We are looking forward to meet you!

M58fdaa53-32b0-44c2-bf95-51c7c35ff8c2y apologies for the incidental self-promotion.

Our practice continues to grow and that means we are always looking for people to staff our firm. We currently have vacancies for a number of lawyers at different levels of seniority. I will therefore tap into the community and hope you can help.

So, if you know of any (Dutch law) qualified lawyers that would like to work at an excellent boutique firm and practice law at the top of their game for the most interesting companies in the life sciences field, please send them our way.

If you are one yourself, we’re very happy to talk to you and make you an offer you should not refuse.

By the way, if you need encouragement, lawyers ranking guide Chambers Europe again ranked us higher this year in a streak starting when we set up the firm five years ago, mainly on the authority of what our peers and our clients have said about us. So peers (I know you subscribe to this blog) and clients out there, we love you and thank you for your continued trust, support and respect.

If you’re interested in joining us, please contact me (erik.vollebregt@axonlawyers.com) or our office manager (details below):

Schermafdruk 2017-04-24 15.54.06.png


MDR and IVDR seminars

By the way, the MDR seminar on gap assessment and transition planning announced in the previous blog has been fully booked in the mean time still has room because we were able to rent a bigger room. Keep those RSVPs coming!

The good news is (still) twofold.

First: yes, we will organise a separate seminar for the IVD industry about the IVDR. We have many requests for an IVDR specific seminar, which we were already planning in the background all along.

Secondly: yes, we will organise another MDR seminar for those that were too late for  could not make the first one – but the date will be much later in the year. The speaker line-up may vary but will be interesting.

Watch this space for the save-the-dates for both seminars!

MDR and IVDR adopted by Parliament – entry into force imminent

agent-smith-matrix-hear-that-that-is-the-sound-of-inevitabilityCompletely in line with expectations the Parliament adopted the texts of the MDR and the IVDR yesterday. I have nothing to add to that in addition to previous posts in this blog. It is what it already was. The texts can be found here.

This means that we are now looking at publication in the Official Journal beginning of May (you will finally have the final official texts) and entry into force 20 days later (expect beginning of June). It is now inevitable.

Transitional periods

The transitional periods of 3 years (MDR) and 5 years (IVDR) will start then and the train will leave the station and you will be on board, whether you like it or not. If you are still stuck in one stage or another of the classic stages of grief, you had better pick yourself up and move straight to the stage of acceptance. Many companies I know are stuck in anger, denial or depression, and are some still bargaining (we are past possibilities for lobbying on the regulations now, although there are some possibilities now in implementation)), but at this point this kind of drama is wasted energy.


Yes, many things are still uncertain and unclear and still need to be fleshed out in more detail in implementing acts etc., but this is not an excuse to sit on your hands and wait while inevitability catches up with you in the worst possible way.

Actually, things are pretty clear already: you need to transition your products into the new system and we know what it looks like. If you don’t transition, or if you don’t manage in time – off the cliff you go: you cannot place the products on the market in the EU anymore. There is no grandfathering, only a hard stop.

So, what would Brian Boitano do?

He’d make a plan, and he’d follow through. I have discussed all the substantive requirements of both regulations in detail on this blog and they have been discussed by many others too, so you are familiar with them already, right? No need to repeat all of that.

The next step is to look at each of your products in detail and decide for each product if you will replace, retire or remediate it depending on what is required to bring it into compliance with the new regulations.

You may want to try and exploit the limited grace periods of four (MDR) and two (IVDR) years that are given after the transitional period for devices with a certificate that is renewed during the transitional period. However, relying on these comes at a cost that you need to be aware of (essentially you cannot change your device or intended purpose anymore).

Also, remember that this option is not available for any of the currently self certified devices (because they don’t have a certificate that can be renewed). This means that you may have a very steep and quick learning curve ahead if your device goes from class I MDD to class III MDR (which is the case for a lot of clinical decision support software and substance based devices) or from self-certified IVD to class D IVD under the IVDR (the large majority of currently self certified IVDs will need a notified body certificate under the IVDR). And these are just the most extreme examples.

And then there are the overall changes you have to make to basically everything you do with respect to the EU market, because the changes are not limited to products but also affect your quality system, risk management, vigilance procedures and so on.

So you do you make a plan like that?

Save the date of 10 May for a seminar on implementation and transition to MDR and IVDR at Axon

You can invent your own wheel or you can see how others are approaching the situation. That’s why I decided to organise a seminar at Axon Lawyers specifically regarding implementation and transition planning. I have teamed up with Gert Bos from Qserve and the Dutch Healthcare Inspectorate has graciously agreed to present its view on transition and implementation. This will be an afternoon of deep diving into how to get your organisation from the MDD to MDR and from the IVDD to IVDR in a meaningful and intelligent way.

The seminar will take place on Wednesday 10 May in the late afternoon. As always it’s free and you can bring as many colleagues / friends as you like. If you’re on our mailing list, you will receive an invitation. If you’re not but would like to be, let me know. Otherwise you can already RSVP to Marjon Kuijs, our office manager with the name of each person that will attend so we can plan for enough chairs and drinks and print everyone’s name on a badge.

This is it: MDR and IVDR texts now ready for final voting


The MDR and the IVDR in paper now that they finally final, printed on both sides mind you

The fat lady has her lines and is about to sing. After the lengthy legal linguist revision process (remember, these texts have to be consistent in 24 languages) the Council published the text for its first reading for the MDR and IVDR.


First reading only, after such a lengthy process in which we arrived at a ‘general approach’ sufficient for starting the trilogue.

After the trilogue we had many interesting last ditch lobby mini battles about some of the things that came out of the translation process and legal linguist review.

So now everybody (Council and Parliament) still needs to formally vote on this text but that should be – well – a formality now. Aim for entry into force this summer.

Texts and compares, and no changes?

If you haven’t got them already, the first reading texts are here for your download and perusal:

And here are the compares that I myself made versus the trilogue texts (warning: these are pdfs coming from a public Dropbox directory, so your security settings may not like this at all) – I hope they are useful:

Although the institutional actors in the legislative process keep saying nothing changed that was not in the trilogue agreed texts, I believe there was a bit more detail to this and so did others. Here we go:

No design dossier review after all for the class IIb active devices that transport medicines to and from the body

One of the things that came out of the legal linguist review and looked like more than minor goalpost moving was the unhappy surprise that class IIb active devices that transport medicines to and from the body would also be subjected to design dossier review under article 52(4) MDR. This was a very bad surprise for manufacturers of these devices, many of which are very well understood and proven technology. An important group of devices affected would only fall in the scope of this clause because of the (in my view weird) practice of qualification of gases used in medical setting as medicinal products.

However, this has been taken out again of the first reading text, likely after a last minute targeted lobby. Water under the regulatory bridge now.

But some changes in the transitional regime with potentially big consequences

Another interesting development that lead to a true change was the adaptation to the transitional regimes in articles 120(3) MDR and 110(3) IVDR and the associated recital 99 in both regulations. While these articles are new they clarify the transitional system that remained the same in the basis, except that reliance on the grace periods for certificates overrunning the date of application became a lot less attractive as a result.

The new provisions clarify requirements that apply to devices that are relying on the grace period of 4 (MDR) respectively 2 (IVDR) years with respect to PMS, market surveillance etc (MDR/IVDR instead of the old directives, which was unclear).

They also provide that during the grace period (and that’s an important one) no significant design or intended purpose changes are allowed anymore. In other words, the device is locked in its status quo at the date of application of the MDR/IVDR (the end of the transitional period).

This is very important for the manufacturers that will miss the boat for an MDR/IVDR certificate during the transitional period and will be forced to rely on a grace period MDD/AIMDD/IVDD certificate or are betting on using the grace period because they know that they won’t be ready for an MDR/IVDR certificate by the date of application. The penalty (or trade-off) for relying on that regime is that these devices cannot be subject to any significant changes in design or intended purpose (unless of course when the changed device is placed on the market under an MDR/IVDR certificate) for that period.

Manufacturers stuck in a grace period will therefore not be able to make any significant innovations or extend the scope of the device’s intended purpose until their notified body will be able to issue an MDR or IVDR certificate for the device. This is crucial for manufacturers in relation to transition planning: if you’re late in the day and won’t obtain your MDR / IVDR certificate during the transitional period and you are lucky enough to be able to extend your existing certificate past the date of application, your device innovation is essentially frozen until your notified body is able to issue an MDR / IVDR certificate. This will affect your competitive position in the market – see this article in MedTech Insight for more details on potential consequences of the choice to rely on the grace period.

Also, manfufacturers relying on the grace period must realise that they will be in a situation of concurrent application of MDR/IVDR and MDD/AIMDD/IVDD certificates. That means that the market can choose between competing products with an MDR/IVDR certificate or a MDD/AIMDD/IVDD certificate. Different standards, same intended purpose.  But some certificates may be more equal than others – what will you prefer if you are a hospital issuing a tender, or country in the Middle East or Asia relying on CE certificates? Certificates under the regulations or certificates under the directives? It will be interesting to see if the EU Court’s Medipac judgment (every CE marked device on the market is equally good from regulatory perspective and tendering entities may not discriminate between them) also holds when a hospital prefers MDR / IVDR certificates over ‘old’ certificates in a tender, given that it can be argued that the conformity assessment for MDR /IVDR certificates was to a higher standard (the whole idea of the new regulations in the first place). Moreover, while the Medipac judgment applies in the EU, it does not apply to tendering and regulating entities outside it.

schermafbeelding-2017-01-29-om-20-44-43Finally, don’t forget that the grace period referred to above is available only for devices with a notified body issued CE certificate – so not for all self-certified devices (which constitutes the majority of CE marked IVDs currently on the market for example). All self certified devices have to be compliant by the date of application of the MDR/IVDR – no grandfathering.

Manufacturers of self certified devices (class I MDD/self certified IVDs) also have to pay additional attention to whether their device remains self certified or not (not for most of the IVDs) in which case they have to be ready to deal with the bottlenecks at the end of the transitional period. For these manufacturers it will be sink or swim, because no MDR/IVDR certificate by date of application is no more placing of products on the market and off of the regulatory cliff you go.

IVD conformity assessment changes

Some amendments were made to conformity assessment for IVDs with respect to the procedures for companion diagnostics and class D devices – nothing shocking.

For companion diagnostics it was clarified that the notified body must consult a competent authority for medicines (makes sense for a companion diagnostic), as is set out in the new paragraph in article 48 (3):

“In addition to the procedures referred to in the first and second subparagraphs, for companion diagnostics, the notified body shall consult a competent authority designated by the Member States in accordance with Directive 2001/83/EC of the European Parliament and of the Council1 or the EMA, as applicable, in accordance with the procedure set out in Section 5.2 of Annex IX.”

It was further clarified that companion diagnostics need to go through the Assessment of the technical documentation procedure in Annex IX, 4.1-4.8 (see addition to Annex IX, 5.2 (a)).

None of this was new, but now it has been written down more clearly.

For class D devices it was clarified that:

“Manufacturers of class D devices, other than devices for performance study, may, instead of the conformity assessment procedure applicable pursuant to paragraph 3, choose to apply a conformity assessment as specified in Annex X coupled with a conformity assessment as specified in Annex XI.”

This is also not stunning new logic, as type examination combined with production quality assurance is a normal combination as alternative to full quality system based conformity assessment procedure for high risk devices (see article 52 (3) MDR in relation to class III devices, but also article 11 (1) (b) MDD provided this already – obviously the IVDD did not have this logic yet as it relied on another conformity assessment logic).

Other (little) details

I haven’t been able to go through both of the texts in complete detail but I spotted the some things that may be worth mentioning for each regulation – more may be forthcoming in future blogs. You will see that the numbering of articles and sections and even whole annexes has changed compared to the trilogue text, so we all will have to learn new numbering.


  • New recital 18 added that “this Regulation should include requirements for devices’ safety and performance characteristics which are developed in such a way as to prevent occupational injuries, including protection from radiation.”
  • Free nomenclature for use of Eudamed (recital 45)
  • Scientific advice is possible for the IIb devices that are also subject to the clinical  (recital 57 and article 61 (2) MDR)
  • “directly or indirectly” was taken out of rule 11 (classification of software) in Annex VIII – not sure what that means yet.
  • Article 52 (9), (10) and (11) conformity assessment procedures for device-drug combinations, devices incorporating tissues and cells and substance-based devices have been clarified
  • Article 78 (14) is new, giving member states more room not to apply the coordinated assessment procedure for multi-jurisdiction clinical trials yet.
  • New recital 73 stating that “the principles of replacement, reduction and refinement in the area of animal experimentation laid down in the Directive 2010/63/EU of the European Parliament and of the Council should be observed. In particular, the unnecessary duplication of tests and studies should be avoided.”, which is well and good except that this recital is not operationalised in the MDR.
  • New recital 99 reflecting the changes to article 120 (3) transitional regime described above.


  • New recital 16 that “this Regulation should include requirements for devices’ safety and performance characteristics which are developed in such a way as to prevent occupational injuries, including protection from radiation.”
  • Additional recital language on home brew IVDs (recitals 28 and 29)
  • Free nomenclature for use of Eudamed (recital 42)New recital 73 stating that “the principles of replacement, reduction and refinement in the area of animal experimentation laid down in the Directive 2010/63/EU of the European Parliament and of the Council should be observed. In particular, the unnecessary duplication of tests and studies should be avoided.”, which is well and good except that this recital is not operationalised in the MDR.
  • New recital 74 stating that “the principles of replacement, reduction and refinement in the area of animal experimentation laid down in the Directive 2010/63/EU of the European Parliament and of the Council should be observed. In particular, the unnecessary duplication of tests and studies should be avoided.”, which is well and good except that this recital is not operationalised in the IVDR.
  • Article 78 (14) is new, giving member states more room not to apply the coordinated assessment procedure for multi-jurisdiction clinical trials yet.
  • Changes to recitals 98 and 99 reflecting the changes to article 110 (3) transitional regime described above.

Full steam ahead!

So, now it’s full steam ahead to publication, entry into force, the implementation circus and the mother of all bottlenecks towards the end of the transitional period when the newly notified MDR/IVDR notified bodies will need to push as many devices already on the market as they can through certification, with the additional burden of the new devices entering the market towards the end of the transitional period. This will not look nice, especially not for the manufacturers that are not well-prepared. More about that in a next blog!

Where would we be without good people?

Nowhere of course – that’s why it’s so important to keep them motivated and retained.

My firm is organising a seminar in Amsterdam on 1 March on Motivation and Retention Strategies in the Life Sciences Industry, with a focus on possibilities under employment, corporate and tax law.

You are most cordially invited to attend with as many people as you like.

As always attendance is free, parking easy, presentations in English and the drinks afterwards will be good networking – just make sure to RSVP please so we can plan for space and catering (see details below).19-006-seminaruitnodiging_loyens_1b

EU Court decides TÜV Rheinland / PIP breast implants case

eu-court-460_998658cIt has been sort of hanging over the medical devices market for quite a long time: the TÜV Rheinland case about the PIP breast implants. This case is the direct result of the PIP breast implants scandal, which had a profound influence on the new EU MDR in the making.

We had the Advocate General’s opinion in this matter from 15 September 2016, which was already a very good pointer on where things would land at the EU Court.

The EU court delivered its much awaited judgment on 16 February.

Since the outcome is unsurprising in the light of the AG opinion and EU law as it currently stands, I feel comfortable starting this blog with a blatant spoiler.


For all the effect it has had on the MDR process, its outcome is in my opinion unsurprising, and I have predicted it from the start:

  1. a notified body is not under a under a general obligation to carry out unannounced inspections, to examine devices and/or to examine the manufacturer’s business records. However, in the face of evidence indicating that a medical device may not comply with the requirements laid down in Directive 93/42, the notified body must take all the steps necessary to ensure that it fulfils its obligations within the powers it has under the MDD; and
  2. national law determines the conditions under which culpable failure by that body to fulfill its obligations under the directive may give rise to liability vis-à-vis end users.

See the European Court’s convenient press release about the case for a succinct summary.

I have never found it a realistic possibility that the Court would rule that notified bodies are no-fault (or even fault based) product liable for the products that their manufacturers make. The Court has merely convinced that they have to exercise their duties diligently within the mandate that the law imposes on them.

But, I admit, crazy stuff has happened before with regard to product liability (product batch liability, authorised representatives jointly and severally liable with the manufacturer for product liability under the MDR), so you cannot be certain what to expect these days. Even if it’s unlikely.


What was this about again? French breast implant manufacturer PIP at some point decided that it was going to use industrial silicone rather than surgical grade silicone in its breast implants. The Court found that TÜV Rheinland, the notified body that granted the CE certificate for the breast implants concerned,

“in the course of its involvement during the period 1998 to 2008, […] made eight visits to the manufacturer’s premises, all of which were announced in advance. During that period, TÜV Rheinland never inspected business records or ordered that the devices be inspected.”

In 2010, the competent French authority established that the manufacturer in question had produced breast implants using industrial silicone which did not comply with quality standards.

The case that led to the referral to the EU Court was brought by a German citizen that had the implants concerned fitted in Germany end 2008, and had them removed in 2012. She claimed that TÜV Rheinland was liable for her damages (material and immaterial). She alleged that TÜV was liable because  it had not fulfilled its obligations satisfactorily, since (she claimed)

“an inspection of the delivery notes and invoices would have enabled TÜV Rheinland to ascertain that the manufacturer had not used an approved form of silicone.”

Her claims were rejected by the first and second instance courts in Germany because the purpose of a notified body’s activity is not to protect patients nor was TÜV culpable because TÜV Rheinland had made regular announced visits, which must be deemed sufficient in the absence of any suspicion of improper production practices. The second instance court did however refer questions of law to the European Court concerning the scope of a notified body’s duties

“in particular with regard to the level of supervision and scrutiny required of that body when it carries out inspection visits at the manufacturer’s premises”.

The questions referred by the German court were (essentially) as follows:

1)      Does a notified body, in the event of a culpable infringement of its obligations, have direct and unrestricted liability towards the patients concerned?

2)      Does a notified body have a general obligation to examine devices, or at least to examine them where there is due cause?

3)      Does it follow from the aforementioned sections of Annex II to Directive 93/42 that, in the case of Class III medical devices, the notified body responsible for auditing the quality system, examining the design of the product and surveillance is subject to a general obligation to examine the manufacturer’s business records and/or to carry out unannounced inspections, or at least to do so where there is due cause?’

All these questions were asked in the context of a class III medical device under Annex II, so also in the frame of the MDD obligations for these devices.

Duty to examine devices and/or to carry out unannounced inspections?

During the crazy wings on fire period of the MDR being amended by the European Parliament especially European Parliament members expressed surprise and indignation about the notified body not even inspecting the produced devices and not performing unannounced inspections. The ensuing political outrage resulted in the Commission recommendation for unannounced audits and the member states making notified bodies do this.

The Court found that while notified bodies must periodically undertake appropriate inspections and assessments under Annex II as it currently stands, but

“the provisions of Annex II to Directive 93/42 do not impose a general obligation on the notified body to carry out unannounced inspections, to examine devices and/or to examine the manufacturer’s business records.” (point 40)

Yet, what is the scope of what a notified body must do under Annex II? All parties concerned agreed that the scope of a notified body’s discretion is broad and that a notified body may conduct an unannounced audit based on Annex II 5.4, but differed on how this translated to actual duties.


“45 […], the obligations laid down in Article 16(6) of the directive and those set out in paragraph 41 above would be a dead letter if the degree of discretion knew no limits. The notified body would not be able to fulfil its function under the procedure relating to the EC declaration of conformity if it were free not to take any steps in the face of evidence indicating that a medical device might not comply with the requirements laid down in Directive 93/42.

46      Consequently, as they are required to establish whether EU certification may be maintained pursuant to Article 16(6) of Directive 93/42, notified bodies are under a general obligation to act with all due diligence when engaged in a procedure relating to the EC declaration of conformity.

47      It follows […] that a notified body is under a duty to be alert, with the result that, in the face of evidence indicating that a medical device may not comply with the requirements laid down in Directive 93/42, that body must take all steps necessary to ensure that it fulfils its obligations under Article 16(6) of the directive, as well as those set out in paragraph 41 above [paragraph 41 mentions: pursuant to Sections 3.2, 3.3 and 4.1 to 4.3 of Annex II to Directive 93/42, first, to analyse the application for examination of the design dossier lodged by the manufacturer, which must describe the design, manufacture and performance of the product in question and, second, to ascertain whether the application of the quality system contemplated by the manufacturer ensures that the products fulfil the relevant requirements under that directive. Moreover, it is apparent from Section 5.1 of that annex that the notified body must satisfy itself that the manufacturer duly fulfills the obligations imposed by the approved quality system].”

Conclusion: broad discretion on how to fulfill obligations, which makes it difficult in practice to determine if the notified body did or did not meet its obligations. Especially by national first instance judges in general courts who are not experts in these matters and never deal with this kind of case.

Direct liability vis-a-vis patients?

The Court makes some important points here that I have made myself before: the Member States have responsibilities with regard to market surveillance, but certification by notified bodies under the MDD is to ensure protection for the health and safety of persons too. That means that notified bodies do not work for manufacturers alone, they have a larger task in the overall protection of public health.

But, that does not make them liable vis-a-vis patients on the basis of the MDD just like that. It was already EU case law that:

“it does not necessarily follow from the fact that a directive imposes surveillance obligations on certain bodies or the fact that one of the objectives of the directive is to protect injured parties that the directive seeks to confer rights on such parties in the event that those bodies fail to fulfil their obligations, and that is the case especially if the directive does not contain any express rule granting such rights” (point 55)

The Court reiterated that the MDD does not contain any express liability regime and the Product Liability Directive allows for the application of other systems of contractual or non-contractual liability based on other grounds, such as fault. This is nothing new and we knew this from the Court’s quite steady case law in the field (see for example here in relation to the Court’s specific view on additional national liability rules concerning medical devices). Ergo, it’s a national matter said the EU Court, subject to the principles of equivalence and effectiveness. This case is now going to be decided on a national level with the Court’s guidance in mind.

Why did the claimant go after the notified body in the first place and not after the manufacturer for product liability? Product liability quickly became an irrelevant pathway to pursue as PIP, the manufacturer, quickly went bankrupt.

This means that for TÜV this case is way not finished – we have a lot of member states in the EU in which PIP implants were used. We also have a lot of national laws that have their own theories of culpability / fault based liability. This case can therefore play out differently in different member states. The various claimants in national cases will change tack insofar necessary (and if they have not already done this) and will pursue fault and/or lack of diligence based claims against TÜV in national courts, as was happening in the current case.

The current EU Court judgement may be helpful to those national cases to a point because it gives some guidance on the scope of MDD mandated tasks of notified bodies and the level of diligence they are to exercise in the fulfillment of these tasks, and in that notified bodies also have work for the public good, which includes the patients and end users. The national court will now need to look into whether TÜV was sufficiently diligent given that on the one hand

“the notified body is not under a general obligation to carry out unannounced inspections, to examine devices and/or to examine the manufacturer’s business records”

but that on the other hand

“in the face of evidence indicating that a medical device may not comply with the requirements laid down in Directive 93/42, the notified body must take all the steps necessary to ensure that it fulfils its obligations under Article 16(6) of the directive and Sections 3.2, 3.3, 4.1 to 4.3 and 5.1 of Annex II to the directive” (point 48).

Did TÜV take all necessary steps to ensure that it fulfilled its obligation? This may play out differently in different member states in which TÜV is being sued (which include France and Germany in any event). Hopefully the harmonisation of notified body requirements as a result of the joint assessment project and the more detailed requirements under the MDR will contribute somewhat to harmonisation of fault based liability of notified bodies. Is this liability new? Not in my view. It was never harmonised on EU level and therefore always existed in member states that provided for this. If notified bodies did not insure for this liability yet, they may have to and costs will increase. Notified bodies will seek to pass on these costs.

When the outcome of notified body fault based liability in member states will differ considerably from one member state to another this will have consequences.

Effects on the MDR

This case had profound effects on the MDR, but will not change the text anymore now the judgment been rendered. However, as far as I can see it did have a profound impact on the MDR in a number of ways. One of them fundamentally, others more specific.

How much did it change the MDR fundamentally?

An unknown effect is how much the PIP scandal in the end changed the MDR, which the Commission initially intended to be a modest mid-life update, because the MDD was performing very well and outcompeting other jurisdictions left and centre in time to market. This we will probably never know, because the Commission had to change tack on the double when the political outrage about the PIP scandal started. The result was the initial proposal for the MDR back in 2012. But we do know that the impact on the MDR must have been profound, for example because of ideas to get rid of CE marking altogether and just make medical devices pre-market access EMA competence.

I would go as far as saying the EU (and its member states) have finally started to see medical devices as an industry that deserves an upgrade in policy and associated resources. This however seems not to have resulted in allocation of significantly more resources on EU level. The medical devices unit at DG Growth is still woefully understaffed while the Commission’s duties under the MDR and IVDR are enormous.  It has to crank out a lot of delegated and implementing acts to even make the two regulations effective and make a plan to make sure that the process of redesignation of notified bodies under the MDR and IVDR and recertification of ALL devices on the market in the EU will not crash and burn in what looks like the mother of all transitional bottlenecks. Even competent authorities are publicly saying that this is a serious problem and that the Commission has to come up with a plan to make sure that these things unfold predictably and reliably.

Unannounced audits under MDR

One of the most direct effects on the MDR is the now hardwired obligation for notified bodies to conduct unannounced audits (article 52 and Annex VII, points 4.5.1 and 4.10 and Annex IX, point 3.4). Up to the MDR there is no real harmonised legal standard for unannounced audits except that there is a recommendation of the Commission to the Member States about what they might require from notified bodies in terms of unannounced audits.

Still, I remain unconvinced of how much the unannounced audits will do to prevent PIP type cases. Fraudsters be fraudsters, and as the Court reiterated in the TÜV case, notified bodies can ask for things if they have a suspicion, but they are not equipped nor authorised for market surveillance. If a company sets out to really go dark and hide things from a notified body, they will succeed. The first thing it will do is doctor precisely the documentation and locations that the claimant in the TÜV case argued that the notified body should have audited.

In my view, PIP remains a case that demonstrates very painfully how member states’ market surveillance failed the patients. It is disconcerting if you look at the facts of that case how little international cooperation there was between the competent authorities when the first signals of things being seriously wrong became available. That, I think, is the real scandal in this case. If you compare the resources allocated to medical devices market surveillance to those that went to medicines and other products surveillance at that time it’s not a pretty picture. And resources for surveillance are purely political choices. Blaming the notified body for doing exactly what it was supposed to do under applicable law feels a lot like wagging the dog to me.

That’s why unannounced audits still feels a bit like member states passing on the surveillance buck to notified bodies and I am not convinced at all we will prevent more PIP types cases of deliberate fraud that way. Yet, there may be some benefit. What we may achieve is that manufacturers will be more diligent in having their technical documentation and QMS in order all the time and closing out CAPAs quickly and according to plan, rather than allowing them to stay open for years because they know exactly when the next audit will be. The MDR also requires this (having all documentation in order and up to date all the time), and I think this certainly is progress.

Market surveillance under MDR

Member states have learned in the mean time and market surveillance is taken much more seriously under the MDR with more EU level capabilities and an (in theory so far) robust underlying IT infrastructure that allows competent authorities to quickly share information about infringements.

However, with all the new tools and possibilities there now are doubts about whether the Member States will be able to pony up the resources to actually staff the system and afford it. The MDR however contains a provision allowing member states to pass costs for market surveillance on to the market, as happens already in certain other industries (like financial services). I see some member states invest considerably in resources and pilot projects in view of the upcoming MDR and IVDR. A lot is happening in behind the scenes cooperation in order to get all the competent authorities at the same level.

Product liability under MDR

The PIP case influenced thinking about product liability for medical devices in the EU considerably. The only problem is that these thoughts had nowhere to go except into wishful statements.

With the political impossibility to amend the Product Liability Directive for medical devices alone (that directive is up for evaluation for a long time because is was not evaluated since its entry into force in 1985 but the project is  moving very very slowly) something else was needed for political gain. The EU legislator, motivated by ardent political wishes to ‘do something with this’ decided to include some provisions in the MDR regarding manufacturer and authorised representative product liability of which I have blogged that they are not well-thought out, see also this more recent presentation that includes a discussion of the clauses in the MDR.  Good for lawyers, bad for everybody else.

MDR status

By the way, the texts of the MDR and IVDR are still not completely final, but the agenda for adoption does not seem to have changed: still looking at entry into force this summer. However, there are still commas being moved. The fat lady still has not sung, but she’s close. When she finally has I will follow up with a blog on the last changes made before adoption. Prepare for some surprises: there are  some changes that still will affect some products considerably, like design dossier review requirements for class IIb active devices intended to administer or remove a medicinal product. This was already in the MDR for class IIb implantable devices but this has been extended to class IIb active devices intended to administer or remove a medicinal product.


An MDR and IVDR transition plan

fasten-seatbeltsThe year is off to a good start, and so should your company be with its MDR and/or IVDR transition plan.

Come again? You haven’t started looking at this yet because the MDR and IVDR are not yet final and the transitional period will run to approximately half 2020? Your management is not interested in making resources available?

Not so smart

That’s not so smart. It’s like doing a #Brexit without considering the consequences first and then hoping everybody else is nice enough to give you a good and quick trade agreement deal, because … well why not?

You may think everything can’t possibly be that complex – until you find out later that there is more to this whole thing that looked so simple at the moment when you were not really looking at it yet.

Your company may be one of the many companies expected to find out too late that some things took more time than expected, or were more contingent than they looked:

  • notified bodies that will not come online for certification of products before well after half of the transition period of three years has expired. And then they still have to start with pushing all existing medical devices on the EU market through an MDR / IVDR certification process (which is stricter than under MDD/IVDD).
  • additional clinical evidence may well be needed for your devices under the MDR. If you need to generate it in clinical trials, registries or other time consuming processes, you should know about it sooner or later. And your notified body will need to be on board with what you are going to do. Is yours already? I bet not.

These are just two contingencies that have a crucial impact on your MDR implementation strategy.

There are a lot of other dependencies too – like your suppliers that you need to control more, other jurisdictions that rely on the CE mark for your devices.

No grandfathering

Many companies think that there will be some process to slide in the devices that are already on the market and are not causing any problem, so that’s easy. There is not, so there is no easy solution there. There will be no grandfathering or similar process – any device that is not certified into the MDR or IVDR by the end of the transitional period and the various limited overrun periods can not be placed on the market any longer. It will be illegal to place such devices on the market. The only thing close to grandfathering is the five/three years period that you will have to still sell off devices that were compliant under the MDD/IVDD and were placed on the market before the date of application of the MDR/IVDR. Those can still be sold off to end users for another five/three years post date of application (so after the transition period of three/five years ends).


No placing on the market means no cash flow. No cash flow means bankruptcy sooner or later, or bought at a discount by a competitor or strategic investor. Strategic investors and acquisition driven companies are already on the prowl for companies that are candidates for not making the cut of the MDR/IVDR and will swoop in when opportune.

If you get this wrong or get it right too late your company goes off the cliff like While E Coyote, still wondering what went wrong all the way down. That’s why you need to start thinking now.

You’re into software and think you’re not placing software on the market because it’s made available as a service from outside the EU? They’ve got that covered too – if your software is a device by the new standards, it will have to meet MDR/IVDR requirements regardless of whether it’s placed on the market or not.

Transition plan – journey towards compliance

This one is for MDR transition – working on one for IVDR transition too:


Sfan-theories-coldwartart working on your transition plan – the journey towards compliance, like every journey, starts with the first step. Then you keep on going until you reach the end, and then stop. Like in the Lord of the Rings – it’s an easy journey conceptually (just take this ring to that mountain) but you’ll be slaying a lot of orcs and fighting monsters before you finally complete the quest.

By the way, even While E Coyote made plans. There’s no reason why you should be less clever than a cartoon figure.

The above picture is a single roadmap that you can put on a slide to explain to your organisation or management what the necessary steps are, where the journey begins and what you need resources for. This picture is based on the excellent General Data Protection Regulation game plan  (another project that you should be well on your way with by now  – the transitional period for that regulation ends 25 May 2018 and the GDPR has significant overlaps with the MDR/IVDR, e.g. on design requirements for devices (including standalone software) that process personal data).

IVDs largely similar

The roadmap for IVDs transition to the IVDR is largely similar, except that the transitional period is two years longer but the sell-off period is shorter.

Schermafdruk 2017-01-30 13.28.30.png

And the dependencies at the end are even more scary: the reference labs will not be appointed until four and a half years into the five years transition period. That means that there is almost no time for the highest risk IVDs to be certified into the IVDR during the transitional period.

For IVDs the chance that companies underestimate the necessary efforts are even bigger, because the large majority of IVDs are currently self certified, regardless of their associated risks. The IVDR will turn this upside down and notified body certification will be the rule for the large majority of IVDs. This is a huge quantum leap in regulatory burden. It means that for the majority of IVDs a third party will take a critical look at the underlying technical documentation and performance data for the very first time. You can imagine that not all technical documentation may be in the shape that the IVDR expects. The IVDR will require a lot more and different types of data to substantiate performance, and will require more clinical data too. Producing data costs time. It costs money. It requires planning. I cannot under-emphasize how important it is for the IVD industry to engage on this. Your company does not want to be the puff of smoke that remains if While E Coyote goes off the cliff.

Start now!

Each of the items described in the roadmap has a lot of detail to it, which leads companies to typically underestimate the effort. The gap assessment, impact assessment and remediation take a lot of time. It means you will have to more or less completely revisit each and every device that your company has on the market and in the pipeline, as Gert Bos and I have explained in BSI’s white papers on the MDR and IVDR. BSI has a good white paper on MDR transition too.

Detail takes time, and detail takes resources – don’t forget. Use the resources on this blog, use others of the plentiful resources that are available publicly on this subject.

Talk to your trade association, participate in the discussions at MedTech Europe, COCIR, Advamed, your local trade association, etc. so you know how other companies are dealing with this.

Make sure that your management does not underestimate this process. Hey, it’s only about company core products and core processes so why would that not merit the resources it needs, right? My apologies to be somewhat cynical but I see a lot of companies (also big and sophisticated ones) underestimate this completely. And if I’m wrong – tell me in a few years time and I’ll gladly apologise for crying wolf then while congratulating your company on being compliant well in time.

And, finally, my firm and its network is there. We are helping many companies wrap their head around it and will gladly help you too.

But do something now and don’t wait – at the very least start by understanding what this is about and what it will mean for your organisation. Your competitors are working on this already.

Festive alert! Change is on its way.

Change is on its way – medical devices law will not be the same again as of next year.

Panic soccer

The authorities are not your friend anymore.

Notified bodies are engaging in massive ‘panic soccer’ (Dutch expression) dropping companies like they’re hot.

If you have not implemented the new clinical evaluation MEDDEV fully by now this should have your utter undivided attention. Otherwise, count on your CE certificate for the device(s) affected being suspended without warning after the next notified body audit. And make sure to watch that your notified body does not enthusiastically suspend the entire certificate for all your devices by mistake and then runs away to hide under a rock while you can go deal with the fall-out. I’ve seen this happen already. Panic soccer – be prepared and make sure you keep your eyes on the ball.

Super nova

You should already be well into your transition work for the MDR and IVDR, or at least have a plan about what to do when. The EU will not grandfather, so do not count on this to happen. For every device on the market you need to take a decision to

  • remediate (bring it into compliance with the MDR/IVDR),
  • replace (replace it with a device that is or will be compliant the MDR/IVDR), or
  • retire the device (investment too high to phase it into the new requirements).

EU medical devices legislation will go supernova to more than six times its current size halfway 2017. Is your company prepared for that?

Data protection

Have you thought about the impact of the General Data Protection Regulation? It’s not devices law per se but its privacy by design obligations impact your new software design requirements under the MDR, just to mention one thing. You need to prepare for its data portability requirements. If your medical device or related service has any IoT functionality, it will be affected by the hateful eight that this new EU law brings. It will impact severely on your clinical data processes (as it deals with protection of personal data concerning health). It is already in effect, and its transitional period will end on 25 May 2018. Can you redesign your data processing hardware and software before that time, and do you need to? Just one of the questions you should be asking yourself now.

Busy times ahead

Yet, I wish you quiet, joyful and festive holidays for the moment (no implied warranties). Recharge, and keep your eyes on the ball in 2017.


%d bloggers like this: