Last week we saw publication of the new MDCG guidance on the authorised representative under the MDR and the IVDR, MDCG 2022-16. My first impression: much about the ‘what’ and not so much about the ‘how’, resulting in a guidance that, in typical MDCG fashion, repeats a lot of the law back at you without providing a lot of additional actual guidance that fills in the blanks. Nevertheless, there is certainly some interesting content in the document.
More in general my impression is that the document is intended to reinforce the function that the competent authorities see for the AR in market surveillance, and it is intended to hammer home the message to the ARs in the field that they have to up their game because being an AR really means something in the overal scheme of device compliance.
The focus of policy still seems to be very much on the external, independent ARs because there is almost no mentioning at all of internal ARs in the guidance document.
Three months Dutch competent authority AR inspection programme
The publication concurs with the kick-off of competent authority market surveillance activities directed to the AR starting immediately: the Netherlands’ Healthcare Inspectorate has used the occasion to kick off a three-month review program under which they will inspect as many ARs as they can in the Netherlands according to a published set of inspection criteria. The Dutch Healthcare Inspectorate does exhibit awareness of the differences between external and internal ARs in the explanatory text of the inspection criteria, although there is no differentiation between them in the inspection criteria.
So if you are an internal or external AR in the Netherlands, better get organised on the triple double and make sure that the coffee is hot and fresh when the Healthcare Inspectorate shows up to inspect your records. Best to prepare by making your own internal assessment of whether you consistently meet the criteria that they have announced to use as a basis for the inspection.
Mandate of the AR
There is only one statement on the internal AR in the guidance document and that is in relation to the internal AR, to the effect that
“A mandate should be drawn up irrespective of whether the authorised representative is independent/outside of, or is part of the same larger organization as the manufacturer.”
MDCG 2022-16, p. 3
Since the written mandate must agreed between parties according to the guidance, this solves the question whether a mandate can be given by means of a procedure in the QMS: no. If you want to stay as close as possible, implement it by means of a quality agreement. In any event the agreement, be it an intra-group (adherence) agreement or a quality agreement or something else, it should meet the minimum requirements in article 11 (3) MDR/IVDR.
There are some words on how the importer should verify that an AR has been designated. The MDCG offers some possiblities there, none of which are remotely practical or cost-efficient at any scale, such as contact the manufacturer or AR to confirm that a designation has taken place. The guidance is not clear on the extent of the check, because it mentions as alternative options a check on the label as verification or a check in Eudamed. Neither of these may be sufficient to establish compliance at face value, because the label may not reflect the actual situation anymore (mandate may have been terminated in the mean time and unfortunately Eudamed is already often not updated (timely) for roles and responsibilities).
Obligations of the AR
The guidance document includes some useful language on some obligations of the AR.
For example, it is expected that the AR actively checks that the conformity assessment procedure for devices in scope of the mandate is appropriate for the devices in question. From this the MDCG infers that
“If the authorised representative considers or has reason to believe that the conformity assessment procedure is not appropriate for the device in question, they may inform the manufacturer.”
MDCG 2022-16, p. 5
Since this ties directly into compliance under article 10 MDR/IVDR, this is an important part of AR due diligence. Manufacturers can expect ARs to become a lot more critical on items that they were previously not concerned with, such as classification (since this drives the available conformity assessment procedure).
The guidance further specifies in a small list what documentation the AR must be able to produce in order to meet the requirement in article 11 (3) (d) MDR/IVDR to
“provide that competent authority with all the information and documentation necessary to demonstrate the conformity of a device”
MDCG 2022-16, p. 6
Unfortunately and unhelpfully the list provided in the guidance is not an exhaustive list, which does not help a lot for legal certainty on this point.
There is also some guidance on what ‘permanently available’ (article 10 (8) last para MDR and IVDR) means in terms of manufacturer documentation to be available to the AR so he can make it available to the competent authority if needed. It is important to keep in mind that the legal obligation of having the documentation available is on the manufacturer. The guidance clarifies this as that
“‘Permanently available’ in this context means it will be mandatory for the manufacturer to provide the authorised representatives with the requisite documentation, in their most recent versions and for certificates this includes amendments or supplements, either in hard or electronic copy. In practical terms having ‘permanent access’ to such documents, should imply constant availability via electronic or physical storage, either shared or otherwise.”
MDCG 2022-16, p. 5
ARs should be wary to still have the option to copy a final version of (elements of) the documentation in case the mandate ends or the device is removed from the market because they themselves have to have the documentation available for much longer still (see Annex IX, sections 7 and 8 MDR/IVDR).
The MDCG guidance does not clarify the obligations of the AR PRRC (“responsible for regulatory compliance”, see article 15 (6) MDR/IVDR), although this would have been much welcomed. We will have to wait for the revision of the MDCG guidance on PRRCs for this.
Liability of the AR
The joint and several product liaiblity of the AR introduced under article 11 (5) the MDR and IVDR remains problematic and this new guidance does nothing to help this, although it does try to shed some light on what the MDCG thinks that the EU legislator intended with this clause.
The element ‘on the same basis as’ the manufacturer (“the authorised representative shall be legally liable for defective devices on the same basis as”) remains unclear. The MDCG explains it as that this
“means that when the liability of the authorised representative is alleged within the framework of a specific legal regime on liability for defective products, the authorised representative is afforded the same rights to defend itself as the manufacturer under that regime.”
MDCG 2022-16, p. 8
However, in my view that MDCG mixes up basis for liability and rights of defence against that liability, which proves problematic when the basis is the ‘same’ between the manufacturer and the AR. I will illustrate with an example: under the Product Liability Directive (PLD) the producer, when he held laible for damage caused by a defective product, has the defense that he did not put the product in circulation. If the AR is afforded ‘the same rights to defend himself as the manufacturer under that regime’ (as the MDCG puts it), the AR would always be able to defend himself by arguing that he did not put the product in circulation (except maybe if he doubles as importer, which is a good reason not to do this as AR). It would be more logical that the AR is not liable if the producer is not liable (for example because he successfully relies on a defense available under the PLD), but that is not how the MDCG chooses to clarify the provision in the MDR and IVDR.
The market surveillance role of the AR becomes quite apparent where the MDCG document suggests that
“In the event of a problematic termination (e.g. where the manufacturer fails or refuses to address a non-compliance identified, or is either not responsive to or traceable by the authorised representative), the out-going authorised representative is also advised to inform the competent authorities and where applicable, the notified body, of the extent of the manufacturer’s non-compliance.” (Emphasis added)
MDCG 2022-16, p. 8
This is a step further than the legal requirement in my view, because that stops at ‘reasons’ for termination, which does not necessarily equal ‘extent of non-compliance of the manufacturer’. I think the MDCG may not (or may, who knows) have realised that this volunteering of detailed smoking guns beyond their strict legal duty would probably put ARs in a difficult position under the contract with the manufacturer. As an AR is would make more sense in these circumstances to stick to ‘reasons’ and have the competent authority take the decision whether they see a need to order production of more information. In that case the additional would normally fall outside the scope of any duty of confidentiality because there is a formal investigation request for the information.
More details in the book
Much more details on the authorised representative are available in my book The Enriched MDR and IVDR, of which the second edition was recently published. While MDCG 2022-16 unfortunately came out after the text was closed, you will still find a lot of useful additional detail on the AR in it that is additional to MDCG 2022-16. The book also discusses AR obligations in context in detail.
Outlook for the AR mandate
Is MDCG 2022-16 the guidance to end all guidance on the AR mandate and obligations? By no means. It is quite clear that the compentent authorities are still finetuning their policies on what role they see exactly for the AR in market surveillance, a process that started with the list of expectations in MEDDEV 2.5/10. Also, authorities will learn from what they will come across in their market surveillance activities and calibrate policies further. So were are definitely not there yet. In the mean time companies and ARs can use this guidance to be as rational as they can be in implementation of requirements and see this as a step in a developing story.
It took a while, but here it is: the 2nd edition of The Enriched MDR and IVDR, updated with developments from early april 2021 to early September 2022.
The first edition of the book was revised thoroughly, many new clauses in the MDR and IVDR were annotated and obsolete information was removed.
New flowcharts and diagrams were added.
Parts 1 (introduction) and 5 (tables and references) were expanded. Part 1 now includes, for example, more background to the regulations, discussion about the geographic scope of the regulations and details on Brexit and Swift and additional text on the relation of the regulations to other product and horizontal regulation.
The book was updated for the new Blue Guide 2022 and all references to the Blue Guide were updated for the 2022 version of the Blue Guide.
We fixed as many broken hyperlinks to sources on the internet as we could.
A lot of extra detail on the IVDR has been added, including discussion of the early January 2022 amendment that changed the transitional regime drastically.
Again I owe a debt of gratitude to the proofreading panel composed of Sabina Hoekstra-Van den Bosch, Amelie Chollet, Bassil Akra, Ronald Boumans, Kees Maquelin and Agnes Szoboszlai, who proofread parts of the book on strictly personal title.
Discount codes for the second edition were provided to readers that purchased the first edition – this is your time to redeem them! If you buy the second edition, you will receive a discount code for the third edition.
Competent authorities can get free copies again like with the first edition – just drop me an email at firstname.lastname@example.org and I will send you a discount code for a free copy (a notified body is not a competent authority – but you can always enter into a structured dialogue with me).
Like with the first edition I hope that the book will be useful for you and that you’ll enjoy using it. If you like the book, tell others – if you don’t, tell me.
In this blog we will look into what the first of the new proposals means at first sight for the medical devices and IVD industry. I’ll discuss the AI PLD in an upcoming blog. This discussion of the new PLD is by necessity premature because this is just a legislative proposal that will likely see (significant) amendments during the legislative procedure so the final text is likely going to diverge. Also, my review is not complete, as I have just focused on what I thought is the interesting stuff at the moment – my first impression as it were.
Both the AI PLD and the new PLD are built around the principle that safety and liability are sides of the same coin: if an economic operator does not manufacture or make available safe devices to consumers, the economic operator is liable for the damages that he causes. In this regard the Commission really tried to link the rules for market access of products to the rules for product liability for products. This was also a welcome and much needed update, given that the old PLD dated back from 1985 and does not incorporate any developments regarding how it relates to product regulation since.
Scope now covers software
The definition of product has had an update. It now covers all movables, even if integrated into another movable or into an immovable, as well as electricity, digital manufacturing files and software. The addition of digital manufacturing files may interest the medical devices manufacturers that 3D print medical devices but outsource design. Software in scope of the new PLD is a major game changer for medical devices companies that sell devices that run software, consist of software or are updated by software.
From producer to economic operator
The old PLD is focused on the liability of the producer and provides for a mechanism to impose liability on certain parties in the supply chain in case the producer is not established in the EU. One of the problems here is that the concept of ‘producer’ is not the same as the concept of ‘manufacturer’ in New Legislative Framework (NLF) legislation (if you don’t know what the NLF framework is, read the Blue Guide, see section 1.2 about the NLF). Also, the other parties in the supply chain were not necessarily the same as the parties regulated in the supply chain under the New Legislative Framework.
The new PLD fixes this, by synching its use of concepts to the New Legislative Framework based on the argument that safety and regulatory compliance on the one hand and liablity for the products concerned on the other hand are sides of the same coin.
Unfortunately (or maybe necessarily) the new PLD also applies to economic operators under the NLF framework, but also defines them and slightly differently from the MDR and IVDR. On the other hand these definitions do seem to be more in line with the Market Surveillance Regulation than those in the MDR and IVDR.
The new PLD defines economic operator as “the manufacturer of a product or component, the provider of a related service, the authorised representative, the importer, the fulfilment service provider or the distributor” (article 4 (16) new PLD).
For one thing, ‘economic operator’ is defined differently than in the MDR, in which it also includes the person in article 22 (1) or (3) MDR.
On the other hand, the definition under the new PDL includes the fulfillment services provider (also defined in the MSR), while the MDR and IVDR do not know the concept of fulfillment services provider and are only concerned with FSPs if they also qualify as economic operator under the MDR or IVDR (usually if they perform additional actions in relation to devices that qualify them as importer or distributor). The MSR also recognises this for the MDR in article 4 (5) MSR.
Economic operators and liability
The new PLD ups the ante considerably for economic operators, both those that qualify as EO under the MDR/IVDR (notably the authorised representative (AR)) and those who don’t (fullfilment services providers):
Autorised Representative: “where the manufacturer of the defective product is established outside the Union, [… ]the authorised representative of the manufacturer can be held liable for damage caused by that product (article 7 (2) new PLD). The AR was already jointly and severally liable with the manufacturer, but this applied only in case the manufacturer had not complied with his obligations under article 10 MDR / IVDR. The new PLD ups the game by removing the requirement of non-compliance with article 10 MDR / IVDR. As a result, ARs will need to both amend their mandate agreements and revisit their insurance cover, as the liablity risk for ARs of medical devices manufacturer will change under the new PLD.
Importer (not necessarily the same as under the old PLD): “where the manufacturer of the defective product is established outside the Union, the importer of the defective product […] can be held liable for damage caused by that product (article 7 (2) new PLD). This logic is the same as under the old PLD, but the concept of importer is defined differently – by the NLF definition.
Fulfillment Service Provider: “where the manufacturer of the defective product is established outside the Union and neither of the economic operators referred to in paragraph 2 is established in the Union, the fulfilment service provider can be held liable for damage caused by the defective product” (article 7 (3) new PLD). This has consequences for the FSP when the manufacturer is dropshipping to consumers via an FSP in the Union: he is now liable for product liability and had better get some good indemnities from the manufacturer.
End user and service organisations: “Any natural or legal person that modifies a product that has already been placed on the market or put into service shall be considered a manufacturer of the product for the purposes of paragraph 1, where the modification is considered substantial under relevant Union or national rules on product safety and is undertaken outside the original manufacturer’s control.” (Article 7 (4) new PLD)
Distributor: “where the manufacturer is established outside the Union, an economic operator under paragraph 2 or 3 cannot be identified, each distributor of the product can be held liable where: (a) the claimant requests that distributor to identify the economic operator or the person who supplied the distributor with the product; and (b) the distributor fails to identify the economic operator or the person who supplied the distributor with the product within 1 month of receiving the request.“ (article 7 (5) PLD). This rule is similar to the existing rule under the old PLD, except that the concept of distributor is defined differently.
Online intermediaries: “any provider of an online platform that allows consumers to conclude distance contracts with traders and that is not a manufacturer, importer or distributor , provided that the conditions of [Article 6(3) Digital Services Act proposal] are fulfilled.” This provision would typically apply to service providers like Amazon. The Digital Services Act “establishes that online platforms that allow consumers to conclude distance contracts with traders are not exempt from liability under consumer protection law where they present the product or otherwise enable the specific transaction in question in a way that would lead an average consumer to believe that the product is provided either by the online platform itself or by a trader acting under its authority or control. In keeping with this principle, when online platforms do so present the product or otherwise enable the specific transaction, it should be possible to hold them liable, in the same way as distributors under this Directive. That means that they would be liable only when they do so present the product or otherwise enable the specific transaction, and only where the online platform fails to promptly identify a relevant economic operator based in the Union.”
Article 13 provides that no economic operator can contractually limit or exclude these liabilities. The liability rules are closely based on those of the current 1985 PLD, but new is that if there are two or more liable persons, they are liable jointly and severally. This means that even if they have excluded product liability amongst themselves, this has no effect vis-a-vis the consumer who may still hold them jointly liable. This means a thing or two for agreements in the supply chain, because these should account for the possibility of joint and several liability.
The new PLD also stipulates that if a defective product causes damage, the contributory actions of third parties do not reduce the liability of the manufacturer, whereas the contributory actions of the injured person may do so.
The new PLD therefore means a lot for service providers in the supply chain. Also, the concept of importer and distributor is defined differently under the new PLD: by reference to NLF definitions. That means that suddenly the Blue Guide becomes mandatory reading for product liability lawyers!
Exemptions from liability
The exemptions from liability generally follow those included in the old PLD, such as that it is probable that the defect which caused the damage did not exist at the time when the product was put into circulation by him or that this defect came into being afterwards (article 7 (b) old PLD). However, the new PLD adds an important exception to this exemption by providing that “an economic operator shall not be exempted from liability, where the defectiveness of the product is due to any of the following, provided that it is within the manufacturer’s control:
(a) a related service;
(b) software, including software updates or upgrades; or
(c) the lack of software updates or upgrades necessary to maintain safety.”This exception to exemption makes it very important for devices manufacturers to monitor how their installed base is doing, and push out software updates or upgrades when needed. This makes post-market surveillance and PMCF / PMPF processes even more critical than they already are under the MDR and IVDR.
Loss of data covered
Under the proposal the damage that can be claimed is extended with “loss or corruption of data that is not used exclusively for professional purposes”. This means that if the proposal is adopted, medical devices manufacturers will be exposed to potential liability in case of data breaches under the GDPR that also lead to loss of data (see for examples the table in the back of MDCG 2019-11 re cybersecurity of medical devices). This would be new in the space of for example medical wearables, but it does not seem excluded that there is liability for loss of patient data from professional use medical devices if the consumer/patient suffers damage as a result. In the latter case the question would be if article 4 (6) (c) applies (“loss or corruption of data that is not used exclusively for professional purposes”).
Disclosure of evidence
The new PLD contains additional rules about disclosure of evidence in article 8 and it is interesting how the new PLD potentially limits options for claimants (which may also be subrogated parties (article 5 (2) new PLD) to obtain evidence under the MDR and IVDR for claimants, including subrogated parties.
The MDR (article 10 (14) MDR) and IVDR (article 10 (13) IVDR) have a provision under which the claimant (which can also be a subrogated party) can facilitate the provision of the information and documentation relating to the conformity of the device by the competent authority. However, article 10 (14) MDR and 10 (13) IVDR also provide that the competent authority need not comply with the obligation laid down in the third subparagraph where disclosure of the information and documentation referred to in the first subparagraph is ordinarily dealt with in the context of legal proceedings. And this is exactly what the new PLD does: ensure that this information is dealt with in the context of legal proceedings. So where there was any doubt under national proceedings and article 10 (14) MDR or 10 (13) IVDR might be available, the chances are limited by the new PLD.
Burden of proof
Still the old rule (claimant must provide proof of defect and causal link) but the new PLD helps the claimant with three important presumptions (which are rebuttable by the defendant (article 9 (5) new PLD):
Article 9 (2)“The defectiveness of the product shall be presumed, where any of the following conditions are met: (a) the defendant has failed to comply with an obligation to disclose relevant evidence at its disposal pursuant to Article 8(1); (b) the claimant establishes that the product does not comply with mandatory safety requirements laid down in Union law or national law that are intended to protect against the risk of the damage that has occurred; or (c) the claimant establishes that the damage was caused by an obvious malfunction of the product during normal use or under ordinary circumstances.”
Article 9 (3): “The causal link between the defectiveness of the product and the damage shall be presumed, where it has been established that the product is defective and the damage caused is of a kind typically consistent with the defect in question.”
Article 9 (4): “Where a national court judges that the claimant faces excessive difficulties, due to technical or scientific complexity, to prove the defectiveness of the product or the causal link between its defectiveness and the damage, or both, the defectiveness of the product or causal link between its defectiveness and the damage, or both, shall be presumed where the claimant has demonstrated, on the basis of sufficiently relevant evidence, that: (a) the product contributed to the damage; and (b) it is likely that the product was defective or that its defectiveness is a likely cause of the damage, or both. The defendant shall have the right to contest the existence of excessive difficulties or the likelihood referred to in the first subparagraph.”
The proposal further aims to ensure that manufacturers can be held liable for changes they make to products they have already placed on the market, including when these changes are triggered by software updates or machine learning. Recital 38:
“In recognition of manufacturers’ responsibilities under Union law for the safety of products throughout their lifecycle, such as under Regulation (EU) 2017/745 of the European Parliament and of the Council, manufacturers should also be liable for damage caused by their failure to supply software security updates or upgrades that are necessary to address the product’s vulnerabilities in response to evolving cybersecurity risks. Such liability should not apply where the supply or installation of such software is beyond the manufacturer’s control, for example where the owner of the product does not install an update or upgrade supplied for the purpose of ensuring or maintaining the level of safety of the product.”
Recital 38 new PLD
For the geographically challenged (and that concerns a lot of people I find with respect to the concept of Union under the MDR and IVDR) I am just going to be very explicit this directive is a directive with EEA relevance (it says so at the beginning), which is why the text of the directive does not use ‘European Union’ but Union to denote its geographic scope because the EEA includes countries that are not EU member states (Iceland, Liechtenstein and Norway). As you can read in the Blue Guide (which more people should do) in section 2.9:
“Union harmonisation legislation applies to the Member States of the EU and to certain European territories to the extent necessary to give effect to the arrangements set out in the Accession Treaty of the relevant Member States.”
Blue Guide section 2.9
In case the text has EEA relevance, the relevant accession treaty is the EEA Agreement. This means that every time you see or hear someone say that the scope of the new PLD is the European Union, you may ask them what the Norwegians, Liechtensteiners and Icelanders ever did to him or her to be ignored this way.
In some cases, such as with the MDR and IVDR, there may be additional agreements for these specific instruments, such as the Turkish Association Agreeement (see section 2.9.4 of the Blue Guide). In that case the instrument would feature on the product-related list of Union technical legislation to be harmonised by Turkey adopted by the EU-Turkey Association Council.
Limitation periods stay largely the same as under the old PLD: 3 years after damage, defect and identity of liable party awareness of the plaintiff and maximum 10 years after the product was put into circulation.
Transposition and other member state responsibilities
Some interesting Member States’ to-dos in the new PLD: the Member States shall publish, in an easily accessible and electronic format, any final judgment delivered by their national courts in relation to proceedings launched pursuant to the new PLD as well as other relevant final judgments on product liability. The publication shall be made without delay upon notification of the full written judgment to the parties.
The Commission may set up and maintain a publicly available database containing the judgments to be published by the Member States. It is not clear to me what the use is of making this optional for the Commission if it is important, and what this option would depend on. If this is important, why should the Commission have discretion here?
The transposition period is quite short. Article 18 (1) provides that the Member States must implement the directive within one year after its entry into force.
More about AI PLD later
Some short points here already – the proposal is part of the currently pending AI basket of measures: the AI Act, revision of sectorial rules to amend for AI (not in MDR/IVDR) and the AI PLD. The AI PLD has links with many new and old initiatives such as the GDRP, the Green Deal, the EU Data Strategy, the Digital Services Act and the Cyber Resilience Act. It even has ties into the EU Charter on Human Rights:
“In addition, this proposal complements other strands in the Commission’s AI policy based on preventive regulatory and supervisory requirements aimed directly at avoiding fundamental rights breaches (such as discrimination). These are the AI Act, the General Data Protection Regulation, the Digital Services Act and EU law on non-discrimination and equal treatment. At the same time, this proposal does not create or harmonise the duties of care or the liability of various entities whose activity is regulated under those legal acts and, therefore, does not create new liability claims or affect the exemptions from liability under those other legal acts.”
Watch this space for an analysis of the AI PLD.
What’s next for the proposals?
The new PLD (together with the AI PLD) has now entered the ordinary legislative procedure. This means that the Council and the Parliament are looking at the directive(s) concurrently. Although the directives have been subject to a consultation process, I’m pretty sure that there still will be a healthy amount of lobbying happening during the legislative process and that we can expect many amendments, so do not treat these proposals as final.
Although, strangely enough, the Commission has also extended the feedback period for stakeholders because the proposal text had not been available in all official languages, so you can still comment until 4 December. All feedback received will be summarised by the European Commission and presented to the European Parliament and Council with the aim of feeding into the legislative debate.
Over the summer holidays I (and perhaps some other people too) were in burning anticipation about announced measures to be adopted to deal with the MDR slowly moving to a big crunch or other equivalent astrophysical end state event at the end of the grace period.
For example, I have seen the first manufacturers of non-medical devices enter the regulatory limbo where their MDD certificate has expired while they cannot even apply for MDR Annex XVI device conformity assessment. Why? The Common Specifications that we have been waiting for for years and years are still not final since member states do not seem to be able to agree on them. There is currently a proposal in consultation for classification of these devices (no conformity assessment without classification), which we will also have to wait for to complete, because no conformity assessment without classification. These manufacturers can be as prepared as possible but there simply is no regulatory pathway available to them at this time, which is something too surreal to credibly explain to my clients. Just wait and see your European market collapse, because the good people in Brussels are unable to issue Common Specifications in five years. Why? How? Is this how the EU shows to the world that it has a reliable regulatory system for devices?
And I can give other examples of permutations where more and more manufacturers are starting to fall through the cracks of the system that have been visible for a long time but were never properly addressed. Why? How? Is this how Europe shows to the world that it has a reliable regulatory system for devices? How are these manufacturers supposed ‘to ensure timely compliance with the requirements’ if the system does not have any options?
Your guess is as good as mine.
Calls on to please cooperate
The document contains 19 points with a lot of ‘should’ or ‘calls on’, but no ‘shall’ (which is somewhat logical because it’s an MDCG document, and not law) and – frustratingly – puts many items that could make a difference but are on the ‘we will get to this at some point’ path (e.g. Eudamed machine-to-machine communication for notified bodies and revision of certain MDCG guidance), while we need them now, or rather would have needed in 2017 already. It just underlines what I’ve said before: that the MDR and IVDR entered into force prematurely and that subsequently insufficient resources were committed to the system fix this quickly. Enumerating 19 points where things need to improve and call upon on others to fix it is nice but wishful thinking is not the same as decisive action.
There are also things in there that the MDCG would like but has 100% influence over itself, such as that medicines authorities would please ‘accept and efficiently process consultations by notified bodies regarding medical devices incorporating an ancillary medicinal substance and regarding companion diagnostics’ (point 19). Yes, that would be nice indeed if that actually happened. But the MDCG is populated by member states, and medicines agencies are member state agencies. So the member states can just order their agencies to process these applications, it’s just a matter of doing it. If there is no capacity at the medicines agencies, fix this. Member states calling on other parts of themselves to play their essential role in a regulatory systems like they have no influence over this is indeed as absurd as it sounds. All that is needed is high up enough political will to make the overall regulatory system function, rather than to allow compartmentalized parts of it to miscommunicate or not align with each other.
Some small items that might make a difference
However, there are some items in there that might make a difference if these are actually done (‘should’, remember?) by all member states and all notified bodies.
One of the notable points is allowing notified bodies to have ‘structured dialogues’ with manufacturers before and during conformity assessment that would not count as prohibited consultancy and a more pragmatic approach to MDR assessment of legacy devices. This would actually a be a big help in practice, and notified bodies as well as industry have been asking for this for a long time. Unfortunately the line between structured dialogue and consultancy has not been defined, so member states can still think about this completely differently and instruct their notified bodies differently.
Also there is an interesting initiative to make adding codes to notified body designations easier, which could make a huge difference for example with respect to notified bodies having to also qualify as notified body under the draft AI Regulation for medical devices that incorporate AI.
Many of the other points call for pragmatism and flexibility in conformity assessment, which sounds kind of hollow given the formalistic approach that the MDCG itself has taken to MDR and IVDR implementation so far and given the restrictions preventing anything pragmatic that have been so far imposed on notified bodies by their notifying member states, landing things in the place where we are at the moment. Will all of that change now? Seeing is believing.
No love for SMEs
If you are an SME that is getting no love from a notified body for your first application, your problems are way not solved. The MDCG calls upon notified bodies to develop schemes to allocate capacity for SMEs, but it does not get more concrete than that. There is a vague what, but certainly no how, which would have been helpful. This means that every notified body is on its own on this point, and may be second guessed by its notifying authority.
The MDR and IVDR are really failing the SMEs here, while the majority of medical devices manufacturers actually are SMEs. The EU already managed to kill the EU market of SMEs in ATMPs with an overly complex and expensive regulatory system in the ATMP Regulation that made it prohibitively complex and expensive for SMEs to obtain a marketing authorisation for an ATMP. Next up seem to be medical devices and IVDs now.
Legislative measures in the works?
Finally, legislative measures are in the works but not what many may be hoping – only Commission Delegated Acts to modify the frequency of complete re-assessments of notified bodies, based on Article 44(11) MDR and Article 40(11) IVDR. This would help to reduce the burden on notified bodies and may free up time of otherwise tied up staff for MDR and/or IVDR work. In that sense this is a good development. But it will not make a decisive difference.
So no article 97 (3) MDR implementing act (yet!) or anything else (so no moving of deadlines either, for the hardcore wishful thinkers out there). An article 97 (3) MDR implementing act might still be on the table according to the document, since it apparently is in the realm of ‘being explored’ and ‘where relevant, work towards a coordinated, transparent and coherent approach’. But such ‘mechanisms provided in Chapter VII of the Regulations, such as market surveillance measures, may only be applicable for devices for which manufacturers can demonstrate that they have undertaken all reasonable efforts to transition to the Regulations’. See my previous blog on this point.
More in detail: a table
To make it a bit more systematic, I’ve put my comments in a table and grouped the 19 items in the position paper in groups. As you will see, in many cases things completely depend on the MDCG following its own wishlist in the position paper. I think it’s not a good sign how much is put on the plate of the notified bodies without further detail or structure, so the MDCG can hide behind its ‘somebody else’s problem field’ and say that it did all it could and the rest is not its problem. The MDCG also ‘calls’ upon member states and seems to conveniently forget that the MDCG is composed of the member states.
MDCG position paper
Increase notified bodies’ capacities
1. MDCG advises notified bodies to make use of hybrid audits
2. MDCG encourages notified bodies to develop a framework for leveraging evidence, or components thereof, from previous assessments conducted with regard to requirements under the Directives.
This could be useful, were it not that the MDR and IVDR are very different on many points compared to the directives (e.g. in the field of clinical evidence), which is kind of the point of the new regulations. Notified bodies will need more structure than this as a foundation for a ‘framework’ that will be acceptable to the member states.
3. With regard to ‘appropriate surveillance’ of legacy devices, the MDCG calls on notified bodies to make full use of the flexibility described already in MDCG 2022-4 on ‘appropriate surveillance’ under Article 120(3) MDR.
The problem is that MDCG 2022-4 does not give that much flexibility, because “the notified body’s activities in principle should be a continuation of the previous surveillance activities under the Directives” so full use of very little flexibility that is imprecisely defined is still not very much.
4. MDCG will review its guidance with a view to eliminate administrative workload of notified bodies or undue limitations regarding the scope of documentation not required by MDR/IVDR.
This review is of course welcome but very very very late in the day. Moreover, notified bodies would benefit from a single approach by the notifying member states, which up to now has not materialised.
5. MDCG considers that in the framework of the development of Eudamed it should be ensured as soon as possible that notified bodies can upload relevant information machine-to-machine. Moreover, generally the MDCG acknowledges that double registrations should be avoided to the extent possible.
Yeah, wouldn’t it be nice if Eudamed would be functional at some point ever. Double registrations can be avoided by just not asking for them as member states and by just not setting up parallel information systems. This is completely under control of the MDCG members themselves.
6. MDCG calls upon all parties involved to foster capacity-building of existing and potential new notified bodies and to rationalise and streamline internal administrative procedures, and ensure that proper conformity assessments are carried out in a timely and efficient manner in accordance with the Regulations.
There is scarcity of qualified personnel in the market and procedures will have been streamlined by now.
7. MDCG welcomes the preparation of Commission Delegated Acts to modify the frequency of complete re-assessments of notified bodies, based on Article 44(11) MDR and Article 40(11) IVDR.
When will this be ready? A consultation draft has not been published yet.
8. MDCG calls upon all parties involved in the assessment, designation and notification of conformity assessment bodies to continue to make all efforts to speed up this process, while preserving the level of requirements to be met by notified bodies under the Regulations
It would be nice if the MDCG and the Commission took this to heart themselves too, because the longest hold up in the process concerns the step where the Joint Assessment Team (JAT) evaluates the NB’s proposed CAPA plan.
9. The MDCG will explore means to add codes to the designation of notified bodies in a timely manner in accordance with the Regulations.
‘explore to do something in a timely manner’ – sounds like high priority indeed. These codes could be very useful, because it could help for example to avoid having to notify NBs under the (draft) AI Regulation that are already notified for AI under the MDR and IVDR.
10. The MDCG commits to prioritise actions that are ongoing in the MDCG or its sub-groups, which aim at contributing to enhancing notified body capacity, such as the revision of section III.6 of MDCG 2019-6 revision 3 regarding the meaning of ‘personnel employed by the notified body’ referred to in Article 36(1) MDR / Article 32(1) IVDR.
The MDCG has been prioritizing actions for years now in its permanently moving planning, and we know what this looks like. I’d like to know how things would change in a way that this leads to things being actually expedited.
11. As regards the status of MDCG guidance documents, MDCG reminds that their main objective is to assist economic operators, notified bodies and competent authorities to apply the legal requirements in a harmonised way, providing possible solutions endorsed by the MDCG. Having regard to the status of guidance documents, economic operators and notified bodies should be allowed flexibility as to how to demonstrate compliance with legal requirements. Moreover, reasonable time needs to be given to integrate new guidance in the relevant systems and/or to apply them. That means that new guidance should not be applied to ongoing processes or applications already launched by a conformity assessment body for designation and/or a manufacturer for conformity assessment, unless application of such guidance yields increased efficiency of the process.
Told you so, guidance is not binding. No retro-active pplication of guidance unless it increases efficiency of the process. For whom? What does that mean? Either it’s binding or not and the MDCG is still sitting on the plausible deniability fence here. “reasonable times to integrate” and “not, unless” are meaningless principles from a legal certainty perspective.
Access to notified bodies
12. The MDCG reminds notified bodies of their obligation to make their standard fees publicly available (Article 50 MDR / Article 46 IVDR), taking into account the interests of SMEs in relation to fees (section 1.2.8 of Annex VII MDR / IVDR). The MDCG also encourages notified bodies that fees published are easy to compare.
This will have zero effect on access to notified bodies, as all available notified bodies are already full. As a result of scarcity fees are as high as they will get under these circumstances. If the MDCG wants to do something for SMEs it will have to be more precise. Asking for fee structures that are easy to compare is like encouraging mobile telecoms companies to use easy to compare fees: not going to happen until it is prescribed in detail how and this is mandatory.
13. The MDCG calls on notified bodies to develop schemes in order to allocate capacity for SME manufacturers and first-time applicants and ensure access of SMEs and first-time applicants to notified bodies for conformity assessment.
See comment under 12. Also, like under 12, nice move to pass this on to notified bodies, who are not allowed to discriminate between customers. Some insights in what a scheme should look like would have been helpful.
Increase preparedness of manufacturers
14. The MDCG reminds manufacturers of its notice MDCG 2022-11 calling on manufacturers to ensure timely compliance with MDR requirements. The MDCG also calls on manufacturers to ensure timely compliance with IVDR requirements as soon as possible, making use of available notified body capacities, and not wait until the end of the transition periods. The MDCG is committed to supporting the transition to the Regulations and avoid shortage of devices.
Yes, this is super helpful for the non-medical devices manufacturers and the others that are delayed at notified bodies or find themselves unable to find a notified body. There is no degree of preparation that will fix that.
15. The MDCG encourages notified bodies and manufacturers to organise structured dialogues before and during the conformity assessment process aimed at regulatory procedures where this is useful to enhance the efficiency and predictability of the conformity assessment process, while respecting the independence and impartiality of the notified body. Such dialogues should not be considered consultancy service.
Too little and unclear, and too late. This could have made a lot of difference some time ago when the first notified bodies were nearing the end of the designation procedure. Also, without internal agreement in the MDCG each member state will hold the notified bodies it notifies to different standards as has happened so far, unless this has changed (which I don’t expect because the MDCG does not encourage the member states to take a unified approach here). Finally, it remains quite unclear how a ‘structured dialogue’ before or during conformity assessment can be reliably (legal certainty anyone) be distinguished from consultancy, which still remains prohibited.
16. In order to increase preparedness of manufacturers, especially SMEs and first-time applicants, to adapt to the high-level standards set up by the Regulations, the MDCG calls on all parties involved to continue and, where possible, to step up communication with manufacturers by means of webinars, workshops, targeted feedback and informative sessions. […] Also industry associations are invited to promote and ensure awareness of economic operators of the legal requirements.
Seriously, industry associations should step it up? MedTech Europe, COCIR and their national organizations have been more than vocal for years in communicating about this. Conversely, not every MDCG member state did a lot in their jurisdiction in that regard, that’s for sure.
Other actions facilitating transition to MDR/IVDR and/or avoiding shortage of devices
17. Provision of additional guidance to notified bodies and manufacturers to assist with the practical application of Article 61 MDR (clinical evaluation), and possibly Article 56 IVDR (performance evaluation and clinical evidence), and to make appropriate use of MDCG guidance on clinical evidence for legacy devices and clinical evaluation – equivalence. In combination with the possibility for notified bodies to issue certificates under conditions or combined with the requirement to carry out PMCF / PMPF studies, this action will increase the necessary flexibility to apply the reinforced clinical evidence requirements to devices that have a demonstrable track record of safety.
Such guidance would need to be very clear and specific, otherwise it is going to create more additional questions than answers. And member states should have internally aligned policy as to how they instruct their notified bodies on this point.
18. The MDCG acknowledges the specific situation of ‘orphan devices’ and will pursue work with a view to providing a definition for ‘orphan devices’ and suggesting specific guidance or other means of assistance for those products to be able to meet the legal requirements. Sustainable solutions are also needed in the mid- and long-term for orphan devices.
Better late than never, for sure. ‘Will purse work with a view to’: we’ve been hearing this about MDCG documentation that we’ve waited for for years, so seeing is believing.
19. The MDCG urges medicines authorities to accept and efficiently process consultations by notified bodies regarding medical devices incorporating an ancillary medicinal substance and regarding companion diagnostics. Medicines authorities should ensure that in case of devices already certified following a medicines authority’s consultation under MDD/AIMDD, an expedited review is carried out following the recommendation in MDCG 2020-1217. Medicines authorities are invited to support notified bodies in identifying availability of medicines authorities for determined devices. The MDCG calls upon the Heads of Medicines Agencies (HMA) and the European Medicines Agency (EMA) to take action ensuring that the consultation of medicines authorities is carried out in a cost-efficient and timely manner, in particular as regards devices that had undergone the consultation under MDD/AIMDD.
This is something member states completely control themselves, such as remedying the capacity problems at medicines agencies that prevent them from processessing these additional dossiers or even to actively implement something of a solution locally.
The MDCG helpfully recalls that derogations (article 59 MDR and 54 IVDR) from applicable conformity assessments procedures may be granted by competent authorities only if the use of the device concerned is in the interest of public health, patient safety or patient health. Still, many companies ask me for options for a derogation. These options are basically not there, unless a device actually qualifies under article 59 MDR / 54 IVDR requirements. National derogations are hard to get (and there are differing national criteria) and a European one is even more difficult. These are not intended for manufacturers missing deadlines, these are intended for patients missing out on essential treatment.
Does this MDCG document help?
This is one of these questions that is cynically answered with: “Depends on who you ask.”
The problem is that the document is not mandatory, is not very concrete nor does it provide for actual mandatory harmonization, which means that for whatever nice things are in there the usual CE (Confusion Everywhere) problem is that where there is room for interpretation, everyone will do things differently and at their own speed.
An interesting twist is the Commission and at least one member state (The Netherlands) present the MDCG 2022-14 position paper now as an action plan; see here for Commission press release. While I am not a native English speaker, to me a position paper is not automatically an action plan. Both the Commissioner for Health and the Dutch Minister of Health mention specifically that the document contains concrete actions which, if you look at the above, is a very ambitious interpretation of what the MDCG position paper actually does. The Dutch Minister adds that there is no simple solution due to the international character of the problems and that it can be expected that these problems will not be (completely) solved in the short term. I don’t agree: the solutions are actually often very simple and very well known (for years in some cases – and see my comments in the table above, and have been pointed out to the MDCG often), it’s reaching political agreement on them in the MDCG and then attributing the system with the resources to implement them that cause the issues. All member states need to do is decide that the problem is urgent enough to merit serious attention and then act on it, and at least make sure that they support the notified bodies in this properly. It’s not more complicated than that.
But the big problem is that this is by no means certain. Member states that do not want to play along can still order notified bodies to do things differently. This will not be visible to the outside world, who will mistakenly blame the notified bodies or the Commission for the crisis and confusion. More and more than already at this moment desperate manufacturers start asking me if they can sue their notified body just to make things move again (usually not recommended in this scenario). The big issue with this position paper is that it basically calls upon notified bodies in very general terms to come up with very specific solutions to solve certain problems without there being any detailed guidance on what these specific solutions should look like. If you know the epic Gary Larsson Far Side episode “damned if you do, damned if you don’t” you know what this looks like.
I’m afraid that this position paper will result in notified bodies and member states unnecessarily looking at each other while perhaps some best practices acceptable to member states may or may not emerge, while these may be frustrated by individual member states after the fact. Sounds very efficient, right? Before you complain about your notified body not listening to what the MDCG says, it’s good to realize in what a difficult position notified bodies are with this position paper. They may be damned if they do (adopt solutions that the notifying member state doesn’t like after all) and damned if they don’t (adopt solutions that the MDCG document hints at in very general words, because their customers and the public opinion will hate them for it). Obviously, I don’t think this is a good way to solve the problem. It’s a good way to pass the buck to the notified bodies and the industry (together “the market”) and then blame the market for not fixing its own problems, for sure. But as my late grandmother would have said: passing the buck is not an actual solution.
The next EPSCO council meeting is planned in December. What will the EU regulatory system have to show by then for solutions to the problems of which everyone agrees that they are urgent? We’ll need to see. By then the MDR system will likely have painted itself into a corner again because any MDR application that is not in the door at a notified body early 2023 does not have a reasonable chance of being finished before the very end of the grace period on 26 May 2024 (because the capacity is simply not there) or to qualify for a solution that was announced in MDCG 2022-11 (application at least one year before end of grace period). And then I’m not even talking about the MDD certificates that expire (sometimes way) before 26 May, which do not even seem to be on the authorities’ radar publicly.
As Marx might have said: Verelendung [immiseration for the non-German speakers] is a process, people! Things apparently need to get a lot worse before they can get better because we are still not deep enough into the danger zone yet in the eyes of the MDCG. Let’s hope it does not get to the point where the Commission, presiding the MDCG, has to record the words that many of us have heard somewhere before: “Gentlemen, it has been a privilege playing with you tonight.”
Chapter 2 is one of the most important chapters of the Blue Guide, as it explains among others the crucial concepts of making available, placing on the market, putting into service. Getting the interpretation of these concepts wrong can cause costly mistakes as I will explain below. Unfortunately I see many companies get this wrong in practice or think about them in a too rigid and formalistic way, depriving themselves of regulatory options or getting themselves in trouble.
When reading the Blue Guide 2022 (just repeating it again because I’m often faced with regulatory experts, notified bodies and others referring to the Blue Guide like it’s law – which it is not) you should keep in mind that it is one size fits all language for all New Legislative Framework (NLF) categories of products. This means that there may be more specific or diverging rules for specific products such as medical devices and IVDs, which apply instead of the Blue Guide guidance and may sometimes run counter to it. So never (ever) just rely on the Blue Guide alone, only do that when the applicable product legislation and product legislation guidance do not provide an answer and you need guidance to arbitrate between possible interpretations. Because that is what guidance is for.
And now for the new or newish things in Chapter 2!
Used and second hand products
For used and second hand products the Blue Guide contains a new paragraph in section 2.1 in relation to the General Product Safety Directive (GSPD) (applicable to consumer products) stating that used and second hand products sold to consumers must comply with GSPD requirements.
This is relevant because second hand sales of devices are out of scope of the MDR and IVDR (see recital 3 IVDR and MDR). Economic operators that make used devices available to consumers will need to take this into account, so they’ll need to implement traceability for example.
Spare parts, components and finished products
Spare parts and components are treated differently under NLF legislation than finished products. For that reason it’s very useful to be able to distinguish them well, and we can do that better now with the 2022 Blue Guide. There is a new heading for spare parts, components and finished products in section 2.1:
“If there are two or more finished products made available in the same package which do not constitute a single finished product but which are intended to function together, the manufacturer marketing the combination must address the risks of the products included in the package when used in operation with each other.”
Bllue Guide, section 2.1
While this is covered by the lex specialis in article 22 MDR for systems and procedure packs, there is no equivalent rule under the IVDR, don’t ask me why. I think this is actually a (major) regulatory oversight because it’s of course perfectly possible to have IVD systems under the IVDR (although systems including normal medical devices brings the combination in scope of article 22 MDR, which many IVD manufacturers and distributors don’t realise). While the IVDR (like the MDR) contains GSPRs on compatible and interoperable products, these are addressed to the manufacturer of the device for the purpose of CE marking individual devcies, and the manufacturer of an IVD is not necessarily the party placing the combined products on the market as a single combined offering. This means that we are dealing with a genuinely new requirement for IVDs, although this is set out in guidance and therefore not necessarily mandatory.
The Blue Guide 2022 also helpfully confirms that there is not a universal duty to provide spare parts for a specific time after placing on the market (an often asked question), but that this duty does exist in relation to certain consumer products like dishwashers (but not devices), see footnote 39.
Also, keep in mind that the MDR and IVDR have a lex specialis spare parts requirements provision in article 23 MDR and 20 IVDR, discussed extensively in my book The Enriched MDR and IVDR (2nd edition imminent).
Repairs and modifications to products
There is a new heading for repairs and modifications in section 2.1 that contains some new language and incorporates other language on this subject that was already in the 2016 version. This is a relevant paragraph for commercial parties that offer life extension processes for devices already placed on the market, often seen with MDD and IVDD legacy devices that are capital equipment.
The existing principle that the manufacturer is responsible for the device as placed on the market is reiterated in the Blue Guide 2022, but for the device as later modified by the end user or third parties the situation is clarified as follows (not new as a legal rule, but more clearly explained in guidance now):
“Where a modified product is considered as a new product [as a result of the modification, red.], it must comply with the provisions of the applicable legislation when it is made available or put into service. This has to be verified by applying the appropriate conformity assessment procedure laid down by the legislation in question. In particular, if the risk assessment leads to the conclusion that the modified product has to be considered as a new product, then the compliance of the modified product with the applicable essential requirements has to be reassessed and the person carrying out the substantial modification has to fulfil the same requirements as an original manufacturer, for example preparation of the technical documentation, drawing up a EU declaration of conformity and affixing the CE marking on the product. […] The person who carries out important changes to the product carries the responsibility for verifying whether or not it should be considered as a new product in relation to the relevant Union harmonisation legislation. If the product is to be considered as new, this person becomes the manufacturer with the corresponding obligations. Furthermore, in the case the conclusion is that it is a new product, the product has to undergo a full conformity assessment before it is made available on the market and the new manufacture’s name and contact address must be indicated on the product. […] The natural or legal person who carries out changes or has changes carried out to the product shall be responsible for the conformity of the modified product and draw a declaration of conformity, even if they use existing tests and technical documentation.”
Blue Guide 2022, section 2.1
When is a product a ‘new’ product?
“A product, which has been subject to important changes or overhaul after it has been put into service must be considered as a new product if: i) its original performance, purpose or type is modified, without this being foreseen in the initial risk assessment; ii) the nature of the hazard has changed or the level of risk has increased in relation to the relevant Union harmonisation legislation; and iii) the product is made available (or put into service if the applicable legislation also covers putting into service within its scope).”
Blue Guide 2022, section 2.1
This specification is relevant for the situations where hospitals and third party repair services sometimes considerably modify and overhauil devices without taking responsibity for these modifications. The MDR and IVDR have a lex specialis for this with the defined concept of ‘full refurbishment’, which triggers a new device for which a (new) manufacturer needs to take responsibility and needs to complete conformity assessment to be able to place it on the market and put it into service. The Blue Guide therefore points to the concept of ‘full refurbishment’ that is only seen in the MDR and IVDR (and is a defined term). Where repair leads to full refurbishment, the resulting product is considered placed on the market again, requiring a new manufacturer, importer (if applicable), new conformity assessment, etc.
The Blue Guide reiterates that having your cake (modification) and eat it too (but not taking responsibility for the modification) will not do. This responsiblity does not only apply to devices that are ‘new’ as a result of the modifications: the Blue guide also helpfully specifies that the end user or third party needs to take responsiblity for ANY change carried out to the product (unless this is done by the manufacturer or his service organisation):
“The natural or legal person who carries out changes or has changes carried out to the product shall be responsible for the conformity of the modified product and draw a declaration of conformity, even if they use existing tests and technical documentation.”
Blue Guide 2022, section 2.1
This is an important point because in my experience both end users (often hospitals) and third party repair and maintenance services providers do exactly the opposite and third party services providers will often disclaim any such responsibility in their terms and conditions, which can cause problems for the end user / hospital when the device fails or underperforms and causes damage that way. The end user remains responsible for deploying a device within CE marked specifications. This may not be the case anymore after modification by a third party that will not take responsibility for the modification’s impact on the CE marking. Hospitals would do well to double-check the terms and conditons of third party service providers on this point as well as to check their own internal processes for repair, modification and maintenance. In practice I often find these lacking.
There is a new sentence in the Blue Guide that repair and maintenance options must be designed into the product in light of intended purpose (and I assume life time of the product). This is already accounted for in the MDR and IVDR in various places in the GSPRs.
This section is also relevant for software (see below).
There is a new heading for software in section 2.1 but the content is not very new. It discusses prinicples of risk assessment for software in general and points to the MDR and IVDR specifically as being a lex specialis on this point, which they are because the MDR and IVDR have detailed provisions and guidance on the conformity assessment of software as a medical device (which includes of course risk management) and for provision of devices as a software service.
The interesting part in the clarification is the explicit linking of software updates and maintainance to hardware concepts of repair, (full) refurbishment and maintenance, although this is also not necessarily new for devices in my opinion:
“Software updates or repairs could be assimilated to maintenance operations provided that they do not modify a product already placed on the market in such a way that compliance with the applicable requirements may be affected. As is the case for physical repairs or modifications, a product should be considered as substantially modified by a software change where: i) the software update modifies the original intended functions, type or performance of the product and this was not foreseen in the initial risk assessment; ii) the nature of the hazard has changed or the level of risk has increased because of the software update; and iii) the product is made available (or put into service where this is covered by the specific Union harmonisation legislation).”
Blue Guide 2022, section 2.1
This does give us more guidance on when a software change could be considered to be a substantial change to be evaluated by the notified body (which is not to be confused with a significant change to a legacy device as discussed in MDCG 2020-3 for MDR and MDCG 2022-6 for IVDR).
Making available on the market
There are basically no changes to this section, except a clarification of a principle that we already knew about:
“The concept of making available refers to each individual product, not to a type of product, and whether it was manufactured as an individual unit or in series.”
Blue Guide 2022, section 2.2
This new paragraph clarifies a concept that is hard to understand for people that perceive market access on a per type basis, which is a misunderstanding. This new paragraph underlines that making available applies to each individual device and not to a series of devices covered under the same CE mark. If this were different, all logic underlying the MDR and IVDR vigilance and market surveillance provisions would break down, as this is targeted at individual products (although of course a batch or even a series can have the same problem).
The Blue Guide contains more detail on the concept of placing on the market and now actually contradicts itself even more if one persists in following the misguided theory that placing on the market requires transfer of a property right as a necessary condition, mainly because the English version of the Blue Guide uses these words (like the MDCG mistakenly does in MDCG 2021-27 and which many companies, consultant and lawyers are copying). Many other language versions, like other Commission working languages German and French, do not use this wording and do not state that a property right transfer is needed as a condition for placing on the market. In view of contradictory language versions this means according to EU Court case law that you cannot assume one of them is automatically right (or wrong). This is why we need a solution here. What is more, the new Blue Guide 2022 section 2.12 contains examples that demonstrate placing on the market without a transfer of a property right (e.g. example 2 and 6), which only increases the confusion.
There is a new paragraph in section 2.5 about placing on the market of imported products, which clarifies that placing on the market also applies to second hand products made available in the Union for the first time. If it’s the second time, e.g. in case of re-import after a product that was placed on the market already, then this is not placing on the market anymore, as was already clarified in the 2016 version of the Blue Guide.
Placing on the market is a crucial concept to get right under the MDR and IVDR with the crucial deadlines for legacy products coming up. I currently spend a large part of my professional time advising devices companies about this. Mind you: this is not only relevant for the end of the legacy device period (legacy device can still be placed on the market under article 120(3) MDR or article 110 (3) IVDR) but also for the one year sell-off period under article 120 (4) and 110 (4) IVDR (legacy device that was placed on the market can still be made available).
One of the things that I am working on at the moment is developing contractual solutions to deal with the situation towards the end of the sell-off period, where I (and many others) expect many manufacturers and importers/distributors not to have made all devices in their stocks available to the final customer yet and thus be stuck with stocks that they cannot make available further in the Union market anymore and that must be withdrawn from the supply chain. If the company does not have a credible argument that the devices still in stock have been made available to the final customer in time (so before end of the sell-off period for the medical device or IVD), the device concerned cannot be made available anymore to any final customer in the Union and must be withdrawn from the supply chain as the Commission explains in the relevant fact sheet. So better get this right and contact me for help if needed!
Making available and placing on the market in case of distance and online sales
Distance sales and online sales pose specific problems in relation to the concepts of making available and placing on the market. The MDR and IVDR solve these to an extent with article 6 MDR and IVDR by skirting the question for physical devices in article 6 (1): if you offer a device to an end user in the Union, it must meet the requirements of the MDR/IVDR, thus achieving what would be achieved if the device would be placed on the market. Article 6 (2) adds that devices provided as service to users in the Union must also meet the requirements of the MDR/IVDR, regardless of the location of the infrastructure that they are run from.
The Blue Guide 2022 adds additional interpretation in a new section 2.4 that is very relevant for companies selling devices online or at a distance.
“The physical delivery to end-users in the EU of a product ordered from a given online seller based outside the EU, including by a fulfilment service provider, gives irrefutable confirmation that a product is placed on the EU market.”
Blue Guide 2022, section 2.4
This little sentence has a lot of consequences. While companies in the past would sometimes seek to argue that they did not place a product on the market but would still offer and sell it to consumers or other end users, the Blue Guide now contains a rule of proof that physical delivery to end users by necessisity assumes a product that is placed on the market.
Secondly, the Blue Guide provides another rule for interpretation of placing on the market where devices are sold via an FSP:
“Some products offered online or through other means of distance selling to end users in the Union are transferred first to fulfilment service providers located in the EU to guarantee their swift delivery to EU end users. Accordingly, products stored by such fulfilment service providers and released for free circulation are considered to have been supplied for distribution, consumption or use on the EU market and thus placed on the EU market. When an online operator uses a fulfilment service provider in this manner, by shipping the products to the fulfilment house in the EU, the products are in the distribution phase of the supply chain. These products are considered placed on the market at the time they are released for free circulation.”
Blue Guide 2022, section 2.4
In other words: customs cleared and in the hands of your FSP means placed on the market in the Union (but not necessarily placed on the market by the FSP!). I think that this is not always correct however, because there is the distinction between devices held by the FSP that are intended for the Union market and those held by the FSP that are not intended for the Union market, which may both be customs cleared and sitting in an FSP warehouse. The latter group is of course not necessarily placed on the market because it is not intended for distribution in the Union.
Putting into service (and installation)
Putting into service is an elusive concept for many, but in fact simpeler than you think. It applies in situations where a device is not made available in its final form, in which case EU law requires another compliance gating when the device is set up to be used for the first time. Think MRI machine or bigger: these are not placed on the market as a single unit but need to be built up in place. The compliance of the device depends on whether the device is built up in place correctly, so naturally the device has to conform to CE marked specs when it’s ready for first use as intended, i.e. at the moment that it is put into service.
The Blue Guide contains a helpful clarification for the current grace period deadlines for legacy devices under the MDR and IVDR:
“Unless otherwise provided for in specific Union legislation, where products have been placed on the market in compliance with the Union harmonisation legislation applicable at that time, they can also be put into service even if that legislation has been amended after the products are placed on the EU market and therefore they do not entirely comply with the new EU legislation.”
Blue Guide 2022, section 2.6
However, note that there is a lex specialis in the MDR and IVDR in article 120 (4) and 110 (4) about until when the devices can still be made available to end users during the sell-off period, as discussed above. Legacy devices that have not been made available to the final customer timely must be withdrawn from the supply chain.
Reasonably foreseeable and intended (mis)use
This section 2.8 is not new, but it does contain some new language that is very relevant for the application of the new article 7 MDR and IVDR about claims. Article 7 MDR and IVDR essentially oblige manufacturers to be precise about their claims and not use any claims that may mislead users and/or patients about the risks, safety and/or performance of the device. For those interested, I wrote a detailed article about article 7 MDR and IVDR in RAPS Focus.
This new Blue Guide language also underlines how crucial a proper formulation of intended purpose is, and how the manufacturer is expected to actively imagine how the user may use the device:
“Manufacturers have to look beyond what they consider the intended use of a product and place themselves in the position of the average user of a particular product and envisage in what way they would reasonably consider to use the product.
For products intended for outdoor use, they should also consider how projections about the changing climate in the EU will affect the safety and performance of the product during use. Since the climate is already changing, outdated assumptions based on historical observations and performance should be revised. If the product’s typical life-span extends beyond 5 years, manufacturers may want to prepare it also for more extreme conditions expected in the mid-term.”
Blue Guide 2022, section 2.8
This language means that manufacturers cannot easily suffice with disclaimers and warnings as regards perceived intended purpose, because they also have to take into account that disclaimers may be overlooked or misinterpreted. More generally speaking I personally consider disclaimers and unclear warnings evidence of faulty formulation of intended purpose and faulty design flowing from that, because you are just creating gorilla doors:
Nobody likes gorilla doors, and as a lawyer I can say that they’re particularly hard to explain to authorities and judges because they are usually avoidable. Also, they lead to surprise and frustration on the part of users, and possible damage or sub-optimal outcomes on the part of patients.
Transitional arrangements for the EU Declaration of Conformity
There is an interesting new section 2.11 with guidance on how to work with declarations of conformity that cover the same device under different legislation, e.g. MDD and MDR. This section describes how to work with a DoC that declares conformity to both old and new legislation for a product.
Brexit, Swixit and Northern Ireland
Since 2016 the geographic scope of the Union in which NLF legislation and specifically devices regulation under the MDR and IVDR applies has changed considerably. The UK has left the EU and the MRAs for medical devices and IVDs that made Switzerland part of the European internal market for devices have expired in the mean time without replacement, putting Switzerland outside the Union.
One of the mistakes that many people continuously make is to equate the geographic scope of the Union referred to in the MDR and IVDR with that of the EU. You might consider updating your knowledge in that case if you market yourself an expert. It’s really like in the realm of saying that Alaska is a Canadian province, that Puerto Rico is a US state or that Amsterdam is the capital of Denmark. It is also implicitly stating that Switzerland was an EU member state, which it never was (but was in the Union for the purpose of EU medical devices and IVD law). It’s never to late to know that the Union referred to in the MDR and IVDR is bigger than the EU 27 member states (including some of their overseas territories), because it also includes the three EFTA states that are EEA signatories but not EU member states (Iceland, Norway, Liechtenstein), and includes Turkey, which is neither EU member state nor EEA signatory but has its own agreement with the EU.
All of this is also again reiterated in the Blue Guide 2022. Also, my book the Enriched MDR and IVDR (2nd edition imminent now) contains a fully updated ‘scope of Union’ commentary with an updated map, a discussion of the overseas areas of member states that are and are not Union for the purpose of MDR and IVDR as well as a discussion of the difference between the UK and Great Britain (being Northern Ireland in which EU NLF legislation still applies, see Blue Guide section 2.9.6 – if you read this you’ll also understand the current friction between the EU and the UK on the Northern Ireland protocol better) which you should know. Brexit is discussed in sections 2.9.5 and 9.3.
The examples provided in new section 2.12 are quite useful, although I can appreciate that the logic may be hard to follow for some.
For example, there is a school of thought in the market that argues that placing on the market is a two-step process in the sense that a device cannot be considered placed on the market if the importer has not made it further available to into the supply chain. Interestingly this does not follow from the examples in section 2.12. Example 1 for example discusses the situation where a product is placed on the market immediately without importer involvement by means of a direct sale to an EU customer. In my opinion a two step proces can be used to demonstrate placing on the market (so it’s an option), but a two step process is not a requirement, as the Blue Guide 2022 shows.
It is important when looking at these examples to keep in mind that placing on the market (and making available as core concept in placing on the market) are very flexible concepts that can apply via any of the three nexuses (1) legal (e.g. change of ownership or offer to supply), (2) financial/tax/customs (e.g. customs clearance) and (3) physical (device is in Union territory). Any of these three nexuses can by itself lead to a conclusion of placing on the market. For this reason the theory that a transfer of property right is always needed for placing on the market makes no sense, as it would invalidate several the examples given in 2.12 (see also discussion above under Placing on the market).
So we have something old, something new, a number of somethings lex specialis and something blue (my hurt feelings because of the Commission not correcting the placing on the market language incoherence in the new Blue Guide).
So no radical changes – fortunately in a way, because we would have needed legislation for that – but still some interesting nuggets that may be useful in your specific case.
The amendments to Chapter 2 are also a reminder for companies in the devices space to make a plan and follow through (as Brian Boitano would do) on rational supply chain management with all the regulatory deadlines in sight to avoid nasty surprises that can seriously ruin your party. You probably don’t want to be the person to tell your management that the company made totally avoidable but very costly mistakes that cause withdrawals, recalls and can lead to enforcement for placing on the market/making available of devices or IVDs in infringement of regulatory deadlines.
Next up: discussion of economic operators and their obligations in Chapter 3.
After approximately six years after the previous (2016) version of the Blue Guide the 2022 version finally ‘dropped’ on 29 June 2022 in the Official Journal edition C edition of that day.
I will discuss new and amended headings and subjects in the Blue Guide 2022 compared to the 2016 version in a series of blogs that are to follow this one, which serves to give you a general initial overview.
Spoiler: in short the Blue Guide 2022 does not provide a lot of new things for devices in scope of the MDR or IVDR, but it does make some things more confusing. For example, it does not remedy the inconsistencies due to language differences with respect to the concept of placing on the market, which I myself consider a major missed opportunity. It shows also that you can never rely on just one language version of an EU document, and if you don’t understand more than one language (which would usually be English) you are prone limit your options of interpretation.
And the new Blue Guide also contains quite a lot of smaller changes, many of which were sort of figured out in practice by now, such as dealing with fulfillment services providers, software, etc. and details on the Market Surveillance Regulation that was adopted after the 2016 version of the Blue Guide. Although the Market Surveillance Regulation looks to change a lot regarding economic operators in general, some of the most impactful changes do not apply to medical devices and IVDs – a good reminder not to forget that the Blue Guide is a ‘one size describes all in not so much detail’, and does not necessarily state the exemptions to every rule if there happens to be one. Although I always urge clients to read the Blue Guide, I also urge them to not only read the Blue Guide but also the legislation that is actually mandatory because Blue Guide is just guidance, not law. Many people in regulatory affairs have difficulty understanding this difference and routinely refer to the Blue Guide as that it ‘requires’ or ‘obliges’, which is simply not the case. Guidance is guidance, and not mandatory law. This is also reiterated in the Blue Guide itself.
“substantial update and takes into account developments that have come up since 2016, for example related to the Market Surveillance Regulation [MSR] (EU) 2019/1020. It also elaborates on specific features such as distance sales, making products available on the market subject to physical modifications or software updates and the assessment of conformity assessment bodies.”
While this may be true for other New Legislative Framework (NLF) legislation covered products, the MDR and IVDR contain a number provisions that already deal with some of these developments (e.g. distance sales, parts and components, software) or constitute a lex specialis to which some of the new MSR requirements simply do not apply (see below in the table). Did I already say not to look only at the Blue Guide?
To provide a bit more context for the people that would like to have more detail on what is new and where to look for it, see below for a summary table analysis:
New item, significantly amended item or problematic item
Chapter 2: when does EU law on products apply?
Section 2.1 Product coverage
New headings for Repairs and modifications to products and Software, but these contain nothing new for medical devices or IVDs. Makes analogy between software changes and maintenance/repair of physical devices. Interpretation of when a part / component is a separate product – lex specialis on components and parts in article 23 MDR and 20 IVDR.
Section 2.3 Placing on the market
Incoherence between language versions as regards the exact criterion for placing on the market (‘transfer of ANY other right’ or ‘transfer of PROPERTY right’?). New elements in the Blue Guide such as new sections 2.4 and 2.12 increase the confusion as these refer to placing on the markets in situations where no property right is transferred, unhelpfully contradicting what is stated in section 2.3.
Section 2.4 Making available and placing on the market in case of distance and online sales
Explains that products offered for sale online or through other means of distance sales are deemed to be made available on the Union market if the offer is targeted at end users in the Union. This principle is already accounted for in article 6 MDR and IVDR.
Section 2.9.5 Brexit
Consistent with Commission Brexit guidance on economic operator consequences.
Explanation of how the Northern Ireland Protocol affects NLF regulation: all Union harmonisation legislation covered by the Blue Guide applies to and in the United Kingdom in respect of Northern Ireland. As a result, insofar as EU law made applicable by the IE/NI Protocol to the United Kingdom in respect of Northern Ireland is concerned, references to the EU have to be understood as including Northern Ireland, whereas references to the United Kingdom have to be understood as referring only to Great Britain. This is yet another good reason to refer to the Union when referring to the geographic scope of the MDR / IVDR and not to the EU as scope, which does not include a number of countries in which the MDR and IVDR do apply.
Section 2.12 Summary examples
Examples to demonstrate a number of issues regarding temporal and geographic scope of application of NLF legislation. Good to review because they address widely misunderstood matters (such as the misunderstanding that the geographic scope of the MDR or IVDR is the EU). The first example also demonstrates that transfer of a property right is not needed for placing on the market (see above under 2.3). Also, the examples show ways to structure distribution for strategic placing on the market in view of expiring legacy devices certificates (such as creating an ‘internal’ distributor subsidiary to function as MDR/IVDR importer or distributor) to better manage the MDR danger zone [https://medicaldeviceslegal.com/2022/06/20/managing-the-2024-mdr-danger-zone-and-outlines-of-a-potential-solution-in-mdcg-2022-11/].
Chapter 3: actors and obligations
Section 3.5 Fulfillment services providers
Already addressed in less detail in Blue Guide 2016 in relation to distributors of medical devices, alignment with the MSR definition of fulfillment services provider. Note that the ‘economic operator in the meaning of article 4 MSR’ requirements discussed in this section do not apply in the field of medical devices and IVDs, see article 4 (1) and (5) MSR.
Section 3.6 The economic operator referred to in Article 4 of Regulation (EU) 2019/1020
While this is new (although not that much because already applies since date of application of the MSR) note that the requirements for ‘economic operator in the meaning of article 4 MSR’ do not apply in the field of medical devices and IVDs, see article 4 (1) and (5) MSR which do not list the MDR and IVDR among the product legislation to which product scope these requirements apply.
Chapter 7: Market surveillance
Section 7.6.6. Medical devices: vigilance system
Summary of medical devices vigilance compared to general product market surveillance under NLF regulations and updated from Section 7.5.6 Blue Guide 2016 for MDR/IVDR references. More generally Chapter 7 was updated to account for the changes implemented by the MSR.
Chapter 9: International Aspects of the EU Law on Products
Section 9.2.2 Switzerland
Amended but outdated already, because the text states that the MRA covers medical devices ‘partially’, an obvious reference to the MRA for the IVDD not having expired yet. As of the date of application of the IVDR on 26 May 2022 IVDs are not covered by a MRA with Switzerland anymore.
Section 9.3 Brexit
Description of the post-Brexit arrangement with the UK (‘Trade and Cooperation Agreement’), consistent with earlier Commission guidance. Somewhat overly optimistic description of the actual legal situation.
Table summary of significant changes to Blue Guide
As you can see, while a lot has changed in the last six years since the 2016 version of the Blue Guide, people that have kept track of developments over the last years will find that the new version does not contain a lot of new things that are actually surprising but rather comprise a description of recent developments. The notable surprising exception is that the Commission neglected to fix the incoherency between language versions with respect to the concept of placing on the market, only one of the most important defined concepts in NLF legislation even though the Commission has been made aware of this. This will just serve to create confusion but also limit the legal options of companies because the restrictive interpretation (transfer of any (other) property right) has in the mean time propagated to MDCG guidance (MDCG 2021-27). It is a pity that the MDCG just copied that the English text for that guidance just because it was in the English language version of the Blue Guide 2016. If the MDCG (and the Commission presiding it) had only looked at the French and German version too – which are also Commission working languages by the way – they would have understood that they were making a totally avoidable mistake here.
Reader beware: this blog post provides just a very rough initial overview! I have not yet done a letter-by-letter comparison of the 2016 and 2022 versions because I’m on holiday at the moment, but will do so at some point. Additional details resulting from this comparison will be addressed in the detailed follow-up articles. Who knows, there may still be some interesting Easter eggs hidden in the new Blue Guide.
Next up: the first of the series, a detailed article about the changes to Chapter 2 – when does EU law on products apply? Watch this space, which is always a good idea anyhow.
We live in interesting times for medical devices in the Union – some have said we are headed for a cliff edge at the end of the grace period. I would personally prefer to say that we are in the danger zone, which would be a zone of danger (Archer pun on Top Gun), but still with some options. If you still need to see the new Top Gun movie: there are spoilers ahead, but only in the conclusion.
But I digress already – back to the story of this blog.
Not so long ago, in a galaxy not so far away before the date of application, everybody and their mother enthusiastically went all in on what we later understood to be legacy devices and (AI)MDD certificates were extended well into (or often all the way for) the ‘grace period’ provided under Article 120 (3) MDR. My analysis with hindsight knowledge is that many went into this in good faith, hoping that the issues plaguing the MDR as unfinished symphony with insufficient notified bdoy capacity would have been fixed by the time the legacy device certificates would expire. Others will have been happy to kick the can down the road and see where things are at by that time. Authorities and notified bodies will probably have been happy with the additional time to finalise the system.
This became increasingly supported by evidence in several Team NB publications, with the latest one painting a dire picture that, regardless of notified body efforts to scale as much as they could, not even (roughly speaking) half of the total capacity required for 2024 would be available:
The authorities reacted first through a relatively mellow CAMD statement on the occasion of the CAMD’s 50th meeting (let’s all work together to fix this but the MDCG should take the lead), but then followed this up via the MDCG (which includes the voice of the Commission that presides the MDCG) with position paper MDCG 2022-11 that has a very different tone.
‘Sweeping your own little street clean’
The MDCG 2022-11 position paper document that was recently issued is certainly something else. There is some serious fingerpointing going on the document (it was not called ‘Notice to manufacturers to ensure timely compliance with MDR requirements’ for nothing) with the MDCG suggesting that many manufacturers are applying to notified bodies too late and/or with substandard quality submissions:
“The transition period intends to give further time to the system to prepare and to get ready, for example time for manufacturers to prepare their quality management system (QMS) and technical documentation before applying to a notified body. This step should not be perceived as a “grace period” to postpone the entering into application of the new rules. At this stage, data collected by notified bodies, and presented to competent authorities in December 2021, shows that nearly 37% of manufacturers’ applications have been refused on the basis of incomplete applications, underlining an overall lack of manufacturers’ preparedness. In April 2022, 75% of notified bodies indicated that more than 50% of the submitted applications were deemed incomplete.”
MDCG 2022-11, p. 2
In other words: you industry, stop sitting on yours hands and cease misunderstanding requirements! Grace periods are not for idling but for sorting out your problems so you don’t make them ours too. You can do better than this and have yourself to blame as much as you’re blaming others.
The paper is a nice exercise in political plausible deniability, or as we would say in Dutch in literal translation: ‘sweeping your own little street clean’.
Of course this does not mean that the MDCG is not right in saying that everyone is in this together, and that hurrying up and taking the transition to the MDR seriously is a very good idea under all circumstances. I personally still see too many companies where the sense of urgency has not really caught on yet, especially not with management. But then again, I also see a regulatory system that is excellent in its underlying concepts but implemented rather sub-optimally, which also causes all kinds of issues that the MDCG could have done a much better job at solving.
Some seeming light at the end of some tunnel
However, it’s not all bad news : MDCG 2022-11 gives us an insight in how the MDCG (which includes the Commission) thinks to solve the issues, which was not clear in the latest CAMD document or any other document before that.
The MDCG position paper implies that anyone that was hoping for a blanket extension of the grace period can stop hoping now: it’s not going to happen. I’ve been informing clients in this vein for some time now but now you can take some else’s word for it too.
Also, national and European exemptions under Article 59 MDR and national equivalents always have been an option, but only to support basic healthcare in Member States, not as an exemption for a regulatory pathway. It exceptional character was already clear in the guidance on Article 59, for example MDCG 2020-9, and this is now spelled out very clearly by the MDCG:
“Derogation from the conformity assessment procedure in accordance with Article 59 of the MDR has been mentioned as a possible remedy in case transition from AIMDD/MDD to MDR is not completed in time. It is important to stress that derogations may be granted by competent authorities only if the use of the device concerned is in the interest of public health, patient safety or patient health. This mechanism should not be considered as a solution for cases of late application to a notified body for conformity assessment or delays in the conformity assessment procedure. Economic grounds alone cannot justify a derogation under Article 59 MDR either.”
MDCG 2022-11, p. 3
But there seems to be something else in the works: the MDCG 2022-11 documents pretty explicitly hints at an implementing act under Article 97 (3) MDR in the works, putting the new market surveillance provisions and their harmonisation options in the MDR to good use:
“Also other mechanisms provided by the MDR in chapter VII (e.g. to deal with formal non-compliant products) will only be applicable for devices for which the manufacturer can demonstrate that he has undertaken all reasonable efforts to successfully conclude the transition to the MDR, including update of its QMS, in time. In this context, it is expected that the manufacturer has submitted an application to a notified body for certification in compliance with the MDR at least one year before the expiry date of the MDD/AIMDD certificate.”
MDCG 2022-11, p. 3
The reference to formal non-compliant products is a clear reference to the heading of Article 97 MDR, which provides in section 1:
“that a device does not comply with the requirements laid down in this Regulation but does not present an unacceptable risk to the health or safety of patients, users or other persons, or to other aspects of the protection of public health, they shall require the relevant economic operator to bring the non-compliance concerned to an end within a reasonable period that is clearly defined and communicated to the economic operator and that is proportionate to the non-compliance.”
Article 97 (1) MDR
Section 3 of Article 97 MDR provides the legal basis for the implementing act that seems to be under consideration:
“In order to ensure the uniform application of this Article, the Commission may, by means of implementing acts, specify appropriate measures to be taken by competent authorities to address given types of non-compliance. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 114(3).”
Article 97 (3) MDR
An implementing act is a streamlined way to implement non-essential elements of EU regulation, while still giving the Parliament and the Council a degree of control over the Commission proposal. This is especially the case of implementing acts under Article 97 (3), which are subject to the heaviest comitology procedure, the examination procedure. Implementing act procedures are described in my book in a fair amount of detail – I recommend looking at the commentary to Article 114 MDR if you want to know more.
Unclear aspects remaining
However, some aspects in the outline given in MDCG 2022-11 still remain unclear.
For one, it is unclear when an application ‘has been submitted to a notified body’, especially given the large number of applications deemed incomplete as referenced by the MDCG. An implementing act should solve the issue with respect to the quality of the application and perhaps the manufacturer’s track record. If the implementing act merely requires an application ‘in the door’ at least one year before 26 May 2024 I can predict that a lot of not very high quality applications will be received at notified bodies on 25 May 2023. Applications eligible for exemption should probably have been validated somehow by the notified body or the competent authority, like you would normally see with marketing authorisation applications for medicinal products. Also, since the competent authorities would effectively be orphaning devices after expiry of the (AI)MDD certificate, I would expect that they would only do this for devices with an exemplary vigilance and safety record. How else would you meet the Article 97 (1) MDR requirement that the device does not present an unacceptable risk? Someone needs to make that call. That means that we can also expect an implementing act to contain requirements similar to those for orphaning of devices when the notified body lays down service or collapses uncontrolledly. Maybe the implementing act exemption would be combined with an orphaning-like application at national level, who knows.
Also, I hear more and more that notified bodies delay the either signing of the certification agreement or of validation of the application, in order to surprise manufacturers that think that they are on board with a message that the notified body is not going to process their application after all. If you look at the MDR closely (Annex VII 4.3 1st and 2nd para) on this subject, it is not clear how the certification agreement and the ‘formal’ application relate to each other. It’s clear that you cannot have one without the other, but the chicken and egg problem (which comes first) is not resolved clearly in the MDR. Any implementing act planned should resolve this. This is also especially relevant because Annex IX 2.1 requires the manufacturer to commit to the notified body exclusively when the application is made, leaving the manufacturer without alternatives.
Another problem is that the implementing act should not leave manufacturers out to dry when they submit a timely good faith application, in which the notified body still finds a minor flaw and tosses out the application for its own load management purposes at a moment where timely application to another notified body is not possible anymore because all will be occupied. This is connected to another problem: where will the notified bodies get the capacity to quickly validate all these new applications that will inevitably find their way to them early 2023 and how to avoid that this leads to crowding out of new applications for new devices even more than is already the case? Already now I see an increase in notified bodies telling manufacturers that they will just not have the capacity to process their MDR application.
Yet another unclear aspect is for how long notified bodies and manufacturers could expect any exemption under an implementing under Article 97 (3) to last, because Article 97 (1) MDR requires that the exemption is limited in time. Theoretically this could be ‘for as long as the notified body takes to finish the process’, but perhaps the MDCG would like a qualified backstop date in there not to draw out the process indefinitely.
Finally, hair-splitting lawyers with a passion for constitutionally correct legislative procedure like myself could wonder if Article 97 (3) MDR indeed has a constitutionally sufficiently strong basis to put in place an emergency valve in the transitional regime for the MDR. I personally am not sure if the delegation set out in Article 97 (3) MDR indeed was intended to include this type of measures but was aimed at a more modest harmonization of national market surveillance policies. On the other hand we’ve seen crazier actions from a constitutional perspective than this to fix MDR transition problems, like the bail-out of the class I up-classified classifieds by means of a corrigendum in December 2019. If there’s one thing that the history of the MDR has shown is that when push comes to shove, everybody will play along and is willing to get very creative.
Consultation during the summer?
By the standards of the Better Regulation Toolbox initiative that the Commission has imposed on itself, also implementing acts are subject to consultation (see Chapter 7, p. 439). So please Commission, make sure to engage in consultation and don’t do it in the summer holidays but preferably before.
I’m pretty sure some things have been overlooked that could benefit from consultation. Skipping consultation altogether would be not very nice by the Commission’s own standards.
But what about new, innovative devices?
Will the expected draft implementing act or other solution do anything for new devices with new applications, in other words: the non-legacy devices? What we are currently seeing in real life is that a growing number of companies, especially SMEs, is not getting on board with notified bodies because they are refused for lack of capacity. In other words, is MDCG 2022-11 announcing that a solution will only be available to manufacturers with legacy devices?
The Dutch competent authority IGJ seemed to suggest in a recent LinkedIn post alerting the market about MDCG 2022-11 that manufacturers with other than legacy devices will not be part of the solution hinted at in MDCG 2022-11, while MDGC 2022-11 clearly addresses all manufacturers:
“it is essential that all manufacturers adjust their system, finalise transition to the MDR and apply to a notified body, submitting complete and compliant applications, as soon as possible and well in advance of the end of the transition period to ensure timely compliance with the MDR”
MDCG 2022-11, p. 3
This does not necessarily mean that there might not be a solution for them in the works as well, but it would be nice to have clarity on that, right?
If there would not be a solution in the works for these devices, this would be extremely unfair in my opinon. Not only manufacturers with legacy devices currently have problems with notified bodies handling their applications timely. In fact many companies, often small and medium-sized enterprises, do not get on board at all with notified bodies at the moment and would be disadvantaged compared to manufacturers with legacy devices, for which the applications under the implementing act would contribute to the crowding out of applications for new devices. More often than with legacy devices, these are innovative devices that can add a lot of value for patients – it’s called innovation.
I have immediately asked the Dutch authorities how they see this but silence on that end so far.
Time is of the essence
I understand from reliable sources that something is already in the works at the Commission, which is very good news. However, this also means that manufacturers that do not have a validated MDR application for a legacy device in the works at a notified body at this moment must understand that time is now truly of the essence. Count back with me:
Application must be made (or have been validated, we don’t know yet) one year before 26 May 2024 so by 25 May 2023 OR before the expiry date of the legacy device certificate (which may be sooner – 25 May 2023 is the very last date possible but your certificate expiry date may be sooner);
This means that in the best possible scenario you have until 25 May 2023 to have an application going (about 11 months from now) and in the worse case much shorter, depending on actual certificate expiry date. Can you have ship shape application ready in no time if you’ve been sitting on your hands playing chicken with the system until now? It’s going to be an exciting and challenging ride, I can tell you that much.
This means that if you still need to file for your MDR application, you are in the danger zone. Which is a zone of danger – and you might consider calling Kenny Loggins (more Archer puns totally intended). And what is your plan B and plan C if this fails? Scenario anyone?
Time is of the essence for the Commission too, because any implementing act will still take time to trickle through the comitology procedure and we’ll need something proposed more than ASAP if the industry and notified bodies are to be informed about their options in any way that is still somewhat timely and meaningful to do something with the options offered (see left limb in the below diagram for examination procedure):
The need for speed
We have an interesting summer ahead in which all manufacturers, whether with legacy devices or not, are in the danger zone.
So now it’s up to the brave pilots of industry regulatory departments to scramble whatever your company provides as operational jets (I know that not everyone can even hope for a latest version F-18 or better equivalent) and perform two miracles in a row like in that new Top Gun movie: first finalise your MDR applications in an impossibly tight time frame and then launch the applications into the notified body’s narrow application window in a veritable Death Star approach.
The same is true for the brave pilots at the Commission, who will need to scramble even faster to put the implementing act and/or whatever else is in the works according to MDCG 2022-11 together and shepherd it through the examination procedure because we will need to know where to go in order to be able to end up there.
And finally, there are the brave pilots at the notified bodies, who will be once again be pulling 9 G turns solving everybody else’s problems, having to see through the load of applications made in a transitional regime in which the goalposts keep being moved.
I hope everyone feels the need – the need for speed, because we’re is going to need it.
The MDR has been applicable for some time and the IVDR just became applicable.
The MDCG has, since both regulations entered into force, issued more guidance documents for the MDR and the IVDR in a few years than were ever issued for the old directives in several decades. Sounds like progress! High fives all around in the MDCG. Look at us crank out guidance by the truckload for all mankind!
Also, the effect of using regulations instead of directives and a more centralised governance structure like the MDCG would lead to a more unitary interpretation than before. And MDCG guidance helps for unitary interpretation! More progress!
But as always, it doesn’t matter so much what you have but it’s what you do with it that counts. I am seeing a disturbing and rather unlawful development in the way the member states in the MDCG impose guidance on stakeholders as binding rules, regardless of the huge disclaimer on every MDCG guidance that ‘any views expressed in this document are not legally binding and only the Court of Justice of the European Union can give binding interpretations of Union law’ (this is actually a legally incorrect disclaimer by the way, because all Union courts and competent authorities can give binding interpretations of Union law; the Court of Justice is the highest appeal instance in the Union for binding interpretations of Union law).
‘Binding’ MDCG guidance
The development that I see in relation to guidance is the MDCG’s tendency to legislate by means of guidance, and the MDCG member member states’ tendency to interpret guidance as ‘mandatory’, which means that they impose it on notified bodies and industry as ‘mandatory’. This, in turn, leads notified bodies to raise non-conformities against guidance itself, rather than against binding regulatory requirements or to flatout ever want to discuss an interpretation set out in MDCG guidance as an option and not a mandatory solution.
As a lawyer that hurts my constitutional feelings because it’s a constitutional no-no. It’s not allowed. If you want to make binding rules, you have to follow the procedures that we have for this in a democratic legal operating system like the EU. That’s rule of law 101. If you don’t, you add to the – in this case justified – criticism that Brussels imposes rules undemocratically. If the mandatory rules are unclear, make better rules and not guidance that is imposed as if it is binding.
European Court of Justice says guidance itself is NEVER binding
Do you know who else’s constitutional feelings are hurt by this? The European Court of Justice in Luxemburg, the end boss for interpretation of binding law in the Union.
The CJEU has ruled on several occasions in no uncertain terms that guidance on the interpretation of EU law as such cannot be a source of binding law, but can only assist in its interpretation. In each of these cases it concerned a EU institution or a Member State authority seeking to rely directly on EU issued guidance for interpretation of a legal standard, which prompted the CJEU to rule in the famous Chemische Fabrik Kreussler case:
“23. In that regard, it must be stated that, in itself, that guidance document drawn up by the Commission’s services, which is not one of the legal acts of the European Union referred to in Article 288 TFEU, cannot be of a legally binding nature or enforceable against individuals.
24. That is moreover apparent from that document, which states that it is not legally binding since only the Court of Justice has the jurisdiction to give a binding interpretation of European Union law.
25. As stated by the guidance document on the demarcation between the Cosmetic Products Directive and the Medicinal Products Directive in its introduction, the fact remains that, inasmuch as that document was drawn up by group of experts from the national authorities, the Commission’s services and professional associations from industry, it may provide useful information for the interpretation of the relevant provisions of European Union law and therefore contribute to ensuring that they are applied uniformly.
26. Consequently, the national court may, in order to apply the term ‘pharmacological action’ within the meaning of Article 1(2)(b) of Directive 2001/83, take account of that document. In doing so, it must nevertheless ensure that the interpretation thus derived was derived in a manner consistent with the criteria laid down by the case-law relating to the interpretation of European Union legal acts, including those concerning the division of jurisdiction between the national courts and the Court in the context of preliminary ruling proceedings.”
– The MDCG should/shall (pun intended, see below) not write guidance in the expectation of it being followed to the letter;
⁃ Member States should/shall (same pun) not impose mandatory literal use of guidance on notified bodies;
⁃ Member States themselves should/shall (still the same pun) not refer to guidance as a literal source of binding rules and impose them on stakeholders as law; and
⁃ Notified bodies cannot raise non-conformities directly against guidance only because guidance is not a binding rule.
A proper and legally correct finding of non-conformity cites the legal basis in the law (an article and subclause (if any) – not a recital), case law (because mandatory) and perhaps harmonized standards after a discussion why the solution offered by the manufacturer is not as good as the one in the harmonized standard. But the finding never refers only to non-binding guidance just because it’s practical for the competent authority or notified body. Non-binding guidance is, by its very nature, not a ‘requirement’ that a non-conformity can be raised against. ISO 17021 is pretty clear about that for notified bodies. It could only be seen as a requirement if there is a legal basis for it to be a requirement, which there is not according to the CJEU. Because if guidance it’s not as such a requirement, because it’s not binding.
One of the areas in which I think we are going to see more of this in the short term is the area of borderline products, for which the MDCG has just produced a shiny new MDCG guidance (MDCG 2022-5) that took years for member states to align on, so they will very likely try to impose this to the letter, regardless of the CJEU’s case law that says they don’t need to (e.g. the Lycocentre case). But that would be illegal, as was confirmed by the CJEU in – ironically – a case about guidance about borderline products and specifically about the interpretation of the concept of pharmacological action (Chemische Fabrik Kreussler, points 29-30). Rather, for each product the borderline needs to be substantiated, because
“products containing a substance having a physiological effect cannot automatically be classified as medicinal products by function unless the competent administration has made an assessment, with due diligence, of each product individually, taking account, in particular, of that product’s specific pharmacological, immunological or metabolic properties, to the extent to which they can be established in the present state of scientific knowledge.”
Using guidance as law definitely will also not pass the Commission’s own Better Regulation criteria. I certainly appreciate the need and wish of the MDCG (and the Commission, which actually chairs the MDCG) to operationalise the MDR and IVDR efficiently. I really do. But what I do not appreciate as a lawyer is to promote guidance to mandatory rules to compensate for unclear legislation.
But Erik, you are such a hair-splitting lawyer you may say. The MDCG guidances never contain anything but a fair reflection and practical operationalisation of vague concepts in the law. Well, that’s actually precisely the problem. Our legislation in the MDR and IVDR is often not specific enough because it was designed as a not necessarily complete framework that was good enough to start with and would subsequently be filled in by means of delegated and implementing acts. But making it more specific by means of guidance risks that requirements are provided in guidance that are not actually required by the law, which is exactly what the CJEU rules is unconstitutional because we have democratic legislative procedures to create binding legislation. This is exacerbated by absence of proper legal review / appeal options against notified body decisions, which is a more general legal problem perpetuated in the MDR and IVDR.
Example: I give you the double importer check in MDCG 2021-27 (question 7), which is literally nowhere to be found in the law, but is put in the guidance as something that importers should do. I raised this as imposing an additonal requirement without legal basis in a previous blog and subsequently the Commission confirms to me alone that it is in fact optional, not mandatory. Yet, this is not how the guidance puts it and how notified bodies may enforce this guidance against manufacturers. Based on how the guidance is worded, a competent authority may well use this as a basis for enforcement. This puts the finger exactly on the problem that MDCG guidance is not necessarily what the law prescribes.
Another example is the overly legalistic and frankly illogical interpretation interpretation of rule 8 regarding accessories to active implants in MDGC 2021-24 on classification. Because the AIMDD did not contain a separate concept of accessory, rule 8 of Annex VIII now states
“All implantable devices and long-term surgically invasive devices are classified as class IIb unless they:
— are active implantable devices or their accessories, in which cases they are classified as class III;”
Rule 8, Annex VIII MDR
Admittedly, this is not the best legal drafting ever seen in a regulation. However, this is a rule about implantable devices, in the implantable devices chapter of the classification annex of the MDR, and it would be entirely logical that it applies only to implantable accessories. Why? Because the implementing rules in Annex VIII that explain the logic behind classification state that
“Accessories for a medical device and for a product listed in Annex XVI shall be classified in their own right separately from the device with which they are used.”
Implementing rule 3.2, Annex VIII MDR
In other words, non-implantable accessories should be classified in their own right, and not automatically in the same risk class as the active implantable device itself. Yet, MDCG 2021-24 states that in scope of this rule are:
“Accessories to active implantable devices (with or without contact to the heart), be it implantable or non-implantable active or not: – torque wrench for implantable pulse generator / implantable cardioverter defibrillator – cables for programmer / pacing system analyser – magnet for Implantable Pulse Generator / Implantable Cardioverter Generator – programmer or an external transmitter intended for activating or controlling the implantable part of the device – implantable pacemaker leads”
Implantable pacemaker leads covered by a classification rule about implantable devices? Totally agree. You know why? Because they are implantable so it’s logical that they are covered by a rule on implantable devices.
Magnet or torque wrench? Baloney! These would be class I devices if classified in their own right, as they should be according to MDR classification logic under implementing rule 3.2.
The interpretation is not practical, it was not even initially chosen by notified bodies and is now imposed on notified bodies, some of which had to change their interpretation affecting certificates already issued. Does that serve patient safety better? Does it improve the performance of the devices concerned?
To put it euphemistically: I am not convinced at all that this is an improvement. So now we have class III magnets and torque wrenches. We get to do a PSUR for a torque wrench or a magnet. At least we can consult an expert panel with a proposal for clinical investigation (placebo magnets anyone? that will be fun in the cath lab). And we get to justify why there is no need clinical investigation for a magnet or torque wrench. It is kind of weird that you don’t need clinical investigation for an implantable wedge, screw, plate, etc., but you have to justify it for a new magnet or torque wrench. Again, is this logical? No. Is it conducive to device performance or patent safety? I don’t think so. Is it overly legalistic and does it create more red tape? Absolutely. And only because the notified bodies are ordered to apply this guidance to the letter, which – according to the case law of the CJEU – is blatantly unlawful.
And it’s not that the law cannot be amended to be more specific or precise: the MDR and IVDR are riddled with delegated responsibility for the Commission to propose amendments to make the law more practical or adapt it to current state of affairs by means of delegated and implementing acts. Also, when needed the EU has shown that it is willing to amend medical devices regulation even by corrigendum (also doubtful from a constitutional perspective, but no one was going to complain about it this time).
Should / shall
The frequent use of the word ‘should’ in MDCG guidance denotes that at least the good people at the Commission legal service know better than to say ‘shall’ in the guidance – they’re lawyers too, and very good ones at that. But they cannot help the MDCG enforcing should like it says shall. Maybe they should have a chat with the MDCG to explain this at some point… and then also rewrite the disclaimer for the MDCG guidances.
It is kind of cynical to demand literal application of guidance (“shall”) with a disclaimer on the front that says it’s not binding and contains optional rather than mandatory regulatory requirements and write in the guidance that you should (which is really different from ‘shall’), wouldn’t you say? It is really falling in the Platonic trap described in Plato’s Phaedrus dialogue in which Socrates warns against believing that something is true just because it was written down by someone thinking he knows what he’s talking about (Plato, Phaedrus, 275a-c). And this is the CJEU’s point: you may only assume this in case of actual law applied to the actual situation in view of an actual analysis of this specific product and all the other positions, for example those stated in abstracto in guidance, are always up for debate:
“the competent administration has made an assessment, with due diligence, of each product individually, taking account, in particular, of that product’s specific pharmacological, immunological or metabolic properties, to the extent to which they can be established in the present state of scientific knowledge”
But if you are going to treat guidance as binding rules / pseudo legislation, then some things should at least be provided which are baseline requirements for real legislation (so sort of best practice for binding rule making you could say):
a transitional period for the new rule or interpretation of a rule to apply; and
a process for quick amendment of guidance, where mistakes or other issues are identified (such as the importer double check non-requirement)
At present all MDCG guidance is always immediately applicable without any transition, which is totally frowned upon in case of new rules imposed in legislation. There are examples of MEDDEV guidance for which notified bodies were allowed to use a transitional period, so why not for MDCG guidance?
Well, I can think of one reason: because every MDCG guidance ever issued was already (way) too late for the transitional regime to have practical use and time is of the essence for the MDCG once they have finally managed to agree on a new guidance document, which may take years in some cases. Still, that is not an excuse for rule making that does not comply with basic principles of rule making in a democratic society.
The Platonic trap
So … let’s not fall in the Platonic trap of the MDCG guidances together, and assume that they are wisdom just because they were written down by other people and to believe that they are law even if enacted outside of the correct process for enacting binding rules. This wisdom is thousands of years old.
And moreover the CJEU says you don’t have to! Competent authorities and notified bodies owe stakeholders better reasoned decisions and non-conformities than basing them on a mere reference to guidance, even if they are in a hurry or if it’s not that convenient.
The MDCG owes us better quality guidance that is actually guiding rather than mandatory because it’s unlawful. And guidance that is actually guiding to solutions, not imposing them to the letter in a legalistic one size fits all. Not even harmonised standards and common specifications do this and they actually do have a legal basis for providing presumption of conformity.
Rather, let’s be logical and practical with patient safety in mind. Let’s use our thinking brains and not be overly legalistic, or – if we want to be – let’s have a proper legal basis for it. It’s not like we don’t have enough issues with the MDR and the IVDR.
UPDATE 6 June 2022
Silly me – I overlooked that even the MDCG itself has stated in MDCG 2019-6 that in relation to the use of guidance in accordance with Annex VII, 4.5.1 (see also Annex VII, 1.6.2 with a similar requirement to ‘take guidance into consideration’) that:
“For instance, in order to assess if the solutions adopted by the manufacturer are state of the art and in line with expectations, the CAB need to use the available guidance documents and standards. It should be noted that non-conformities will not be raised against standards or guidance but need to be phrased against legal requirements.”
MDCG 2019-6 Rev. 3 Questions and answers: Requirements relating to notified bodies, IV.11
Anyway, this underlines and confirms everything said above in this post. Except that it makes it even more problematic that notified bodies would be instructed to treat guidance as law and competent authorities refuse to discuss guidance as guidance.
Happy IVDR day my readers! My apologies for the low level of activity on this blog the last time. I’ve been very busy with MDR and IVDR work.
And of course I have been working hard on the second edition of the big book, the Enriched MDR and IVDR, which is nearing completion and will additionally cover regulation amendments, new guidance, amended guidance and other developments during the period of early April 2021 to the date of application of the IVDR. Hundreds of pages of additional content, outdated content revised, updated graphics, updated flowcharts, added flowcharts, added graphics, added tables – it was (and at the moment still is) a lot of work. When the content is ready we’ll do another InDesign pass for numbering and layout issues in the first edition, have it reviewed by the fabulous group of people that reviewed the first edition, and then we’ll have something interesting and worthwhile I hope. When, you ask? Well, soon. People that have bought the first edition have received a code for a reduction on the second edition. Competent authorities (not notified bodies) will get a free copy if they ask for it, just like with the first edition.
Something old, something new, something legacy
Happy IVDR day – the IVDR is now applicable and that means that the world will not be the same as before. As a result of the legislative change in January 2022 the IVDR has gone all out in legacy devices without an IVDD certificate during the staggered risk class determined grace periods, more so than the MDR. Given the relatively low number of IVDs that already had a CE certificate under the IVDD (and of course the low number of IVDR certified IVDs), becoming a legacy device has become sort of the rule under the IVDR.
As of now, the IVD world in the Union is devided in three IVD categories (see MDCG 2022-8 on legacy devices):
Old devices (devices placed on the market under the IVDD before the date of application);
New devices (devices placed on the market under the IVDR, regardless of the date of application); and
Legacy devices (devices with an IVDD CE certifcate valid past the date of application and IVDD devices with a valid declaration of conformity issued before the date of application).
Note that the IVDR applies differently to each of these three categories! So it’s pretty important that you know in which category your device falls. MDCG 2022-8 describes in quite a lot of detail what parts of the IVDR apply for what group of devices. Essentially it comes down to this:
IVDR parts applying
“IVDR provisions should generally apply if they do not directly impact the device, its documentation or the conditions for the placing or making available of devices on the market” (MDCG 2022—8) this means market surveillance (article 88-95 IVDR) as well as reporting and analysis of serious incidents and field safety corrective actions occurring after 26 May 2022 (article 82 and 84 IVDR)
Article 110 (3) IVDR requirements: the relevant requirements set out in Chapter VII of the IVDR on post-market surveillance, market surveillance and vigilance (see for much more detail on what these are exactly in MDCG 2022-8 and specifically its table annex – you will see that there is a lot of IVDR QMS elements and economic operator requirements that already need to be implemented or apply)
The whole enchilada of the IVDR
To determine if your device is an old device or a legacy device it is pretty important to get the details on placing on the market of the device right. Not a week goes by that I am not advising MDR and IVDR clients on placing on the market. It’s a complex and often misunderstood concept, as you can see in my discussion of it here.
A legacy device is not a walk in the park, as I’ve seen first hand being underestimated by manufacturers. Often the grace period was mistaken for a ‘delay’ in which the manufacturer did not do much, but this is mistaken. You should compare a legacy device to a large passenger airplane that is almost out of fuel: you want it on the ground safely as soon as you can, but landing a machine like that is a process that takes time. You do not continue flying at cruising altitude until the fuel gauge reaches zero and then hope you’ll magically find yourself safely on the ground.
Just before the date of application the MDCG released guidance on significant changes for IVDs specifically (MDCG 2022-6). Although on the rather late side, it was nevertheless useful to have this guidance for two reasons:
Operationalisation of the concept of significant change specifically for IVDs;
Some little steps of evolution in thinking on the part of the MDCG about formalities around significant changes.
In terms of evolution of MDCG thinking about signifiant changes there were two little gems in the MDCG 2022-8 document that stood out for me: one footnote and one little piece of text conspicuously left out.
First: in footnote 5 there is a significant statement stating in relation to the requirement that legacy device certificates must remain valid during the grace period:
“This does not exclude the possibility that during the transition period an EC certificate for the manufacturer’s approved quality system issued in accordance with Annex IV or Annex VII IVDD, which has become invalid, is replaced by a EU QMS certificate issued in accordance with Annex IX, chapter 1, IVDR, provided that the EC design examination certificate issued under Annex IV, section 4, IVDD or EC type-examination certificate issued under Annex V IVDD remains valid.”
This is an important statement because it shows that the MDCG thinks that is is possible to exchange an expired QMS certificate for a legacy device with a new QMS certificate under the IVDR. This is not only relevant for the IVDR but also under the MDR, since footnote 6 of that same guidance mentions that the MDCG 2020-3 guidance should be aligned with MDCG 2022-6, where needed. This makes me somewhat optimistic that this will also be allowed under the MDR now, as I have seen more than one client get in trouble because the legacy QMS certificate supporting a legacy design examination certificate expired or otherwise became invalid. This would be an important development because I have experienced notified bodies categorically stating that this is not possible. Well, now it is.
The second interesting point is an omission of which I hope that it is significant, concerning administrative changes that are allowed, specifically in relation to M&A or corporate reorganization. MDCG 2020-3 under the MDR stated that permitted administrative change is:
“administrative changes of organisations are considered in principle as non-significant. This includes changes of the manufacturer’s name, address or legal form (legal entity remains) or changes of the authorised representative.”
MDCG 2022-6 phrases this as:
“changes of the manufacturer’s name, address or legal form, including a merger or acquisition involving the manufacturer;”
Why is this relevant? I have seen companies structure M&A projects wrong in the way that the legal entity of the manufacturer did not ‘remain’ and suffer the consequences: notified body did not want to cooperate with certification of new legal entity become manufacturer for a complete business unit that otherwise remained intact. It seems that the leaving out of the requirement that the legal entity remains could (might) be reason for optimism that this requirements has been dropped, thus making asset transactions that involve a new legal manufacturer possible without triggering a significant change (dear devices unit of the Commission, if I’m wrong on this point, would you kindly correct me please?)
Then there is the substance on what is considered a change to the intended purpose or design of the device, specifically operationalized for IVDs in MDCG 2022-6. The below table is a combination of MDCG 2020-3 extrapolation and MDCG 2022-8 added wisdom setting out a non-exhaustive overview of changes that are prima facie candidates for significant changes, conveniently put together for you:
Change of what?
What makes it significant?
Example of significant change
Extension of intended purpose (limitation of the scope of the intended purpose is not a significant change)
– See also Chart A in MDCG 2020-3 and MDCG 2022-6 concerning change of intended purpose – Change or extension of patient population – Addition regarding what is detected or measured – Additional functions of the device (screening, monitoring, diagnosis) – Addition of specimen type(s) – For companion diagnostics: extension of associated medicinal product, of target population or of the tissue type – Change in assay type (e.g. qualitative to quantitative assay) – Change of the intended user (e.g. professional to lay user) – Change of operation (e.g. automatic to manual) – Change of specimen type(s)
Changes in design that alter device’s operating principle
– Change from immunofluorescence to enzyme-linked immunoasorbent assay (change from immunofluorescence to ELISA); – Change from immunochromatography with subjective visual detection to immunochromatography with detection by automated reader; – Change from high-performance liquid chromatography (HPLC) coupled with time-of-flight mass spectrometry to HPLC coupled with orbitrap mass spectrometry; – Change from photometric measurement into liquid chromatographic based or proton nuclear magnetic resonance spectroscopy (NMR) measurement; – Change from immunoturbidimetry measurement to colorimetric measurement.
Changes in design that affect the safety or performance and negatively affect the risk/benefit ratio of the device
– See also Chart B in MDCG 2020-3 and MDCG 2022-6 regarding changes of design or performance specification – Change of IFU to refer to reduced sensitivity of the device (based on PMS)
Change of ingredient or material that affects the safety or performance and negatively affects the risk/benefit ratio of the device
– See also flowchart D in MDCG 2020-3 concerning change of a material – Substitution of a chemical substance in order to comply with the REACH regulation resulting in an adverse impact on performance of the device
Change of ingredient or material that is essential for device’s operating principle
– See also flowchart D in MDCG 2020-3 and MDCG 2022-6 concerning change of a material – Changes of an ingredient or material that is essential for the operating principle of the device (primers for PCR; capture antibodies / antigens for immunoassay; detection marker (e.g. fluorescent, chromogenic, chemiluminescent marker) for chromatography) – Changes of an ingredient or material that adversely affect the safety or performance and that negatively affect the risk/benefit ratio of the device (substitution of a chemical substance in order to comply with the REACH regulation with an adverse impact on performance of the device)
– See flowchart C in MDCG 2020-3 and MDCG 2022-6 concerning software – New or major change of operating system or any component · new or major modification of architecture or database structure, change of algorithm – Addition of a new database with new content that is used to compare genetic assay results with – Required user input replaced by closed loop algorithm – Presentation of medical data in a new format or by a new dimension or measuring unit
– See flowchart E in MDCG 2020-3 and MDCG 2022-6 concerning sterilization – change of sterilisation method – changing a device from ‘nonsterile’ to changes in the design or packaging that adversely affect the sterility assurance or the effectiveness of the sterilisation (e.g. integrity of a seal).
In-house produced devices
There is another group of actors that is sucked into the IVDR, in kicking and screaming denial: the health institutions for the in-house produced devices. Kicking and screaming, you say, it can’t be that bad? Yes it is, I’ve seen from personal experience that this new group of addresses of the IVDR is mostly stuck somewhere on the low end of the Kübler Ross curve of acceptance of a dramatic situation that they did not choose for themselves, but on the other hand allowed to happen to them in all the worse ways because they never saw it coming and subsequently denied that it existed or downplayed the effort needed.
Specifically I’ve seen very vocal arguments for example that ISO 15189 compliance basically covers most of the gaps (spoiler: it most certainly does not) and more specifically, that ISO 15189 is an appropriate production quality system for devices (as required in article 5 (5) (b) IVDR), which it is not. Any person advocating that position is very welcome to engage me in discussion and point out to me where in ISO 15189 manufacturing quality management system requirements are imposed. I have not come across them in this standard, because the standard is not concerned with manufacturing quality but with testing quality and competence, which is not manufacturing quality. Lab activities, not manufacturing activities. It specifies how to set up and run a test lab and procure outside materials used in the lab for testing, but not how to actually manufacture tests. Receipt and storage of tests, yes. Acceptance testing of tests, sure. But not actual manufacturing of the tests! Fortunately MDCG guidance on in-house produced tests is imminent now, and we’ll see who is right on this point.
Article 5 (5) IVDR applies to in-house produced devices, which were not in scope of the IVDD, and imposes a ‘CE marking light’ regime on them, basically regulating in-house produced devices roughly speaking somewhat like class A self certified devices under national competent authority supervision (with optional national exemptions). However, that does not mean that the requirements are a light regulatory touch. For example, each in-house produced device needs to have documentation showing compliance to Annex I General Safety and Performance Requirements of the IVDR, which is a substantial regulatory task to complete.
In the January 2022 amendment of the IVDR some, but not all, of the regulatory deadlines for in-house produced devices were moved. This means that some of the requirements (actually the ones causing the most work) apply already, and since the IVDR does not grandfather the installed base, must also be applied to in-house produced tests that were developed before the date of application but still produced and used after the date of application. See below for my handwritten overview of deadlines (you need to put 26 May before each year mentioned):
So, regardless of whether health institutions are happy with these rules or not, the regime already applies partially and health institutions not meeting the requirements that already apply can be enforced against for non-compliance. They will also need to inform their liability insurance that they are applying non-compliant tests (if they are) and any incidents with patients suffering damage as a result of non-compliant in-house devices will normally be outside the health institution’s insurance policy cover. Maybe that is sufficient for hospital management to make this more urgent agenda item.
It’s funny with these things how stakeholders like to shoot the messenger rather than fix non-compliance in their own situation. I’ve actually been accused of raising these issues just to make money. How rude – it just shows powerless frustration about the situation.
Bye bye Switzerland – yet another Swixit, this time for IVDR
Completely as expected and right on schedule we received the Commission’s Notice to Stakeholders that Switzerland is out of the Union for yet another MRA (the one concerning the IVDD) and will not be part of the Union for the IVDR as of the date of application, which is quite unfortunate. Would you like to know the back story? Check out my analysis of the Swixit for the MDR. It’s a pity that Swiss politicians have sold the advantages of being part of the internal market to badly at home. But then again, this is something you can say about a lot of EEA and Turkish politicians too unfortunately.
The Swiss will fix their legislation to mimic the IVDR as closely as possible just like they did for the MDR, and hope for the best.
It shows that people that refer to the MDR’s and IVDR’s geographic scope as EU have mistaken conception of the scope of the geographic scope of the Union: the EEA member states (which includes all EU member states plus non-EU member states Iceland, Norway and Liechtenstein) plus Turkey, which is four more countries than the EU. So next time someone refers to the EU as place where the MDR and the IVDR apply you can ask them why they ignore Icelanders, Norwegians, Liechtensteiners and Turks.
So don’t sell the Union short please, people, and please stop using the actually pretty offensive term ‘rest of world’ to denote that you can’t be bothered to understand what is going on internationally. It is really not that complicated.
The capacity elephant
Whenever there is something to celebrate on a party there is also an elephant in the room, like an uncle that always gets just a little too drunk and ruins the party for everyone. In this case it is the notified body capacity elephant, which stands to put a serious dent in the IVDR project, regardless of the measures taken with the recent amendment. If you want to read and weep, you can read the updated (post amendment) Joint Implementation Plan for the IVDR. If you want your hair to stand up, read the recently published 2021 member survey of Team NB. It basically contains all the data that the MDCG says in the Joint Implementation Plan that they do not have. What do we learn from the Team NB document?
Well, first of all IVD manufacturers have not at all started to apply under the IVDR en masse. The IVD sector seems very much bent on making the same mistakes as MDR manufacturers, although the low number of applications may also be caused by the low availability of slots at notified bodies.
Another worrying development is that at least half of the submissions to notified bodies are incomplete. Apparently either notified bodies explain badly what they need, or manufacturers are bad at making complete applications. Either way, there is a serious disconnect that is costing everybody time.
Capacity, capacity, capacity is the theme. The notified bodies indicate that it will not be possible to issue a number of certificates under the MDR that is even close the number of still to expire in 2024. Team NB states ominously:
“There is a risk to the continuous availability of some device with expiring certificates in 2024. To avoid this risk, solutions have to be found as it will not be feasible to issue 14 063 certificates in a year.” [estimated capacity for 2024 is 6 300 per year]
Regardless of the recent change to the IVDR, the IVDR will be in the same boat by 26 May 2025, when the first grace period under the IVDR expires. With the number of notified bodies notified for the IVDR, and the speed at which this happens, I predict the exact same issues with the IVDR. At some point MedTech Europe had calculated that we needed a 780% increase in notified body capacity for the IVDR, while at this point we are still working to have the same notified bodies notified again under the IVDR, of which not all actually applied, and not even half of the applicants have been notified at this point. As we can see from the most recent overview of notified body notification process for IVDR, it will take quite a while before the next IVDR notified body will be notified. As you can see in the overview the next two notified bodies are stuck in the JAT CAPA review phase, which can easily take a year, and the others are not even at that stage. Not a good sign.
Happy IVDR day – there is a lot to do for industry, notified bodies, competent authorities and the Commission. Let’s not disappoint the health system and the patients!
After my blog about guidance document MDCG 2021-27 in which I argued why in my view it defines placing on the market wrongly by requiring transfer of a property right as a condition for placing on the market, a lot of discussion started.
I even received an email from the European Commission commenting on the blog post, explaining that the idea with MDCG 2021-27 was not to make any changes to any existing interpretation of the concept of placing on the market in existing guidance (and, by the way, that the importer double check with the manufacturer in case of re-importation under question 7 that I criticized as a new obligation was meant as a suggestion, not as a new obligation).
There were also people that helpfully informed me that the Blue Guide literally uses the words ‘property right’ in relation to placing on the market, so what was my problem? Some of them also defended the theory that it was only appropriate that (contrary to making available) placing on the market as a first logistic step into the Union would comprise a change of title/ownership but did not provide a good argument for why it would be appropriate – so my inner Shania Twain was not yet impressed.
Still, I could not parse why the concept of making available, which is nested in the concept of placing on the market, should be interpreted differently depending on the economic operator. I cannot find a good reason why ‘any (other) property right’ should be transferred to an importer, while ‘any (other) right’ would do for a transfer to a distributor. That just did not make sense to me.
I had not read the Blue Guide often enough – in other languages
Have I ever mentioned how much, in my experience, speaking several languages enriches my experience of the world? I am fluent in quite a few languages and can get by passively in a number of others. Suddenly it hit me: whenever someone says it’s in the text, better check if it’s in the text in all language versions of the text. In the EU we proceed from the principle that all languages in which official documents are available are equally important. So it may well be that the English text that most people seem to read as only source may actually not represent the guidance intended to be given by the Commission correctly.
And there we had it: I always tease people that they should read the Blue Guide more and then realized that I myself had only ever read it in English – clearly I had not read it enough myself either – not in enough languages! So I started checking languages within my command and quickly found out that the French and German versions of the Blue Guide indeed are phrased differently as to NOT require transfer of a property right for placing on the market.
See for yourself:
The German version of the Blue Guide formulates the sentence in the English version that contains the requirement of ‘any other property right’ as follows:
“Das Inverkehrbringen eines Produkts setzt ein Angebot oder eine (schriftliche oder mündliche) Vereinbarung zwischen zwei oder mehr juristischen oder natürlichen Personen in Bezug auf die Übertragung des Eigentums, des Besitzes oder sonstiger Rechte hinsichtlich des betreffenden Produkts nach dessen Herstellung voraus.” (emphasis added)
Blue Guide 2016 – German, section 2.3, 3rd paragraph
The French version formulates the same sentence as follows:
“La mise sur le marché d’un produit exige une offre ou un accord (écrit ou verbal) entre deux ou plusieurs personnes physiques ou morales en vue du transfert de la propriété, de la possession ou de tout autre droit concernant le produit en cause après la phase de fabrication.”(emphasis added)
Blue Guide 2016 – French, section 2.3, 3rd paragraph
As is evident from the above quotes in German and in French, neither of these versions of the text requires transfer of a ‘property’ right because both unambiguously speak about ‘any other right’. That is literally what “sonstige Rechte” and “toute autre droit” mean.
And this is fully consistent with how the Blue Guide defines making available, making the Blue Guide texts in French and German fully logically coherent.
As I checked more languages I found that also the Swedish version does not require a property right transfer either (“någon annan rättighet”, which also literally means ‘any other right’). But the Dutch, Italian and Spanish ones do refer to property right in this context.
CE in action – Confusion Everywhere! So now what – Germans, Swedes and French crazy? Others crazy? Who to believe?
European Court to the rescue
The European Court of Justice (CJEU) has seen issues like this before, because the EU translates a lot of documentation in a lot of languages, so inconsistencies are bound to arise occasionally, even though we have fantastic translation processes with extremely highly qualified translators that translate texts in the weirdest language combinations. A hat tip to you, dear EU institution translators! Your work preserves the treasure of European linguistic diversity and the cultural heritage associated. Too often I hear people speaking only one language say that all these different languages make things too complicated – I vehemently disagree with that. But I digress.
So how do we solve this puzzle of interpretation? The CJEU comes to the rescue. It has helpfully ruled in its case law (see for example C-558/11 Kurcums Metal ECLI:EU:C:2012:721 (para. 48)) that if language versions of a given EU text differ, you cannot automatically assume that one of them is correct and the other is wrong – there is no trump language for any official document. Or in the wording of the CJEU:
“It is settled case‑law that the wording used in one language version of a provision of European Union law cannot serve as the sole basis for the interpretation of that provision, or be made to override the other language versions in that regard. Such an approach would be incompatible with the requirement for uniform application of European Union law.”
C-558/11 Kurcums Metal, para 48
This is very logical indeed because no language is more important than another. So in our puzzle we have English version (and some others) versus German and French versions (and some others). In that case, the CJEU says, you need to chose the interpretation that best reconciles the text and purpose of the rules concerned. Or, as the CJEU puts it
“Where there is a divergence between the various language versions, the provision in question must thus be interpreted by reference to the general scheme and the purpose of the rules of which it forms part.”
C-558/11 Kurcums Metal, para 48
Obviously, (as I have defended in my previousblog) the most logical interpretation and the one best fitting the logic and meaning of the New Legislative Framework legislation described in the Blue Guide is that the definition of the MDR and IVDR defined concept of making available is interpreted consistently between its use as a standalone concept and its use as element of the MDR and IVDR defined concept placing on the market. Unless someone has a convincing argument about why this should not be the case and a reason why we do need a property right for placing on the market for an unknown reason – so far I have not seen any convincing arguments to that effect. The Commission seemed to agree with me on this point, stating to me that the definitions in the Blue Guide as such are not fully congruent.
Blue Guide may still be amended for this
The good news is that the 2016 version of the Blue Guide is (still) under revision, so this point can (still) be taken on board by the Commission in the revision process. Call me a silly nitpicker but I think it’s always a good idea that one of the crucial concepts of a broad legislative framework like the NLF is explained consistently in a crucial guide document and moreover in the same way in all language versions. If the Commission indeed decides to amend the Blue Guide on this point, there is no reason not to also amend 2021-27 to account for this as well – this is by the way also what the Commission told me that they indeed intend to do if the Blue Guide is amended this way. In the mean time, in my view, industry can rely on the interpretation offered by me based on the incongruence between language versions, which means that the English version cannot be considered to reflect the guidance given correctly. The French and German version provide (in my view) the better interpretation.
So, we will need to see if the Commission agrees that taking out ‘property’ right should be uncontroversial and the logical choice because it is actually in the Blue Guide already, depending on the language version that you read. My modest suggestion for the next Blue Guide edition: go for the logical interpretation across languages, i.e. making available does not require any ‘property right’ transfer, neither separately nor when nested in the definition of placing on the market.
Why is this so important?
You could wonder why I am making such a fuss out of this. Well, I am doing this because a correct interpretation of the concept of placing on the market is absolutely and utterly crucial for being compliant with the MDR and the IVDR. CE marking legislation revolves around this concept.
For example, the concept determines if a device is covered by a temporal exemption like the grace period under the MDR or not. And now with the amended IVDR (here is my blog about it, adopted version here) the majority if IVDs for the European market are also subject to grace periods. It determines qualification and obligations of economic operators. And much more – just do a search of where placing on the market pops up in the MDR and IVDR – you will be amazed. That’s why its importance for the MDR and IVDR cannot easily be overstated and why it is so important that it is interpreted correctly.