Last week the Commission released a new MEDDEV guidance document on authorised representative as part of the package announced at the beginning of this year and this one is disruptive, especially if you did not see it coming.
Step back: what is an authorised representative and why would you need one? The authorised representative is “any natural or legal person established in the Community who, explicitly designated by the manufacturer, acts and may be addressed by authorities and bodies in the Community instead of the manufacturer with regard to the latter’s obligations under [the Medical Devices Directive]”. You need one if “a manufacturer who places a device on the market under his own name does not have a registered place of business in a Member State”. So an authorised representative can be an internal or external function, depending how your company is organised. Some companies hire a consultant(cy) in the EU to be their authorised representative, others nominate a legal entity in their corporate group that happens to be established in the EU. EU law enables a manufacturer to delegate the performance of certain medical devices requirements to his designated authorized representative. EU law requires an authorised representative so the authorities can address the authorised representative for the purpose of post marketing surveillance with respect to the devices concerned. There is more, but that’s described in a lot of detail in the MEDDEV and it’s not new.
Now, what is new about this new MEDDEV? First, there are the requirements that are expected for authorised representative agreements of which I am very sure that almost no authorised representative agreement in place in the EU meets at this moment. Secondly, there is the ‘supervision’ of these agreements, which is delegated to notified bodies.
As to the first point: the MEDDEV makes it clear that the relationship between the manufacturer and authorised representative is one of delegated powers, which means that the authorised representative is expected to step up and exercise these powers with a certain degree of independence. Below are the items that the member states authorities expect in an authorised representative agreement. This has consequences for agreements currently in place, because from my own experience with authorised rep agreements I know that almost none of the agreements out there complies with the requirements that follow below that I have put in a bit stripped down language for easy reading:
authorised representative is obliged to inform the manufacturer of
- decisions of a Member State in respect of refusal or restriction of the placing on the market or any making available or putting into service of a device;
- incidents brought to his knowledge.
manufacturer is obliged to inform the authorised representative of
- all matters that may be connected to the devices placed on the EU market.
Division of responsibilities
Relation between manufacturer and AR / flow of information
– “The authorised representative should be able to assess whether the manufacturer has the ability to fulfil his regulatory obligations. In order to carry out the assessment the authorised representative should have access to the technical documentation.”
– “The authorised representatives should be in a position to verify that the required information / documentation exists with their manufacturer and that the necessary processes (e.g. for post market surveillance) are established.”
– “The authorised representative must possess appropriate knowledge, expertise and resources to assess and verify the above.”
– “A Member State must be able to assume, when it addresses an authorised representative, that it will receive all the information that it requests.”
Information to be provided to authorities on request
– “A Member State can expect an authorised representative to provide on request the following information:
i) Declaration of conformity,
ii) Copy of the label, packaging and instructions for use (in all languages requested by the countries where the device is marketed),
iii) Notified Body certificates (where relevant),
iv) Post market surveillance process and data, vigilance reports and complaints, processes and data,
v) Technical documentation relevant to market surveillance investigation being undertaken by the Member State,
vi) Relevant clinical data / notification,
vii) Details of any distributors / suppliers putting the CE marked devices on the market,
viii) Incident reports and reports on corrective actions taken.”
Disagreement and non-compliance
– “In the event of a disagreement, where the authorised representative considers that the manufacturer is not complying with the requirements of the Directives, it has a duty to communicate this to the manufacturer. If the disagreement continues, the matter should be submitted to the authorised representative’s Competent Authority for decision. The authorised representative may opt to rescind the contract.”
– “In the event of a clear non-compliance by the manufacturer that could engage the responsibility of the authorised representative and which the manufacturer refuses to correct, the authorised representative has the right to rescind his contract with the manufacturer. The authorised representative has even the obligation to rescind the contract if the non-fulfilment of the manufacturer’s obligations causes him to infringe national law. It should then notify his Competent Authority and the manufacturer’s Notified Body of this.”
This last quote is what member states expect from the parties involved. I really wonder how they see this applied in practice: they want an authorised representative to act contrary to national contract law based on – yes indeed – the non-binding guidance that a MEDDEV is. Apparently they rely on the fact that an authorised representative would be able to defend itself in court by arguing: “I had to break my contract based on an obligation in non-binding EU guidance”. That could lead to the following conversation. “Is there a basis for this obligation in the law? Does the Medical Devices Directive require member states to implement this in their contract law?”, the court would ask. “No, but the Commission says in a MEDDEV that the member states expect it”. “OK, so it’s expected says someone else, even an obligation, and there is no legal basis?”, the court would reply with a question and subsequently order damages and/or specific performance on the part of the authorised representative. Everyone would be the richer for an interesting experience, but you can’t create an enforceable obligation with a MEDDEV as the law now stands.
Would a court act contrary to the principle of Community loyalty enshrined in the EU treaty if it just applied its contract law in this case as described above? I am not so sure as there is no legal basis in the medical devices directives to resolve this conflict. Another question is whether the authorities and notified bodies would help an authorised representative in a scenario like this, e.g. would the authorities intervene in a contractual dispute between a manufacturer and an authorised representative? I think that is very unlikely. So, although this looks nice on paper, it is set up in a way that is asking for trouble from a legal perspective.
Another interesting item in the MEDDEV is the supervisory task that is now specifically put on the notified bodies: “The Notified Bodies should verify that a manufacturer who does not have a place of business in the EU, has designated an authorised representative and that the appropriate contract demonstrating delegation of appropriate responsibilities is available.”, says the MEDDEV. Those are a lot of ‘appropriates’ in one sentence. Again, there is a problem that jumps out to me as a lawyer: how will a notified body (who are not lawyers) determine if a contract is ‘appropriate’ and divides responsibilities ‘appropriately’? If the expected criteria above are the criterion, a notified body would need to do legal due diligence on the contract. I have a very well-founded suspicion that notified body auditors are not well equipped at the moment to assess control over subcontractors in subcontractor agreements and do not engage in-house or external lawyers for this, so it is fair to say they are not well equipped to assess the appropriateness of the authorised rep contracts either. This might be a point of improvement for notified bodies – they can also always challenge the manufacturer to explain its contract to the auditor but then the auditor must still be able to understand it.
If you are manufacturer, you should review you authorised representative agreement(s). Otherwise your notified body should challenge you for non-conformity if they find the agreements that are the market standard currently. Authorised representatives should think about how they will exercise the extra responsibility they have now and how to carve out the freedom to do so in their agreements. And notified bodies should think about how they will assess the appropriateness of these agreements. That means lots of homework for everyone. Need help? Let me know.
Erik, thank you for this article.
What I observe is that ever since the Medical Devices Directive is out of the control of DG Enterprise and under the control of DG Sanco, it is slowly but surely moving away from the principles of what used to be called the “New Approach” (now New Legislative Framework or NLF). With the adoption of Decision 768 and the NLF, the EU had the intention to harmonise the differences in the New Approach directives that were the result of 25 years of development of the system, and the enthusiastic “we know better” of specific sectoral divisions within the European Commission. Now it is DG Sanco that is starting to go in it’s own direction. Decision 768 is very specific about the responsibilities of the economic operators, including the manufacturer and the authorised representative. I conclude after reading your article that the meddev is not in line with this legally binding document, and that is introduces new, unwanted responsibilities. I will watch with great interest to see if the EU Member States are going to accept this interpretation.
DG Sanco seems to have the idea that they can turn the authorised representative into a non-paid market surveillance extension. Non paid, not quite? Paid by the manufacturer, that is. Besides the legal arguments you already gave in your article, I have moral objections.
The most important question that remains, in my view, is what problem is DG Sanco trying to solve with these interpretations?
Dear Han, I agree with your observation that the authorities are requiring things from the AR that do not follow from the regulatory logic of the NLF. It fully fits the picture of turning notified bodies into police with the unannounced audits recommendation. In the end this all happens because member states are passing the buck of surveillance to private parties because they do not manage to dedicate sufficient resources. In the Netherlands we have the sad situation that there are more inspectors for animal welfare than for medical devices market surveillance. In the end, it’s all about political choices and a degree of understanding of the legislative framework and member states’ dedication in both is often lacking I find.