MDR and IVDR amendment has entered into force now

Today is the day that the amendment, aka the ‘extension’, to the MDR enters into force because it was published in the EU’s Official Journal today, number L080. As you are reading this, the amendment now applies all throughout the Union as referenced in article 1 MDR and IVDR. Union as in not European Union, which is something different. This is one of the most often made mistakes in relation to the application of the MDR and IVDR: people (among which even the MDCG in some cases, such in as MDCG 2019-7 regarding the PRRC) referring to the geographic scope of application of the MDR and IVDR as EU, and completely ignoring that this is not even what the MDR and IVDR say, what the EEA Agreement provides (it extends the scope of the EU internal market to Norway, Iceland and Liechtenstein) and what the EU’s Customs Union with Turkey provides (extends the MDR and IVDR to Turkey). Anyway, fortunately this MDCG PRRC document is up for revision in Q2 2023. Let’s hope the good members of the MDCG address this in the future, because if I were the Turks, Icelanders, Liechtensteiners and Norwegians I would not be happy with structurally being mistakenly kept out of the Union for the MDR and IVDR, even by the MDCG.

Asking about the MDR or IVDR ’s geographic scope is a good test to determine if regulatory people really understand the subject matter. Because if you think it’s limited to the EU only, you are missing countries where the MDR and IVDR apply, and some pretty major ones at that (like Turkey). If you want to know also in exactly which overseas territories of these Union member states or exotic corners of Europe like Svalbard (also known as Spitsbergen) or the Holy See the MDR and IVDR apply and do not apply, check out the 2nd edition of my book, The Enriched MDR and IVDR. But Erik, you’re always such a nitpicker you might retort. Well, here’s a thought experiment: if you’re a US company (who often get this Union thing wrong), would you hire someone for US work that keeps insisting that FDA law does not apply in, say, the state of Washington? Or California? Or Hawaii?

But I digress on technicalities. You want to know about the amendment of course!

Let’s not forget that the amendment does not only concern the MDR, but also the IVDR, as it removes the sell-off periods for each of the IVDR’s grace periods. More about that below under Sell-off periods.

How does the amendment work? Anything new?

Well, it works exactly as I’ve already described in a previous blog post, since the text has not been changed at all during the legislative process. So it’s exactly the same as proposed on 6 January last. I hope you used that time well by preparing rather than waiting if something might still change because in the latter case you’ve been wasting precious time.

Still, here is a summary:

(1) Extension of the MDR transition period until 31 December 2027 and until and 31 December 2028 depending on the device’s risk class to be determined in accordance with the MDR classification rules. The extension is subject to several conditions to ensure that only safe devices, for which the manufacturer has submitted an application for MDR conformity assessment by 26 May 2024 at the latest, will benefit from the extended transition period. 

(2) Extension of certificates’ validity, provided the conditions for the extension of the transition period are met. Also certificates that have already expired after 26 May 2021 may be considered to be valid if additional conditions are met.

(3) Transfer of appropriate surveillance to MDR notified bodies by 26 September 2024 at the latest.

(4) Introduction of a temporary derogation until 26 May 2026 from requirement for quality management system certificate for class III implantable custom-made devices, subject to conditions.

(5) Removal of the ‘sell-off’ date in MDR and IVDR, allowing devices that have been placed on the market before or during the transition periods and which are still in the supply chain to be further made available without time limitation.

If you have a legacy device that is eligible under the criteria of Article 120 (2) MDR as amended, it will have either been extended automatically or relived automatically today. Automatically, magically! Because that’s what legislation can do. No need for formal confirmation needed. Clarification probably – so read on. And maybe check the flowchart I posted earlier:

For importers and distributors it is important to realise that the amendment changes the concept of ‘legacy device’ dramatically into a device that meets new article 120 (2) and (3a) – (3e) MDR. If they have procedures in their QMS that define the concept of legacy device so they know what it is (how else could they otherwise see if the device is compliant?) they should amend these procedures immediately as the new definition has entered into force today. This definition is different from the one in MDCG 2021-25, mind you. As of today this MDCG guidance is outdated on this point, but it is not yet slated as under revision by the MDCG although it totally should be now because the core definition is outdated. That should definitely have had some priority with the MDCG, given the enormous role legacy devices will be playing in the Union for a long time now.

On the other hand, for importers and distributors of IVDs this is not relevant, as MDCG 2021-25 does not apply to the IVDR, so there is no formal IVDR legacy device concept (yet), which seems rather inconsistent since the IVDR has been applicable for almost a year.

How will I know?

How can I show to others that my certificate is actually valid? While the operation of the extension of or reliving of the duration of the certificates is automatic, that does not mean that you will automatically see this translated into a new or amended certificate. And the amendment does not provide for a mechanism for this. How you are going to prove to the rest of the world that your expired certificate is actually still valid is therefore somewhat of a mystery at this point. This should become clear in Q&A guidance that was scheduled to be published this week. But the good part is that the law is on your side, even if the guidance is slow or still lacking. There seems to be a project of the notified bodies underway for a model administrative annex to the certificate that says that the invalid certificate is nevertheless valid because the law says so. Also, you yourself should work on convincing rationale to explain to others how the certificate is nevertheless valid (or find yourself a ghost writer like me perhaps), e.g. to a competent authority that you have asked for a certificate of free sale, in case your notified body is slow, not ready with the template, or whatever.

Sounds somewhat counterintuitive if you consider what a certificate is supposed to do in the first place, but this is the consequence of the EU policy decision that directive certificates cannot be amended anymore after 26 May 2021, when the MDR became applicable and the AIMDD and MDD were repealed.

Other known unknowns

There are still other known unknown as well, such as what a substitute device is. Maybe these questions are also answered in the Q&A document that we have not seen yet. Maybe that document will even be published later today. In any event, watch this blog and my LinkedIn.

Sell-off periods

The sell-off periods in both the regulations are removed. This means that devices that are placed on the market in the Union (not the EU, but the Union – different things, as explained above) in time before the expiry of the certificate can be sold off for ever, which is actually a pretty long time (of course limited by expiry dates for sterility and such). That means that all economic operators with article 13 and 14 MDR obligations will need to be able to distinguish between MDR and legacy devices forever, as discussed above. Again, potentially a long time!

It’s a good thing that the MDCG is also revising MDCG 2021-27, in which the MDCG erroneously states that the transfer of a property right is a precondition for placing on the market, which is manifestly wrong if you look at the inconsistencies of the Blue Guide language versions and the internal inconsistencies in the Blue Guide that this interpretation creates. It would also be nice if the internally inconsistent language versions of the Blue Guide could also be amended on this point too.

It would take only a small corrigendum, how difficult is that. If the Commission could magically change the transitional regime of the MDR in 2019 with a just corrigendum, I’m pretty sure it’s not that hard to fix this error in non-binding guidance that is continuing to cause a lot of confusion in the market.

Everybody is part of the solution

I cannot stress enough that for the amendment to have the intended effect every stakeholder should be part of the solution: competent authorities, notified bodies and industry. 

From what I’ve seen so far the first two groups are not chomping at the bit. This may not be a statistically relevant example but the first reaction of the Dutch Minister of Health on LinkedIn to the Council finishing the first reading was telling: manufacturers have to get a move on now to get MDR certified as soon as possible

The Commission was a lot more diplomatic in its reaction, stating that everyone has a role to play; the Commission, the competent authorities, the notified bodies and industry are all responsible for making this work. In that sense I think the civil servants supporting the Dutch Minister really had not picked up what the amendment actually is about and this led to a stream of very angry comments to his post on LinkedIn. When the Dutch Minister was later asked by press whether the statement was intended to single out manufacturers the Minister’s spokesperson did give the right answer that all parties involved have a role to play. Still, if this is the knee-jerk reaction of competent authorities and governments in the Union, we are going to have a problem with the rollout as the competent authorities may not see themselves as part of the problem will not do their best to ensure an expedient roll-out of the 19 points of MDCG 2022-14, which itself by now dates back to September 2022. Yet, in practice do not yet see a lot happening in terms of action by competent authorities and notified bodies. I have seen notified bodies giving their customers the most technocratic of ‘computer says no’ answers when asked how the customer could best prepare for an amendment of which we knew exactly what it was going to say, and even stating to customers that it might be end 2023 before the amendment would be completely clear. Given the 26 May 2024 deadline for a regulatory filing under the MDR in the amendment this kind of behaviour is really not helpful at all.

In the mean time the Commission has delivered with two Commission delegated acts deferring the timing of the complete re-assessment of notified bodies, capacities of notified bodies and national designating authorities have been freed that can be used, in the former case, for the conduct of conformity assessment procedures and, in the latter case, for the designation of applicant conformity assessment bodies.

Manufacturers, for their part, should keep in mind that the amendment does not give them more time to get their MDR act together – it really does not. In all scenarios an MDR application must have been lodged by 26 May 2024 (even for the class III implantable custom made devices, in whose case it concerns an MDR QMS application) and manufacturers are well advised to definitely try to submit their MDR application not at the very last moment before 26 May 2024, because there will be chaos and mayhem just before that date. Just like every sane person can understand that you do not go Christmas shopping the day before Christmas for absolutely obvious reasons, the same applies to making your MDR submission May 2024: the system will be packed, log-jammed, overloaded – whatever you like to call it, and your application may not be considered timely lodged. And that would be a pity. So be a smart company and improve your chances by submitting earlier! Or join the big formalities lottery (also not clearly provided for in the amendment) to find out on 27 May 2024 about your 25 May 2024 submission being thrown out on a formality that you will not be able to fix anymore. That would not be good corporate risk management because having a valid CE mark only goes right to your core business continuity, so it is kind of important. If your management, or anyone in the company with responsibility in these matters, thinks that the year 2027 or 2028 is intended to give you as company more time and wants to act on it, consider these people a business risk to the company. The company should perhaps consider moving them to a position that is less risky to the company, like maybe mindful gardening in the company greens around the building or company barista. The only time you can buy under the amendment is the situation where your certificate is extended or relives, but you decide not to make an MDR application by 26 May 2024. In that scenario your certificate will be valid until 26 May 2024, but you would still need to meet the conditions for extension or reliving of the certificate in the first place (legacy cert not expired at date of entry into force of amendment (i.e. today), or article 59 derogation / article 97 exemption in place at date of entry into force of amendment (i.e. today).

There are still some knobs to turn to smooth out the biggest unexpected issues. It may be that the Commission and MDCG ease up a little on what will be deemed to be a formally lodged application by 26 May 2024 as required in the proposal. It may be that you are able to agree to a submission plan with the notified body that allows parts of the technical documentation to be provided later. But what that would look like needs to become clear and would (preferably) not differ from one notified body to the next.

The future

The Commission is already one step ahead, discussing the implementation of the amendment and the future of the EU’s medical devices regime, which is still in dire straits. According to an information note of the Commission for the 14 March EPSCO Council the MDR is way not in the safe zone and the amendment and MDCG 2022-14 roll-out will need everyone’s full attention and participation. In that sense I would urge competent authorities to closely monitor how their notified bodies are doing in terms of being part of the solution in that regard. On the other hand, the authorities themselves should not be part of the problem by keeping notified bodies in the dark about what additional flexibility they are now afforded.

Important about this Commission information note are the forward looking part and some conclusions from the past. The Commission considers it important to tackle a number of structural issues before the end of the extended transition periods:

  • issues related to orphan devices, 
  • small manufacturers’ access to notified bodies, 
  • length and costs of conformity assessment procedures, and
  • interplay between clinical trials for medicinal products and performance evaluation studies for in vitro diagnostics. 

The Commission explicitly states that these issues have appeared within the current regulatory framework and have a negative impact on patient safety, public health and medical innovation, which is a big admission about how the Commission sees the success of the MDR so far, and what is causing the flaws in the MDR that have led to the MDR performing underwhelmingly. It also shows that the Commission does not seem to believe that the current actions on some of these points will actually do the trick.

For example, I personally have absolutely no confidence in the SME measures taken via the EU4health program (developing material and activities to support market operators, in particular SMEs, in meeting the requirements of the MDR and IVDR – too little, too late and not what is needed). What is needed is that SMEs are not turned down when they present themselves at a notified body. I’ve often made comparisons with medicines marketing authorization procedure. Would we accept there if an agency says: “we have no time for you because we have more interesting applicants that already take up all our time?”. Of course not. Yet, we are perfectly happy to have this situation exist and continue in medical devices. This is why more and more SMEs go US first these days: they have a reliable and predictable pathway at a well-organized agency that is happy to help (especially if you have breakthrough designation (which we don’t have in Europe either)). Even SMEs these days have options outside of Europe if their innovations are not appreciated here. And the worst is that their innovations have often been developed with EU or local financial support and subsidies or tax facilities – yes, that is how you waste capital and innovation. Congratulations. I see this happen with clients increasingly often and it frustrates me to no end.

The Commission will gather further evidence for the comprehensive evaluation of the MDR and IVDR due by May 2027 (Article 121 MDR and Article 111 IVDR). So let’s see how things go and let’s hope no time is wasted. As they say, never waste a good crisis, and now is a good time not to waste this one even further.

But weren’t they supposed to vote on it on the 14th?

Short update on the MDR amendment proposal because quite a lot of people were expecting the European Parliament to take a final vote on the MDR amendment proposal today. A lot of them that watched the vote on the Parliament’s streaming services were surprised and disappointed that the vote seemed unclear: no vote on the text of the proposal? What was that?

To clarify what happened: today the Parliament voted on the request to treat the MDR proposal in the accelerated procedure, which was literally what it said in the Parliament’s agenda, so no surprise there if you know how this works. By the way, it’s an IVDR proposal too and not just an MDR party, as the IVDR sell-off period is proposed to be removed.

While it had been pre-discussed with the Commission that this would be put on the agenda and preferably adopted rapidly without issues, drama or amendments in the accelerated legislative procedure, rule 163 of the Parliament’s procedures still requires a vote on this. And that happened today.

The vote was unanimous and now the vote on the substance of the proposal is scheduled for Thursday 16 February. Amendments can (theoretically) still be proposed by the Parliament on Wednesday, but also on this point solid pre-discussion between the Commission and the ENVI committee will likely lead to a no amendment situation.

If you want to check out the proposal for inconsistencies between languages or in your own language (or in another of the many interesting ones we have in the EU), see here as it has been translated in all language versions (a requirement for adoption).

So please bear with the Parliament for just another two days until the vote on the proposal, and then some more days as the proposal will trickle through the publication process to the Official Journal.

And, as the name of the journal suggests, it’s not official until published in the Official Journal – and since the proposal indicates that the normal 20 days delay period after publication is foregone for this proposal – it will enter into force on the date of publication in the Official Journal and not before. There is no official timeline for that. For the last accelerated amendment to the MDR it took about a week between vote in the Parliament and publication in the Official Journal – Parliament vote was on 17 April 2020, and the amendment was published in the OJ on 24 April 2020 (one week later). So let’s hope they can be just as quick this time. I know that it will make a difference for certificates expiring already, so no time to waste!

In the mean time, the proposal leaves many questions unanswered, so if you have any: don’t hesitate to contact me because answering those questions is what I do best. And boy, did I answer a few about this proposal already. I can safely say that now (actually some time before already) is a good time to make some scenarios about how the proposed amendment will affect your devices business if you haven’t yet done so. Scenario anyone?

The MDR proposal for extension – “Can the maker repair what he makes?”

On 6 January 2023 it finally happened: the moment that many had been waiting for – the MDR extension proposal finally dropped (see here for Commission provided background).

It did not turn out to be what I expected in all respects. First, it contained also an amendment to the IVDR: a removal of the sell-off period at the end of each of the stacked grace periods, which makes this proposal very relevant for the IVDR as well. Secondly but logically it also contain an amendment for custom made devices that I personally had not expected but with hindsight makes a lot of sense.

The proposal reminded me of the epic philosophical dialogue in the “I want more life father” scene in the movie Blade Runner, in which the soon to expire replicant Roy meets Tyrell, the person who invented him, and argues for “more life”, posing to Tyrell the existential question “Can the maker repair what he makes?”

Tyrell says he cannot change the facts of life [you have to transition to transition to the MDR sooner or later] and explains how difficult it is to change processes in a life form that is already underway [once a law has been adopted, changing it is always problematic and messy and sometimes may not fix the problems created already]. An intense argument about possible ways to do it follows, where Roy makes suggestions that are each falsified by Tyrell. Tyrell ends the discussion with his consolation “You were made as well as we could make you.”, which the EU legislator will no doubt think about the MDR. Let’s hope the MDR extension does not end like the Blade Runner scene, in which Tyrell does not survive the confrontation with his angry creation that does not accept his fate. 

In the case of the MDR the extension comes at a price as we will see below. Age old wisdoms are that there is no such thing as a free extension and that you have to beware of people bearing gifts in situations where they might want something from you. In this case both of these old wisdoms apply. The MDCG has been warning for a long time that whatever is going to be done to help in terms of bridging and extensions is supposed to only benefit the manufacturers that have already taken steps to transition to the MDR. If your company has gambled and kick the can down the road, you will find that your options under this proposal are very limited, and intentionally so. 

Let’s pick this proposal apart with the knowledge of now. The MDR part of the proposal completely upends article 120 sections (2), (3) and (4) MDR.

Article 120 (2) changes: validity of certificates

Article 120 (2) MDR is proposed to be changed to keep the valid (AI)MDD certificates valid or have them relive and be valid (in case of expired certificates) from the expiry date on the certificate for the period until the risk class based backstop date in the new article 120 (3b) (31 December 2027 or 2028).

Wait what? Expired certificates relive?! Yes, but only under conditions set out in the new article 120 (2) (a) and (b):

  • Either you have both signed an agreement with a notified body before the expiry of the certificate for the legacy device or a “a device intended to substitute that device” OR
  • You have a valid article 59 MDR derogation or a valid article 97 MDR exemption (either of which apparently does not have to be in place at the expiry date of the certificate, which makes sense).

An important question is what the concept of “a device intended to substitute that device” means, because this is a gating item both for the notified body and for the manufacturer. This concept is not clarified anywhere in the recitals or the explanation to the proposal, yet is a crucial concept for application of the amended transitional regime. For example: would this device need to be equivalent to the legacy device it is intended to replace? And is that then evaluated by reference to the criteria for equivalence under the MDR? Or can it be a device that has a broader intended purpose? Nobody knows and this concept will need Commission or MDCG clarification. And we all know what that means: this will not arrive soon. 

The fact that this clause extends the validity of existing and valid legacy device certificates by operation of law from the expiry date (even if that date is still in the future) but also – in exchange – makes the article 120 (3b) – (3d) conditions immediately applicable to the device (see conditions discussion below). So whether you like it or not: with a still valid certificate as a result of automatic application of article 120 (2) MDR you are shunted into the new regime – no choice. What does that mean for you?

Article 120 (3) changes: stacked risk based grace periods

Interestingly for a change the MDR proposal follows an earlier IVDR legislative amendment, implemented early 2022, which implemented stacked grace periods by risk class. The MDR now copies this mechanism, as I predicted as a likely option, but adds additional conditions for the use of the extended grace periods that are aimed to foreclose the extended grace periods to manufacturers that do not meet one of the article 120 (2) conditions for certificates to be valid beyond their expiry date:

  • Either you have both signed an agreement with a notified body before the expiry of the certificate for the legacy device or a “a device intended to substitute that device” OR
  • You have a valid article 59 MDR derogation or a valid article 97 MDR exemption (either of which apparently does not have to be in place at the expiry date, which makes sense).

Let’s look at the details of what changes in article 120 (3). “Due to the length of the provision, paragraph 3 is replaced by paragraphs 3a to 3g.”, says the explanatory memorandum.

Article 120 (3a) – derogation from Article 5 MDR

This means that when you meet the requirements of the proposal (device qualifies under article 120 (3b) or (3c) MDR and you meet the conditions under article 120 (3d) MDR you get to be exempted from the core requirement in the MDR: having a valid CE marking under the MDR.

120 (3b) – to suture or not to suture?

Article 120 (3b) provides for triage of devices that are already subject to an (AI)MDD certificate. Triage happens based on risk class under Annex VIII of the MDR (the provision does not explicitly state this by the way, but this is consistent with the way the corrigendum for the up-classified class I devices worked) and on the basis of a qualification question that will have pained many for requirements for Well Established Technology (WET) under article 18 (3) MDR (implant card),  article 52 (4) (conformity assessment) and 61 (6) (b) MDR (clinical evaluation requirements): the sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips and connectors. The proposal’s explanatory text refers to them specifically as WET. This means that more complex devices with these names are likely not in scope of this defined group. In this regard the Team-NB Position Paper on a risk-based approach for medical devices exempted from an implant card and information to be supplied to the patient with an implanted device per Article 18.3 may also be relevant for qualification and for dental implants the Team NB position paper on Applicability of exemption rule to endosseous dental implants and dental implant abutments may be relevant.

See for triage logic the below summary flowchart. Note please that this flowchart does not describe the full process and all applicable conditions – it’s for triage only. And it is an improvement on the flowchart I initially shared via LinkedIn.

Triage flowchart for MDR proposal

I posted a slightly different version of the flowchart in on LinkedIn initially that excluded sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips and connectors from the 2027 period altogether because of the use of the comma before the word ‘except’ in article 120 (3b) (a) (“31 December 2027, for class III devices and for class IIb implantable devices, except “sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips and connectors”) and the explanatory memorandum clarification

“The transition period is extended from 26 May 2024 until 31 December 2027 for higher risk devices (class III and class IIb implantable devices except certain devices for which the MDR provides exemptions, given that these devices are considered to be based on well established technologies) and until 31 December 2028 for medium and lower risk devices (other class IIb devices and class IIa, class Im, Is and Ir devices).”

Explanatory memorandum proposal

Later we heard that the Commission had clarified in response to a question that qualifying sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips and connectors end up in the 2028 bucket. So I had to amend my initial flow chart to the above version. Don’t use the old one!

What I personally don’t find very logical is why the deadline logic departs from the 26 May deadlines as used everywhere else in the MDR and IVDR and instead uses 31 December 2027 and 2028. It’s nice that there is more time for transition of course, even if it is not logical. At least chances that people get in trouble with this are slim, because at worst a company finds out on 26 May that they had until 31 December. 

Also here we have the discussion of what a “device intended to substitute that device” is (see above under article 120 (2) MDR).

120 (3c) – the up-classifieds had better hurry towards MDR

Article 120 (3c) deals with the class I up-classifieds, or in other words: the devices that do not need a notified body certificate under the MDD, but will need one under the MDR. These had gotten the corrigendum 2019 bonus of a declaration of conformity issued before 26 May 2021 that could be valid until end of the game period, provided that the article 120 (3) MDR requirements keep being met, such as no significant changes. This proved a lot more difficult than expected for especially software devices. These devices now get four and a half years extra time: until 31 December 2028! Whoohoo! 

But this comes at a price: for these devices you do need to meet the requirements under article 120 (3d) MDR now, which still include no significant changes until that date and most importantly, some big things you need to do before 26 May 2024: have a full MDR QMS implemented (article 120 (3d)) and have a conformity assessment application underway at a notified body, with which you need a written agreement too by that date (article 120 (3d) MDR). That means that as manufacturer of an up-classified device you must have met these condition more than four (4!) years ahead of the end of your transition period. And if you don’t, you lose validity of your declaration of conformity by 26 May 2024 and you are done under the MDD and MDR. 

So think about this a second (makes underwater scuba sign for “think about this/do not forget to”): you will likely not get to use up the full time until end of 2028 under the MDD (unless your conformity assent procedure takes four and half years, which is unlikely). So if you have a class I up-classified device you actually have no time to lose! You have less than one and half years (until 26 May 2024) to be ready for MDR conformity assessment – now that’s something else than sitting on your hands until 31 December 2028, right? Ergo, please do not make that mistake. Time is of the essence now.

120 (3d) – there is no such things as a free extension

There is no such thing as a free extension, and this one also comes with strings attached. These strings are set out in article 120 (3d) and – mind you – they also apply to class I up-classified devices as discussed above. Some of the requirements are already in the MDR (article 120 (3) MDR): the requirement of continued compliance with the (AI)MDD (article 120 (3d) (a) MDR) and no significant changes in design or intended purpose (article 120 (3d) (b) MDR, as clarified in MDCG 2020-3), which is no change from the current situation. The other three conditions in article 120 (3d), however, most certainly are because they are new (although you could debate this for article 120 (3d) (c), which is already part of the appropriate surveillance for the (AI)MDD certificate).

Let’s start with article 120 (3d) (c), which requires that your device does “not present an unacceptable risk to the health or safety of patients, users or other persons, or to other aspects of the protection of public health”. This is very much a market surveillance term (only found in the MDR in the market surveillance provisions article 93 to 97, meaning that the competent authorities do not want to get in trouble with the device concerned). But how are you going to determine that? It’s your device, (AI)MDD certificate valid, so how on earth could it pose an unacceptable risk? The whole idea about having a valid (AI)MDD certificate is that the devices presents acceptable risks only. According to the explanatory note:

“No systematic check of the device’s safety is required, as devices covered by a certificate issued under the Directives will be under ‘appropriate surveillance’ by the body that issued the certificate or a notified body designated under the MDR. Where, as part of their market surveillance activities, a competent authority finds that a device presents an unacceptable risk to the health or safety of patients, users or other persons, or to other aspects of the protection of public health, the transition period ceases to apply for that device.”

OK, so how will the notified body apply this then, because it is not a conformity standard subject to appropriate surveillance? It looks like this refers to the criterion in section 4.5 of MDCG 2022-4 Rev. 1 (“where the audit activities reveal a major non-conformity, which may present an unacceptable risk to the health or safety of patients, users or other persons”) but which still remains very unclear externally, but the notifying authorities will probably have instructed notified bodies on how to apply this. Would be nice if the rest of us would know too, right? Makes it so much easier to comply with requirements. 

Article 120 (3d )(d) requires, according to the explanation to the proposal that 

“no later than 26 May 2024, the manufacturer has put in place a quality management system (QMS) in accordance with Article 10(9) of the MDR. This condition aims to ensure that manufacturers gradually move towards full compliance with the MDR requirements. No specific attestation, i.e. no self-declaration nor verification of the appropriateness of the QMS by a notified body, is required at this stage. However, by submitting an application for conformity assessment to a notified body (see next condition), the manufacturer implicitly confirms that its QMS is in compliance with the MDR.”

Explanatory memorandum proposal

This condition is intended to make all manufacturers of legacy devices march in line as regards QMS as of 26 May 2024, and a step up to the conditions that were already in article 120 (3) MDR, which required certain QMS parts to be implemented for legacy devices. This is now changed to the whole QMS enchillada.

So, wouldn’t the requirement to also have a conformity assessment application underway by that date make a non-requirement out of this provision? Why is this needed if the condition under 120 (3d) (e) of a conformity assessment application for MDR lodged is sufficient? Good question. Because the problem with legal requirements is that you have to meet them and that would be firmer than an implicit confirmation.

So what could be the consequence? This would – I think – only have consequences where the manufacturer fails the QMS audit under MDR (because then he did not have a compliant QMS in place) and the consequence of not meeting the requirement would be so-called ex tunc invalidity of the certificate, in which case it turns out that the manufacturer never met the requirement, was non compliant on 26 May 2024 or the date on which he submitted the conformity assessment application, meaning that the certificate was invalid and the manufacturer has been placing non-compliant devices on the market, which is a market surveillance no-no, subject to competent authority fines, imposed recalls and so on. 

Finally, as last condition article 120 (3d) (e) requires that no later than 26 May 2024, the manufacturer, or an authorised representative, has lodged a formal application in accordance with Section 4.3, first subparagraph, of Annex VII for conformity assessment in respect of a device referred to in paragraphs 3b and 3c of this Article or in respect of a device intended to substitute that device, and no later than 26 September 2024 the notified body and the manufacturer have signed a written agreement in accordance with Section 4.3, second subparagraph, of Annex VII. Note that this need to concern the legacy device or the “device intended to substitute that device” (discussion above under article 120 (2) MDR). Also note that this condition contains an additional condition compared to article 120 (2) (a): not only is a written agreement needed, but the conformity assessment application must be have been lodged.

Effectively this means that the validity of certificate (dealt with under article 120 (2) (a) MDR) is treated differently than placing on the markt / putting into service under that valid certificate (which is dealt with under article 120 (3d): ‘devices may be placed on the market or put into service until the dates referred to in paragraphs 3b and 3c of this Article only if the following conditions are met’). I am not sure why this choice was made. It does allow for the option to have a valid certificate (may be useful for ex-Union trade) but not be able to place devices on the market in the Union. It also means however that a manufacturer must lodge an application for conformity assessment before 26 May 2024 to be able to keep placing devices on the market or put them into service. The question is also here what ‘lodged a formal application’ means: must the manufacturer have made an application or does the application also have to be validated and accepted by the notified body? That latter element does not follow from the text nor from the application, so this may mean that this will be tested in practice with a lot of applications being made shortly before 26 May 2024.

As long as the certificate or declaration of conformity is valid (which is until 26 May 2024 at the latest) you would expect not to be affected by the conditions for continued validity under article 120 (3b), (3c) and (3d) and could sit out your certificate quietly until the expiry date. But this is not how the proposal works as discussed above. Article 120 (2) as amended extends these certificates by operation of law immediately upon entry into force of the proposal to either 31 December 2027 or 2028 without giving you an option. Article 120 (3d) (e) provides that you must have lodged a conformity assessment application with a notified body and have signed an agreement with the notified body in order to for the certificate or DoC to remain valid. As stated above, this means that you cannot wait, but have to immediately start to prepare and submit the best conformity assessment application at a notified body that will accept it. Manufacturers may see that while they meet the 26 May 2024 deadline, the notified body then has a long time to complete the conformity assessment (but the manufacturer is rewarded with a certificate that remains valid until 31 December 2027 or 2028), hopefully giving the notified body enough time to complete the assessment before the legal expiry of the prolonged validity. 

Also here it is relevant what happens when the application is rejected: was the placing on the market and putting into service until that time retroactively unlawful (ex tunc application) or will it only be unlawful for the future (ex nunc application)? The proposal is silent on this point

120 (3e) – the old conditions of article 120 (3) MDR remain in place 

 The old conditions of article 120 (3) remain in place for the legacy devices (MDR post-market surveillance, market surveillance, vigilance, registration of economic operators and of devices) but this is really only relevant until 26 May 2024, because after that date the manufacturer is running a full article 10 (9) MDR QMS.

120 (3f) – notified body shuffle

Article 120 (3f) deals with the logistics of which notified body is responsible for surveillance of the certificate when it remains valid past its expiry date (this does not need to be an MDR designated notified body), how it works when the legacy devices is substituted by another device. The MDR notified body with which the agreement is signed pursuant to article 120 (3d) (e) (the one that needs to be in place for the legacy device or the substitute device) takes over surveillance of the notified body that surveilled the legacy or substitute device certificate if this notified body was not designated under the MDR.

120 (g) – custom made devices have the least transition time

Class III custom made implants (which require notified body intervention under the MDR pursuant to article 52 (8) MDR, so it’s kind of logical that these are also covered in this proposal.

What I don’t understand it why their deadline is 26 May 2026 and not 31 December 2026, and why they did not go in the class III implants category of 31 December 2027. Maybe the Commission thinks that the custom made devices have an easier pathway or something? This is not necessarily the case.

The same conditions as under article 120 (3d) (e) apply: having an agreement signed with a notified body by 26 September 2024 and lodging an application by 26 May 2024.

Article 120 (4) changes: the sell-off period removed

The changes to article 120 (4) are to remove the sell-off period completely. This has been the result of a successful lobby effort demonstrating that the sell-off period was simply too short because most devices take a long time to move through the supply chain slower than the legislator initially assumed. Also, the devices stuck in the supply chain that the 27 May 2025 hard stop would be lost to the Union market, which would also be a bad idea. In the words of the proposal:

“To prevent unnecessary disposal of safe medical devices and in vitro diagnostic medical devices that are still in the supply chain, thus adding to the imminent risk of shortages of devices, such further making available of devices should be unlimited in time.”

Recital 10 of the proposal

This means that there will be unlimited time for selling off of legacy devices that were placed on the market lawfully and that there will be a considerable period of time in which there will still be legacy devices on the market being sold off, and competing with MDR certified devices. Apart from the confusion that no doubt will ensue about the compliance status of legacy devices still being sold off to end users in 2030 (which is possible)m the question is how fair this is to the manufacturers that did invest in MDR transition and may face competition from these devices for a considerable time. And to patients, that may be treated with old legacy devices while more state of art ones are available as MDR CE marked devices. The whole idea behind the sell-off period was in itself not bad: that at a certain point in time there would only be devices on the market approved by MDR standards. 

Housekeeping (article 122 and 123)

There is some technical housekeeping in article 1 (2) and (3) of the proposal, making changes to articles 122 (repeal of directives) and 123 (delayed entry into force of provisions) to account for the changes made to article 120 in the proposal.

IVDR changes: the sell-off period removed

For the IVDR the proposal contains a removal of the sell-off period. The background there is that the Commission has realized that the sell-off period is simply too short and will lead to devices being stuck in the supply chain at the end of the sell-off period. In the words of recital 10 of the proposal:

“To prevent unnecessary disposal of safe medical devices and in vitro diagnostic medical devices that are still in the supply chain, thus adding to the imminent risk of shortages of devices, such further making available of devices should be unlimited in time.”

Recital 10 proposal

I must say that I had not expected this. This may have been done for the same reasons as for MDR medical devices, but it also invokes the same issues as with MDR medical devices: there will be legacy devices on the market having gained access under ‘old’ standards’ that will be competing with IVDR standards assessed devices for a potentially looong time (if the devices have long or no expiry dates).

Relation to MDCG 2022-18 (article 97 exemptions)

If the proposal is adopted, the extension by operation of law of legacy devices will massively decrease the potential burden on the competent authorities to solve things by means of recourse to article 97 MDR, for which MDCG 2022-18 provided the blueprint.

The competent authorities’ role will be limited to dealing with the exceptional cases that do not fit in the proposal logic for one or the other reason, just the way they like it and is their normal modus operandi.

Relation to MDCG 2022-14 position paper

No proposal is an island. As I have observed in an interview with RAPS, we will also need the MDCG and member states’ full and unwavering commitment to roll-out of MDCG 2022-14 measures to create enough room for the notified bodies to live up to the challenge. I have been somewhat critical about the MDCG’s capacity to deliver, but I would like to remain enthusiastic and hope that, in the spirit of the ‘can the maker repair what he makes’ the MDCG will surprise us all positively.

And manufacturers must step up too. At the risk of sounding like a broken record: this is no time to sit on your hands people. As explained above, the first deadline hurdles for MDR QMS and a lodged application for conformity assessment at a notified body that you may still need to find and willing to work for you and sign a conformity assessment agreement with by 26 May 2024 are closer than you think. If your management thinks that anything less than full throttle is a good idea in any way for MDR transition, they are not fit for purpose. The proposal makes MDR transition a Chefsache as they say in German (‘a matter for management’), more than ever.

Adoption process

The adoption process follows the same procedure as the rushed MDR date of application extension in 2020: the accelerated co-decision procedure, which at the time was formally completed at lightning speed in less than a month. This proposal is far more complicated, so I expect the institutional actors to take a bit more time (also some parliamentarians announced that they are not going to be rushed like the last time). It is possible that there are still amendments to the text.

So pretty please with sugar on top: not legally trained consultants, please don’t say that this proposal is it, that it’s official, that it has been published in the Official Journal (which will not be yet until adoption) – don’t jump your guns, leave law to the lawyers and wait until the legislative procedure has run its course. Only then we will know what the adopted law will be and what rules need to be observed.

There is a consultation about the proposal from 11 to 18 January, which initially and apparently mistaken was put up for the normal consultation period running well into March, which was hastily corrected by the Commission. You can still put in comments to the proposal but don’t expect too much of them actually changing the proposal as the Commission may (or not) pass some of the comments to the Council or Parliament. If you want to influence things, go directly via parliamentarians working on this dossier or the member states in the Council.

At this moment I myself expect the proposal to be adopted and enter into force (foregoing the normal 20 days waiting period after publication in the Official Journal because of the rush) in March, likely the second half of March.

Balancing the MDR and the IVDR grace periods

Interestingly, if the proposal is adopted the IVDR will have a much more lenient and simpler grace period regime than the MDR – is that useful, is it fair? Both have risk class stratified grace periods and came from a single grace period. The IVDR however has almost no conditions for use of the grace period, the MDR has a lot and frankly complex ones.

Will we see similar conditions under the IVDR as under 120 (3d) when the grace periods for the IVDR do not suffice? This may well be the case, because as we’ve seen the MDR and IVDR keep influencing each other in solutions adopted to make the transitional regime work. I would encourage the IVDR manufacturers to make the best possible use of the availability of notified body capacity at the moment to avoid having to deal with a panic fuelled similar regime change for the IVDR in the future.

Can the maker repair what he makes?

As explained above, the proposal leaves a lot of open ends, such as what a substitute device is. Open ends are exactly not what we need at this time, especially because they will require MDCG guidance to explain and MDCG guidance is never fast or on a reliable timetable. Where possible these points should be fixed in the legislative process because otherwise we will be dependent on MDCG guidance for clarification, which will simply take too long.

A thing that worries us lawyers are matters of ex tunc invalidity of certificates or ex nunc invalidity in case of not meeting conditions for extension. This is not a trivial technicality and should be addressed at least in a recital in the proposal.

The good part is that at least some of the (big) notified bodies think that the proposal gives them enough time. This is very positive indeed. The question is whether this is true for all notified bodies, and what member states will do to make sure to enable maximum use of the MDCG 2022-14 position paper measures for the notified bodies and oversee notified bodies’ serious engagement on these points. At this point I see some of the smaller MDR notified bodies in serious disarray at the moment, at the expense of their poor clients who are caught in the middle without proper legal recourse and captive by the mess the notified body is making of things.

The original grace period under article 120 (3) MDR was already difficult to explain to foreign authorities in jurisdictions that attach importance to the CE mark and often misunderstood far and wide, leading to situations where foreign authorities flat out refused to accept anything else than a shiny new MDR certificate because that made sense to them. The new grace period will be even harder to explain to foreign authorities and to member states’ authorities issuing free sales certificates. The Commission and member states must make work of explaining this internationally to avoid creating Confusion Everywhere. The EU medical devices regulatory system has already lost too much of its international reputation, we don’t need this to be exacerbated. Also, it remains to be seen how foreign authorities will deal with the removal of the sell-off period, because these forever legacy devices can be sold on the Union market lawfully, which means they can be covered by a free sales certificate. This means that we will be explaining to foreign authorities how this works for a potentially long time.

Like I’ve said above: crucial to the proposal succeeding is pro-active rollout of MDCG 2022-14 and a functional safety net from MDCG 2022-18. This is completely in the hands of the MDCG and the member states who have the opportunity now more than ever to show that medical devices policy is a serious matter and be as much part of the solution as they can be.

But first: let’s see how the legislative procedure unfolds, and what the proposal looks like when it is adopted.

MDR and IVDR outlook for 2023

What to expect for the MDR and IVDR in 2023? Predictions are very hard, especially if they are about the future. That’s a paraphrase of a very solid Danish nugget of wisdom attributed to the physicist and chemist Nils Bohr. But let’s see what we can do based on some basic extrapolation of things currently hanging in the air that I will discuss below in this blog.

I know that I have not been very positive about the MDR in 2022. In fact I’ve said that we are in a process of Verelendung with this regulation at the moment in which things first need to get worse before they can get better. I think this was not exaggerated at the time and still may not be at this moment. I also think that the IVDR is an accident waiting to happen in much the same way as the MDR, because all the same mistakes are being made, and some additional ones.

But … something is slowly starting to be done – actions are being taken with the intention to fix these problems.

Commission proposal to amend MDR transitional regime

After the Commission’s very generally worded outlines of a potential proposal presented on the 9 December 2022 EPSCO meeting I was personally amazed by quite a number of consultants calling this ‘an official proposal’ and some stating that MDD certificates would be ‘extended’, for both of which there was absolutely no (legal) basis whatsoever. This is unfortunate because this regulatory gun jumping does not help to make things clearer and only creates confusion – it’s always better to be correct than to be first when it comes to these things I would think. 

The outlines of the potential proposal still leave a lot of gaps, as I have discussed on this blog earlier. We will need to see if the Commission actually makes a proposal early January as announced at the 9 December EPSCO meeting. The Commission has said it will so it is likely, but we also expected the proposal way earlier (on 9 December 2022) and ended up disappointed – the Commission can always still postpone it. We have also seen the Commission moving the Eudamed deadlines again and again and postpone the necessary measures for Annex XVI devices for years. Then we will still need to see what this proposal will look like exactly. Will it also revive MDD certificates that have already expired and under what circumstances? Will it extend the My 2024 end of grace period back stop date? How will it relate to the Article 97 MDR ‘bridging solution’ set out in MDCG 2022-18 (discussed below)? This is important because Article 97 MDR is only needed where the law, the MDR, does not provide for a solution allowing the manufacturer to be compliant for the device concerned. For example, if a change to article 120 (2) MDR for example extends the duration of certificates for legacy devices (which is a possibility according to the Commission), then less Article 97 MDR applications will have to be made, which would free up valuable competent authority capacity.

After it has been made the proposal then needs to go through the EU legislative procedure during which it may still be amended, so I expect nothing definite before end of March 2023 (and that is if they really speed up the legislative procedure, which may not happen because some Parliamentarians have indicated that they want to give this proper consideration and will not be rushed like last time with the MDR date of application move from 26 May 2020 to 26 may 2021).

So hold your horses when you say that the MDR transition period will be extended and that there is an official proposal but please wait for the moment that we really know what this will look like before making specific claims about the future of the MDR transitional regime. Plan for notified bodies waiting with any definite steps until the legislative proposal is actually law (not before March 2023 likely). 

There may be more in the proposal that was not discussed yet in the Commission’s briefing note for the EPSCO meeting.

Article 97 MDR – the silver bullet bridging measure?

Right after the EPSCO meeting MDCG 2022-18 dropped, the bridging measure that the Commission referred to. ‘Bridging measure’ has a degree of optimism to its name right? We go from one place to the other where we were unable to do so before, and when we get to the other place we will be where we want to be.

The question is how much the Article  97 MDR option is going to help patients and industry. The problem is that the Article 97 MDR process is most likely understaffed at competent authorities, which means that there will be – again – significant congestion in the system. A telling sign of how well all of this is under control is that the Dutch competent authority IGJ put up a webpage with a huge ‘article 97 guidance for NL coming soon’ cliffhanger some time after MDCG 2022-18 was published. You might think that a clear pathway for these applications would be a matter of urgency and that competent authorities when working on MDCG 2022-18 in the MDCG would have seen this coming and had their local pathways ready – apparently not. But, the Commission proposal (discussed above) may still influence things on this point.

As I have discussed, MDCG 2022-18 leaves a lot of open points (e.g. as regards SMEs and MDD certificates that have already expired) and therefore lots of potential for national divergence. In this regard it is unfortunate that the choice was made for an MDCG document and not for an implementing act under Article 97 (3) MDR, because this leads to less responsibility and more potential divergence – and l 024-mdr-danger-zone-and-outlines-of-a-potential-solution-in-mdcg-2022-11/]). This is the bridging aspect. 

The MDCG 2022-18 position paper in its newest version (it has been changed without notice or version control after the initial making available for download on 9 December) contains an annex with a checklist of what to submit for an Article 97 (1) exemption. And now let’s hope that the competent authorities have sufficient headcount available to process these applications in a timely manner. 

IVDR – a similar disaster in slow motion

If there is one thing clear it is that the IVD industry seems to have learned absolutely nothing from the dire situation of manufacturers under the MDR that was caused by going all in on maximum use of the grace period and waiting until the very last day of the transitional regime with MDR conformity assessment applications (all these 26 May 2024 certificates that led to many manufacturers also kicking the can down the road as far as possible and starting conformity assessment too late – aggravated by notified bodies not being available). IVD manufacturers seem to be doing exactly the same now after the early 2022 change to the IVDR grace periods. The capacity problem is different for the IVDR however, at least at the moment: beginning 2022 the transitional regime for the IVDR has been changed as to implement staggered grace periods for different risk classes and by the end of 2022 the number of IVDR conformity assessment applications had dropped to the point that even the few notified bodies notified for the IVDR start to publicly advertise available slots for conformity assessment.

An important element of the IVDR is assessment of class D devices by reference laboratories. Do we have any? No, not yet. We do have the Commission asking member state laboratories if they would please consider applying for a designation as reference laboratory. The Commission published a fancy document with all the advantages, which hopefully will convince some laboratories to apply. This process is about two years overdue.

Another problem under the IVDR is the widespread resistance of health institution laboratories against compliance with the in-house produced devices regime under article 5 (5) IVDR. MDCG guidance on the in-house produced devices regime is still – as it has been for a very long time – forthcoming. I see also a reluctance on the part of market surveillance authorities to act against non-compliance by health institutions after the first parts of Article 5 (5) IVDR became applicable on 26 May 2022, which they should take care to not see lead to discriminatory market surveillance between CE marked devices and in-house produced devices. In the end, the GSPRs apply to fully to all devices that are deployed clinically on patients outside performance study, regardless of where the device is developed. Of course it does not help here that the MDCG guidance for in-house produced devices still has not been issued, making it hard for competent authorities to enforce and for health institutions to comply.

Roll-out of MDCG 2022-14 actions

The roll-out of the 19 measures to free up notified body capacity and to make the process of conformity assessment run more efficiently as set out in MDCG 2022-14 is underway and will – let’s hope so – continue to be underway for 2023. I have been somewhat critical about the contribution that the measures are going to make to solving the problems, but I think that the most important benefit of MDCG 2022-14 is that the MDCG realizes that the system is not working and that the member states and MDCG have a role to play to be part of the solution rather than of the problem – this is progress. While some measures (according to the Commission) do not need to be implemented and some are underway, the Commission states that it is

“important that the MDCG, with the support of the Commission, pursue its work to implement also the remaining actions”.

Information note from the Commission for the EPSCO meeting

Indeed, that’s an understatement. Member states in the MDCG for example totally control themselves whether medicines agencies of the member states cooperate sufficiently in the conformity assessment of combination products (point 19 of MDCG 2022-14). It is vital that the MDCG and respective member states continue to be part of the solution rather than of the problem by implementing not only the 19 MDCG 2022-14 points, but also more generally be the best authorities and coordinating body that they can be. Let’s not forget that behind every device that does not make it to market or that has to be withdrawn from the market due to certification issues there are patients that may not get the medical care they need or to the standards we pride ourselves on in Europe.

To make this very concrete and specific: for me this is as critical that my family members that are dependent on pacemakers and ICDs will likely not receive the latest model with the latest algorithms available if they are up for a replacement in the near future, and will literally be missing out on medical innovation and potential increase in standard of care that can benefit them for a better outcome.  And all of this only because of bad legislative choices, an understaffed notified body re-notification process and a generally badly managed transition period. And the worst is that these choices were made to solve a problem (fraud) that you cannot solve this way, because the MDR and IVDR can in no way prevent a manufacturer intent on committing fraud to do so.

However, the other stakeholders have a role to play in making the system function as well.

Notified bodies have a role to play in the roll-out of MDCG 2022-14. I see increasingly erratic behavior around planning of assessments and audits, making it absolutely impossible for manufacturers to predict the time of conformity assessment. In addition, I see notified bodies offer red carpet conformity assessment programs that they sometimes really fail to deliver on. The tragedy there is also that SMEs generally cannot even afford these premium programs. Some of the decisions I see notified bodies take would really be at odds with principles of good administration (such as sometimes making very impactful and costly (for the manufacturer) clerical errors and for some reason not being able to correct them immediately), by which the competent authorities are bound (Article 99 MDR / Article 94 IVDR). It appears that notified bodies do not always seem aware of the fact that they are exercising delegated state authority concerning market access, the exercise of which should be subject to good administrative practice. In that regard it remains forever puzzling to me as a lawyer why Annex VII, 4.8 on decisions and certifications only describes that the procedures should be documented but not that they should be applied in accordance with the principles of good administrative practice, which is the very least you would expect if delegated state authority is applied. ISO 17021:2015 does not provide for this either, describing only a need for documented procedures but not for good administrative practice. And don’t get me started about the possibilities of legal review / appeal of notified body decisions. In that respect it would be useful to do the thought experiment discussed below: what if the government agency for medicines marketing authorizations would act that way? And you would have no viable means to challenge that in court? Would that be acceptable?

Finally, manufacturers do not always put in their best effort either. Regulatory departments may be under-resourced (because it only concerns market access of core business, so why would that be important), are sometimes undertrained (leading to sub-standard conformity assessment applications that do not make it to validation and actual start of the assessment) or management decides to postpone submissions for MDR or IVDR conformity assessment because ‘there still is time’. Not a good idea at this time for the Union market.

Thought experiment with medicines regulation

EU pharmaceutical law is currently up for a major revision, and it is my firm expectation that this will somehow be managed a lot better than the MDR and IVDR legislative changes. For the life of me I cannot understand why we accept such stunning underperformance of the EU regulatory system for medical devices. In discussions I often invite people to do the thought experiment: “What if this happened in pharmaceutical products regulation?”. Usually the sad answer is: nobody would accept this and the world would be too small to fit all the outrage in.

Maybe it would be good for the MDCG, the Commission and the member states to do this thought experiment, it might give them a bit more of a sense of urgency and purpose. Member states and the Commission might provide more resources to make the medical devices regulatory system work.

Rolling Plan and ‘planned’ guidance

According to the Rolling Plan we have several things to look forward to in 2023:

  • an implementing act on designation of EU reference labs for the IVDR (possible as of 2020, better late than never),
  • entry into force of Commission Delegated Regulations amending Regulation (EU) 2017/745 and Regulation (EU) 2017/746 as regards the frequency of complete re-assessments of notified bodies (one of the actions from MDCG 2022-14),
  • updated harmonised standards (now that would be nice and very much needed), and
  • a Commission Delegated Regulation on UDI assignment criteria for highly individualised devices (contact lenses).

In terms of MDCG guidance under development it’s kind of remarkable that no guidance whatsoever has been slated for 2023. I guess this means that we might interpret this as that all the guidance that was slated for 2022 but was not delivered will be delivered in 2023? That’s a bit of a cheeky statement because literally every MDCG guidance document announced but not yet delivered yet was slated to be delivered in 2022. So we’ll need to see how this goes, the MDCG being the MDCG, sometimes taking years for a guidance document.

Time to restore trust in the EU medical devices regulatory system in 2023

I think that 2023 will be the year in which the MDR will need to prove that the regulation (and especially market access component since legacy devices are not grandfathered) is fit for purpose and in which the EU must restore trust in the EU medical devices market access system, because I see all around me that it is at an all time low. For that we need a Commission proposal in January that works, competent authorities providing a reliable and quick article 97 MDR pathway that works and further roll-out of the MDCG 2022-14 points is needed. And these three things need to work together well.

Already many large and small companies have gotten quite disillusioned and are moving away from an ‘EU first’ market access strategy. It may take years to regain this trust, but 2023 is the year in which the trend of trust will either slowly start to climb up again or will plummet further.

For the IVDR the main issue will be to avoid that the same mistakes as under the MDR are made, perpetuating the same problems and leading to the same problems as under the MDR. Also industry has a role to play there, by utilizing the available notified body capacity as much as possible and not adopting a waiting and seeing approach. And notified bodies can help by being ideal wielders of delegated state authority.

So happy new year my dear readers! Let’s cross our fingers for 2023 (especially if you’re a patient in the Union dependent on medical technology) and let’s all do our best to be part of the solution rather than of the problem. Because in the end the actual health of actual people depends on it.

And don’t forget that there is a book that contains all (well… a lot anyway) of the answers 🙂

The EPSCO meeting and beyond: further steps for the MDR and IVDR implementation regime changes

The 9 December EPSCO meeting in which the Commission was going to make its big reveal to fix the MDR came and went and left many people with a lot of conflicting emotions, but not that much concrete to go on. It seem that this is the way of the MDR, piecemeal definite maybes.

There was the weird reference by Commission to the Russian invasion in Urkraine as a contributory cause of delays with the MDR somehow. That had me raise my eyebrows. I don’t know what the Commission was trying to achieve with this.

There was the proposal announced that remained announced until early January coming year, and that will still likely look like outlines set out in the Commission’s briefing note for the EPSCO meeting.

And, finally, there was the announcement of the announced bridging measure for the expiring certicates that expire pending MDR conformity assessment. This dropped right after the EPSCO meeting in the form of MDCG 2022-18, a new position paper on the application of article 97 MDR.

Let’s take a look at where we are on these points.

Proposal for MDR and IVDR

Note that the Commission proposal covers both the MDR and the IVDR (for the IVDR: removal of sell-off period only). The outlines of the proposal as provided by the Commission are (which are still not 100% certain until we’ve seen the final proposal, the Commission still calls them “likely elements are based on the input received so far from national experts and stakeholders”):

  1. An extension of the transitional period in Article 120(3) MDR [beyond 26 May 2024] for legacy devices in scope of article 120 (3) MDR with staggered deadlines depending on the risk class of the device. Those deadlines could be 2027 for class III and class IIb devices (i.e. devices with a higher risk) and 2028 for class IIa and class I devices (i.e. lower risk devices) that need the involvement of a notified body in the conformity assessment;
  2. If needed for legal and practical reasons (including for access to third country markets), the extension of the transitional period could be combined with an extension of the validity of certificates issued under Council Directives 90/385/EEC and 93/42/EEC by amending Article 120(2) MDR;
  3. Conditions to be fulfilled in order to ensure that the extension applies only to devices that do not present any unacceptable risk to health and safety, have not undergone significant changes in design or intended purpose and for which the manufacturers have already undertaken the necessary steps to launch the certification process under the MDR, such as adaptation of their quality management system to the MDR and submission and/or acceptance of the manufacturer’s application for conformity assessment by a notified body before a certain deadline (e.g. 26 May 2024);
  4. The removal of the ‘sell off’ provision in Article 120(4) MDR and Article 110(4) IVDR.

The extension would likely provide that legacy devices would need to transition to the MDR by risk class and subject to conditions under point 3:

  • Class III – 2027 (date not specified yet);
  • Class IIb – 2027 (date not specified yet);
  • Class IIa – 2028 (date not specified yet);
  • Class Im, s and r and up-classifieds (e.g. class I software) in scope of article 120 (3) MDR – 2028 (date not specified yet) (Note that devices that are ‘normal’ class I under the MDR are not in scope of this transitional regime, this is an often made mistaken assumption by class I devices manufacturers, so inform yourself here).

Conditions for the extension:

  • devices must not present any unacceptable risk to health and safety;
  • devices have not undergone significant changes in design or intended purpose;
  • manufacturers have already undertaken the necessary steps to launch the certification process under the MDR, such as adaptation of their quality management system to the MDR and submission and/or acceptance of the manufacturer’s application for conformity assessment by a notified body before a deadline still to be proposal (e.g. 26 May 2024).

In summary, the extension is only available for devices that are already subject to the ‘necessary steps to launch the certification process under the MDR’, of which we do not know what this exactly means. It can be that the manufacturer has adapted his QMS (that’s an example given by the Commission) or it may be that the actual acceptance of the application of the manufacturer by the notified body for conformity assessment is adopted as condition (another option mentioned by the Commission).

But there is a wide gap between these two, and one is under control of the manufacturer himself while the other is not. One is a binary criterion (application accepted by NB) whereas the other is very much subject to interpretation (QMS MDR ready or not). Accordingly, there is a massive degree of uncertainty still because different choice of criteria will have very different consequences for the group to which the transitional period extension wil be available. If the criterion will be acceptance by a notified body, this will do little to solve the bottleneck because notified bodies are not going to accept a lot of extra applications in the near future because they are still strapped for resources. On the other hand, if the criterion is going to be QMS MDR ready, who is going to check if the QMS is ready enough? The member states? They don’t have the capacity for that. So the Commission still has a very difficult choice to make here. We’ll need to see what they end up proposing.

Removal of the sell-off period sounds like a good idea to not put extra strain on the supply chains because one year under article 120 (4) MDR and 110 (4) IVDR was a very short sell-off period that was going to pose problems many companies because devices often just do not move through the supply chain this fast. This will allow companies to sell-off devices more gradually but does not solve the problem that they will need to have the devices concerned placed on the market in time for the 26 May 2024 deadline for the MDR, which does not seem to move for this purpose.  The proposal would also concern the IVDR sell-off period for IVD devices subject to an IVDD certificate (not that many on the total), allowing the manufacturers of those also a smoother sell-off period.

Will article 120 (2) MDR be amended (point 2 of the proposal) as to allow a long certificate duration for directive certificates? That would be something but it would also be spectacularly unfair to the manufacturers with directive certificates that already have expired causing them to cease placing the devices concerned on the market pursuant to expiry of the certificate. The Commission would, in my view, also need to look at options to revive expired certificates. Of course, we will need to see what the Commission means with “if needed for legal and practical reasons (including for access to third country markets)”. For example, the MDCG 2022-18 position paper discussed below contains a solution for this problem, including for access to third country markets (not the best though, so this solution might be better). Hard to say therefore how the Commission proposes to fill this in given the MDCG 2022-18 options. But it would provide for another tool in the toolbox to deal with certificates expiring during conformity assessment.

So do we have an ‘extension’ now? No, not quite yet – the Commission will formally make the proposal in early January according to the Commissioner. Do we know what it will look like exactly? No, neither – just the general lines but as discussed there are still important open points. We have to wait for the final proposal to know for sure.

MDCG position paper for article 97 MDR

This part of the package is an MDCG position paper MDCG 2022-18, meaning that this is the member states talking and implementing. We had already seen that earlier position papers MDCG 2022-11 and 2022-14 hinted at article 97 MDR measures and now this is the result.

Readers should note that the MDCG is not introducing something new from a legal perspective, because the article 97 (1) MDR instrument has always been in the MDR and available to the member states that wanted to use it. Some have also issued exemptions under article 97 MDR already. The position paper is merely guidance on a coordinated set of criteria and approach that the member states intend to use for this. That could have also been done by means of formal harmonization by means of an implementing act under article 97 (3) MDR (a cleaner measure with higher degree of legal certainty if you ask me) but the member states have opted not to limit their individual discretion too much apparently. So now we have a position paper with loosely drafted guidance, still allowing each member state to pretty much do what they like and ask for the documentation they like to see (MDCG documents are non-binding, remember?).

However, the big step forward of this position paper is that member states will recognize article 97 (1) MDR decisions issued by other member states, much like the mechanism with orphaning under the directives (as I predicted that this could look like last summer, which now indeed turns out to be the option chosen). This means that one application will suffice for the entire Union territory (Union is not the same but larger than EU, mind you). On the other hand, if your application is rejected, don’t expect local article 97 MDR love from individual authorities in the Union. The good part of this procedure is also that it is available to manufacturers with certificates that have already expired.

To whom and how is this procedure available? MDCG 2022-18 gives the following cumulative conditions:

  • Apply in the member states of the manufacturer or the manufacturer’s authorised representative;
  • Legacy devices in transition, meaning devices actually in conformity assessment of for which, despite reasonable efforts undertaken by the manufacturer to obtain certification under the MDR, the relevant conformity assessment procedure involving a notified body has not been concluded in time, and the certificate expires;
  • No other non-conformities than certificate expiry;
  • No unacceptable risk to health or safety of patients, users or other persons, or to other aspects of the protection of public health (to be demonstrated by the manufacturer by means of a report containing relevant data gathered through its post-market surveillance system (PMS), in particular data concerning incidents, serious incidents and/or field safety corrective actions);
  • Limited temporal exemptions – competent authority defines duration of exemption, default is 12 months, option to be extended in ‘duly justified cases’;
  • Manufacturer should already have undertaken reasonable efforts to transition its device to the MDR (manufacturer’s application for conformity assessment under the MDR should have been accepted by a notified body and a written agreement signed by notified body and manufacturer in line with section 4.3 of Annex VII MDR). In duly justified cases, the CA may waive this condition, in particular where the following conditions are all met: (i) the manufacturer is a SME, (ii) MDD or AIMDD certificate of that SME manufacturer had been issued by a notified body not (yet) designated under the MDR, (iii) the SME manufacturer can demonstrate that it has undertaken reasonable efforts to apply to a considerable number of relevant notified bodies and that their application has not been accepted due to limited notified body capacity;
  • The device should not be subject to any change as regards its labelling, including CE marking.

You may have issues convincing other non-Union authorities about the validity of the CE certificate if you are relying on an article 97 MDR exemption. The position paper states that certificates of free sale may still be issued in accordance with national provisions with a validity that should not exceed the period by when the manufacturer should bring the device in compliance with the MDR. That will be a lot of administration because you will have to set up a yearly review cycle with foreign authorities and will need to spend a lot of time explaining them how this works. We’ve seen throughout the implementation of the MDR and IVDR that the transitional regime (which keeps changing too!) is very hard to explain to other authorities in countries that rely on the CE mark for national registrations. The EU is really not doing itself a favor by eroding its soft power in the world with a reliable and predictable regulatory system for medical devices that can serve as a reliable platform for local registrations. We see the first signs of countries moving towards the US system for this (Australia, Switzerland).

It is nice that the position paper sees the plight of SMEs. However, this proposal does nothing to help SMEs going to the market for the first time after 26 May 2021, it is oriented to SMEs that have a notified body that is not notified yet, rather than a notified body that is MDR notified but simply has not started the SME’s conformity assessment process yet and/or will not finish in time (more common). SMEs will fortunately have the option to approach the authorities with their issues and hope for an article 97 exemption. So it’s something for SMEs but nothing big.

The big unknown of course is where the competent authorities are going to get the capacity from to be able to assess all these applications and churn out exemptions reliably and predictably in a reasonable time frame. As far as I can tell, none of them is adequately staffed to this, which will mean delays in processing article 97 MDR applications in many places, especially those where most of the manufacturers and authorized representatives are clustered.

Another unknown is how this position paper relates to the Commission’s potential proposal to extend article 120 (2) deadlines for back stop date of certificate validity of 26 May 2024 to a date potentially beyond that, as was discussed above.

Note: article 97 MDR is not the same as an article 59 MDR derogation! These latter ones are much harder to get because you need to provide that the device is indispensable for public health and that there are no real alternatives on the market for your device, which is not that easy to do in practice.

If you need help with your article 97 applications or thinking about strategy around then, I’m here for you. 

And then there still is the MDCG 2022-14 19 points position paper

Then there still is the MDCG 2022-14 position paper with many points intended to free up notified body capacity and/or make the MDR and IVDR system run more efficiently, some of which make sense and others make less sense (see my analysis of it).

What we are seeing now is that notified bodies are responding to the new room given by stepping up and have started to issue Team NB guidance such as the Best Practice Guide on technical documentation, Team NB position paper on implementation of MDCG guidance and the work on a position paper on leveraging directive conformity assessments to establish compliance with the MDR requirements.

Also the MDCG is rolling out items, for example with the new MDCG guidance on hybrid audits, but the MDCG being the MDCG, this will be a slow and ponderous step by step process.

There still is a lot to do, and the MDCG would also do well to keep the market informed to what the member states themselves do and achieve as to not to remain ongoing part of the problem, such as speed up notification assessment processes, speed up medicinal products assessments, staff article 97 MDR exemption processes adequately and the like. These are all factors fully under control of the member states themselves so member states have all the options to speed up these processes and be part of the solution themselves.

Conclusion

Too little? Hard to say at this moment. Too late? Absolutely. The writing of this transitional regime breakdown was on the wall since 2018-2019 when the majority of certificates was renewed all the way to 26 May 2024. People like me have warned publicly at that time about the consequences of these choices. This was where the market, notified bodies and authorities chose to put all of this on the roulette table, hoping for the best for notified bodies being able to sort this out. But that best did not materialise. And now we need to clean this up. With the structural under-resourcing of medical devices policy and market surveillance this is a piecemeal process as we are seeing, but also the result of conscious choices for which no-one else is to blame than the member states that decide on resourcing of the Commission and their national authorities for implementation and the EU legislator that designed this system.

You would think public health is more important, but apparently it is not. You would think that the public health ministers of the member states would be comfortable going on the record to explain that the system does not need more resources to function (which I assure you they are not because they know differently). As I’ve said before, apparently it first needs to get way worse before it can get better. The patients (which we all are potentially by the way) deserve so much better from the system. And it is such a sad way to put a major dent in Europe’s historically stellar international reputation as a soft power in regulation of of medical devices and IVDs.

What should companies do? Well, they make a plan and they follow through. We know a lot more, so now it’s time to determine which of your devices in MDR transition fall in which options bucket and what the potential options are. The options are not final because we are waiting for the proposal to drop early next year, but you can work with the outlines already.

Companies that had planned to push all their product to end users before 27 May 2025 can cautiously start to plan to relax this effort now because the hard stop at of the sell-off looks to be removed (but wait for the final proposal to be be adopted to be sure!).

As said, if you need help making sense of all this, I’m here for you.

Focus on the authorised representative

Last week we saw publication of the new MDCG guidance on the authorised representative under the MDR and the IVDR, MDCG 2022-16. My first impression: much about the ‘what’ and not so much about the ‘how’, resulting in a guidance that, in typical MDCG fashion, repeats a lot of the law back at you without providing a lot of additional actual guidance that fills in the blanks. Nevertheless, there is certainly some interesting content in the document.

More in general my impression is that the document is intended to reinforce the function that the competent authorities see for the AR in market surveillance, and it is intended to hammer home the message to the ARs in the field that they have to up their game because being an AR really means something in the overal scheme of device compliance.

The focus of policy still seems to be very much on the external, independent ARs because there is almost no mentioning at all of internal ARs in the guidance document.

Three months Dutch competent authority AR inspection programme

The publication concurs with the kick-off of competent authority market surveillance activities directed to the AR starting immediately: the Netherlands’ Healthcare Inspectorate has used the occasion to kick off a three-month review program under which they will inspect as many ARs as they can in the Netherlands according to a published set of inspection criteria. The Dutch Healthcare Inspectorate does exhibit awareness of the differences between external and internal ARs in the explanatory text of the inspection criteria, although there is no differentiation between them in the inspection criteria.

So if you are an internal or external AR in the Netherlands, better get organised on the triple double and make sure that the coffee is hot and fresh when the Healthcare Inspectorate shows up to inspect your records. Best to prepare by making your own internal assessment of whether you consistently meet the criteria that they have announced to use as a basis for the inspection.

Mandate of the AR

There is only one statement on the internal AR in the guidance document and that is in relation to the internal AR, to the effect that

“A mandate should be drawn up irrespective of whether the authorised representative is independent/outside of, or is part of the same larger organization as the manufacturer.”

MDCG 2022-16, p. 3

Since the written mandate must agreed between parties according to the guidance, this solves the question whether a mandate can be given by means of a procedure in the QMS: no. If you want to stay as close as possible, implement it by means of a quality agreement. In any event the agreement, be it an intra-group (adherence) agreement or a quality agreement or something else, it should meet the minimum requirements in article 11 (3) MDR/IVDR.

There are some words on how the importer should verify that an AR has been designated. The MDCG offers some possiblities there, none of which are remotely practical or cost-efficient at any scale, such as contact the manufacturer or AR to confirm that a designation has taken place. The guidance is not clear on the extent of the check, because it mentions as alternative options a check on the label as verification or a check in Eudamed. Neither of these may be sufficient to establish compliance at face value, because the label may not reflect the actual situation anymore (mandate may have been terminated in the mean time and unfortunately Eudamed is already often not updated (timely) for roles and responsibilities).

Obligations of the AR

The guidance document includes some useful language on some obligations of the AR.

For example, it is expected that the AR actively checks that the conformity assessment procedure for devices in scope of the mandate is appropriate for the devices in question. From this the MDCG infers that

“If the authorised representative considers or has reason to believe that the conformity assessment procedure is not appropriate for the device in question, they may inform the manufacturer.”

MDCG 2022-16, p. 5

Since this ties directly into compliance under article 10 MDR/IVDR, this is an important part of AR due diligence. Manufacturers can expect ARs to become a lot more critical on items that they were previously not concerned with, such as classification (since this drives the available conformity assessment procedure).

The guidance further specifies in a small list what documentation the AR must be able to produce in order to meet the requirement in article 11 (3) (d) MDR/IVDR to

“provide that competent authority with all the information and
documentation necessary to demonstrate the conformity of a device”

MDCG 2022-16, p. 6

Unfortunately and unhelpfully the list provided in the guidance is not an exhaustive list, which does not help a lot for legal certainty on this point.

There is also some guidance on what ‘permanently available’ (article 10 (8) last para MDR and IVDR) means in terms of manufacturer documentation to be available to the AR so he can make it available to the competent authority if needed. It is important to keep in mind that the legal obligation of having the documentation available is on the manufacturer. The guidance clarifies this as that

“‘Permanently available’ in this context means it will be mandatory for the manufacturer to provide the authorised representatives with the requisite documentation, in their most recent versions and for certificates this includes amendments or supplements, either in hard or electronic copy. In practical terms having ‘permanent access’ to such documents, should imply constant availability via electronic or physical storage, either shared or otherwise.”

MDCG 2022-16, p. 5

ARs should be wary to still have the option to copy a final version of (elements of) the documentation in case the mandate ends or the device is removed from the market because they themselves have to have the documentation available for much longer still (see Annex IX, sections 7 and 8 MDR/IVDR).

The MDCG guidance does not clarify the obligations of the AR PRRC (“responsible for regulatory compliance”, see article 15 (6) MDR/IVDR), although this would have been much welcomed. We will have to wait for the revision of the MDCG guidance on PRRCs for this.

Liability of the AR

The joint and several product liaiblity of the AR introduced under article 11 (5) the MDR and IVDR remains problematic and this new guidance does nothing to help this, although it does try to shed some light on what the MDCG thinks that the EU legislator intended with this clause.

The element ‘on the same basis as’ the manufacturer (“the authorised representative shall be legally liable for defective devices on the same basis as”) remains unclear. The MDCG explains it as that this

“means that when the liability of the authorised representative is alleged within the framework of a specific legal regime on liability for defective products, the authorised representative is afforded the same rights to
defend itself as the manufacturer under that regime.”

MDCG 2022-16, p. 8

However, in my view that MDCG mixes up basis for liability and rights of defence against that liability, which proves problematic when the basis is the ‘same’ between the manufacturer and the AR. I will illustrate with an example: under the Product Liability Directive (PLD) the producer, when he held laible for damage caused by a defective product, has the defense that he did not put the product in circulation. If the AR is afforded ‘the same rights to defend himself as the manufacturer under that regime’ (as the MDCG puts it), the AR would always be able to defend himself by arguing that he did not put the product in circulation (except maybe if he doubles as importer, which is a good reason not to do this as AR). It would be more logical that the AR is not liable if the producer is not liable (for example because he successfully relies on a defense available under the PLD), but that is not how the MDCG chooses to clarify the provision in the MDR and IVDR.

However, this discussion and the MDCG guidance on this point will be largely superseded by the new PLD, which provides for a direct no fault liability for the AR, affording the AR his own direct defenses under the PLD.

Market surveillance

The market surveillance role of the AR becomes quite apparent where the MDCG document suggests that

“In the event of a problematic termination (e.g. where the manufacturer fails or refuses to address a non-compliance identified, or is either not responsive to or traceable by the authorised representative), the out-going authorised representative is also advised to inform the competent authorities and where applicable, the notified body, of the extent of the manufacturer’s non-compliance.” (Emphasis added)

MDCG 2022-16, p. 8

This is a step further than the legal requirement in my view, because that stops at ‘reasons’ for termination, which does not necessarily equal ‘extent of non-compliance of the manufacturer’. I think the MDCG may not (or may, who knows) have realised that this volunteering of detailed smoking guns beyond their strict legal duty would probably put ARs in a difficult position under the contract with the manufacturer. As an AR is would make more sense in these circumstances to stick to ‘reasons’ and have the competent authority take the decision whether they see a need to order production of more information. In that case the additional would normally fall outside the scope of any duty of confidentiality because there is a formal investigation request for the information.

More details in the book

Much more details on the authorised representative are available in my book The Enriched MDR and IVDR, of which the second edition was recently published. While MDCG 2022-16 unfortunately came out after the text was closed, you will still find a lot of useful additional detail on the AR in it that is additional to MDCG 2022-16. The book also discusses AR obligations in context in detail.

Outlook for the AR mandate

Is MDCG 2022-16 the guidance to end all guidance on the AR mandate and obligations? By no means. It is quite clear that the compentent authorities are still finetuning their policies on what role they see exactly for the AR in market surveillance, a process that started with the list of expectations in MEDDEV 2.5/10. Also, authorities will learn from what they will come across in their market surveillance activities and calibrate policies further. So were are definitely not there yet. In the mean time companies and ARs can use this guidance to be as rational as they can be in implementation of requirements and see this as a step in a developing story.

The 2nd edition of The Enriched MDR and IVDR is available now

It took a while, but here it is: the 2nd edition of The Enriched MDR and IVDR, updated with developments from early april 2021 to early September 2022.

The first edition of the book was revised thoroughly, many new clauses in the MDR and IVDR were annotated and obsolete information was removed.

New flowcharts and diagrams were added.

Parts 1 (introduction) and 5 (tables and references) were expanded. Part 1 now includes, for example, more background to the regulations, discussion about the geographic scope of the regulations and details on Brexit and Swift and additional text on the relation of the regulations to other product and horizontal regulation.

The book was updated for the new Blue Guide 2022 and all references to the Blue Guide were updated for the 2022 version of the Blue Guide.

We fixed as many broken hyperlinks to sources on the internet as we could.

A lot of extra detail on the IVDR has been added, including discussion of the early January 2022 amendment that changed the transitional regime drastically.

Again I owe a debt of gratitude to the proofreading panel composed of Sabina Hoekstra-Van den Bosch, Amelie Chollet, Bassil Akra, Ronald Boumans, Kees Maquelin and Agnes Szoboszlai, who proofread parts of the book on strictly personal title.

The PDF version of the book is available here.

The ePub version of the book is available here.

Discount codes for the second edition were provided to readers that purchased the first edition – this is your time to redeem them! If you buy the second edition, you will receive a discount code for the third edition.

Competent authorities can get free copies again like with the first edition – just drop me an email at erik.vollebregt@axonlawyers.com and I will send you a discount code for a free copy (a notified body is not a competent authority – but you can always enter into a structured dialogue with me).

Like with the first edition I hope that the book will be useful for you and that you’ll enjoy using it. If you like the book, tell others – if you don’t, tell me.

The New Product Liability Directive(s) proposals and medical devices / IVDs

On 28 September the Commission adopted two related proposals for EU regulation of no-fault liability for defective products. One proposal updates the ‘old’ Product Liability Directive (PLD) from 1985 to make it suitable again for the current circumstances. The other proposal provides a complimentary directive for liability specifically for damage caused by AI. You can track progress of the proposals here and here.

In this blog we will look into what the first of the new proposals means at first sight for the medical devices and IVD industry. I’ll discuss the AI PLD in an upcoming blog. This discussion of the new PLD is by necessity premature because this is just a legislative proposal that will likely see (significant) amendments during the legislative procedure so the final text is likely going to diverge. Also, my review is not complete, as I have just focused on what I thought is the interesting stuff at the moment – my first impression as it were.

Both the AI PLD and the new PLD are built around the principle that safety and liability are sides of the same coin: if an economic operator does not manufacture or make available safe devices to consumers, the economic operator is liable for the damages that he causes. In this regard the Commission really tried to link the rules for market access of products to the rules for product liability for products. This was also a welcome and much needed update, given that the old PLD dated back from 1985 and does not incorporate any developments regarding how it relates to product regulation since.

Scope now covers software 

The definition of product has had an update. It now covers all movables, even if integrated into another movable or into an immovable, as well as electricity, digital manufacturing files and software. The addition of digital manufacturing files may interest the medical devices manufacturers that 3D print medical devices but outsource design. Software in scope of the new PLD is a major game changer for medical devices companies that sell devices that run software, consist of software or are updated by software.

From producer to economic operator

The old PLD is focused on the liability of the producer and provides for a mechanism to impose liability on certain parties in the supply chain in case the producer is not established in the EU. One of the problems here is that the concept of ‘producer’ is not the same as the concept of ‘manufacturer’ in New Legislative Framework (NLF) legislation (if you don’t know what the NLF framework is, read the Blue Guide, see section 1.2 about the NLF). Also, the other parties in the supply chain were not necessarily the same as the parties regulated in the supply chain under the New Legislative Framework.

The new PLD fixes this, by synching its use of concepts to the New Legislative Framework based on the argument that safety and regulatory compliance on the one hand and liablity for the products concerned on the other hand are sides of the same coin.

Economic operators

Unfortunately (or maybe necessarily) the new PLD also applies to economic operators under the NLF framework, but also defines them and slightly differently from the MDR and IVDR. On the other hand these definitions do seem to be more in line with the Market Surveillance Regulation than those in the MDR and IVDR. 

The new PLD defines economic operator as “the manufacturer of a product or component, the provider of a related service, the authorised representative, the importer, the fulfilment service provider or the distributor” (article 4 (16) new PLD).

For one thing, ‘economic operator’ is defined differently than in the MDR, in which it also includes the person in article 22 (1) or (3) MDR. 

On the other hand, the definition under the new PDL includes the fulfillment services provider (also defined in the MSR), while the MDR and IVDR do not know the concept of fulfillment services provider and are only concerned with FSPs if they also qualify as economic operator under the MDR or IVDR (usually if they perform additional actions in relation to devices that qualify them as importer or distributor). The MSR also recognises this for the MDR in article 4 (5) MSR.

Economic operators and liability

The new PLD ups the ante considerably for economic operators, both those that qualify as EO under the MDR/IVDR (notably the authorised representative (AR)) and those who don’t (fullfilment services providers):

  • Autorised Representative: “where the manufacturer of the defective product is established outside the Union, [… ]the authorised representative of the manufacturer can be held liable for damage caused by that product (article 7 (2) new PLD). The AR was already jointly and severally liable with the manufacturer, but this applied only in case the manufacturer had not complied with his obligations under article 10 MDR / IVDR. The new PLD ups the game by removing the requirement of non-compliance with article 10 MDR / IVDR. As a result, ARs will need to both amend their mandate agreements and revisit their insurance cover, as the liablity risk for ARs of medical devices manufacturer will change under the new PLD.
  • Importer (not necessarily the same as under the old PLD): “where the manufacturer of the defective product is established outside the Union, the importer of the defective product […] can be held liable for damage caused by that product (article 7 (2) new PLD). This logic is the same as under the old PLD, but the concept of importer is defined differently – by the NLF definition.
  • Fulfillment Service Provider: “where the manufacturer of the defective product is established outside the Union and neither of the economic operators referred to in paragraph 2 is established in the Union, the fulfilment service provider can be held liable for damage caused by the defective product” (article 7 (3) new PLD). This has consequences for the FSP when the manufacturer is dropshipping to consumers via an FSP in the Union: he is now liable for product liability and had better get some good indemnities from the manufacturer. 
  • End user and service organisations: “Any natural or legal person that modifies a product that has already been placed on the market or put into service shall be considered a manufacturer of the product for the purposes of paragraph 1, where the modification is considered substantial under relevant Union or national rules on product safety and is undertaken outside the original manufacturer’s control.” (Article 7 (4) new PLD)
  • Distributor: “where the manufacturer is established outside the Union, an economic operator under paragraph 2 or 3 cannot be identified, each distributor of the product can be held liable where:  (a) the claimant requests that distributor to identify the economic operator or the person who supplied the distributor with the product; and  (b) the distributor fails to identify the economic operator or the person who supplied the distributor with the product within 1 month of receiving the request.“ (article 7 (5) PLD). This rule is similar to the existing rule under the old PLD, except that the concept of distributor is defined differently.
  • Online intermediaries: “any provider of an online platform that allows consumers to conclude distance contracts with traders and that is not a manufacturer, importer or distributor , provided that the conditions of [Article 6(3) Digital Services Act proposal] are fulfilled.” This provision would typically apply to service providers like Amazon. The Digital Services Act “establishes that online platforms that allow consumers to conclude distance contracts with traders are not exempt from liability under consumer protection law where they present the product or otherwise enable the specific transaction in question in a way that would lead an average consumer to believe that the product is provided either by the online platform itself or by a trader acting under its authority or control. In keeping with this principle, when online platforms do so present the product or otherwise enable the specific transaction, it should be possible to hold them liable, in the same way as distributors under this Directive. That means that they would be liable only when they do so present the product or otherwise enable the specific transaction, and only where the online platform fails to promptly identify a relevant economic operator based in the Union.”

Article 13 provides that no economic operator can contractually limit or exclude these liabilities. The liability rules are closely based on those of the current 1985 PLD, but new is that if there are two or more liable persons, they are liable jointly and severally. This means that even if they have excluded product liability amongst themselves, this has no effect vis-a-vis the consumer who may still hold them jointly liable. This means a thing or two for agreements in the supply chain, because these should account for the possibility of joint and several liability. 

The new PLD also stipulates that if a defective product causes damage, the contributory actions of third parties do not reduce the liability of the manufacturer, whereas the contributory actions of the injured person may do so.

The new PLD therefore means a lot for service providers in the supply chain. Also, the concept of importer and distributor is defined differently under the new PLD: by reference to NLF definitions. That means that suddenly the Blue Guide becomes mandatory reading for product liability lawyers!

Exemptions from liability

The exemptions from liability generally follow those included in the old PLD, such as that it is probable that the defect which caused the damage did not exist at the time when the product was put into circulation by him or that this defect came into being afterwards (article 7 (b) old PLD). However, the new PLD adds an important exception to this exemption by providing that “an economic operator shall not be exempted from liability, where the defectiveness of the product is due to any of the following, provided that it is within the manufacturer’s control: 

(a) a related service; 

(b) software, including software updates or upgrades; or

(c) the lack of software updates or upgrades necessary to maintain safety.”This exception to exemption makes it very important for devices manufacturers to monitor how their installed base is doing, and push out software updates or upgrades when needed. This makes post-market surveillance and PMCF / PMPF processes even more critical than they already are under the MDR and IVDR.

Loss of data covered

Under the proposal the damage that can be claimed is extended with “loss or corruption of data that is not used exclusively for professional purposes”. This means that if the proposal is adopted, medical devices manufacturers will be exposed to potential liability in case of data breaches under the GDPR that also lead to loss of data (see for examples the table in the back of MDCG 2019-11 re cybersecurity of medical devices). This would be new in the space of for example medical wearables, but it does not seem excluded that there is liability for loss of patient data from professional use medical devices if the consumer/patient suffers damage as a result. In the latter case the question would be if article 4 (6) (c) applies (“loss or corruption of data that is not used exclusively for professional purposes”).

Disclosure of evidence

The new PLD contains additional rules about disclosure of evidence in article 8 and it is interesting how the new PLD potentially limits options for claimants (which may also be subrogated parties (article 5 (2) new PLD) to obtain evidence under the MDR and IVDR for claimants, including subrogated parties. 

The MDR (article 10 (14) MDR) and IVDR (article 10 (13) IVDR) have a provision under which the claimant (which can also be a subrogated party) can facilitate the provision of the information and documentation relating to the conformity of the device by the competent authority. However, article 10 (14) MDR and 10 (13) IVDR also provide that the competent authority need not comply with the obligation laid down in the third subparagraph where disclosure of the information and documentation referred to in the first subparagraph is ordinarily dealt with in the context of legal proceedings. And this is exactly what the new PLD does: ensure that this information is dealt with in the context of legal proceedings. So where there was any doubt under national proceedings and article 10 (14) MDR or 10 (13) IVDR might be available, the chances are limited by the new PLD.

Burden of proof

Still the old rule (claimant must provide proof of defect and causal link) but the new PLD helps the claimant with three important presumptions (which are rebuttable by the defendant (article 9 (5) new PLD): 

  • Article 9 (2)“The defectiveness of the product shall be presumed, where any of the following conditions are met: (a) the defendant has failed to comply with an obligation to disclose relevant evidence at its disposal pursuant to Article 8(1);  (b) the claimant establishes that the product does not comply with mandatory safety requirements laid down in Union law or national law that are intended to protect against the risk of the damage that has occurred; or (c) the claimant establishes that the damage was caused by an obvious malfunction of the product during normal use or under ordinary circumstances.”
  • Article 9 (3): “The causal link between the defectiveness of the product and the damage shall be presumed, where it has been established that the product is defective and the damage caused is of a kind typically consistent with the defect in question.”
  • Article 9 (4): “Where a national court judges that the claimant faces excessive difficulties, due to technical or scientific complexity, to prove the defectiveness of the product or the causal link between its defectiveness and the damage, or both, the defectiveness of the product or causal link between its defectiveness and the damage, or both, shall be presumed where the claimant has demonstrated, on the basis of sufficiently relevant evidence, that: (a) the product contributed to the damage; and (b) it is likely that the product was defective or that its defectiveness is a likely cause of the damage, or both. The defendant shall have the right to contest the existence of excessive difficulties or the likelihood referred to in the first subparagraph.”

Updates

The proposal further aims to ensure that manufacturers can be held liable for changes they make to products they have already placed on the market, including when these changes are triggered by software updates or machine learning. Recital 38:

“In recognition of manufacturers’ responsibilities under Union law for the safety of products throughout their lifecycle, such as under Regulation (EU) 2017/745 of the European Parliament and of the Council, manufacturers should also be liable for damage caused by their failure to supply software security updates or upgrades that are necessary to address the product’s vulnerabilities in response to evolving cybersecurity risks. Such liability should not apply where the supply or installation of such software is beyond the manufacturer’s control, for example where the owner of the product does not install an update or upgrade supplied for the purpose of ensuring or maintaining the level of safety of the product.”

Recital 38 new PLD

Geographic scope

For the geographically challenged (and that concerns a lot of people I find with respect to the concept of Union under the MDR and IVDR) I am just going to be very explicit this directive is a directive with EEA relevance (it says so at the beginning), which is why the text of the directive does not use ‘European Union’ but Union to denote its geographic scope because the EEA includes countries that are not EU member states (Iceland, Liechtenstein and Norway). As you can read in the Blue Guide (which more people should do) in section 2.9: 

“Union harmonisation legislation applies to the Member States of the EU and to certain European territories to the extent necessary to give effect to the arrangements set out in the Accession Treaty of the relevant Member States.”

Blue Guide section 2.9

In case the text has EEA relevance, the relevant accession treaty is the EEA Agreement. This means that every time you see or hear someone say that the scope of the new PLD is the European Union, you may ask them what the Norwegians, Liechtensteiners and Icelanders ever did to him or her to be ignored this way. 

In some cases, such as with the MDR and IVDR, there may be additional agreements for these specific instruments, such as the Turkish Association Agreeement (see section 2.9.4 of the Blue Guide). In that case the instrument would feature on the product-related list of Union technical legislation to be harmonised by Turkey adopted by the EU-Turkey Association Council. 

Limitation periods

Limitation periods stay largely the same as under the old PLD: 3 years after damage, defect and identity of liable party awareness of the plaintiff and maximum 10 years after the product was put into circulation.

Transposition and other member state responsibilities

Some interesting Member States’ to-dos in the new PLD: the Member States shall publish, in an easily accessible and electronic format, any final judgment delivered by their national courts in relation to proceedings launched pursuant to the new PLD as well as other relevant final judgments on product liability. The publication shall be made without delay upon notification of the full written judgment to the parties. 

The Commission may set up and maintain a publicly available database containing the judgments to be published by the Member States. It is not clear to me what the use is of making this optional for the Commission if it is important, and what this option would depend on. If this is important, why should the Commission have discretion here?

The transposition period is quite short. Article 18 (1) provides that the Member States must implement the directive within one year after its entry into force.

More about AI PLD later

Some short points here already – the proposal is part of the currently pending AI basket of measures: the AI Act, revision of sectorial rules to amend for AI (not in MDR/IVDR) and the AI PLD. The AI PLD has links with many new and old initiatives such as the GDRP, the Green Deal, the EU Data Strategy, the Digital Services Act and the Cyber Resilience Act. It even has ties into the EU Charter on Human Rights:

“In addition, this proposal complements other strands in the Commission’s AI policy based on preventive regulatory and supervisory requirements aimed directly at avoiding fundamental rights breaches (such as discrimination). These are the AI Act, the General Data Protection Regulation, the Digital Services Act and EU law on non-discrimination and equal treatment. At the same time, this proposal does not create or harmonise the duties of care or the liability of various entities whose activity is regulated under those legal acts and, therefore, does not create new liability claims or affect the exemptions from liability under those other legal acts.”

Watch this space for an analysis of the AI PLD.

What’s next for the proposals?

The new PLD (together with the AI PLD) has now entered the ordinary legislative procedure. This means that the Council and the Parliament are looking at the directive(s) concurrently. Although the directives have been subject to a consultation process, I’m pretty sure that there still will be a healthy amount of lobbying happening during the legislative process and that we can expect many amendments, so do not treat these proposals as final.

Although, strangely enough, the Commission has also extended the feedback period for stakeholders because the proposal text had not been available in all official languages, so you can still comment until 4 December. All feedback received will be summarised by the European Commission and presented to the European Parliament and Council with the aim of feeding into the legislative debate. 

Verelendung is a process, people!

Over the summer holidays I (and perhaps some other people too) were in burning anticipation about announced measures to be adopted to deal with the MDR slowly moving to a big crunch or other equivalent astrophysical end state event at the end of the grace period.

MDCG 2022-14 on Notified body capacity and availability of medical devices and IVDs has finally dropped now, but it’s pretty underwhelming and contains a lot of wishful thinking. In fact, it makes you wonder if there even is any sense of urgency at all about this MDR and IVDR business in Brussels and in the member states that make up the MDCG.

For example, I have seen the first manufacturers of non-medical devices enter the regulatory limbo where their MDD certificate has expired while they cannot even apply for MDR Annex XVI device conformity assessment. Why? The Common Specifications that we have been waiting for for years and years are still not final since member states do not seem to be able to agree on them. There is currently a proposal in consultation for classification of these devices (no conformity assessment without classification), which we will also have to wait for to complete, because no conformity assessment without classification. These manufacturers can be as prepared as possible but there simply is no regulatory pathway available to them at this time, which is something too surreal to credibly explain to my clients. Just wait and see your European market collapse, because the good people in Brussels are unable to issue Common Specifications in five years. Why? How? Is this how the EU shows to the world that it has a reliable regulatory system for devices?

And I can give other examples of permutations where more and more manufacturers are starting to fall through the cracks of the system that have been visible for a long time but were never properly addressed. Why? How? Is this how Europe shows to the world that it has a reliable regulatory system for devices? How are these manufacturers supposed ‘to ensure timely compliance with the requirements’ if the system does not have any options?

Your guess is as good as mine.

Calls on to please cooperate

The document contains 19 points with a lot of ‘should’ or ‘calls on’, but no ‘shall’ (which is somewhat logical because it’s an MDCG document, and not law) and – frustratingly – puts many items that could make a difference but are on the ‘we will get to this at some point’ path (e.g. Eudamed machine-to-machine communication for notified bodies and revision of certain MDCG guidance), while we need them now, or rather would have needed in 2017 already. It just underlines what I’ve said before: that the MDR and IVDR entered into force prematurely and that subsequently insufficient resources were committed to the system fix this quickly. Enumerating 19 points where things need to improve and call upon on others to fix it is nice but wishful thinking is not the same as decisive action.

There are also things in there that the MDCG would like but has 100% influence over itself, such as that medicines authorities would please ‘accept and efficiently process consultations by notified bodies regarding medical devices incorporating an ancillary medicinal substance and regarding companion diagnostics’ (point 19). Yes, that would be nice indeed if that actually happened. But the MDCG is populated by member states, and medicines agencies are member state agencies. So the member states can just order their agencies to process these applications, it’s just a matter of doing it. If there is no capacity at the medicines agencies, fix this. Member states calling on other parts of themselves to play their essential role in a regulatory systems like they have no influence over this is indeed as absurd as it sounds. All that is needed is high up enough political will to make the overall regulatory system function, rather than to allow compartmentalized parts of it to miscommunicate or not align with each other.

Some small items that might make a difference

However, there are some items in there that might make a difference if these are actually done (‘should’, remember?) by all member states and all notified bodies.

The document suggests that hybrid audits would be allowed and encourages them. This is no news actually, but the Commission already stated a long time ago that member states are at liberty to allow their notified bodies to do this, except that certain member states just chose not to do so. Will this document end that? Not necessarily. Member states that do not want to play along are completely not bound by this document.

One of the notable points is allowing notified bodies to have ‘structured dialogues’ with manufacturers before and during conformity assessment that would not count as prohibited consultancy and a more pragmatic approach to MDR assessment of legacy devices. This would actually a be a big help in practice, and notified bodies as well as industry have been asking for this for a long time. Unfortunately the line between structured dialogue and consultancy has not been defined, so member states can still think about this completely differently and instruct their notified bodies differently.

Also there is an interesting initiative to make adding codes to notified body designations easier, which could make a huge difference for example with respect to notified bodies having to also qualify as notified body under the draft AI Regulation for medical devices that incorporate AI. 

Many of the other points call for pragmatism and flexibility in conformity assessment, which sounds kind of hollow given the formalistic approach that the MDCG itself has taken to MDR and IVDR implementation so far and given the restrictions preventing anything pragmatic that have been so far imposed on notified bodies by their notifying member states, landing things in the place where we are at the moment. Will all of that change now? Seeing is believing.

No love for SMEs

If you are an SME that is getting no love from a notified body for your first application, your problems are way not solved. The MDCG calls upon notified bodies to develop schemes to allocate capacity for SMEs, but it does not get more concrete than that. There is a vague what, but certainly no how, which would have been helpful. This means that every notified body is on its own on this point, and may be second guessed by its notifying authority.

The MDR and IVDR are really failing the SMEs here, while the majority of medical devices manufacturers actually are SMEs. The EU already managed to kill the EU market of SMEs in ATMPs with an overly complex and expensive regulatory system in the ATMP Regulation that made it prohibitively complex and expensive for SMEs to obtain a marketing authorisation for an ATMP. Next up seem to be medical devices and IVDs now.

Legislative measures in the works?

Finally, legislative measures are in the works but not what many may be hoping – only Commission Delegated Acts to modify the frequency of complete re-assessments of notified bodies, based on Article 44(11) MDR and Article 40(11) IVDR. This would help to reduce the burden on notified bodies and may free up time of otherwise tied up staff for MDR and/or IVDR work. In that sense this is a good development. But it will not make a decisive difference.

So no article 97 (3) MDR implementing act (yet!) or anything else (so no moving of deadlines either, for the hardcore wishful thinkers out there). An article 97 (3) MDR implementing act might still be on the table according to the document, since it apparently is in the realm of ‘being explored’ and ‘where relevant, work towards a coordinated, transparent and coherent approach’. But such ‘mechanisms provided in Chapter VII of the Regulations, such as market surveillance measures, may only be applicable for devices for which manufacturers can demonstrate that they have undertaken all reasonable efforts to transition to the Regulations’. See my previous blog on this point.

More in detail: a table

To make it a bit more systematic, I’ve put my comments in a table and grouped the 19 items in the position paper in groups. As you will see, in many cases things completely depend on the MDCG following its own wishlist in the position paper. I think it’s not a good sign how much is put on the plate of the notified bodies without further detail or structure, so the MDCG can hide behind its ‘somebody else’s problem field’ and say that it did all it could and the rest is not its problem. The MDCG also ‘calls’ upon member states and seems to conveniently forget that the MDCG is composed of the member states.

MDCG position paperComments
Increase notified bodies’ capacities
1. MDCG advises notified bodies to make use of hybrid auditsIt is kind of tragic that could have been possible all along, if only the member states would have let notified bodies do this and would have used a unified approach. And the MDCG did already allow this for certain types of audits in the past.
2. MDCG encourages notified bodies to develop a framework for leveraging evidence, or components thereof, from previous assessments conducted with regard to requirements under the Directives.This could be useful, were it not that the MDR and IVDR are very different on many points compared to the directives (e.g. in the field of clinical evidence), which is kind of the point of the new regulations. Notified bodies will need more structure than this as a foundation for a ‘framework’ that will be acceptable to the member states.
3. With regard to ‘appropriate surveillance’ of legacy devices, the MDCG calls on notified bodies to make full use of the flexibility described already in MDCG 2022-4 on  ‘appropriate surveillance’ under Article 120(3) MDR.The problem is that MDCG 2022-4 does not give that much flexibility, because “the notified body’s activities in principle should be a continuation of the previous surveillance activities under the Directives” so full use of very little flexibility that is imprecisely defined is still not very much.
4. MDCG will review its guidance with a view to eliminate administrative workload of  notified bodies or undue limitations regarding the scope of documentation not required by  MDR/IVDR.This review is of course welcome but very very very late in the day. Moreover, notified bodies would benefit from a single approach by the notifying member states, which up to now has not materialised.
5. MDCG considers that in the framework of the development of Eudamed it should be  ensured as soon as possible that notified bodies can upload relevant information  machine-to-machine. Moreover, generally the MDCG acknowledges that double  registrations should be avoided to the extent possible.Yeah, wouldn’t it be nice if Eudamed would be functional at some point ever.
Double registrations can be avoided by just not asking for them as member states and by just not setting up parallel information systems. This is completely under control of the MDCG members themselves.
6. MDCG calls upon all parties involved to foster capacity-building of existing and potential new notified bodies and to rationalise and streamline internal administrative procedures, and ensure that proper conformity assessments are carried  out in a timely and efficient manner in accordance with the Regulations.There is scarcity of qualified personnel in the market and procedures will have been streamlined by now.
7. MDCG welcomes the preparation of Commission Delegated Acts to modify the frequency of complete re-assessments of notified bodies, based on Article 44(11) MDR and Article 40(11) IVDR. When will this be ready? A consultation draft has not been published yet.
8. MDCG calls upon all parties involved in the assessment, designation and notification of conformity assessment bodies to continue to make  all efforts to speed up this process, while preserving the level of requirements to be met  by notified bodies under the RegulationsIt would be nice if the MDCG and the Commission took this to heart themselves too, because the longest hold up in the process concerns the step where the Joint Assessment Team (JAT) evaluates the NB’s proposed CAPA plan.
9. The MDCG will explore means to add codes to the designation of notified bodies in a timely manner in accordance with the Regulations. ‘explore to do something in a timely manner’ – sounds like high priority indeed.
These codes could be very useful, because it could help for example to avoid having to notify NBs under the (draft) AI Regulation that are already notified for AI under the MDR and IVDR.
10. The MDCG commits to prioritise actions that are ongoing in the MDCG or its sub-groups,  which aim at contributing to enhancing notified body capacity, such as the revision of section III.6 of MDCG 2019-6 revision 3 regarding the meaning of ‘personnel employed  by the notified body’ referred to in Article 36(1) MDR / Article 32(1) IVDR.The MDCG has been prioritizing actions for years now in its permanently moving planning, and we know what this looks like. I’d like to know how things would change in a way that this leads to things being actually expedited.
11. As regards the status of MDCG guidance documents, MDCG reminds that their main  objective is to assist economic operators, notified bodies and competent authorities to  apply the legal requirements in a harmonised way, providing possible solutions endorsed  by the MDCG. Having regard to the status of guidance documents, economic operators  and notified bodies should be allowed flexibility as to how to demonstrate compliance  with legal requirements. Moreover, reasonable time needs to be given to integrate new  guidance in the relevant systems and/or to apply them. That means that new guidance  should not be applied to ongoing processes or applications already launched by a  conformity assessment body for designation and/or a manufacturer for conformity  assessment, unless application of such guidance yields increased efficiency of the  process. Told you so, guidance is not binding. No retro-active pplication of guidance unless it increases efficiency of the process. For whom? What does that mean? Either it’s binding or not and the MDCG is still sitting on the plausible deniability fence here. “reasonable times to integrate” and “not, unless” are meaningless principles from a legal certainty perspective.
Access to notified bodies
12. The MDCG reminds notified bodies of their obligation to make their standard fees publicly  available (Article 50 MDR / Article 46 IVDR), taking into account the interests of SMEs in relation to fees (section 1.2.8 of Annex VII MDR / IVDR). The MDCG also encourages notified bodies that fees published are easy to compare. This will have zero effect on access to notified bodies, as all available notified bodies are already full. As a result of scarcity fees are as high as they will get under these circumstances. If the MDCG wants to do something for SMEs it will have to be more precise.
Asking for fee structures that are easy to compare is like encouraging mobile telecoms companies to use easy to compare fees: not going to happen until it is prescribed in detail how and this is mandatory.
13. The MDCG calls on notified bodies to develop schemes in order to allocate  capacity for SME manufacturers and first-time applicants and ensure access of SMEs and first-time applicants to notified bodies for conformity assessment.See comment under 12. Also, like under 12, nice move to pass this on to notified bodies, who are not allowed to discriminate between customers. Some insights in what a scheme should look like would have been helpful.
Increase preparedness of manufacturers 
14. The MDCG reminds manufacturers of its notice MDCG 2022-11 calling on  manufacturers to ensure timely compliance with MDR requirements. The MDCG also  calls on manufacturers to ensure timely compliance with IVDR requirements as soon as  possible, making use of available notified body capacities, and not wait until the end of  the transition periods. The MDCG is committed to supporting the transition to the  Regulations and avoid shortage of devices.Yes, this is super helpful for the non-medical devices manufacturers and the others that are delayed at notified bodies or find themselves unable to find a notified body. There is no degree of preparation that will fix that.
15. The MDCG encourages notified bodies and manufacturers to organise structured  dialogues before and during the conformity assessment process aimed at regulatory  procedures where this is useful to enhance the efficiency and predictability of the conformity assessment process, while respecting the independence and impartiality of  the notified body. Such dialogues should not be considered consultancy service.Too little and unclear, and too late. This could have made a lot of difference some time ago when the first notified bodies were nearing the end of the designation procedure.
Also, without internal agreement in the MDCG each member state will hold the notified bodies it notifies to different standards as has happened so far, unless this has changed (which I don’t expect because the MDCG does not encourage the member states to take a unified approach here). Finally, it remains quite unclear how a ‘structured dialogue’ before or during conformity assessment can be reliably (legal certainty anyone) be distinguished from consultancy, which still remains prohibited.
16. In order to increase preparedness of manufacturers, especially SMEs and first-time  applicants, to adapt to the high-level standards set up by the Regulations, the MDCG calls on all parties involved to continue and, where possible, to step up communication with manufacturers by means of webinars, workshops, targeted feedback and informative sessions. […] Also industry associations are invited to promote and ensure  awareness of economic operators of the legal requirements.Seriously, industry associations should step it up? MedTech Europe, COCIR and their national organizations have been more than vocal for years in communicating about this. Conversely, not every MDCG member state did a lot in their jurisdiction in that regard, that’s for sure.
Other actions facilitating transition to MDR/IVDR and/or avoiding shortage of devices
17.  Provision of additional guidance to notified bodies and manufacturers to assist with the practical application of Article 61 MDR (clinical evaluation), and possibly Article 56  IVDR (performance evaluation and clinical evidence), and to make appropriate use of  MDCG guidance on clinical evidence for legacy devices and clinical evaluation – equivalence. In combination with the possibility for notified bodies to issue certificates  under conditions or combined with the requirement to carry out PMCF / PMPF studies, this action will increase the necessary flexibility to apply the reinforced clinical  evidence requirements to devices that have a demonstrable track record of safety. Such guidance would need to be very clear and specific, otherwise it is going to create more additional questions than answers. And member states should have internally aligned policy as to how they instruct their notified bodies on this point.
18. The MDCG acknowledges the specific situation of ‘orphan devices’ and will pursue work with a view to providing a definition for ‘orphan devices’ and suggesting specific guidance  or other means of assistance for those products to be able to meet the legal requirements. Sustainable solutions are also needed in the mid- and long-term for orphan  devices. Better late than never, for sure. ‘Will purse work with a view to’: we’ve been hearing this about MDCG documentation that we’ve waited for for years, so seeing is believing.
19. The MDCG urges medicines authorities to accept and efficiently process  consultations by notified bodies regarding medical devices incorporating an  ancillary medicinal substance and regarding companion diagnostics. Medicines  authorities should ensure that in case of devices already certified following a medicines  authority’s consultation under MDD/AIMDD, an expedited review is carried out  following the recommendation in MDCG 2020-1217. Medicines authorities are invited to  support notified bodies in identifying availability of medicines authorities for determined  devices. The MDCG calls upon the Heads of Medicines Agencies (HMA) and the European Medicines Agency (EMA) to take action ensuring that the consultation of  medicines authorities is carried out in a cost-efficient and timely manner, in particular as  regards devices that had undergone the consultation under MDD/AIMDD.This is something member states completely control themselves, such as remedying the capacity problems at medicines agencies that prevent them from processessing these additional dossiers or even to actively implement something of a solution locally.

No derogations

The MDCG helpfully recalls that derogations (article 59 MDR and 54 IVDR) from applicable conformity assessments procedures may be granted by competent authorities only if the use of the device concerned is in the interest of public health, patient safety or patient health. Still, many companies ask me for options for a derogation. These options are basically not there, unless a device actually qualifies under article 59 MDR / 54 IVDR requirements. National derogations are hard to get (and there are differing national criteria) and a European one is even more difficult. These are not intended for manufacturers missing deadlines, these are intended for patients missing out on essential treatment.

Does this MDCG document help?

This is one of these questions that is cynically answered with: “Depends on who you ask.”

The problem is that the document is not mandatory, is not very concrete nor does it provide for actual mandatory harmonization, which means that for whatever nice things are in there the usual CE (Confusion Everywhere) problem is that where there is room for interpretation, everyone will do things differently and at their own speed.

An interesting twist is the Commission and at least one member state (The Netherlands) present the MDCG 2022-14 position paper now as an action plan; see here for Commission press release. While I am not a native English speaker, to me a position paper is not automatically an action plan. Both the Commissioner for Health and the Dutch Minister of Health mention specifically that the document contains concrete actions which, if you look at the above, is a very ambitious interpretation of what the MDCG position paper actually does. The Dutch Minister adds that there is no simple solution due to the international character of the problems and that it can be expected that these problems will not be (completely) solved in the short term. I don’t agree: the solutions are actually often very simple and very well known (for years in some cases – and see my comments in the table above, and have been pointed out to the MDCG often), it’s reaching political agreement on them in the MDCG and then attributing the system with the resources to implement them that cause the issues. All member states need to do is decide that the problem is urgent enough to merit serious attention and then act on it, and at least make sure that they support the notified bodies in this properly. It’s not more complicated than that.

But the big problem is that this is by no means certain. Member states that do not want to play along can still order notified bodies to do things differently. This will not be visible to the outside world, who will mistakenly blame the notified bodies or the Commission for the crisis and confusion. More and more than already at this moment desperate manufacturers start asking me if they can sue their notified body just to make things move again (usually not recommended in this scenario). The big issue with this position paper is that it basically calls upon notified bodies in very general terms to come up with very specific solutions to solve certain problems without there being any detailed guidance on what these specific solutions should look like. If you know the epic Gary Larsson Far Side episode “damned if you do, damned if you don’t” you know what this looks like.

I’m afraid that this position paper will result in notified bodies and member states unnecessarily looking at each other while perhaps some best practices acceptable to member states may or may not emerge, while these may be frustrated by individual member states after the fact. Sounds very efficient, right? Before you complain about your notified body not listening to what the MDCG says, it’s good to realize in what a difficult position notified bodies are with this position paper. They may be damned if they do (adopt solutions that the notifying member state doesn’t like after all) and damned if they don’t (adopt solutions that the MDCG document hints at in very general words, because their customers and the public opinion will hate them for it). Obviously, I don’t think this is a good way to solve the problem. It’s a good way to pass the buck to the notified bodies and the industry (together “the market”) and then blame the market for not fixing its own problems, for sure. But as my late grandmother would have said: passing the buck is not an actual solution.

The next EPSCO council meeting is planned in December. What will the EU regulatory system have to show by then for solutions to the problems of which everyone agrees that they are urgent? We’ll need to see. By then the MDR system will likely have painted itself into a corner again because any MDR application that is not in the door at a notified body early 2023 does not have a reasonable chance of being finished before the very end of the grace period on 26 May 2024 (because the capacity is simply not there) or to qualify for a solution that was announced in MDCG 2022-11 (application at least one year before end of grace period). And then I’m not even talking about the MDD certificates that expire (sometimes way) before 26 May, which do not even seem to be on the authorities’ radar publicly.

As Marx might have said: Verelendung [immiseration for the non-German speakers] is a process, people! Things apparently need to get a lot worse before they can get better because we are still not deep enough into the danger zone yet in the eyes of the MDCG. Let’s hope it does not get to the point where the Commission, presiding the MDCG, has to record the words that many of us have heard somewhere before: “Gentlemen, it has been a privilege playing with you tonight.”

The Blue Guide 2022 update – new elements regarding applicability of EU law on products

As announced in my previous blog post providing a general overview of my impression of the changes made in the Blue Guide 2022 compared to the previous 2016 version, this blog post follows up in detail on the changes in Chapter 2. Chapter 2 of the Blue Guide explains when EU law on products applies, both ratione materiae and geographically.

Chapter 2 is one of the most important chapters of the Blue Guide, as it explains among others the crucial concepts of making available, placing on the market, putting into service. Getting the interpretation of these concepts wrong can cause costly mistakes as I will explain below. Unfortunately I see many companies get this wrong in practice or think about them in a too rigid and formalistic way, depriving themselves of regulatory options or getting themselves in trouble.

When reading the Blue Guide 2022 (just repeating it again because I’m often faced with regulatory experts, notified bodies and others referring to the Blue Guide like it’s law – which it is not) you should keep in mind that it is one size fits all language for all New Legislative Framework (NLF) categories of products. This means that there may be more specific or diverging rules for specific products such as medical devices and IVDs, which apply instead of the Blue Guide guidance and may sometimes run counter to it. So never (ever) just rely on the Blue Guide alone, only do that when the applicable product legislation and product legislation guidance do not provide an answer and you need guidance to arbitrate between possible interpretations. Because that is what guidance is for.

And now for the new or newish things in Chapter 2!

Used and second hand products

For used and second hand products the Blue Guide contains a new paragraph in section 2.1 in relation to the General Product Safety Directive (GSPD) (applicable to consumer products) stating that used and second hand products sold to consumers must comply with GSPD requirements.

This is relevant because second hand sales of devices are out of scope of the MDR and IVDR (see recital 3 IVDR and MDR). Economic operators that make used devices available to consumers will need to take this into account, so they’ll need to implement traceability for example.

Spare parts, components and finished products

Spare parts and components are treated differently under NLF legislation than finished products. For that reason it’s very useful to be able to distinguish them well, and we can do that better now with the 2022 Blue Guide. There is a new heading for spare parts, components and finished products in section 2.1:

“If there are two or more finished products made available in the same package which do not constitute a single finished product but which are intended to function together, the manufacturer marketing the combination must address the risks of the products included in the package when used in operation with each other.”

Bllue Guide, section 2.1

While this is covered by the lex specialis in article 22 MDR for systems and procedure packs, there is no equivalent rule under the IVDR, don’t ask me why. I think this is actually a (major) regulatory oversight because it’s of course perfectly possible to have IVD systems under the IVDR (although systems including normal medical devices brings the combination in scope of article 22 MDR, which many IVD manufacturers and distributors don’t realise). While the IVDR (like the MDR) contains GSPRs on compatible and interoperable products, these are addressed to the manufacturer of the device for the purpose of CE marking individual devcies, and the manufacturer of an IVD is not necessarily the party placing the combined products on the market as a single combined offering. This means that we are dealing with a genuinely new requirement for IVDs, although this is set out in guidance and therefore not necessarily mandatory.

The Blue Guide 2022 also helpfully confirms that there is not a universal duty to provide spare parts for a specific time after placing on the market (an often asked question), but that this duty does exist in relation to certain consumer products like dishwashers (but not devices), see footnote 39.

Also, keep in mind that the MDR and IVDR have a lex specialis spare parts requirements provision in article 23 MDR and 20 IVDR, discussed extensively in my book The Enriched MDR and IVDR (2nd edition imminent).

Repairs and modifications to products

There is a new heading for repairs and modifications in section 2.1 that contains some new language and incorporates other language on this subject that was already in the 2016 version. This is a relevant paragraph for commercial parties that offer life extension processes for devices already placed on the market, often seen with MDD and IVDD legacy devices that are capital equipment.

The existing principle that the manufacturer is responsible for the device as placed on the market is reiterated in the Blue Guide 2022, but for the device as later modified by the end user or third parties the situation is clarified as follows (not new as a legal rule, but more clearly explained in guidance now):

“Where a modified product is considered as a new product [as a result of the modification, red.], it must comply with the provisions of the applicable legislation when it is made available or put into service. This has to be verified by applying the appropriate conformity assessment procedure laid down by the legislation in question. In particular, if the risk assessment leads to the conclusion that the modified product has to be considered as a new product, then the compliance of the modified product with the applicable essential requirements has to be reassessed and the person carrying out the substantial modification has to fulfil the same requirements as an original manufacturer, for example preparation of the technical documentation, drawing up a EU declaration of conformity and affixing the CE marking on the product. […] The person who carries out important changes to the product carries the responsibility for verifying whether or not it should be considered as a new product in relation to the relevant Union harmonisation legislation. If the product is to be considered as new, this person becomes the manufacturer with the corresponding obligations. Furthermore, in the case the conclusion is that it is a new product, the product has to undergo a full conformity assessment before it is made available on the market and the new manufacture’s name and contact address must be indicated on the product. […] The natural or legal person who carries out changes or has changes carried out to the product shall be responsible for the conformity of the modified product and draw a declaration of conformity, even if they use existing tests and technical documentation.”

Blue Guide 2022, section 2.1

When is a product a ‘new’ product?

“A product, which has been subject to important changes or overhaul after it has been put into service must be considered as a new product if: i) its original performance, purpose or type is modified, without this being foreseen in the initial risk assessment; ii) the nature of the hazard has changed or the level of risk has increased in relation to the relevant Union harmonisation legislation; and iii) the product is made available (or put into service if the applicable legislation also covers putting into service within its scope).”

Blue Guide 2022, section 2.1

This specification is relevant for the situations where hospitals and third party repair services sometimes considerably modify and overhauil devices without taking responsibity for these modifications. The MDR and IVDR have a lex specialis for this with the defined concept of ‘full refurbishment’, which triggers a new device for which a (new) manufacturer needs to take responsibility and needs to complete conformity assessment to be able to place it on the market and put it into service. The Blue Guide therefore points to the concept of ‘full refurbishment’ that is only seen in the MDR and IVDR (and is a defined term). Where repair leads to full refurbishment, the resulting product is considered placed on the market again, requiring a new manufacturer, importer (if applicable), new conformity assessment, etc.

The Blue Guide reiterates that having your cake (modification) and eat it too (but not taking responsibility for the modification) will not do. This responsiblity does not only apply to devices that are ‘new’ as a result of the modifications: the Blue guide also helpfully specifies that the end user or third party needs to take responsiblity for ANY change carried out to the product (unless this is done by the manufacturer or his service organisation):

“The natural or legal person who carries out changes or has changes carried out to the product shall be responsible for the conformity of the modified product and draw a declaration of conformity, even if they use existing tests and technical documentation.”

Blue Guide 2022, section 2.1

This is an important point because in my experience both end users (often hospitals) and third party repair and maintenance services providers do exactly the opposite and third party services providers will often disclaim any such responsibility in their terms and conditions, which can cause problems for the end user / hospital when the device fails or underperforms and causes damage that way. The end user remains responsible for deploying a device within CE marked specifications. This may not be the case anymore after modification by a third party that will not take responsibility for the modification’s impact on the CE marking. Hospitals would do well to double-check the terms and conditons of third party service providers on this point as well as to check their own internal processes for repair, modification and maintenance. In practice I often find these lacking.

There is a new sentence in the Blue Guide that repair and maintenance options must be designed into the product in light of intended purpose (and I assume life time of the product). This is already accounted for in the MDR and IVDR in various places in the GSPRs.

This section is also relevant for software (see below).

Software

There is a new heading for software in section 2.1 but the content is not very new. It discusses prinicples of risk assessment for software in general and points to the MDR and IVDR specifically as being a lex specialis on this point, which they are because the MDR and IVDR have detailed provisions and guidance on the conformity assessment of software as a medical device (which includes of course risk management) and for provision of devices as a software service.

The interesting part in the clarification is the explicit linking of software updates and maintainance to hardware concepts of repair, (full) refurbishment and maintenance, although this is also not necessarily new for devices in my opinion:

“Software updates or repairs could be assimilated to maintenance operations provided that they do not modify a product already placed on the market in such a way that compliance with the applicable requirements may be affected. As is the case for physical repairs or modifications, a product should be considered as substantially modified by a software change where: i) the software update modifies the original intended functions, type or performance of the product and this was not foreseen in the initial risk assessment; ii) the nature of the hazard has changed or the level of risk has increased because of the software update; and iii) the product is made available (or put into service where this is covered by the specific Union harmonisation legislation).”

Blue Guide 2022, section 2.1

This does give us more guidance on when a software change could be considered to be a substantial change to be evaluated by the notified body (which is not to be confused with a significant change to a legacy device as discussed in MDCG 2020-3 for MDR and MDCG 2022-6 for IVDR).

Making available on the market

There are basically no changes to this section, except a clarification of a principle that we already knew about:

“The concept of making available refers to each individual product, not to a type of product, and whether it was manufactured as an individual unit or in series.”

Blue Guide 2022, section 2.2

This new paragraph clarifies a concept that is hard to understand for people that perceive market access on a per type basis, which is a misunderstanding. This new paragraph underlines that making available applies to each individual device and not to a series of devices covered under the same CE mark. If this were different, all logic underlying the MDR and IVDR vigilance and market surveillance provisions would break down, as this is targeted at individual products (although of course a batch or even a series can have the same problem).

Placing on the market

At the risk of sounding like a broken record I am going to again point out the glaring incoherence between language versions regarding the criteria for placing on the market that leads some people to think that transfer of a property right is a necessary condition for placing on the market. I have argued in detail why this is an unfortunate, unnecessary but easily remedied oversight, and that these mistakes also have propagated into MDCG guidance. The fact that the MDCG and the Commission have not fixed this mistake for one of the core concepts of NLF legislation eludes me and, with all due respect, it says a thing or two about their quality control on guidance.

The Blue Guide contains more detail on the concept of placing on the market and now actually contradicts itself even more if one persists in following the misguided theory that placing on the market requires transfer of a property right as a necessary condition, mainly because the English version of the Blue Guide uses these words (like the MDCG mistakenly does in MDCG 2021-27 and which many companies, consultant and lawyers are copying). Many other language versions, like other Commission working languages German and French, do not use this wording and do not state that a property right transfer is needed as a condition for placing on the market. In view of contradictory language versions this means according to EU Court case law that you cannot assume one of them is automatically right (or wrong). This is why we need a solution here. What is more, the new Blue Guide 2022 section 2.12 contains examples that demonstrate placing on the market without a transfer of a property right (e.g. example 2 and 6), which only increases the confusion.

There is a new paragraph in section 2.5 about placing on the market of imported products, which clarifies that placing on the market also applies to second hand products made available in the Union for the first time. If it’s the second time, e.g. in case of re-import after a product that was placed on the market already, then this is not placing on the market anymore, as was already clarified in the 2016 version of the Blue Guide.

Placing on the market is a crucial concept to get right under the MDR and IVDR with the crucial deadlines for legacy products coming up. I currently spend a large part of my professional time advising devices companies about this. Mind you: this is not only relevant for the end of the legacy device period (legacy device can still be placed on the market under article 120(3) MDR or article 110 (3) IVDR) but also for the one year sell-off period under article 120 (4) and 110 (4) IVDR (legacy device that was placed on the market can still be made available).

One of the things that I am working on at the moment is developing contractual solutions to deal with the situation towards the end of the sell-off period, where I (and many others) expect many manufacturers and importers/distributors not to have made all devices in their stocks available to the final customer yet and thus be stuck with stocks that they cannot make available further in the Union market anymore and that must be withdrawn from the supply chain. If the company does not have a credible argument that the devices still in stock have been made available to the final customer in time (so before end of the sell-off period for the medical device or IVD), the device concerned cannot be made available anymore to any final customer in the Union and must be withdrawn from the supply chain as the Commission explains in the relevant fact sheet. So better get this right and contact me for help if needed!

Making available and placing on the market in case of distance and online sales

Distance sales and online sales pose specific problems in relation to the concepts of making available and placing on the market. The MDR and IVDR solve these to an extent with article 6 MDR and IVDR by skirting the question for physical devices in article 6 (1): if you offer a device to an end user in the Union, it must meet the requirements of the MDR/IVDR, thus achieving what would be achieved if the device would be placed on the market. Article 6 (2) adds that devices provided as service to users in the Union must also meet the requirements of the MDR/IVDR, regardless of the location of the infrastructure that they are run from.

The Blue Guide 2022 adds additional interpretation in a new section 2.4 that is very relevant for companies selling devices online or at a distance.

First,

“The physical delivery to end-users in the EU of a product ordered from a given online seller based outside the EU, including by a fulfilment service provider, gives irrefutable confirmation that a product is placed on the EU market.”

Blue Guide 2022, section 2.4

This little sentence has a lot of consequences. While companies in the past would sometimes seek to argue that they did not place a product on the market but would still offer and sell it to consumers or other end users, the Blue Guide now contains a rule of proof that physical delivery to end users by necessisity assumes a product that is placed on the market.

Secondly, the Blue Guide provides another rule for interpretation of placing on the market where devices are sold via an FSP:

“Some products offered online or through other means of distance selling to end users in the Union are transferred first to fulfilment service providers located in the EU to guarantee their swift delivery to EU end users. Accordingly, products stored by such fulfilment service providers and released for free circulation are considered to have been supplied for distribution, consumption or use on the EU market and thus placed on the EU market. When an online operator uses a fulfilment service provider in this manner, by shipping the products to the fulfilment house in the EU, the products are in the distribution phase of the supply chain. These products are considered placed on the market at the time they are released for free circulation.”

Blue Guide 2022, section 2.4

In other words: customs cleared and in the hands of your FSP means placed on the market in the Union (but not necessarily placed on the market by the FSP!). I think that this is not always correct however, because there is the distinction between devices held by the FSP that are intended for the Union market and those held by the FSP that are not intended for the Union market, which may both be customs cleared and sitting in an FSP warehouse. The latter group is of course not necessarily placed on the market because it is not intended for distribution in the Union.

Putting into service (and installation)

Putting into service is an elusive concept for many, but in fact simpeler than you think. It applies in situations where a device is not made available in its final form, in which case EU law requires another compliance gating when the device is set up to be used for the first time. Think MRI machine or bigger: these are not placed on the market as a single unit but need to be built up in place. The compliance of the device depends on whether the device is built up in place correctly, so naturally the device has to conform to CE marked specs when it’s ready for first use as intended, i.e. at the moment that it is put into service.

The Blue Guide contains a helpful clarification for the current grace period deadlines for legacy devices under the MDR and IVDR:

“Unless otherwise provided for in specific Union legislation, where products have been placed on the market in compliance with the Union harmonisation legislation applicable at that time, they can also be put into service even if that legislation has been amended after the products are placed on the EU market and therefore they do not entirely comply with the new EU legislation.”

Blue Guide 2022, section 2.6

However, note that there is a lex specialis in the MDR and IVDR in article 120 (4) and 110 (4) about until when the devices can still be made available to end users during the sell-off period, as discussed above. Legacy devices that have not been made available to the final customer timely must be withdrawn from the supply chain.

Reasonably foreseeable and intended (mis)use

This section 2.8 is not new, but it does contain some new language that is very relevant for the application of the new article 7 MDR and IVDR about claims. Article 7 MDR and IVDR essentially oblige manufacturers to be precise about their claims and not use any claims that may mislead users and/or patients about the risks, safety and/or performance of the device. For those interested, I wrote a detailed article about article 7 MDR and IVDR in RAPS Focus.

This new Blue Guide language also underlines how crucial a proper formulation of intended purpose is, and how the manufacturer is expected to actively imagine how the user may use the device:

“Manufacturers have to look beyond what they consider the intended use of a product and place themselves in the position of the average user of a particular product and envisage in what way they would reasonably consider to use the product.

For products intended for outdoor use, they should also consider how projections about the changing climate in the EU will affect the safety and performance of the product during use. Since the climate is already changing, outdated assumptions based on historical observations and performance should be revised. If the product’s typical life-span extends beyond 5 years, manufacturers may want to prepare it also for more extreme conditions expected in the mid-term.”

Blue Guide 2022, section 2.8

This language means that manufacturers cannot easily suffice with disclaimers and warnings as regards perceived intended purpose, because they also have to take into account that disclaimers may be overlooked or misinterpreted. More generally speaking I personally consider disclaimers and unclear warnings evidence of faulty formulation of intended purpose and faulty design flowing from that, because you are just creating gorilla doors:

Nobody likes gorilla doors, and as a lawyer I can say that they’re particularly hard to explain to authorities and judges because they are usually avoidable. Also, they lead to surprise and frustration on the part of users, and possible damage or sub-optimal outcomes on the part of patients.

Transitional arrangements for the EU Declaration of Conformity

There is an interesting new section 2.11 with guidance on how to work with declarations of conformity that cover the same device under different legislation, e.g. MDD and MDR. This section describes how to work with a DoC that declares conformity to both old and new legislation for a product.

Brexit, Swixit and Northern Ireland

Since 2016 the geographic scope of the Union in which NLF legislation and specifically devices regulation under the MDR and IVDR applies has changed considerably. The UK has left the EU and the MRAs for medical devices and IVDs that made Switzerland part of the European internal market for devices have expired in the mean time without replacement, putting Switzerland outside the Union.

One of the mistakes that many people continuously make is to equate the geographic scope of the Union referred to in the MDR and IVDR with that of the EU. You might consider updating your knowledge in that case if you market yourself an expert. It’s really like in the realm of saying that Alaska is a Canadian province, that Puerto Rico is a US state or that Amsterdam is the capital of Denmark. It is also implicitly stating that Switzerland was an EU member state, which it never was (but was in the Union for the purpose of EU medical devices and IVD law). It’s never to late to know that the Union referred to in the MDR and IVDR is bigger than the EU 27 member states (including some of their overseas territories), because it also includes the three EFTA states that are EEA signatories but not EU member states (Iceland, Norway, Liechtenstein), and includes Turkey, which is neither EU member state nor EEA signatory but has its own agreement with the EU.

All of this is also again reiterated in the Blue Guide 2022. Also, my book the Enriched MDR and IVDR (2nd edition imminent now) contains a fully updated ‘scope of Union’ commentary with an updated map, a discussion of the overseas areas of member states that are and are not Union for the purpose of MDR and IVDR as well as a discussion of the difference between the UK and Great Britain (being Northern Ireland in which EU NLF legislation still applies, see Blue Guide section 2.9.6 – if you read this you’ll also understand the current friction between the EU and the UK on the Northern Ireland protocol better) which you should know. Brexit is discussed in sections 2.9.5 and 9.3.

The relation with Switzerland is discussed in general terms in section 9.2.2 without mentioning specifically that the MRAs for medical devices and IVDs have expired by 26 May 2021 and 2022 respectively and Switzerland is not Union anymore for medical devices and IVDs, but may still be Union for products for which the MRAs have not expired since the EU has decided not to renew any MRA with the Swiss after Switzerland negotiated but then refused to ratify a comprehensive arrangement for all products in 2019.

Summary examples

The examples provided in new section 2.12 are quite useful, although I can appreciate that the logic may be hard to follow for some.

For example, there is a school of thought in the market that argues that placing on the market is a two-step process in the sense that a device cannot be considered placed on the market if the importer has not made it further available to into the supply chain. Interestingly this does not follow from the examples in section 2.12. Example 1 for example discusses the situation where a product is placed on the market immediately without importer involvement by means of a direct sale to an EU customer. In my opinion a two step proces can be used to demonstrate placing on the market (so it’s an option), but a two step process is not a requirement, as the Blue Guide 2022 shows.

It is important when looking at these examples to keep in mind that placing on the market (and making available as core concept in placing on the market) are very flexible concepts that can apply via any of the three nexuses (1) legal (e.g. change of ownership or offer to supply), (2) financial/tax/customs (e.g. customs clearance) and (3) physical (device is in Union territory). Any of these three nexuses can by itself lead to a conclusion of placing on the market. For this reason the theory that a transfer of property right is always needed for placing on the market makes no sense, as it would invalidate several the examples given in 2.12 (see also discussion above under Placing on the market).

Conclusion

So we have something old, something new, a number of somethings lex specialis and something blue (my hurt feelings because of the Commission not correcting the placing on the market language incoherence in the new Blue Guide).

So no radical changes – fortunately in a way, because we would have needed legislation for that – but still some interesting nuggets that may be useful in your specific case.

The amendments to Chapter 2 are also a reminder for companies in the devices space to make a plan and follow through (as Brian Boitano would do) on rational supply chain management with all the regulatory deadlines in sight to avoid nasty surprises that can seriously ruin your party. You probably don’t want to be the person to tell your management that the company made totally avoidable but very costly mistakes that cause withdrawals, recalls and can lead to enforcement for placing on the market/making available of devices or IVDs in infringement of regulatory deadlines.

Next up: discussion of economic operators and their obligations in Chapter 3.

%d bloggers like this: