What to expect for 2019 with MDR and IVDR implementation?

Hannibal A team MDr IVDRRemember the CAMD Roadmap (dating back to end 2017) that promised us a roll-out of MDR and IVDR items that were sometimes even marked ‘high priority’ and how that lifted our spirits (at the time)? Remember how this was supplemented with the Rolling Plan, which promised the roll-out of all roll-outs for 2019?

I have great news for you! All action items under the Road Map and the Rolling Plan were just magically delivered!

Oh no, scratch that. Silly joke and way too easy. The Rolling Plan was updated but no delivery of additional items yet. Sorry…

Yet, a lot is happening and a lot is scheduled or bound to happen in 2019 – fasten your seatbelts: here we go.

Updated rolling plan

The updated Rolling Plan was published on 19 February and provides updated timing and next steps for the development of implementing regulations and other actions/initiatives (see here for a nice overview by Medtech Europe):

  1. MDR Annex XVI products without an intended medical purpose: Consultation on draft text of common specifications in Q1 2019 now; dates for finalisation has moved up to Q1 2020.
  2. Scientific bodies’ (i.e., expert panels, EU reference laboratories and expert laboratories): For the various implementing acts the surveys are now marked as ‘finalised’ (as in December 2018). Only change: the move into drafting stage for the act on expert panels.
  3. Eudamed: still under construction – EUDAMED for PMS and clinicals may be only partly available or not at all by the date of application.
  4. Communications campaign: Documents slowly trickle in on the new dedicated website and library; public awareness initiatives underway.
  5. Medical Device Coordination Group (MDCG) subgroups: the evaluation of the applications is still ongoing, new MDCG subgroups are expected in Q1 2019.
  6. EU Medical devices nomenclature – the Commission is currently finalising its assessment in the view of a final decision to be taken by Q1 2019.
  7. Notified Body designation: 42 applications received by the EC, 3 further joint assessments scheduled (apart from the 25 already carried out).

Everything else stays the same. Summary: everything not delivered so far will be delivered in 2019 and if it isn’t delivered in 2019 there is a problem. Except for Eudamed, which is scheduled for March 2020 still, but in less functionality than originally expected. You’ll be able to enter your your devices though – hopefully.

Don’t mention the Brexit

Except that we must – the EU27 national authorities are now giving their own individual interpretations of what a Brexit scenario entails for labelling and placing on the market of products and it does not look pretty.

The Dutch authority has for example said that NBOG 2006-1 is out of the window and companies must amend their labelling per Brexit date, if necessary by means of stickering (which, as the drama in UK Parliament continues and everybody has lost patience with all the political posturing and delaying, may well be end of this month). This uncertainty is not a happy place to be in for companies selling medical devices.

Yes dear readers, the word you are looking for starts with ‘cluster’ and rhymes with ‘duck’. It shows us what a special breed of extraordinarily responsible persons politicians can be. We will miss the MHRA though, and all the good work they did in driving many of the MDR and IVDR work items at EU level – I personally am sad to see them go.

Upcoming corrigendum

Schermafbeelding 2019-03-10 om 13.46.28There is the interesting matter of the MDR and IVDR corrigendum coming our way. This publication is supposed to fix the mistakes and inconsistencies in these regulations and is a normal instrument for the EU that is regularly used for regulation that turns out to have mistakes in it. The big speculation of course is whether other things are changed too. While this is constitutionally not possible (as we would need to follow the legislative procedure for amending legislation for this) it may be that nevertheless some things will be sneaked into the amended texts.

I have seen a glimpse from what the corrigendum will contain in terms of non-corrections. The French competent authority ANSM published a report from a meeting with industry in which it went on the record that:

“The Commission has prepared a corrigendum to the regulations on MDR and IVDR to be presented to the Council and Parliament. In addition to simple editorial corrections, it is proposed to extend the transitional measures to Class I devices that require the use of a notified body (NB) or Class I devices that change class under the MDR, in order to avoid overloading NBs. While a large majority of the competent authorities are in favour of this measure, there are differences as to its legal form.
SIDIV asked whether such a measure was being considered for IVDs. For the time being, this is not the case, as the IVDR has a 5-year application period from its entry into force.” (my own translation from French)

If things happen this way (big if) then this would be big break for the struggling class I devices companies (like for example software) that I see have great difficulties finding notified body capacity for the MDR (because – duh, not there yet). I am personally not sure what the corrigendum will look like in the end, because the process is rather secretive and will likely be subject to some last minute politically motivated course corrections.

The ANSM report also confirms the difficulties that many companies are having with their notified bodies (which I have flagged repeatedly) and states that this is a grave concerned of ANSM. ANSM also confirms the widespread nature of notified bodies failing to meet their obligations throughout Europe, invites industry to notify it of any such practices and states that the Commission has been advised of this.

Upcoming guidance and implementation

Expect more guidance being delivered this summer. By mid-2019:

  • Guidance on vigilance (maybe earlier than summer)
  • Guidance on software
  • Guidance on classification
  • Guidance on clinical evidence

Further guidance is under preparation:

  • Guidance for substance-based devices
  • Common Specifications on Annex XVI (consultation ongoing at the moment)
  • Common Specifications on reprocessing (as well as Implementing Act)

Delivery of all of these items would allow for some good progress to be made under the CAMD Roadmap, so fingers crossed!

EMA guidance on combination products

The EMA has recently released a new guidance note on combination products in relation to the MDR and IVDR. As the EMA explains, important stuff because one in four centrally authorised medicines contains a device component. This first guidance note focuses on article 117 Directive 2001/83 because (yes it’s true) the MDR and IVDR amended the Medicinal Products Directive and applications for a marketing authorisation of a medicinal product with an integral medical device submitted as of 26 May 2020 must comply with the requirements of Article 117 of Regulation 2017/745. Article 117 MDR does not affect existing MAs for combination products but if there is a substantial change to the design or intended purpose of the device component, or a new device is introduced, after authorisation any required certificate/declaration of conformity/NB opinion should be submitted (as appropriate) to EMA/NCA as part of the variation/extension application.

The guidance will be continuously updated with new questions and new answers.

Eudamed specs

The Commission published a first draft version of the Eudamed specifications. One of the interesting things for me was that it became clear to what extent the database is open to the public. Section 8.2 of the document sets out the database fields that are available to the public: economic actor details UDI/device details, certificate and notified body details, information concerning clinical investigations (including reports and summaries), vigilance data and PMS information and market surveillance details. Confidential information will not be made public in these fields but to me it is as yet completely unclear how that will be arranged – the document refers to use of summaries and hiding of confidential data but that is not very precise. With respect to vigilance data the document states:

“To determine [what data remains confidential], it is to be defined what vigilance and post-market surveillance information could be available to the public. As long as there is no agreement among MS and with the Commission, these data will not be publically available.”

It will be interesting to see on what level of publicity this discussion will land. I hope that the Commission and authorities realise that there is legislation for personal data (GDPR) that is relevant to situations where there are small groups of patients concerned, and that too far going publication may negatively manufacturer willingness to report, as vigilance reports may often contain confidential details about devices.

More Eudamed and UDI related news: the designation of UDI issuing entities is expected by May 2019.

2019, the year of soft transition deadlines

Finally, 2019 will be the year of re-certification under the old directives one more year to benefit from soft transition. If you are planning to use this option, notified bodies are going to ask you to submit an application somewhere this year. Some are very clear about their deadlines (BSI has for example said end of Q1 2019), while others may be somewhat more flexible.

So 2019 will be the year of choices: are you going for recertification or the new regulation certificate, and in the first case: how will you not miss your window? The closer to May 2020, the busier the notified bodies will be with the MDR certifications, and they want the (AI)MDD re-certifications done before that time. Do not count on being able to do (AI)MDD recertification as in 2020, unless your notified body is very very confident that they have the capacity to do this.

schermafbeelding 2019-01-06 om 20.28.45

Finally a podcast

Feeling a bit overwhelmed by all this detail? In that case zoom out to the bigger picture and hear about the background to these new regulations on the Medical Devices Made Easy podcast.

Don’t give me Brexit problems, give me Brexit scenarios

so-long-farewell-and-auf-wiedersehen-goodbyeAt the moment I spend a considerable amount of my lawyering time answering questions concerning Brexit problems. My first question back to the company is: what are your Brexit scenarios? Did you make a plan to cover the scenarios and follow through?

Often the answer is “no, we don’t have a plan, because we don’t know what the Brexit will turn out to be.” If your company is stuck in this groove the good and bad news is that by now you have pretty much run out of options to take meaningful action to manage a no-deal Brexit, because that is scheduled for end March. Yes, next month. Pretty soon. Around the corner so to speak. 33 days from today. That’s really close.

In the mean time the UK is not a single step closer to accepting the separation package agreed with its negotiators in December last year, and things are getting more complicated with increased political fragmentation in the UK parliament. Other EU member states are explicitly warning the UK now that they have tossed the steering wheel out of the window and are flooring the accelerator with having delayed the vote about the Brexit package until 12 March:

img_1680

So maybe you still think now that a no-deal Brexit is a scenario with a degree of possibility that is worth planning for. That’s fine. I’m also quite sure that there were at least some dinosaurs that did not think that this huge meteor in the sky merited any further attention.

Reality doesn’t care whether you sink or swim

Reality really doesn’t care about whether what is happening is fair or not. Nature is not a moral theatre. The interesting thing about reality is that it has a nasty habit of just moving along, whether you like it or not. Even if you don’t paint yourself in a corner, reality may move the paint steadily towards you leaving you increasingly out of options. That is precisely what I see happening with a lot of medical devices companies at the moment. They wait and see while the paint creeps towards them, reducing their options by the day – literally.

Maybe the company has a Regulatory Cassandra or two doing their Cassandra thing, but we all know how these things work – management is usually not that concerned about things that are more than three months in the future. Why would they be? “It’s only core business, so how can that be important to the company?” I often say to management that is adopting a wait and see strategy for the MDR, the IVDR and/or the Brexit. And then management is not so happy with me. The Brexit only started almost two years ago.

Philosoraptor comet Brexit

So what can you still do?

So what can you still do? It’s never too late to do something. You can at the very least look at the checklist that the EU provided more than a year ago for CE marked goods:

  • Is my notified body in the UK without options to recertify in their EU27 counterpart? If so, then your certificates expire in case of a no deal Brexit and that has the consequence that you need new certificates, which you will need to get elsewhere.
  • Do I have an importer in the UK? If so, imports may become an issue after the Brexit, because the importer is not importing into the EU anymore.
  • Do I have an authorised representative in the UK? If so, move it to the EU27 because after the Brexit the AR is not in the EU anymore as required for an AR.

If the answer to any of these three questions is yes, action is required, unless of course you like moving all your chips to red or black and spinning the roulette hoping for a no Brexit.  If you are the roulette type, read no further. If you are not, consider the following questions:

  • Do I have bridging stock in the UK and in the EU? It may already be too late to ramp up production to produce bridging stock, but you can still move stuff around. Plan for the UK to recognise the CE mark post Brexit for at least some tome (which it announced it will do), but not necessarily the EU recognising CE marks of UK notified bodies post-Brexit. Emergency measures may be taken, but they also might not be taken. Maybe only for essential devices, which your device might not be. Also think about the other things that might happen that may make it harder to move stuff around between the UK and the EU, such as customs requirements. Even if you do not have bridging stock, see how much product you can place on the market in the EU27 before the hard Brexit that may invalidate your certificate. Placed on the market is the safe place to be.
  • What is the lead time for putting alternative market access routes in place? In other words – how quickly can you obtain new CE marking in the EU27 for the devices CE marked by UK notified bodies? Do you have contacts with a notified body that can still effect a voluntary transfer before the end of next month (probably not)?
  • Also, the Brexit may affect all kinds of activities you have in or with the UK, such as import, production, parts or raw materials suppliers. See for every conceivable notice here. Better make sure that you manage those dependencies too.

In the mean time the UK has published its new design for product marking that will replace the CE mark upon a no-deal Brexit: “CA UK”. This will replace the CE mark and will be the mark resulting from the UK applying legislation post-Brexit that will very much look like the MDR and the IVDR. Or maybe they will do something else – they are on their own and rumour has it that regulatory competition will be an important selling point for the UK post Brexit.

Re-labeling for EU27 notified bodies

The Commission published another notice on 1 February 2019 with Brexit Q&A for industrial products  that confirms the above action points. But it also address the thorny question of relabelling of medical devices with the new notified body number (and don’t forget other relabel items such as authorised representative). Under heading D of the Q&A the Commission clarifies that there is no escaping relabelling when certificates are transferred to an EU27 notified body pre-Brexit (the certs are technically not transferred, because the new notified body issues new ones but anyway). Two important points:

  • The transfer of certificates from a UK Notified Body to an EU-27 Notified Body needs to take place before the withdrawal date (in case of no-deal Brexit 29 March midnight CET), on the basis of a contractual arrangement between the manufacturer, the UK Notified Body, and the EU- 27 Notified Body.
  • no need to change the Notified Body number for products already placed on the EU-27 market or manufactured before the transfer of certificate has taken place and not yet placed on the EU-27 market. However, products manufactured after the transfer of the certificate has taken place should be marked with the new EU-27 Notified Body number and it will not be possible to continue to use the UK Notified Body number until the end of the validity of the original certificate issued by it. 

In practice it turns out that it rather depends on

  • the EU27 notified body what transfer process they can offer, as not everybody’s competent authority is minded to allow their notified bodies to offer a swift transfer process, while some do. This difference in my view is kind of nuts, because we have the NBOG that is supposed to oversee consistency on this point. Apparently the NBOG competent authorities are not really aligned on this.
  • the UK notified body transferring what they can agree to in terms of moving the certificates to the EU27 notified bodies. Some of the UK notified bodies are very hard to work with at the moment, which makes agreeing to a meaningful transfer kind of problematic.

If you are confused and angry with your UK notified body not picking up the phone or answering email anymore (it happens), or just being too busy to even schedule a necessary audit in time to save your certificate (happens too), you are running out of options. Your only meaningful option is to approach an EU27 notified body that is willing to work from its end to see what it can do with the unresponsive UK notified body. And hopefully the competent authorities will have some kind of plan in case it completely goes south on 29 March, but so far they have been keeping their cards close to their chests.

As I’ve said on more than one occasion, it would be so helpful if competent authorities would be more concerned with the quality of notified bodies administrative practice. Issuing and surveillance of medical devices certificates is delegated state authority and we seem all happy to allow notified bodies to apply a standard that we would never ever accept from a government agency, not even from tax authorities.

First notified body EU MDR designated!

unicorn bsi2BSI reports that it has achieved designation as UK notified body for the MDR. So far, it’s the first notified body to appear in the NANDO database with an MDR designation – see here for scope and here that it’s only BSI so far for the MDR (the last link is a dynamic reference to NANDO so more may appear later). The notification appears to have made before Christmas (the date in NANDO is 20 December 2018), but it always takes a few weeks to appear in NANDO.

Hurray!

This first designation is excellent news, because it shows that the designation process can deliver at least one MDR notified body. Apparently that was not enough highlight for the Commission to list it on its medical devices website or issue a press release about, but whatever – I think it’s newsworthy.

No notified body has been designated under the IVDR so far. Yet, BSI and some others did apply for MDR and IVDR simultaneously, but as is clear from the Commission’s JA status overview discussed in my last blog, the focus so far has been on the MDR. IVDR designations should hopefully follow soon as the first JAs were MDR related. Maybe also  IVDR capas take longer to correct, or notified bodies took longer to correct them and decided to focus on the MDR instead at this moment (which makes sense too).

Wait what Brexit

Less good news is that no EU27 notified bodies were accredited yet. If the no-deal Brexit that is becoming more likely by the week proceeds by end of coming March as the UK politicians decide to throw their economy under the bus, then this new MDR notified body capacity will be immediately lost again to the market. A no-deal Brexit would mean that the new UK MDR designation would not count for the EU27, unless at least something of a deal addressing the status of UK notified bodies for industrial goods is made. As said, at this point every possibility is still on the table – according to Tony even a second referendum to reverse the whole circus.

With this cloud hanging over their designation, BSI announced that they “will very shortly confirm when we will commence taking applications to the MDR.” That sounds very prudent, as the Brexit can put a serious stick in that wheel.

BSI’s Dutch notified body achieved designation under the directives as a first step to hedge for Brexit but is not yet designated under the MDR or IVDR. Hopefully that designation is also in the pipeline, as well of the designations of other notified bodies.

Stay tuned

for further developments – the next couple of months will be very very interesting for the medical devices industry with interests in the EU.

 

MDR and IVDR in 2019: up or out, sink or swim

sink or swimHappy new year and welcome to 2019, a truly decisive year for the medical devices industry with interests in the EU. If you haven’t spent any time so far getting ahead of events relating to the MDR and IVDR, this is the year that reality will start catching up with you. This year will determine if a manufacturer goes up, or potentially out.

Why is 2019 so important? Read on, and you’ll agree with me that it is. First, take a look at the below diagram with the transition timelines, to which I have added my own embellishments (the red and orange rectangles):

schermafbeelding 2019-01-06 om 20.28.45

IVDs

IVD companies will be like: 2022 – so far away! Actually – no. 85% of the IVDs will need to be evaluated by notified bodies compared to 7% currently under the IVDD. This means that 85% needs to be IVDR certified by a notified body and that 78% of the IVDs on the market need to be CE certified by a third party for the first time. This will need to happen by notified bodies that have not been accredited yet (and will be much fewer in number than under the MDR), in accordance with new and stricter rules for performance evaluation. I bet that most of the technical documentation for currently self certified IVDs is a big leap away from where they need to be. IVD companies routinely forget that the IVDR impact on the IVD market is much much bigger than the MDR impact on the medical devices market and the notified body bottleneck much bigger. More on that in follow-up IVD specific posts. One thing at this point already: IVD companies should be well underway with their remediation in 2019, because the soft transition period is two years shorter, so in the end they must be fully compliant with the IVDR at the same time as the general medical devices must be compliant with the MDR.

“One Year of Application” – notified bodies’ perspective

Even the biggest optimists that like to shroud themselves in a cloud of mystery (the notified bodies) have started having open reservations about the regulatory system coming together. Team NB and NB-Med published a note “One Year of Application” in December 2018 that confirms the concerns I’ve been reporting about on this blog:

  1.  Implementation period, May 2017 until May 2020, is too short for all stakeholders, taking into account that many details for both, manufacturers and Notified Bodies, are still under discussion 
  2. Missing Guidance Documents enabling clear interpretation of specific requirements 
  3. Unclear process behind the divergent opinions from the Joint Assessments 
  4. Unharmonized interpretations of the Joint Assessment Teams and the various member states 
  5. Capacity shortage for some medical device codes 
  6. Workload for two legislative frameworks running in parallel for a period of time, from May 2020 until May 2024

In that note notified bodies state loudly and clearly that

  • we have to count on not all products and manufacturers being certified under the MDR in time,
  • capacity to renew (AI)MDD certificates for soft transition is limited (I read between the lines: ‘also possibly insufficient to renew all certificates timely’)
  • it is not certain that all required class I R certificates (class I reusable instruments need a certificate under the MDR) will be granted in time because no notified body has been accredited for this yet.

Another interesting publication from Team-NB is the press release of 18 December “Surveys on MDR designation process steps”, which provides an update as to where the 22 Team-NB notified bodies that provided information are at present in the designation process:

schermafbeelding 2019-01-06 om 12.56.26

The 22 Team-NB notified bodies are joined in the process (as per end November 2018) by 6 more non-Team-NB members that we know of, as per the amended joint assessment overview published by the Commission in December 2018. This overview states in relation to scope coverage “overall, the entirety of MDR and IVD codes”, which in my lawyer interpretation engine means: not everybody applied for full scope, and probably more than one did not. This makes it important for everybody to know if your notified body applied for the codes that you need.

This shows how (as I reported on this blog) incredibly over-optimistic to the point of being misleading the Team-NB notified bodies were around 26 November 2017, the date that the first applications for designation could be handed in – saying that all of them would immediately apply. It now mysteriously turns out that, for example, the Turkish notified bodies could not even ever apply for designation as Turkey has not transposed the MDR so far and two others have not even handed in their application. Yet, Team-NB was very sure at the time that all members would apply immediately on 26 November 2017, full scope. Scope is another question. While Team-NB says in the One Year of Application note that “All scopes, MDR and IVDR, are covered by the applications. Not a single product scope stays untouched.” I am not sure at all whether this can be interpreted as “every team NB member has applied for full scope MDR and IVDR and will be designated for it”. As “the expectations of the Joint Assessment Teams on resource qualification is dramatically increased compared to the requirements laid down by previous directives” it is by no means sure that notified bodies will come up short for designation (see One Year of Application note), or will have to drop specific codes from their application for which they do not have enough staff.

What is more: this data does not represent all Team-NB notified bodies and (by number) not the half of the notified bodies for the (AI)MDD (22 of 57 for MDD), which leaves big questions about the long tail of smaller notified bodies as the bigger ones are Team_NB members. Given that 6 more applied (and I’m assuming that there were none that applied for IVDR only) this means that 28 out of 57 MDD notified bodies applied so far. Less than half of the total number still. If you are with a notified body that has not applied by now, maybe think very hard about whether this one is right for you.

The notified bodies conundrum and resulting bottleneck is the biggest worry of industry, according to MedTech Europe.

Companies need to plan for two important notified body related windows in 2019:

  1. the date on which the notified body needs an application for recertification under the MDD or AIMDD for one last time, in order to benefit from the 2020-2024 regime; and
  2. the date on which the notified body needs to receive the MDR conformity assessment application, in order to be able to grant an MDR certificate before end May 2020.

For option 1, discuss with your notified body when this is. It looks like notified bodies will want to first do the MDD and AIMDD recertification applications (because of the insecurities in the MDR designation process), and subsequently the MDR work. BSI has indicated already it needs AIMDD and MDD recertification applications by end Q1 2019 (less than three months from now), but it may vary from one notified body to the other.

If you want an MDR certificate by May 2020 (option 2), count back 6-9 months (generally expected duration) from the date of application (26 May 2020) – this puts you between end August and end November 2019 under the most favourable circumstances. So one way or the other, you will be doing crucial stuff in 2019.

Did I already say 2019 was an important year? It will be an important year. You will remember it as the year in which the company made or broke its EU business.

Member states perspective

Member states keep generally taking the view that the system is ready enough but that they will keep monitoring especially notified body capacity coming online. An interesting account of a member state about the roll out of the EU system in a lot of detail (and with a lot of interesting sidebars to MDR and IVDR legislative history and EU level relevant quantitative information) can be found in the parliamentary documents for the Dutch MDR and IVDR implementation act, specifically the recent note after the first report (in Dutch, obviously – but easy to translate with Deep L, the excellent online translator that beats Google Translate hands down and offers privacy friendly options).

It’s interesting to learn for example that there is an explanatory ISO document for PMS under development and that the implant card format is still subject of inter-member state deliberation.

It also becomes clear now (as I’ve speculated before in presentations at conferences) that  new MDR provisions that are not immediately regulatory still will be subject to competent authority oversight. An example is the requirement of sufficient coverage for product liability (article 10 (16) MDR and article 10 (15) IVDR), containing the mystic formula (see below image) So, the competent authority may ask a manufacturer about their coverage measures implemented and – in case it finds them insufficient – issue an administrative fine or penalty payment. It is my expectation that this will work no different in other member states. Since this applies as of the date of application of the respective regulation, better be ready by then and have some rationale about your application of the mystic formula set out in article 10 (16) MDR and 10 (15) MDR.

schermafbeelding 2019-01-07 om 10.22.22

The Netherlands as a member state says it’s carefully monitoring the market for signals about possible shortages and disruptions in medical devices supply and how to deal with those, because the government is not sure if that has anything to do with the new regulations. The government says this development may also be caused by manufacturers changing strategy as a result of changing economic circumstances. This is one of those statements of which we say in Dutch (literal translation): “now breaks my wooden shoe”. I don’t think industry can be more vocal about the clear and present danger of this happening. [cue bullhorn sound filter:] “Hello Dutch government: the new regulations change the economic circumstances, and the manufacturers are adapting to that change. It’s really not that complicated, if you are just willing to drop your confirmation bias that the new rules do not cause massive changes. You have been sitting in at many meetings where this was expressed loudly and clearly. I see my clients shed loads of SKUs because it’s just not economically viable to transition them to the new rules. I see hospitals act surprised and be worried about this development. This shit is real, to put it bluntly. If you still do not get this, get over your bias – please.”

The Dutch government emphasises the importance of application of the General Data Protection Regulation on clinical data generated for the purposes of the MDR and IVDR, including incident reporting. Make sure to have your house in order in this regard, as I still see that a lot of manufacturers do not have a handle on this.

The rolling Rolling plan roll-out

As I’ve written in my previous post, a lot of roll-out of the CAMD Roadmap will happen this year. The roadmap did not have any real timing in it, but the rolling plan does, and the Commission has just mentioned that you should read them in conjunction.

It’s about time that the roll-out starts rolling, because there is quite some crucial stuff in there if you want to get your transition right. You might have been almost ready, but without the elements in the Rolling plan you cannot be fully ready, or be sure that you are. In that light it is pretty disappointing that the companies that gave it their all to be ready in time are not rewarded for their efforts.

Especially the Annex XVI non medical devices companies have a really raw deal – zero guidance so far, no common specifications yet (these are being developed and should become clear in the coming months). Just nothing to go on really. For them this transition period is truly not a transitional period at all.

If a company does not manage to roll with the rolling plan and is not ready to submit files to its notified body when it is designated or needs the application to manage workload, the company will likely miss being compliant by end May 2020. And that means market foreclosure after that date.

Brexit – still a very wild wildcard

As they say: “gouverner, c’est prévoir” – governing is looking ahead, precisely what the UK government is not doing with the Brexit dossier by delaying a vote on the Brexit deal negotiated with the EU but not yet accepted by the UK. Let’s sacrifice rationality to politics and populism just a little more, because who needs a functioning economy connected to its biggest international trading partners anyway, right? Even at the date of this blog all options are still on the table according to the papers: no deal Brexit, second referendum to reverse the Brexit, just accepting the negotiated result arrived at on 6 December. In other words, the whole spectrum. We are still nowhere, really.

In the storm of all these prudential politics the MHRA has amended its Brexit technical notice for medicines, devices and clinical trails on 3 January because while the MHRA remains committed to the EU internal market, it’s government certainly is not and a no deal scenario is still firmly on the table. According to the MHRA notice the most important and direct consequence on 29 March in a no deal scenario would be that none of the UK notified bodies would

“be able to assess the conformity of medical devices for devices to receive the CE mark and enter the EU market. Therefore, the MHRA will no longer be able to oversee Notified Bodies in the way that it does now.”

This is obscure and polite language for: all CE certificates issued by UK notified bodies will lose validity on 29 March in a no deal scenario. The UK may still allow these products on the market for some time, but no EU27 member state is obliged to do so (nor has said at this point affirmatively at this point that it will).

So, have you asked your UK notified body if it can switch over your certificates to its EU27 counterpart before end of March? If they cannot, or if you did not ask, all your certificates and the market access that they entitle your company to in the EU (also outside the EU, in countries that ask for a valid underlying CE mark for a national application) are at risk in case of a hard Brexit, so there is absolutely no cause for alarm.

Yes – in a no deal scenario, it’s back to the basics that the Commission outlined in its no-deal notice for goods already a almost year ago. Oh, you never read that, or the company never took this seriously? Well, the joke may be very much on you with less than three months to prepare for this realistic risk. After all, it’s only core business, right? You were maybe thinking that it’s very much like the annoying airplane briefing “in the unlikely event of a sudden loss of cabin pressure yadayadayada” (I think stewardesses may also feel like Regulatory Cassandra) – this will never happen so why even consider this as a scenario worth thinking about. Well there you might be on 29 March with the comfortable airplane having its door blown out and your company fumbling for the oxygen mask during explosive decompression of the airplane. Happy times!

So

Swim or sink this year, up or out for the MDR – however you want to see or call it. Companies that have not been taking preparation seriously so far will have an interesting year, in which they can make or break their EU business, and the outside EU business depending on the EU CE marks. That can be considerable too.

IVD companies should be underway as well, because the soft transition period is two years shorter, so in the end they must be fully compliant with the IVDR at the same time as the general medical devices must be compliant with the MDR (May 2024) while working with a bigger bulge to pass through the bottleneck of notified body capacity.

I’ll be here the whole year to help you weather the storm – ask your questions earlier than later though is my advice. Want me to yell at unresponsive management that doesn’t understand it’s only core business at risk? Let’s do that sooner than later too. Happy 2019!

 

 

Ceci n’est pas une période de transition and first reaction to the Implant Files

This is not the transitional period you are looking forAs we are just past the halfway point of the MDR transitional period for the MDR and are well into the one for the IVDR there is one thing that has become very very clear:  the transitional period in the MDR and likely the one in the IVDR is not actually a transitional period for industry and certainly not the one you are looking for. It is more like an extended implementation period for the authorities to complete the regulations that came out of the legislative procedure as finished regulations but as a half-baked regulatory system that required a lot of additional implementation for it to be functional.

As reported in previous blogs, the implementation machine at EU level (which is mostly a concerted effort by national authorities that have a difficult time agreeing on the details of implementation of the CAMD Roadmap). We were initially happy with the prioritization of items in the roadmap, until they unfortunately turned out to be aspirational rather than committal.

Rolling plan

The European Commission has now released a working plan for the remainder of the transitional period, the “rolling plan” with expected timelines and next steps for implementation of items from the MDR – unfortunately also rather non committal.

As you can see in the rolling plan document, most of the things will happen Q4 2019 / Q1 2020, in other words: critical implementation mass at the end of the transitional period. This is an issue for manufacturers seeking to implement the MDR and IVDR, because this means that although the framework of the MDR and IVDR was ready by May 2017, with most of the sometimes very critical details to prepare for to come much later, leaving essentially no meaningful implementation period for industry.

The implementation period is effectively used by the authorities for their own roll-out of the system, rather than to provide industry with a meaningful period to transition each and every device on the EU market to the new system, which is already a Herculian effort with a full three years available.

Eudamed and Single Registration Numbers

A poignant example are the Eudamed Single Registration Number (SRN) process and interfacing specifications (not even starting about Eudamed’s ready for use date as such).  SRNs are the only thing that the EU does not provide – you have to get them on a national level and the member states have to set up mechanisms for issuing them after verification of the identity of the manufacturer, authorised representative or importer.

If you are a company with many products, you need to be able to talk to Eudamed on a machine to machine basis as soon as Eudamed goes online. Without an SRN however it seems you cannot interact with the Eudamed database, which will be necessary when Eudamed becomes applicable.

Have you checked with the competent authority in the member state where you are as manufacturer or where your authorized representative is when they will have an SRN for you and what you need to do for that? 

CS for non-devices

Another one is the common specificiations for non-medical devices: arriving November 2019 while you should be compliant by 26 May 2020. That’s a cool six months to re-invent a product that is not a medical device as a medical device and really not a meaningful transitional period. Good luck with that!

Harmonised standards

And how about the harmonised standards for the MDR/IVDR? Anyone? The regulatory system under the directives was built on the assumption of conformity with the directives if you conformed to a harmonized standard. We are carrying over this system into the MDR and IVDR so these harmonised standards are kind of important if you want to declare or assess conformity with the general safety and performance requirements under the MDR and IVDR and rely on the presumption of conformity that meeting a harmonised standard affords as COCIR points out quite rightly.

 As the rolling plan says: consultation of the member states on the scope of the first mandate is ongoing; expect a decision by Q1 2019. Wait what – first mandate? So there will be more? Yes, apparently we have quite a number of harmonised standards under the current directives, so it looks like the EU will harmonise standards under the MDR in tranches. When what why how? Your guess is as good as mine. I’ve heard that the plan is to start with the most important horizontal standards first. Which are? Surprise! Your guess is as good as mine.

Where is the European Parliament?

Yet, the Commission is playing ‘nice weather’/’these are not the droids you are looking for’ also in European Parliament by saying that everything is on track and that there is nothing to get all excited about. Well, I suppose you could say that even a burning runaway train that is going to arrive late and blow up the station is ‘on track’ in a sense of the literal meaning of the words.

Because where is our fiery European Parliament in all of this? It was so totally prepared during the legislative procedure to call industry by the worst of names (“single use labelling is like printing your own money“, remember?). There will be at least some notified bodies in time – sure, but will they have even close to the capacity requirements to deal with the workload coming their way (see below for more about that)? These are the important questions. An incomplete and under-resourced system is not going to deliver and a failed system is not a successful system. Our guardian of the citizens and its ENVI committee with an opinion about everything devices related seems to be comfortably sitting on its hands watching the European implementation machine fail to deliver a complete regulatory system timely.

The European Parliament will probably blame someone else because they had to make so many compromises to have the rules adopted in the first place. This is seems to be the approach that Ms Roth-Behrend (the wings are on fire again) seems to be saying the media push started by the ICIJ’s Implant Files: blame everybody but us. How convenient. But how about maybe taking some responsibility now? 

Joint assessment process of notified bodies

The Commission also published an update of the joint assessment process of notified bodies. This nothing to become enthusiastic about, even though the Commission tried to put a positive spin on this in European Parliament by saying that more than half of the currently notified notified bodies have applied. Hurray! Does that mean that the capacity the market requires for transition all CE certificates on the market to the new system will be online timely?

Probably not: so far only 6 notified bodies have handed in CAPA plans (which likely means that all of the other applications have not made it to that level because as far as I know no notified body sailed through the joint assessments without CAPAs), only one final JAT opinion was issued for a lucky notified body that might be notified in Q1 2019 (provided that the final designating authority report is also issued) and no final designating authorities reports (which marks the ‘internal’ end of the designation process) have been issued. This means that in the most optimistic scenario notifications will start to trickle in one by one from somewhere in Q1 2019. It’s like I tell my kids over and over again: your homework is not finished until it’s done. And this stuff is so way not done yet.

Let’s take a realistic view at capacity coming online and capacity needed as Medtech Europe has been doing. It is becoming very clear now that several factors are brewing to create a perfect storm of undercapacity of the system as explained in the below MedTech Europe infographic:

  • more and more notified bodies are closing down or not applying for MDR/IVDR notification;
  • the Brexit is coming up with ~ 40% of the EU notified body capacity in the UK at risk (although this problem is temporarily delayed now – see below);
  • fewer and fewer notified bodies do more of the work.

Schermafbeelding 2018-10-25 om 09.27.15

It’s not an exaggeration, this notified body capacity issue. In addition, notified bodies are increasing getting in worse shape, likely resulting from the pressure on their organization to get more work done than they can manage in parallel to the time consuming MDR and/or IVDR accreditation application.

Every week almost I am being contacted by desperate companies that run into catastrophic issues with their notified bodies (mainly the smaller ones), such as:

  • certificate expiry because the notified body is unable to schedule and/or complete a timely recertification audit and often does not stick to agreed dates or promised actions, combined on occasion with the ‘solution’ that the deadline may be met if the client pays a considerably higher fee (I’ve seen twice normal rate);
  • notified bodies flat out denying having received documentation as an excuse for missing auditing slots so they can skip the audit;
  •  notified bodies letting a certificate expire in a certificate in one of the above scenario and rather than taking remedial action charging the company for a full renewed entrance audit for the device and taking a very long time for that;
  • suspending a certificate for all devices of the company while the intention was to suspend it only partially for one and then take weeks to reinstate the certificate;
  • etc.

I think authorities can be a lot more sensitive to these kinds of things, regardless of whether they are caused by bad faith or negligence, or just by under-capacity, because manufacturers just have no meaningful legal recourse against a misbehaving or blundering notified body. Requesting specific performance under the certification agreement in court almost never works in practice, and internal dispute resolution mechanisms of the notified body will usually find that the notified body is right and take a long time. 

So far I’ve found only one competent authority interested to hear about these things and willing to do something. Others are very standoffish or see it as commercial problem. That, I think, is way too easy if you’re finally responsible for the notified body’s good administration practices as notifying member state. Let’s not forget that the notified bodies are exercising delegated state authority. It would be very nice if the member states responsible would act like they are supervising their own institutions.

These notified body issues will only get worse as we get closer to the date of application of the MDR more notified bodies will keel over or start to exhibit this kind of behavior. Once we’re past the date of application this will really become a problem because then manufacturers cannot change notified body anymore. As long as they do not yet have their first CE certificate, it is unsure whether the MDR regime for delisted notified bodies in article 46 MDR applies and you can imagine how this will impact manufacturers that go for soft transition and then lose their notified body (and, as a consequence, their certificate).

Brexit

It seems that we have white smoke on the Brexit, but don’t get your hopes up yet. Whatever has been agreed (we still don’t know exactly) has to be ratified by a bunch of parliaments. Especially the Brexiteers in the UK parliament could seriously rain on this party.

But suppose the Brexit gets ratified. And then we have a transitional regime that lasts until 31 December 2020 – right in the soft transition period. And no certainty what comes next because that still needs to be agreed during the transitional period.

Implant Files

Then there are the Implant Files, a pretty large investigative journalism project aimed to hammer home the message that we have been hearing for years: CE marking sucks, notified bodies are evil corporations with a built in conflict of interest and government and industry are evil too, covering up piles of unnecessary cases of death and harm caused by faulty medical technology. Sounds dramatic, right? Because that’s news – no drama, no news that people are interested in.

But in my view this is no news at all – in fact this is all very much after the fact. We knew that the EU system could be improved, and that’s what’s happening with the new regulations. We also knew that vigilance reporting could be more transparent, which is why Eudamed is set up and will be much more transparent.

So here is my first reaction – since I’ve been quoted and have spoken to several journalists involved in multiple unsuccessful attempts to explain EU medical devices regulation to them, I feel I am entitled to an opinion in this matter. After all, journalists call me the manufacturers’ darling so I may have something to contribute to the discussion. For full disclosure: keep in mind that this is exactly what I am – manufacturers are my clients and I never make a secret of this so people know where I come from. I do not work for patients. So, believe what you will about facts but I do know the rules.

I think this initiative does underline that it is important what the changes in EU law with the new MDR and IVDR are going to do already: make more information about devices available to the public, such as by means of the Eudamed database that will contain a lot of extra information about devices. This is a good thing and yes, it could have been done earlier, but now it is at least happening. 

However, I think the conspiracy theory assumption underlying many of the publications that this information is deliberately withheld is not productive, because this conspiracy does not exist in my experience. But these days you need a good conspiracy theory to have a good story so how do you create a conspiracy theory? The reporters tried to obtain massive amounts of vigilance reports relating to implants by use of freedom of information requests, because there is no EU law and (that I’m aware of) national law in the EU that allows for access to vigilance data held by authorities. However, vigilance reports are full of confidential technical information of companies about how a device works and sensitive personal data of patients and doctors that you cannot just make public like that. Freedom of information laws have protections built in to protect these interests. It would be kind of strange that anyone (anyone) can just petition authorities for documents containing technical information provided in confidence or personal data concerning health of patients, right? That’s however what they did, and then they were very angry that they did not get all the information they wanted immediately and without redactions in accordance with the law. Only one conclusion possible: it must be a conspiracy! I think that is somewhat disingenuous and frankly quite naive. But it’s good drama, so good news to sell.

I have read most of the German, Dutch, UK, French and Belgian publications that have come out so far and they paint a picture of evil government and evil industry withholding information and making bad devices that fail more often than they should. Nothing new so far – haters are going to hate no matter what and news without drama will not sell. I think that in reality the picture is far more nuanced than presented that but that would not be news of course. CE marking is not a perfect system, but no regulatory system is perfect.

In fact, if you look at how the other regulatory systems for devices perform in the world, they perform no better than the CE marking system. The articles leave out a lot of things that would make them more balanced, like the fact that notified bodies are overseen and accredited by national authorities and that the authorities do diligently follow up every vigilance report that they receive.

A positive development of the Implant Files is more attention for regulation of medical devices, and specifically for resources committed by authorities. The CE marking system has so far performed very well with very little resources committed to it. This is a political choice that all of us are making together, see also what I wrote above here in this post. But it needs to be resourced properly for it to work. Look at the system for medicines: this is resourced much much better than the devices system and lo and behold, it’s the example for other systems. No shit Sherlock, you get what you pay for – also when it comes to regulatory systems. Also this is being addressed in the MDR and IVDR, by the way, with a renewed vigilance and market surveillance system. Now we just need some resources to roll out the system timely, as discussed above.

The Implant Files articles point at an increase of incidents in total, but they do not place it in the wider context of the increased use of implants for example, which is a missed opportunity to make it less sensationalist and more balanced. Oh wait – less sensation was not the point. Similarly, the assumption underlying the reporting seems to be that any incident in a treatment involving a device is attributable to the device only, while this if of course not necessarily true. Doctors may choose a perfect device for the wrong reasons, as a result of which the treatment will not deliver the results aimed for and the device is blamed. Or, what I often see in my practice: the device may fail as a result of the doctor’s fault. These cases are reported as incidents but are not attributable to the device, even if the device is a causal link in the damage.

It would also have been interesting if they would have compared medicines side effects to medical devices side effects so you can actually say something about acceptability of level of side effects. Medicines, their side effects and medication errors kill loads of people every year. Yet, I don’t hear people advocate for autopsy on every person taking meds that dies outside the hospital, even though enormous amounts of people die from adverse reactions to prescription medicines. Yet, this was proposed in one of the Implant Files items for people with pacemakers / ICDs.

Medicines have more robust trails because they take forever and have lots of people in them, and they have arms, including a placebo arm! But the nuance is again lost there too: you have to test a medicine in a clinical trial delivering results based on statistics because we do not fundamentally fully comprehend human biochemistry and make it transparent, so it’s actually a very crude mechanism. It’s like throwing someone out of an airplane to test a parachute. Maybe a lot of people, so it’s statistically sound. And then we throw some people out without parachute but tell them that we’re not sure if they have one or not to correct for the placebo effect. That is – conceptually – how we test medicines for a lack of better methods.

And did you know by the way that regardless of all that rigorous testing medicines remain incredibly dangerous and kill loads of people? The European Commission estimates that adverse reactions from prescription drugs cause 200,000 deaths per year in the EU, making prescription medicines drugs a major health risk, ranking 4th with stroke as a leading cause of death. Maybe not the best product to compare medical devices too, because I bet medical devices are not the 4th highest cause of death, not even by the estimation of the Implant Files. Would we like an approval mechanism that makes medical devices just as much of a universal killer as medicines? I bet we don’t. That is why these comparisons are so meaningless. 

With devices however you can usually test if the device works or not because they work physically and not systemically, so you need fewer patients and less statistics. It would be quite immoral too to implant people with placebo pacemakers or placebo hips to see if the pacemaker or hip actually works. Because that is how we test medicines statistically for lack of a better way: you cannot observe biochemistry in action the way you can observe and test devices that act physically. It’s that simple, and that’s why we do not need huge populations of trial subjects to arrive at statistically relevant conclusions about how biochemistry functioned and what effects it had. That is why it makes a lot of sense to test medical devices clinically against the standard of care to see if they improve care compared to available solutions and check for unpredicted side effects, but a trail to statistically figure out if they work in the first place is not that ethical mostly.

You can wonder whether some implantable devices based on what companies thought was well understood technology were followed up with patients long enough because they did lead to systemic issues – and we did. It’s why we are experimenting with increased post market clinical follow up requirements under the current rules already, are fixing this too in the MDR and are paying particular attention to new implants, which need more data in advance. The Implant Files are conveniently ignoring that the EU started a major program to improve quality of approval, oversight and clinical evidence for medical devices in 2012 and has been rolling that out ever since, culminating in the new Medical Devices Regulation that entered into force last year and will apply in all aspects soon. But a problem solved is of course no news, so that is why the efforts to improve legislation that has been going on for years is basically not mentioned in the Implant Files.  

Another problem I have with the Implant Files is how the articles and the TV shows blend US and EU requirements as if they are one single thing and draw implicit conclusions from this weird blend for the EU state of affairs. For example, a US expert is interviewed  about how you can misrepresent things on an FDA incident reporting form in the US by selectively ticking boxes concerning cause of death and it is implied that the same is possible and in fact happens in the EU. However, as a starting point the EU model form for incident reporting is structured very differently, and this is not even addressed, nor how you would use that form to manipulate your vigilance reporting. Yet, the message is that this happens in the EU as well. There is no evidence however in the reporting that I came across of how you would do this in the EU. This is strange because the FOI requests provided the journalists with a deluge of EU vigilance reports and forms, which they could have easily checked. But they didn’t. This is just an example of one of the many things that give a wrong impression and I think unduly so.

The above is just a first impression. I will write more about the Implant Files, if only to help correct the sensationalist picture created on often half baked understanding or representation of the EU regulatory system.

MDR/IVDR Implementation: the transition period halfway point

Naminbia roadIf you are still free this Wednesday afternoon and somehow involved on the medical devices industry in the EU, our seminar that afternoon in Amsterdam is for you as it discusses where we are with the implementation of the MDR and IVDR. We still have a few seats available, so this will be time well spent. Regardless of many requests we are not streaming or recording the seminar – we prefer the face to face contact. The presentations will be available on my firm’s website though.

Your time will be especially well spent because of the excellent speaker line-up:

  • Gert Bos from Qserve on how to work with your notified body;
  • Anja Wiersma from Mi-CE on what clinical, scientific and analytical evidence you will need for medical devices and IVDs and how to generate it timely;
  • Erik Raadsheer from Align Technologies on how a medical devices company implements the MDR in a practical way; and
  • myself about where we are with the regulations, implementation, Brexit etc.

The focus of the seminar is not on what the MDR and IVDR require in general (you should be well aware of that by now) but rather on where a company in medical devices and IVDs should be by now with its implementation work. The seminar will integrate the latest state of affairs with dependencies as e.g. Brexit as per the date of today.

Where should you be?

Not sitting on your hands, as I’ve been saying for a long time. I was moderating the EU MDR panel at Advamed’s MedTech Conference in Philadelphia on 24 September with so far the most mixed and complete panel so far with two competent authorities, a ministry of health, a notified body, an international devices company, a consulting company and MedTech Europe. It was a very good session with a lot of good information from the authorities.

It took place on a date nearly six years after the first draft of the MDR and IVDR were published and on the date that the MDCG had a meeting in Brussels to discuss progress of rolling out of these regulations. One of the pressing points is where the roll-out is and whether the regulatory system will be able to deliver on the daunting task of having to transition all medical devices and IVDs currently on the EU market to the new system in a shrinking amount of time with many parts of the regulatory system still unclear or up in the air. The big known unknown is if the notified body capacity that will at some point will become available to market gradually will be able to guarantee a transition that nobody anymore expects to be smooth – everyone will be happy if it is not too messy.

The shrinking time left until the Date of Application for the MDR (26 May 2020) has caused widespread hope and wishful thinking that the dates of application will be moved or that there will be other changes to manage the bottleneck expected towards the date of application. While industry is advocating a change of the implementation deadlines with the Commission and the member states because of the limited notified body capacity and the limited roll-out of implementation items and has put this on the agenda at the 24 September MDCG meeting, be very very warned that this is by no means certain to happen.

The panel gave a unitary message: no matter the degree of uncertainty about notified bodies and dates of application, your very worst option as manufacturer at the moment is to do nothing. If you are only starting the transition work now, you may be too late already, unless you have very few products in your company.

The panel also showed how the complexity of the EU CE system works against it at this moment:

  • The competent authorities drafted the CAMD Roadmap but the implementation is left to the new committees under the MDCG that are replacing the current medical devices expert groups (MDEGs) and the authorities cannot make these committees deliver the documents and guidance in time. This is problematic because for example the work on the clinical guidance in the relevant group seems to have broken down for the moment.
  • The ministries of health have delivered with the MDR and IVDR texts and for them there is not much to do, except focus on national implementation of the policy discretion that the regulations allow. We will take a first look at the Dutch implementation act at the seminar. Their message: work with what is there and you’ll be able to do most of the work. Notified bodies have to apply, and the applications must be good enough. They have provided and staffed an approval system for the notified bodies, but now the notified bodies are finding it more difficult than expected to meet the requirements for being a notified body under the new regulations, which especially affects the smaller notified bodies with a large scope. The first applicant notified body has in the mean time dropped out, having decided to put its money on consulting rather than being a notified body.
  • Companies are getting exasperated because they require certainty for the rather considerable investments that they must make in the new system, while the system is still unfinished in several crucial aspects (like Eudamed and the essential implementing acts). They will happily so it generally because they are convinced that the new rules are in fact an improvement. However, it cannot be expected from industry that they fully commit to a system that is still being invented when it should have been ready, as this jeopardizes any meaningful use of the transitional periods.
  • Notified bodies are in the middle: on the one hand they have to keep their business running and on the other hand reinventing themselves for Brexit and the MDR/IVDR application process take up a lot of their resources. I have heard that the audits for MDR/IVDR application are not a walk in the park at all and I think that especially for small notified bodies a large scope of designation will be very hard to pull off. While this is true for the bigger notified bodies that have an MDR/IVDR application in the water, the smaller notified bodies seem to have gone completely dark on what they are doing and what they are planning. The numbers of notified bodies applications for MDR/IVDR show that most of the notified bodies have not applied for MDR/IVDR designation. If you have a small notified body now with a full scope, better have a plan B and check if they have applied for MDR/IVDR, for what scope and if they expect to be able to support the scope you need. Don’t accept vague answers because they limit your options as manufacturer. It is unfortunate how only some notified bodies are trying to be transparent on where they are in the application process and what the consequences are for (AI)MDD recertification and MDR certificates. I appreciate that also for notified bodies there are a lot of uncertainties, but they can be clear on where they are in the process.

This shows that the highly decentralized EU system – which served the medical devices industry very well for a long time – now works against the objective of a quick and smooth transfer to the new system. Still, doing nothing is and remains your worst option – so, as the old Chinese proverb goes: are you going to curse the darkness or light a candle? If you light a candle, at least you might be able to shed light on some things and see them for what they are, which is always a good idea.

This is the time where everything you do as manufacturer is based on counting back from the Date of Application for your regulation (26 May 2020 or 2022), so you know how much time you still have to arrive where you need to be. Make no mistake, time is of the essence now. For example, if you are going for a renewal of your (AI)MDD certificate to extend past 2020, you should know when to hand in your application. That could be sooner than you think – according to a client communication of 2 July 2018 BSI requires it in the door by end Q1 2019 or they cannot guarantee that it will be processed timely. This means you may have to commit to an (AI)MDD certificate renewal before you are certain that your notified body is notified under the MDR. Have you got it clear what your notified body’s deadlines are and how this impacts what you are doing?

Also, if you have a UK notified body and a hard /no deal Brexit happens, do you know what this means for your CE certificates? The logical and legal consequence is that they will be invalid as of 30 March 2019 because the UK will be a ‘third country’ where no EU law applies as of that date (a transitional period only happens in case a deal is reached or if the EU is willing to unilaterally recognise certificates for (part of) their duration although the notified bodies that issued them have lost their notification) – do you have a backup plan for that?

Register for the seminar

If you’d like to join our seminar, please register here. As always, attendance is free and drinks afterwards in our newly expanded office space are on us!

Schermafbeelding 2018-10-08 om 09.32.50

Schermafbeelding 2018-10-08 om 09.35.43seminars_header-768x512

Bottlenecks, Brexit and stalling CAMD roll-out

Yoda IVDR

With the summer holidays about to happen and the halfway point of the three year transitional period for the MDR on the horizon, let’s take stock of where we are.

If you are a manufacturer and have just started thinking about this MDR or IVDR thing, you are in a bad place. Maybe you have a very limited number of devices that are subject to little change under the MDR or IVDR. In that case, count yourself lucky because you’re a happy minority. You may still have enough time to remedy your devices for MDR compliance in time.

I paint a general picture of where I think things are in my recent overview presentation at the Q1 conference in Washington DC half July:

Consider the EU version of this conference in Brussels 18-19 September and if you’re in the US, go to the Advamed MedTech Conference in Philadelphia 24-26 September to be informed by the EU panel. If you are a small or medium sized enterprise, definitely consider the RMD Symposium on 22-23 October, also in Brussels.

Manufacturers

Manufacturers can be found on a spectrum of urgency with MDR and IVDR implementation, ranging from catatonic denial / merry Titanic orchestra behavior to angry with the process to making this a historic opportunity to out-comply competitors. I see management just incapable of looking more than three months ahead and underestimating things monumentally, with Regulatory Cassandras leaving the company or pining away trying to complete an under-resourced MDR or IVDR project. And why would you resource it properly as company – it’s only core business, right?

I see also manufacturers starting to get in serious trouble occasionally when a notified body has their scope restricted or closes. They are suddenly faced with the need to find another notified body in a few months and find out that it’s not so easy to find a new notified body quickly these days. Most notified bodies that you would like to work with are stuffed to capacity and not taking new customers.

Those manufacturers also find out that if their technical documentation is not impeccable they usually has some additional things (mostly lacking clinical evidence) to sort out before the new notified body accepts the transfer, and that this may add up to a period of not being on the market. If you’re a listed company these are things your shareholders will probably like to know about and that you will need to disclose publicly.

Many manufacturers engage in homework practices similar to those of my twelve year old son: delay everything to the last moment and hope for a bailout if that turns out a bad plan. Is that a good strategy? That really depends who you ask. My son thinks so and normally there is a fair amount of cognitive bias in these discussions. People are not quick to admit that they might be better of leaving less to chance. As we will see below in relation to notified bodies, it’s a bad idea to push your remediation work and application for recertification for soft transition all the way back towards the date of application, because notified bodies have already started to indicate that they need the soft transition recertification applications in the door at least a year before the date of application. For the MDR, that is 8 months from now.

That period may already be too short if you need to do significant remediation work (e.g. do an additional clinical study to get your clinical evidence up to standards of the newest version of the clinical evaluation MEDDEV).

CAMD Roadmap roll-out seems to have stalled

When the CAMD roadmap came out in end 2017 I was very happy and full of hope: a plan! A roadmap! A plan! So far it turned out to be a dot on the horizon as the external production of items set out in the Roadmap seems to have been stalled. Behind the scenes I hear that the competent authorities are doing what they can, but that development of these documents is a consensual process and they can only do one thing at a time as their resources are limited. I tend to believe the latter part. One of the issues plaguing the EU medical devices regulatory system has been the systematic under-resourcing by member states and the Commission of oversight of this industry. Guidance promised in the Roadmap is not forthcoming and the Common Specifications and implementing acts required for the MDR and IVDR to function have not been adopted so far.

This under-resourcing is now proving to pose a bottleneck in itself for the development of all the CAMD items set out in the Roadmap, which risks timely implementation by companies. You would think that if you require industry to sink literally billions of Euros in MDR and IVDR remediation (some big companies come close to a billion all by themselves) to raise the regulatory bar that you would make sure that you have the regulatory infrastructure in place. By now I think the authorities’ party line that ’there is a lot you can do already’ has been used up as more and more companies are getting to the point that they have done what is there to do at this moment and are waiting for authorities now to hold up their part of the deal and provide not only for a theoretical legislative framework but a functional regulatory system.

The Commission published some very high level transition guidance for companies in the mean time, see here, here and here for MDR docs, here and here for IVDR docs. If the information in those documents is completely new to you, you know it’s time to up your game.

MedTech Europe has started to raise awareness for this because it’s obviously a bad idea for their members if there is a big bottleneck as a result of lack of sufficient notified body capacity and/or lack of a fully functional regulatory structure. MedTech Europe proposes three options to address the issues raised by the timeline for the application of the new Regulations:

a) A ‘stop the clock’ mechanism, that freezes the remaining transition time for both Regulations until full readiness of the system has been achieved;

b) An extension of the critical dates of 26 May 2020 and 26 May 2022, for all products;

c) An extension of the critical dates of 26 May 2020 and 26 May 2022, for legacy products only.

I myself am somewhat skeptical about these solutions at a European level (although I completely agree with the ideas behind them), as all of these require  changes to be made to the text of the MDR and the IVDR. That can only happen by means of re-opening the legislative procedure for the MDR and the IVDR. That is a procedure that is a) not fast and b) prone to everybody involved trying to change things they compromised on in the first place, which would delay things even more. This can only work if all the institutional actors in the legislative procedure are completely convinced about what needs to happen and completely agree on how this should work.

Notified bodies

With notified bodies some is good, some is bad and some stuff is downright ugly.

Generally speaking not only the manufacturers and authorities underestimated things, but so did the notified bodies. By 30 June  2018 the Commission had received 21 MDR application and 7 IVDR applications. This number may be distorted somewhat because it does not include applications (still) in the national validation phase. However, that phase is short, so the distortion cannot be that big. This is number kind of disappointing if you remember that applications could be made from 26 November 2017 and all Team NB members were very bullish about applying immediately for the whole MDR scope. We currently have 56 notified bodies notified under the MDD, and 21 MDR applications. We have 22 notified under the IVDD, and 7 IVDR applications – with the largest majority of IVDs needing an IVDR certificate under the IVDR.

Thus, it seems that a lot of notified bodies were way too optimistic to the point of almost being misleading. Also, applied for does not mean notified for. I hear about the numbers of non-conformities raised in the joint audits, which sometimes take the notified bodies considerabel time to remedy. However, sometimes also the members of the joint assessment team composed of the Commission and member states do not even agree amongst themselves on whether something is a non-conformity and if so, how it should be closed out. Obviously, this does not promote an expedient assessment and notification process.

Another complicating factor is that 30-40% of total EU notified body capacity is located in the UK, which has decided to recklessly become its own planet with supposed benefits by means of the Brexit. If there is no timely Brexit agreement between the UK and the EU to regulate the post March 2019 period well before end of March 2019 (because the EU and British institutions needs some time to validate any agreement reached), there will be a hard Brexit and this notified body capacity will be lost. A number of the 21 MDR and 7 IVDR applications are UK notified bodies, which means that a hard Brexit will eat into notified body capacity in a dramatic fashion with resulting in even bigger bottlenecks because this capacity cannot be replaced quickly.

Finally, there is the bottleneck compounding factor of all these new certifications for devices that did not need CE certification by a notified body before: reusable surgical instruments and software. Especially in the field of software as medical device the notified bodies have little experience because that is currently mostly self-declared, so almost no experts are available at notified bodies currently. In IVDs this is even worse because the large majority of IVDs is currently self-declared and the IVDR will turn this upside down (most IVDs cannot be self-declared anymore).

Manufacturers like to delay their remediation as much as possible, which means in practice a lot of relying on the soft transition period by planning to renew MDD, AIMDD or IVDD certificates one last time so they stretch beyond the date of application – if you’re lucky until 2024 if you can time your certificate renewal close to the date of application (26 May 2020 or 26 May 2022 respectively). The CEO will have moved on and everything will be clear by then right? Wrong, because what happens close to the date of application? Yep – everybody and their mother that is notified body notified for MDR or IVDR will be engaged in work regarding MDR or IVDR certification and will be frantically cranking out those certificates. This leaves no room for work that could have done before: the soft transition renewals. This is why BSI have recently started alerting their customers that any soft transition renewal applications must have been handed in by end Q1 2019, which is more than a year before the date of application for the MDR, and that customers cannot expect any recertification work to complete in the period of 9 to 6 months before the date of application. Other notified bodies have started to communicate November 2019 as a date to their customers.

Schermafbeelding 2018-08-05 om 08.48.46

Too bad so sad if you planned everything to be handed in by beginning of May 2020 in the expectation of a quick rubberstamp renewal followed by a carefree maximum soft transition period. You may suddenly have to be ready a year earlier and only eight months from now. You are probably wishing now that you started this whole thing earlier. And remember: even renewal for the soft transition is no walk in the park if your technical documentation and QMS are not in excellent shape.

Naughty as business model

I am seeing some naughty commercial behavior on the part of the notified bodies as business model. Since they are often too busy at the moment, some make it into a business model to charge companies double fees to renew a certificate in time after they have moved the audit date back a couple of times themselves because they could not make the audit date for lack of capacity.

Or they don’t make the audit date before expiry of the certificate and then charge the company for an extra expensive entrance audit, sometimes with a period in which the company loses market access.

Not very nice, this kind of behavior. If, let’s say, the competent authorities for market access for medicines would act this way the world would be too small, but we are putting up with this from notified bodies while forgetting that they exercise delegated state authority (granting CE certificates that give right to market access). That should of course be exercised in accordance with all principles of good government.

So when you’re speaking with your notified body, count your fingers every time and don’t take maybe for an answer. It may be an expensive life lesson. Emergo’s Ronald Boumans wrote an interesting and very good white paper on this that I recommend reading. Notified bodies are not your enemy, but lets say that some are more customer friendly than others. I have spoken to several competent authorities about this and they say that this kind of thing should not happen – notified bodies are not allowed to make their problems yours and moreover charge you for solving them, and that they would like to hear about it when it happens.

Brexit

The Brexit process never ceases to baffle me. It’s an epic story of monumental political unpreparedness. It is everything Deadpool would call it, because he would use strikingly colorful metaphors. It’s the Monty Python 100 meters for people without sense of direction because up to this moment the UK still does not fully have its political ducks in a row as to what the UK actually wants from the Brexit – with the two years of transitional period almost effectively over. Even a reversal of the decision to leave is still on the table apparently, may be not even the worst option for the country.

The UK is now openly talking about having to stockpile food and medicines (which I assume will include medical devices too) in case of a hard Brexit. It does not have the resources to put in place all the mechanisms and people needed to fulfill all the formalities if it suddenly is not EU member state anymore as a result of a hard Brexit and will not have them by end of March 2019.

This, ladies and gentlemen, is what you get if you do not begin with the end in mind and allow politicians that have zero interest in a future beyond their own term in office to run away with the economic future of a whole country based shaky facts at best or outright lies and decades of underselling the economic and social benefits of the EU project. If you don’t agree with this statement, feel free to post a comment.

The Commission published a notice describing what a hard Brexit will entail for goods CE regulation but that’s of course not the only thing your company is concerned with. A Brexit will affect all your business in and with the UK in a truly fargoing manner.

The EU published a recent state of affairs and explanation of the further process. The UK published a White Paper that – in my view – is sitting on the fence of having your cake and eat it: moving out of the internal market for goods, while remaining part of its organization, its agencies and relying on free movement.

If you think the risk of a hard Brexit is remote, think again. The UK government says the chances of a hard Brexit are bigger than a controlled Brexit. Of course they’re blaming someone else for this, as typically happens in ill-considered divorces: it’s everyone’s fault but your own. You file for divorce and then blame the other for being inflexible in the following separation negotiations. Classic. So if you did not have a plan B for a hard Brexit, this is the moment that you start on one.

In the end the best the UK will be able to get out of the whole experiment is mutual recognition of good regulation without influence over its creation. So it will rubberstamp EU law (as it used to do as EU member), but will not have any influence over its creation anymore (while it used to have a lot of influence over its creation). If that’s not progress I don’t know what is. It’s the price you pay for not showing up to vote if there’s a referendum with a populist agenda I suppose. And who knows – it may be best choice ever even if all the facts currently on the table show that it won’t be.

Conclusion

A lot of moving parts in the MDR and IVDR implementation machine do not seem to be moving that well, hopefully for the moment only. Manufacturers are advised to not be passive with this going on: plan aggressively and not passively – your core business for the EU is at risk. If you are not informed, make sure that you are. There are many opportunities for the manufacturers that get it right and out-comply their competitors. But these will go to the expense of the manufacturers that get it wrong. From what I am currently seeing happen around me, these seem to be far too many.

%d bloggers like this: