRQA was one. NSF, the only really new NB on the block that I knew about, has abandoned its IVDR application in the mean time. 9 of of the 22 Team-NB IVDD notified bodies will not apply for IVDR, and the rest is in various stages of application or considering to apply for IVDR. MDR figures are also looking bleak.

You do not need to be a mathematical genius to see that with a projected increase of notified body workload of 780% (source: MedTech Europe) and a rapidly decreasing installed base of capacity of notified bodies, there will a bottleneck of bottlenecks. I predict that LRQA will not be the last notified body to abandon medical devices altogether.

Some Member States are getting kind of worried too. The Germans and Irish drew attention to the bottleneck recently asked for attention to this at the Employment, Social Policy, Health and Consumer Affairs Council session on 14 June 2019 in the general context of implementation of the MDR and IVDR (which, as I have blogged, is far from ideal to begin with):

“[…] based on the number of notified bodies which are expected to be available on time, there will still be significantly fewer notified bodies than currently exist. In addition, data is not available on the capacity these designated bodies will afford the system.

[…] The concerns expressed are that these products cannot continue to be placed on the market under their existing Directive certificate up until 2024, like most other existing medical devices and that this will lead to market shortages.”

In other words – I will translate these euphemisms for you – we are feeling our way along in the coal mine of the new unfinished regulatory system, a cage with a bunch of dead canaries in our hand, and we have no idea if what we are doing is going to produce the regulatory approval capacity we need.

MedTech Europe has recently used uncharacteristically strong language in this regard in an open letter to the European Commission:

“This situation is clearly untenable, and time has run out to build a functioning regulatory system. This set of circumstances will profoundly disrupt the medical technology internal market and create yet another significant ‘Cliff Edge’ putting patient safety, healthcare services and EU healthcare environment in a major disarray.”

I agree completely with them. In the end, this is about continuity of healthcare services – should be kind of important to member states as well.

What to do

For devices companies this means that more than ever you – apart from having your MDR/IVDR transition totally sorted out and on track – have to vigilant to signals from your notified body that they may be closing down, and be in absolute shipshape with your compliance in order to have a chance of a quick transfer to another notified body. In addition, you need to understand how the orphaning process works in case you need it. So plan for different scenarios, and include the worst in them. As I have told several CEOs of devices companies downplaying things in the mean time “It’s only core business – how can that ever be relevant to the company, right?”

 

 

 

National MDR and IVDR implementation news – Netherlands implementation decree consultation

Schermafbeelding 2019-05-12 om 03.11.22While nothing much comes out at EU level and member states seem to wait until the last moment with implementing legislation (because the people needed for that are caught up in the gridlocked Brussels MDR and IVDR implementation process as a result of structural under-resourcing of medical devices oversight) some member states are really on the ball – I give you the case of the Netherlands:

Netherlands implementing decree

The Netherlands is putting in place the last bits of its MDR and IVDR implementing legislation with the amended Medical Devices Act in the senate for sign-off (slated for first examination on 14 May) and is currently consulting on the draft implementing decree until 24 May, which contains the juicy substantive bits of the MDR and IVDR policy options to be exercised by the Netherlands (in addition to the surveillance options that I discussed in a recent seminar – up to 10% of turnover in fines possible and additional criminal liability, people!).

The Dutch draft decree provides an interesting insight as to how an EU member state would implement the MDR and IVDR as regards:

  • implant card;
  • details on reprocessing of single use devices (which ones may not be reprocessed and mandatory procedures for reprocessing);
  • details on reprocessing of re-usable invasive devices (requirements and procedures for health institutions engaging in this); and
  • labelling of sterile devices.

If these items are important to your company in the Dutch market and you would like to know more or if you need help responding to the consultation, let me know. The consultation ends on 24 May, so any reaction has to be submitted by that date.

Not covered in the decree

There is also a lot not in the implementing decree, like for example what type of in-house developed medical devices and IVDs are not allowed. In fact, the implementing decree does not cover any of the national policy options under the IVDR (not that there are many though).

Also, the decree (as well as the implementing act on which the decree is based) is silent on what every manufacturer, importer and autorised representative wants to know at this point in time: how, where and when can I obtain my Single Registration Number (SRN), and how long will it take? The SRN is mandatory for communication with the Eudamed database and for making a conformity assessment application under the MDR and IVDR, so kind of crucial.

 

IVDR, in-house developed tests and the state of MDR/IVDR implementation

Schermafbeelding 2016-06-30 om 20.13.42In several posts on this blog I have discussed the severe impact that the IVDR will have on the IVD industry selling in the EU (just click on IVDR in the tag cloud on the bottom right of the page).

My firm has organised multiple seminars and I have spoken about this on more conferences and occasions than I can remember.

Yet, at the Molecular Diagnostics Europe conference this last week it turned out that at this stage still really only the big IVD companies really know something about the IVDR. Small and mid-size companies and the investors in these companies mostly have no idea whatsoever how to approach the IVDR (if they have heard about it at all), if they know about its existence in the first place. Health institutions are generally not aware that the IVDR will have enormous consequences for their in-house produced diagnostics installed base and going forward.

Here is my presentation at that conference, which raised a lot of eyebrows in surprise:

 

 

The IVDR stands to be an even bigger bottleneck I think than the MDR, for several reasons:

  • the regulatory paradigm shift is bigger than for the MDR – because of the reclassification of IVDs most IVDs will need a CE certificate issued by a notified body and they will need it by the date of application if they did not have a CE certificate under the IVDD (the vast majority of IVDs)
  • While the IVDR is projected to lead to an increase in notified body capacity needed of 780% (says MedTech Europe) there certainly is no increase of 780% in notified body capacity available to the market. In fact, not a single notified body as been accredited for the IVDR at this moment and the pipeline of notified bodies under review shows a decrease in notified bodies available to the market (less than under the IVDD).

Needless to say, this will cause a really really disruptive bottleneck that may lead to disruptions in healthcare because tests relied on on a continuous basis may suddenly not be available any more for shorter or longer periods. These tests cannot quickly be replaced by in-house developed tests as the requirements for these tests have also increased a lot (see below). Or the other way around: in-house developed tests are suddenly not available anymore because the health institution has been sitting on its hands and did not do its article 5 (5) IVDR homework and cannot quickly replace the tests by CE marked ones. This will likely be a major issue in my country (the Netherlands) where in-house developed tests form a large part of the health institutions’ portfolio of tests.

Stalling implementation increases IVDR bottleneck too

This bottleneck is only increased by the continued absence of the vast majority of implementing guidance and legislation that is still necessary to make the IVDR and (at a much earlier time) the MDR work. IVD companies should be hard at work on their implementation and should have their first conformity assessment applications in the works to gain experience with it. Except that they can’t because there is no notified body available yet.

MedTech Europe is quite right to keep raising this with the European Commission in the strongest wording possible. COCIR has also been very vocal about the delay in harmonized standards. As I have blogged on occasions: it certainly is not good legislative and administrative practice to deliver an incomplete new regulatory system and then spend the transitional period foreseen for the addressees to implement the rest of it while the addressees remain incapable of knowing what the rules actually are, frustrating their useful implementation the rules for their products. It will not do to tell industry it has to do much better and then fail at providing the necessary rules for industry to do better by. Indeed, we are two years into the transitional periods under the MDR and IVDR with scandalously little to show for it on the part of the authorities.

This situation punishes companies that try to be compliant with the new rules quickly and it leads to calculated prisoners dilemma behaviour in other companies that hope to get away with not implementing unfinished and unclear rules. This is not the kind of orderly transition you would like to see in a regulated space where human lives depending on the products concerned, and the availability of the products concerned depends regulation being available.

GDPR

Implementation of the IVDR, and the possibly enormous amounts of data required for performance evaluation to the new standards, necessitate a precise and thorough understanding of the General Data Protection Regulation (GDPR) in order to be compliant with that regulation as well, as is explained in the presentation above.

The GDPR is woven into the IVDR, and has to be taken into account in dealing with performance data for the purpose of the performance data requirements under the IVDR. The GDPR has its own strict regime for data concerning health (e.g. patient related data about a patient sample that tested positive for syphilis) and genetic data (another category of data very relevant in molecular diagnostics). Compliance by design is therefore not only an IVDR thing, but implementation of the IVDR necessitates co-implementation of the GDPR (which requires privacy by design) if your company is processing plain personal data, personal data concerning health or genetic data. And with the very broad GDPR concept of personal data this is sooner than you think. Not a week passes in which I am not explaining to a (mostly US) company that taking off some identifiers does not (I repeat NOT) render personal data anonymous for EU GDPR purposes when the coding is reversible (and even if the key is held by a third party) so it remains personal data regulated under the GDPR.

Labs, healthcare institutions and home brews

One of the subjects not addressed in the presentation but in my experience a major subject of misunderstanding by healthcare institutions is the non-grandfathering of the existing home brew/lab developed test base currently in use in healthcare institutions and labs. The fact that these tests are currently being used does not automatically mean that nothing needs to happen under the IVDR. Since the IVD Directive currently explicitly excludes them from its scope, they have never been placed on the market for the purposes of EU IVD legislation, and are therefore not subject to the transition regime provided by the IVDR. The IVDR contains a regulatory regime for these products in article 5 (5) that applies as of the date of application of the regulation. Since these devices are subject to national regulation and are excluded from the IVD Directive (IVDD), they are not yet placed on the market or put into service under the IVDD. They become devices regulated under the IVDR as of 26 May 2022 and that means that article 5 (5) IVDR (which applies to devices manufactured and used in health institutions) is fully applicable without transitional regime, and also to the current installed base.

In order to keep using the installed base health institutions need meet the requirements in the IVDR (Annex I technical documentation and article 5 (5) requirements), which will be quite some work. This is a rather strict interpretation of the IVDR, but by the letter of the IVDR in my opinon the only right one, as the Blue Guide logic that a device a product that has been put into service under national law does not automatically count as already put into service for the purposes of the IVDR, as the IVDR did not apply yet and neither did the IVDD.

The only way out of this conundrum is for the member states to clarify that the installed base of in house produced IVDs put into service before the date of application counts as already legally put into service and therefore does not need to meet the article 5 (5) requirements by the date of application. The Commission cannot do this because the LDTs were always excluded from the IVDD. This would be a strange step to have to take  though because you would have expected these devices to have been included in the sell-off provision under article 110 (4) IVDR until 2025 or otherwise addressed in the transitional regime. That provision however only applies to devices placed on the market before the date of application and still in the supply chain, but not to those put into service before that date (because in-house developed tests were never placed on the market).

Recognising the in-house developed installed base as placed on the market already or put into service already would lead to the strange situation that we would be dealing with two groups of in-house developed tests for possibly years and years: the formerly unregulated ones that remain subject to national law and the ones regulated under the IVDR, which would be subject to wildly diverging rules. In addition, every new device put into service of the same type of in-house developed test after the date of application (26 May 2022) would need to meet the article 5 (5) IVDR requirements anyhow (which more or less amount to meeting the IVDR requirements for a self-certified IVD).

In addition and importantly, the health institution needs to prove as of that date that its in-house tests are better than equivalent CE marked tests on the market. This requirement applies throughout the life cycle of the in-house test (like the other article 5 (5) IVDr requirements for in-house developed tests), so the health institution must monitor equivalent CE marked tests in the market on a continuous basis and switch when a better commercial CE marked test becomes available.

At best the transitional regime is – in my view – currently very unclear for in-house developed tests. Better get it clarified with your local competent authority. This competent authority will (or should) be able to also let you know whether it plans to restrict the manufacture and use of any specific in-house developed test as article 5 (5) IVDR allows.

So

Companies in IVDs: do not postpone IVDR transition and do not ignore GDPR. Two years of the transitional period for the IVDR have already passed, and it is 26 May 2022 before you know it, especially if you are on the bottom of the pile at an IVDR accredited notified body or if you need to get your performance data in shape to meet the new requirements. The GDPR is already fully applicable since 25 May 2018, so authorities have no patience whatsoever with companies that start to understand this only now.

Labs in health institutions: the IVDR also applies to you. Clarify the regulatory status of your existing installed base of LDTs (and start working on your article 5 (5) IVDR dossiers and QMS) and prepare to have to continuously justify the use of an in-house developed test against what is available as equivalent CE marked tests on the market, which (I agree) may make investing in LDT development more problematic. Yet, the IVDR is set in stone since more than two years and you won’t change it any more at this stage.

Conferences!

If you are a US company in IVDs or medical devices and w/should like to know more about the MDR and the IVDR, consider visiting the RMD2019 USA conference in New Brunswick NJ on 13 and 14 June. This conference deals both with the MDR and the IVDR and is directed specifically to US companies – and I will be speaking there so you can ask me and the other experts any questions that you have.

Alternatively, join me at the Q1 3rd Annual EU MDR Implementation Conference on 16-17 July 2019 in Alexandria, VA, which is about the MDR only. You can meet me and other experts there in person to have your questions answered.

This was not the Corrigendum you were looking for

UnvollendeteSo, we have had yet another couple of weeks with many things happening, so you may enjoy the two core slides from a recent presentation of mine at the NEN MDR conference in the Netherlands.

In addition we had other interesting developments too: more guidance from the MDCG, this time about the scope of device covered by the clinical evaluation consultation procedure (formerly known as scrutiny) and of course a Brexit situation that gets crazier every couple of days it seems.

(Un)known (un)knowns

Implementing the Unvollendete (unfinished) symphony of the MDR is working with (un)known (un)knowns. This will help you get a better overview of the (un)known (un)knowns we are facing at the moment:

schermafbeelding-2019-03-22-om-21.30.44-e1553286765460.png

schermafbeelding-2019-03-22-om-21.30.32-e1553286855153.png

If you still don’t feel a sense of urgency, that’s fine. Either you are on collision course with reality or you have your MDR sorted out. In the latter case, high five and kudos to you

Corrigenda

So the Corrigendum was published, here for MDR and here for IVDR – for consultation among the member states. These were not the corrigenda many people have been hoping for, as there was not moving with the implementations at all. Happy scrolling, as all the languages have been included in one single document. For people that speak only one language, this is a nice moment to reconsider and marvel at the diversity of languages we have in the EU.

What stood out for me in the MDR corrigendum was:

  • animal origin products in article 1 (6)(f) MDR: they are now excluded from the transition provision in article 120 (10) MDR so they cannot be placed on the market anymore after the DoA in member states that allowed them before DoA.
  • accessories to Annex XVI non-medical devices are not classified in their own right anymore (see amendment to implementing rule 3.2).

The only real point in the IVDR corrigendum was that it is specified that the QMS assessment under Annex IX (full QMS and assessment of technical documentation) includes class B devices in section 2.3 (“Moreover, in the case of class B and C devices, the quality management system assessment shall be accompanied by the assessment of the technical documentation for devices selected on a representative basis as specified in Section 4.”). Class B devices are now also subject, of course, to notified body surveillance under section 3.5 of Annex IX.

Scrutiny scope guidance

More guidance was published: the MDCG published guidance on the clinical evaluation consultation procedure, the procedure formerly known as scrutiny, which interprets the three criteria that exempt devices from the pre-market clinical evaluation consultation procedure with the involvement of expert panels. The notice clarifies whether also devices already marketed under the (AI)MDD are exempt from scrutiny, which was a major point of concern with the expert panels not being up yet and notified bodies not accepting applications for MDR conformity assessment. This has now been clarified as that “the expression “device already marketed” cannot be intended to refer to a device already marketed uniquely under the new Regulation”. In other words, scrutiny is only for devices that are new at the time of the conformity assessment application for the MDR. That is for the better indeed, because otherwise the MDCG would have been completely clogged with the applications for existing devices, causing an enormous bottleneck.

Brexit and national exemption measures in EU27

No news article these days is complete without a Brexit reference. While the UK contorts itself inside out in an attempt to wiggle itself out of the corner it painted itself into with not wanting a hard Brexit but not  the deal that it negotiated with the EU either (yes, that is as incredulous as it sounds), the UK managed to get two weeks of delay to man up and face the music of the inevitable corner it painted itself into. In the mean time the UK politicians seem more interested in jockeying for each other’s positions rather than extracting the country from the brink of cliff edge Brexit.

Since all the real Brexit remediation needs to happen at national level, I would like to take you through the way my country, the Netherlands, did this. We are blessed (and this is not meant sarcastically) with competent people in the Ministry of Health and sufficient capacity at the competent authority the Healthcare Inspectorate. The Netherlands will set up a procedure to deal with the situation of companies that are in the process of transferring away from a UK notified body at the moment of a hard Brexit.

Schermafbeelding 2019-03-28 om 13.05.19

Although they do not posses the EU27 notified body certificate yet manufacturers can qualify for a six month exemption allowing them to sell devices in the Netherlands provided that they can demonstrate that there are no or insufficient alternatives for their product in the EU and there is a risk to the ensured continuity of healthcare in the Netherlands. And there are other formalities and requirements, such as that the manufacturer needs to prove that a transfer to an EU27 notified body was underway at the moment of the Brexit.

This means that the exemption is only available for manufacturers with indispensable devices that meet the other requirements as well. The rest has a big problem. I would assume that other EU member states are setting up or have set up similar procedures, but that may not necessarily be the case. Also, note that this is not an EU procedure, neither in the Netherlands nor anywhere else. This means that even in the lucky situation that you would qualify for an exemption in the Netherlands, you have to string your exemptions together on a per-member state basis using procedures that are not necessarily the same everywhere and may not lead to the same result everywhere.

What to expect for 2019 with MDR and IVDR implementation?

Hannibal A team MDr IVDRRemember the CAMD Roadmap (dating back to end 2017) that promised us a roll-out of MDR and IVDR items that were sometimes even marked ‘high priority’ and how that lifted our spirits (at the time)? Remember how this was supplemented with the Rolling Plan, which promised the roll-out of all roll-outs for 2019?

I have great news for you! All action items under the Road Map and the Rolling Plan were just magically delivered!

Oh no, scratch that. Silly joke and way too easy. The Rolling Plan was updated but no delivery of additional items yet. Sorry…

Yet, a lot is happening and a lot is scheduled or bound to happen in 2019 – fasten your seatbelts: here we go.

Updated rolling plan

The updated Rolling Plan was published on 19 February and provides updated timing and next steps for the development of implementing regulations and other actions/initiatives (see here for a nice overview by Medtech Europe):

  1. MDR Annex XVI products without an intended medical purpose: Consultation on draft text of common specifications in Q1 2019 now; dates for finalisation has moved up to Q1 2020.
  2. Scientific bodies’ (i.e., expert panels, EU reference laboratories and expert laboratories): For the various implementing acts the surveys are now marked as ‘finalised’ (as in December 2018). Only change: the move into drafting stage for the act on expert panels.
  3. Eudamed: still under construction – EUDAMED for PMS and clinicals may be only partly available or not at all by the date of application.
  4. Communications campaign: Documents slowly trickle in on the new dedicated website and library; public awareness initiatives underway.
  5. Medical Device Coordination Group (MDCG) subgroups: the evaluation of the applications is still ongoing, new MDCG subgroups are expected in Q1 2019.
  6. EU Medical devices nomenclature – the Commission is currently finalising its assessment in the view of a final decision to be taken by Q1 2019.
  7. Notified Body designation: 42 applications received by the EC, 3 further joint assessments scheduled (apart from the 25 already carried out).

Everything else stays the same. Summary: everything not delivered so far will be delivered in 2019 and if it isn’t delivered in 2019 there is a problem. Except for Eudamed, which is scheduled for March 2020 still, but in less functionality than originally expected. You’ll be able to enter your your devices though – hopefully.

Don’t mention the Brexit

Except that we must – the EU27 national authorities are now giving their own individual interpretations of what a Brexit scenario entails for labelling and placing on the market of products and it does not look pretty.

The Dutch authority has for example said that NBOG 2006-1 is out of the window and companies must amend their labelling per Brexit date, if necessary by means of stickering (which, as the drama in UK Parliament continues and everybody has lost patience with all the political posturing and delaying, may well be end of this month). This uncertainty is not a happy place to be in for companies selling medical devices.

Yes dear readers, the word you are looking for starts with ‘cluster’ and rhymes with ‘duck’. It shows us what a special breed of extraordinarily responsible persons politicians can be. We will miss the MHRA though, and all the good work they did in driving many of the MDR and IVDR work items at EU level – I personally am sad to see them go.

Upcoming corrigendum

Schermafbeelding 2019-03-10 om 13.46.28There is the interesting matter of the MDR and IVDR corrigendum coming our way. This publication is supposed to fix the mistakes and inconsistencies in these regulations and is a normal instrument for the EU that is regularly used for regulation that turns out to have mistakes in it. The big speculation of course is whether other things are changed too. While this is constitutionally not possible (as we would need to follow the legislative procedure for amending legislation for this) it may be that nevertheless some things will be sneaked into the amended texts.

I have seen a glimpse from what the corrigendum will contain in terms of non-corrections. The French competent authority ANSM published a report from a meeting with industry in which it went on the record that:

“The Commission has prepared a corrigendum to the regulations on MDR and IVDR to be presented to the Council and Parliament. In addition to simple editorial corrections, it is proposed to extend the transitional measures to Class I devices that require the use of a notified body (NB) or Class I devices that change class under the MDR, in order to avoid overloading NBs. While a large majority of the competent authorities are in favour of this measure, there are differences as to its legal form.
SIDIV asked whether such a measure was being considered for IVDs. For the time being, this is not the case, as the IVDR has a 5-year application period from its entry into force.” (my own translation from French)

If things happen this way (big if) then this would be big break for the struggling class I devices companies (like for example software) that I see have great difficulties finding notified body capacity for the MDR (because – duh, not there yet). I am personally not sure what the corrigendum will look like in the end, because the process is rather secretive and will likely be subject to some last minute politically motivated course corrections.

The ANSM report also confirms the difficulties that many companies are having with their notified bodies (which I have flagged repeatedly) and states that this is a grave concerned of ANSM. ANSM also confirms the widespread nature of notified bodies failing to meet their obligations throughout Europe, invites industry to notify it of any such practices and states that the Commission has been advised of this.

Upcoming guidance and implementation

Expect more guidance being delivered this summer. By mid-2019:

  • Guidance on vigilance (maybe earlier than summer)
  • Guidance on software
  • Guidance on classification
  • Guidance on clinical evidence

Further guidance is under preparation:

  • Guidance for substance-based devices
  • Common Specifications on Annex XVI (consultation ongoing at the moment)
  • Common Specifications on reprocessing (as well as Implementing Act)

Delivery of all of these items would allow for some good progress to be made under the CAMD Roadmap, so fingers crossed!

EMA guidance on combination products

The EMA has recently released a new guidance note on combination products in relation to the MDR and IVDR. As the EMA explains, important stuff because one in four centrally authorised medicines contains a device component. This first guidance note focuses on article 117 Directive 2001/83 because (yes it’s true) the MDR and IVDR amended the Medicinal Products Directive and applications for a marketing authorisation of a medicinal product with an integral medical device submitted as of 26 May 2020 must comply with the requirements of Article 117 of Regulation 2017/745. Article 117 MDR does not affect existing MAs for combination products but if there is a substantial change to the design or intended purpose of the device component, or a new device is introduced, after authorisation any required certificate/declaration of conformity/NB opinion should be submitted (as appropriate) to EMA/NCA as part of the variation/extension application.

The guidance will be continuously updated with new questions and new answers.

Eudamed specs

The Commission published a first draft version of the Eudamed specifications. One of the interesting things for me was that it became clear to what extent the database is open to the public. Section 8.2 of the document sets out the database fields that are available to the public: economic actor details UDI/device details, certificate and notified body details, information concerning clinical investigations (including reports and summaries), vigilance data and PMS information and market surveillance details. Confidential information will not be made public in these fields but to me it is as yet completely unclear how that will be arranged – the document refers to use of summaries and hiding of confidential data but that is not very precise. With respect to vigilance data the document states:

“To determine [what data remains confidential], it is to be defined what vigilance and post-market surveillance information could be available to the public. As long as there is no agreement among MS and with the Commission, these data will not be publically available.”

It will be interesting to see on what level of publicity this discussion will land. I hope that the Commission and authorities realise that there is legislation for personal data (GDPR) that is relevant to situations where there are small groups of patients concerned, and that too far going publication may negatively manufacturer willingness to report, as vigilance reports may often contain confidential details about devices.

More Eudamed and UDI related news: the designation of UDI issuing entities is expected by May 2019.

2019, the year of soft transition deadlines

Finally, 2019 will be the year of re-certification under the old directives one more year to benefit from soft transition. If you are planning to use this option, notified bodies are going to ask you to submit an application somewhere this year. Some are very clear about their deadlines (BSI has for example said end of Q1 2019), while others may be somewhat more flexible.

So 2019 will be the year of choices: are you going for recertification or the new regulation certificate, and in the first case: how will you not miss your window? The closer to May 2020, the busier the notified bodies will be with the MDR certifications, and they want the (AI)MDD re-certifications done before that time. Do not count on being able to do (AI)MDD recertification as in 2020, unless your notified body is very very confident that they have the capacity to do this.

schermafbeelding 2019-01-06 om 20.28.45

Finally a podcast

Feeling a bit overwhelmed by all this detail? In that case zoom out to the bigger picture and hear about the background to these new regulations on the Medical Devices Made Easy podcast.

Don’t give me Brexit problems, give me Brexit scenarios

so-long-farewell-and-auf-wiedersehen-goodbyeAt the moment I spend a considerable amount of my lawyering time answering questions concerning Brexit problems. My first question back to the company is: what are your Brexit scenarios? Did you make a plan to cover the scenarios and follow through?

Often the answer is “no, we don’t have a plan, because we don’t know what the Brexit will turn out to be.” If your company is stuck in this groove the good and bad news is that by now you have pretty much run out of options to take meaningful action to manage a no-deal Brexit, because that is scheduled for end March. Yes, next month. Pretty soon. Around the corner so to speak. 33 days from today. That’s really close.

In the mean time the UK is not a single step closer to accepting the separation package agreed with its negotiators in December last year, and things are getting more complicated with increased political fragmentation in the UK parliament. Other EU member states are explicitly warning the UK now that they have tossed the steering wheel out of the window and are flooring the accelerator with having delayed the vote about the Brexit package until 12 March:

img_1680

So maybe you still think now that a no-deal Brexit is a scenario with a degree of possibility that is worth planning for. That’s fine. I’m also quite sure that there were at least some dinosaurs that did not think that this huge meteor in the sky merited any further attention.

Reality doesn’t care whether you sink or swim

Reality really doesn’t care about whether what is happening is fair or not. Nature is not a moral theatre. The interesting thing about reality is that it has a nasty habit of just moving along, whether you like it or not. Even if you don’t paint yourself in a corner, reality may move the paint steadily towards you leaving you increasingly out of options. That is precisely what I see happening with a lot of medical devices companies at the moment. They wait and see while the paint creeps towards them, reducing their options by the day – literally.

Maybe the company has a Regulatory Cassandra or two doing their Cassandra thing, but we all know how these things work – management is usually not that concerned about things that are more than three months in the future. Why would they be? “It’s only core business, so how can that be important to the company?” I often say to management that is adopting a wait and see strategy for the MDR, the IVDR and/or the Brexit. And then management is not so happy with me. The Brexit only started almost two years ago.

Philosoraptor comet Brexit

So what can you still do?

So what can you still do? It’s never too late to do something. You can at the very least look at the checklist that the EU provided more than a year ago for CE marked goods:

  • Is my notified body in the UK without options to recertify in their EU27 counterpart? If so, then your certificates expire in case of a no deal Brexit and that has the consequence that you need new certificates, which you will need to get elsewhere.
  • Do I have an importer in the UK? If so, imports may become an issue after the Brexit, because the importer is not importing into the EU anymore.
  • Do I have an authorised representative in the UK? If so, move it to the EU27 because after the Brexit the AR is not in the EU anymore as required for an AR.

If the answer to any of these three questions is yes, action is required, unless of course you like moving all your chips to red or black and spinning the roulette hoping for a no Brexit.  If you are the roulette type, read no further. If you are not, consider the following questions:

  • Do I have bridging stock in the UK and in the EU? It may already be too late to ramp up production to produce bridging stock, but you can still move stuff around. Plan for the UK to recognise the CE mark post Brexit for at least some tome (which it announced it will do), but not necessarily the EU recognising CE marks of UK notified bodies post-Brexit. Emergency measures may be taken, but they also might not be taken. Maybe only for essential devices, which your device might not be. Also think about the other things that might happen that may make it harder to move stuff around between the UK and the EU, such as customs requirements. Even if you do not have bridging stock, see how much product you can place on the market in the EU27 before the hard Brexit that may invalidate your certificate. Placed on the market is the safe place to be.
  • What is the lead time for putting alternative market access routes in place? In other words – how quickly can you obtain new CE marking in the EU27 for the devices CE marked by UK notified bodies? Do you have contacts with a notified body that can still effect a voluntary transfer before the end of next month (probably not)?
  • Also, the Brexit may affect all kinds of activities you have in or with the UK, such as import, production, parts or raw materials suppliers. See for every conceivable notice here. Better make sure that you manage those dependencies too.

In the mean time the UK has published its new design for product marking that will replace the CE mark upon a no-deal Brexit: “CA UK”. This will replace the CE mark and will be the mark resulting from the UK applying legislation post-Brexit that will very much look like the MDR and the IVDR. Or maybe they will do something else – they are on their own and rumour has it that regulatory competition will be an important selling point for the UK post Brexit.

Re-labeling for EU27 notified bodies

The Commission published another notice on 1 February 2019 with Brexit Q&A for industrial products  that confirms the above action points. But it also address the thorny question of relabelling of medical devices with the new notified body number (and don’t forget other relabel items such as authorised representative). Under heading D of the Q&A the Commission clarifies that there is no escaping relabelling when certificates are transferred to an EU27 notified body pre-Brexit (the certs are technically not transferred, because the new notified body issues new ones but anyway). Two important points:

  • The transfer of certificates from a UK Notified Body to an EU-27 Notified Body needs to take place before the withdrawal date (in case of no-deal Brexit 29 March midnight CET), on the basis of a contractual arrangement between the manufacturer, the UK Notified Body, and the EU- 27 Notified Body.
  • no need to change the Notified Body number for products already placed on the EU-27 market or manufactured before the transfer of certificate has taken place and not yet placed on the EU-27 market. However, products manufactured after the transfer of the certificate has taken place should be marked with the new EU-27 Notified Body number and it will not be possible to continue to use the UK Notified Body number until the end of the validity of the original certificate issued by it. 

In practice it turns out that it rather depends on

  • the EU27 notified body what transfer process they can offer, as not everybody’s competent authority is minded to allow their notified bodies to offer a swift transfer process, while some do. This difference in my view is kind of nuts, because we have the NBOG that is supposed to oversee consistency on this point. Apparently the NBOG competent authorities are not really aligned on this.
  • the UK notified body transferring what they can agree to in terms of moving the certificates to the EU27 notified bodies. Some of the UK notified bodies are very hard to work with at the moment, which makes agreeing to a meaningful transfer kind of problematic.

If you are confused and angry with your UK notified body not picking up the phone or answering email anymore (it happens), or just being too busy to even schedule a necessary audit in time to save your certificate (happens too), you are running out of options. Your only meaningful option is to approach an EU27 notified body that is willing to work from its end to see what it can do with the unresponsive UK notified body. And hopefully the competent authorities will have some kind of plan in case it completely goes south on 29 March, but so far they have been keeping their cards close to their chests.

As I’ve said on more than one occasion, it would be so helpful if competent authorities would be more concerned with the quality of notified bodies administrative practice. Issuing and surveillance of medical devices certificates is delegated state authority and we seem all happy to allow notified bodies to apply a standard that we would never ever accept from a government agency, not even from tax authorities.

First notified body EU MDR designated!

unicorn bsi2BSI reports that it has achieved designation as UK notified body for the MDR. So far, it’s the first notified body to appear in the NANDO database with an MDR designation – see here for scope and here that it’s only BSI so far for the MDR (the last link is a dynamic reference to NANDO so more may appear later). The notification appears to have made before Christmas (the date in NANDO is 20 December 2018), but it always takes a few weeks to appear in NANDO.

Hurray!

This first designation is excellent news, because it shows that the designation process can deliver at least one MDR notified body. Apparently that was not enough highlight for the Commission to list it on its medical devices website or issue a press release about, but whatever – I think it’s newsworthy.

No notified body has been designated under the IVDR so far. Yet, BSI and some others did apply for MDR and IVDR simultaneously, but as is clear from the Commission’s JA status overview discussed in my last blog, the focus so far has been on the MDR. IVDR designations should hopefully follow soon as the first JAs were MDR related. Maybe also  IVDR capas take longer to correct, or notified bodies took longer to correct them and decided to focus on the MDR instead at this moment (which makes sense too).

Wait what Brexit

Less good news is that no EU27 notified bodies were accredited yet. If the no-deal Brexit that is becoming more likely by the week proceeds by end of coming March as the UK politicians decide to throw their economy under the bus, then this new MDR notified body capacity will be immediately lost again to the market. A no-deal Brexit would mean that the new UK MDR designation would not count for the EU27, unless at least something of a deal addressing the status of UK notified bodies for industrial goods is made. As said, at this point every possibility is still on the table – according to Tony even a second referendum to reverse the whole circus.

With this cloud hanging over their designation, BSI announced that they “will very shortly confirm when we will commence taking applications to the MDR.” That sounds very prudent, as the Brexit can put a serious stick in that wheel.

BSI’s Dutch notified body achieved designation under the directives as a first step to hedge for Brexit but is not yet designated under the MDR or IVDR. Hopefully that designation is also in the pipeline, as well of the designations of other notified bodies.

Stay tuned

for further developments – the next couple of months will be very very interesting for the medical devices industry with interests in the EU.

 

%d bloggers like this: