EU MDR / IVDR Regulatory Cassandra


Sometimes you have days that you feel like Cassandra. I had a Cassandra moment after moderating the MDR panel at the Advamed MedTech Conference on 25 September.

Cassandra was a lady from mythological heritage. She made the Greek god Apollo angry by changing her mind to be his girlfriend after he had granted her the power of clairvoyance to woo her. Because Apollo could not make the gift undone, he gave her another one: nobody would henceforth believe her. So she predicted several times that Troy would fall and nobody believed her. She even had a psychological syndrome named after her, described as “individuals who experience physical and emotional suffering as a result of distressing personal perceptions, and who are disbelieved when they attempt to share the cause of their suffering with others.”

Regulatory Cassandra syndrome

Schermafbeelding 2017-09-12 om 15.16.28After my panel at the Advamed MedTech Conference it dawned on me that the regulatory departments at medical devices companies in the US suffer from collective Cassandra syndrome: they mostly know that something big is coming their way, but are unable to get management attention for the big changes that are happening in the EU. If they communicate that something quite big and disruptive is up, they are disbelieved.

Management seems to be focused only on the next quarterly earnings but seems to completely forget that there will be no further quarterly earnings after the transitional periods for the MDR (end of May 2020) and IVDR (end of May 2022) expire without companies being ready with their recertification of devices under the new regulations. Because there is no grandfathering. There has not been, there is none and there will not be.

Show of hands

We as panel were very surprised about the show of hands that we had from US companies represented in the room:

  • not many people had read the new regulations;
  • even less understood the regulations or had undertaken a gap assessment to determine what this means for their company;
  • even less than that actually had a budget to do a gap assessment and implement the results of the gap assessment; and
  • almost none of the companies present in the room expected to be ready with their implementation and remediation for the new regulations.

This does not present an optimistic picture. MDR and IVDR denial and/or ignorance seems most prevalent with small and medium sized companies.

The future is closer than it appears

Chuck Norris kamikazeOne of the big factors that causes management to ignore transition is that there is a lot going on in the world as it is and that the deadlines are still years away, especially for IVDs. As we explained in the panel, that thinking is completely misguided. Companies have to literally reinvent their technical documentation, clinical evidence, quality system and much more. And they have one shot at getting it right, because we are not all Chuck Norris. Chuck Norris can be a kamikaze pilot 12 times. Most companies can only try be Chuck Norris once, and will most likely fail. Try to be like Chuck Norris but end up like While E Coyote.

Especially for legacy products, and even more in the case of currently self certified IVDs, the current state of technical documentation and clinical data will not be up to MDR and IVDR standards and will take a lot of work to remedy. Yes, and the concept “work” assumes resources deployed over time. Not putting in that effort is sort of kamikaze for the EU market and not everybody can expect to be of Chuck Norris equivalent resilience.

Companies need to take a close and critical look at their supply chain in the EU to get to grips with the new supply chain regulations.

So how do you get management attention for this? In the panel we suggested the following. Ask for the last year’s turnover of medical devices related turnover in the EU. Then ask for the turnover of all countries where regulatory approval depends on a valid CE mark for the devices concerned. Add this figure to the EU turnover. Then ask for the growth projections for the year 2020 (in the case of medical devices) or for 2022 (in the case of IVDs). Multiply total amount with growth projection. This gives you the first year loss following the end of the transitional period. Show this to management if they do not want to invest in MDR or IVDR transition. Are they willing to write this off and fire a lot of people that they cannot afford anymore as costs for sitting on hands? Then also add investments needed to recuperate market share after the company finally gets it right, because we all know what happens to market share if you cannot be on the market: it collapses and will need to be rebuilt from scratch. The company’s reputation with distributors and customers will be severely damaged.

If management is still not willing to move, propose that they should discuss this strategy on the next earnings call:

“We are going to be knowingly late with implementation of new EU law because we don’t believe our regulatory department and deliberately risk our CE mark dependent market for all our products because we fail to understand what ‘no’ means in ‘no grandfathering’.”

See if there will be resounding investor applause then. See if investors will be breaking down the door to throw money at the company. Probably not, but hey, that’s just me. In every merger or investment that involves a medical devices company with CE marks the first question these days is: show me your MDR/IVDR transition plan. Oh you don’t have one? Then we will have to heavily discount the (share) purchase price for all the remediation costs that have not been accounted for in your budget and we will have to vector in the risk that you are already too late to even make the transition in time. Maybe you’re not such a good investment after all.

What should companies be doing?

They should not be sitting on their hands waiting for reality to catch up with them, and definitely not sit and wait ‘for things to become clearer’. That’s like being a hedgehog on the road wondering what the light is that’s coming its way.

Make a plan and follow through: not only register that there is an issue but make sure that the resources are there to remedy it:

My takeaway from the panel was that US medical devices companies are generally woefully un(der)prepared for compliance with the new regulations, even though we are well into the transitional periods for both regulations, and that this is worse in the case of small and medium sized ones. The big multinationals seem to be doing a much better job.

So what can you do to understand the MDR and the IVDR? Lack of knowledge is not an excuse because there is lot of good material out there.

For example: MedTech Europe has just made two sets of flowcharts of the requirements under each regulation that I myself find very very useful, see here for the MDR one and here for the IVDR one. You can trust MedTech Europe to produce good materials.

You can try and understand the transitional regime and understand how to prepare and execute a transition project with the materials from the seminar that my firm recently organised about the subject.

You could have attended a conference that devotes a lot of time to this, like the recent RAPS Regulatory Convergence or go to a specialised consultancy’s seminar like this one from Qserve in California next month or you could have visited the seminar Factory and I organised in San Jose CA last week.

IVDR, IVDs and mass extinction


More interesting things from the RAPS Convergence conference.

If you do anything in the IVD sector in Europe and did not attend that conference, that’s a pity. The program on EU IVD regulation was truly outstanding. I do not often see such a good program on EU IVD regulation in one place – if you weren’t there you really missed out on an excellent program.  I really hope they repeat it again next year. Overall the EU medical devices regulation program was very very good, with a very high quality of extremely relevant speakers.

So let me summarise some things for you that the IVDR brings, taken from this program.

Regulatory quantum leap even more quantum than originally expected for IVDs


I have discussed the quantum leap in regulation for IVDs before on this blog and described it in the White Paper on the IVDR  that Gert Bos and I wrote for BSI. As you can see the current estimation of IVD manufacturers needing a notified body in the EU have gone up from the conservative 80% to now 90-95% as it becomes more transparent what legacy products manufacturers have in their portfolios. Will all these products make the cut of the IVDR? The expectation of the notified bodies and industry going on the record is that this will not be the case.

This is a good start to bridge the gap created by the leap:


Gap assessment

Are all the IVD companies working on gap assessments already like the sensible medical devices companies are? Nope. Some are, but most are not because they think that five years transition period is plenty long to get things in order and 2022 is not even on the horizon. Read on, and you will see that five years is very short for what you need to do, especially if you are a company with limited experience with notified body review of technical documentation for your products. Lucky you: we have developed gap assessment tools for IVDR as well in the mean time and will be happy to help you or leverage our network of technical experts to help you.

Portfolio rationalisation

“Anybody that is not seriously thinking about getting rid of products is overlooking things”, was one of the industry statements in the IVDR session by one of the companies that is well on its way with its IVDR work.

Portfolio rationalisation is the thing because you will quickly find that not every little self certified IVD with almost no data and half a technical file (if you’re lucky) is worth the investment of remediation to IVDR standards. You will need to set up end of life programs for the IVDs you retire.

People and notified bodies

One does not simply walk into the IVDRMore even than for general medical devices expertise of regulatory staff and retaining them is crucial because there are relatively few IVD professionals in the market.

The current expectation is that there will be five (5) notified bodies that will be accredited for the IVDR. That is not a lot for the tidal wave of applications that will come their way. Also with regard to the IVDR there is no grandfathering (see below for more in this regard). This means that a constant dialogue with your notified body will be crucial to make sure that you keep your place in the queue and have the best chance of understanding what is required.

If you have never dealt with a notified body before, start doing that immediately to make sure you’re in the priority line for boarding. You may well miss your flight if you start talking to them only when all the seats are sold, which they will be towards the end of the transition period. Notified bodies will focus on helping existing loyal customers and will be less focused on companies that say they might cost them some time. So you might already have your ISO audits done by the notified body of choice to make sure you have a foot in the door. Sounds logical right? Maybe it sounds even so logical that even your management can understand it.

Invest in structures now – PMS and clinical data

The IVDR will require much more in terms of structures than the IVD Directive, mostly in the field of post market follow up but also in the way the data is presented in your technical documentation.

The IVDR requires more in terms of keeping the technical documentation consistent with any other statement that you make about the product.

IMG_2578Your 510 (k) for an IVD will not be sufficient. It will contain some data but not enough and not in the right structure. The IVDR requires a lot of new things in terms of performance evaluation and how to structure that data. So better start collecting data now using you PMS procedures. The better they are the better this works.

The technical file also needs to be up to date as per the current date, and that date changes every day.  When did you last look at the data for your product? IMG_2579

Your current technical file structure will not be compliant under the IVDR, so there’s significant work to be done there. Organising all your current probably not super high quality self certification technical files in an IVDR compliant set of technical documentation takes more work than you think. Probably you do not have many people in your regulatory department for this because you never needed them before.

Timeline management and transition

Schermafbeelding 2017-09-12 om 15.16.28.pngIn the MDR universe a minority of self declared products cannot benefit from the so-called ‘soft transition’ that allows MDD/AIMDD or IVDD certificates to overrun the date of 25 May 2022. In MDR land this typically affects software (often class I) and low risk devices. But in the IVD universe most IVDs are currently self certified so do not have a certificate, which means no soft transition for currently self-declared IVDs. That is the vast majority. This a a potentially enormous bottleneck. If you are not on the bus of one of the five notified bodies for IVDR timely you will not have an IVDR certificate for your product before the end of the transitional period. This means no more placing of product on the market. You will be like While E Coyote going off the cliff, with your more survival oriented competitors picking up your market share quickly. That is not a nice place to bounce back from.

The new Class D IVDs are even more affected because the reference laboratories that need to look at those applications will not be designated until right at the end of the transition period.

The link with data protection legislation and the magic freezer

The IVDR has a link with EU legislation in the field of personal data, the General Data Protection Regulation (GDPR), which is applicable as of 25 May 2018. As was explained in the RAPS Convergence program, many companies have all kinds of samples lying around in their magic freezer because they never throw away good samples, which comes in handy when you need to de performance evaluation for the purposes of certifying your existing IVDs under the IVDR. But wait what – is that even allowed? See my presentation in the IVD program for answers:

It follows that implementation of the IVDR must go hand in hand with a serious implementation of the GDPR as well. The GDPR is just as relevant for samples that are not left over. Every time you use an IVDR regulated sample this raises a question of GDPR as well. As we saw in the session that I presented in there are big differences in this between the US and the EU.

Mass extinction

IMG_2580I bet you thought the title for this blog was kind of hyperbolic when you started reading. I hope you have a more nuanced perspective because there may very well be mass extinction. There are so many possible critical missteps. When missteps exist, missteps will happen – pardon the cynicism. Many companies will suffer because they will not make the cut. It is inevitable. So, as I told the audience during my presentations at the conference: choose whether the chaos that will inevitably happen is your chaos or someone else’s chaos. Because chaos will happen, whether you like it or not.

Transitioning to the IVDR is rocket science, there are not many IVD rocket scientists around (so hold on to the ones you have), the rocket certification bodies are few and will be very very busy. Get your application wrong and you’re back at the end of the launch queue. And if you’re not ready in time you miss your launch window, meaning that you lose market share that may be very difficult to recoup.

So, if you’re an IVD company with IVDs on the market in the EU: don’t be a dinosaur. We all know what happened to them.

Supply chain and economic operator regulation under the MDR and IVDR

CE Call Erik

Credits: Bassil Akra of TÜV SÜD

One of the interesting features of the new MDR and IVDR is the new chapter on economic operators (chapter II), which implements a completely new (to the medical devices industry at least) regime of supply chain regulation and related aspects.

The new supply chain regime was on the horizon for a long time because it was conceived in 2008 and has in the mean time been implemented for a number of product groups covered by EU legislation. It has now, totally expectedly, found its way to the devices sector via de MDR and IVDR.

A presentation about supply chain under MDR/IVDR

I presented about this at the RAPS Regulatory Convergence:

I find that many companies have difficulties in understanding this framework and do not realize that becoming compliant under the MDR and IVDR requires a close look at the supply chain leading into the EU, and identification of each entity up to the end user as one of the economic operators regulated under the regulations: the MAID (Manufacturer, Authorised Representative, Importer and Distributor).

We are used to the manufacturer having regulatory responsibility under the directives, but it’s new that the importer and distributor suddenly have important obligations in the supply chain and that the role of the authorised representative has changed a lot.

Economic operators 2017 RAPS Convergence


As you can see in the embedded presentation above and the slide below at the RAPS Convergence above importers and distributors now have their own responsibilities with respect to PMS and vigilance and in verification of compliance of the devices that they import/distribute.

Economic operators 2017 RAPS Convergence

Given these overlapping responsibilities it becomes more important than ever to organise your supply chain contractually in a way as to avoid surprises, e.g. because a distributor decides to issue a local recall for a not so profitable product that will be visible for every authority in the EU via Eudamed and may spin off into something of epic proportions.

Information sharing with(in) your supply chain becomes key, as well as division of responsibilities. I am pretty sure that your contracts can be improved because so far I have not seen any that are up to standards.

Regulatory is from Venus, tax is from Alpha Centauri and third party importer anyone?

These responsibilities and who has them should be part of your gap assessment for the MDR and IVDR. Companies organise their supply chain currently mainly based on tax considerations, but now they will need to add MDR/IVDR supply chain regulation considerations. It means making your regulatory department talk to your tax lawyers/accountants.

From my own experience these groups often find the other group’s work a form of esoteric voodoo because they use completely different definitions of the respective economic actors. The MDR/IVDR contain definitions for the MAID (which are described in a lot of detail in the bible of CE marking the Blue Guide) so it may take some time before your regulatory department has your MDR/IVDR supply chain regulatory ideas aligned with your tax planning, and you find out in the process that an importer for tax law purposes is not necessarily the same entity as the importer for MDR/IVDR purposes.

For example, many companies outsource warehousing in the EU to external parties, which often provide additional services like final labeling. That may make that external party an importer in the meaning of the MDR/IVDR, with all the regulatory obligations. That will likely lead to the third party asking you for more money for what they do, and you suddenly have a regulated external party in your supply chain that must refuse to import your devices if it comes to the conclusion that they may not be compliant.

Subsidiaries that must rat you out and run away

There are major problems with authorised representatives because the MDR/IVDR messes with corporate governance if you have your own AR in the EU, most often a company subsidiary. The MDR/IVDR make the AR into a sort of competent authority mole in your organization. It must monitor the manufacturer, admonish in case of non-compliance, report the manufacturer to the authorities in case of persistent non-compliance and then run away after terminating the AR agreement. That must be problematic for a subsidiary. Yet, the wise people that wrote the MDR and IVDR did not give this much thought.

Also the MDR and IVDR prescribe a mandatory format for the AR agreement and for a contractual handover regime in case of switch in AR.

Oh, and did you know the AR is product liable now for all of your devices in the EU jointly and severally with the manufacturer? Better not nominate a subsidiary with a lot of assets.


Because of the new distributor obligations you will want to revisit distribution agreements. And if you don’t your distributors will want to because they need to do a lot more to be able to distribute your products, like check compliance etc.

And there is more

With the new economic operator regime come a lot of other additional things that I presented about recently too at the MedTech Summit in Amsterdam, such as new advertising and marketing claims regulation and a new weird Frankenstein product liability regime:


“Immediately is already rather late”

As I sit here at the RAPS Convergence I see the companies that are trying to get their arms around this but most of them are already quite late in starting their work on transition. One of the lines that all the many notified bodies and competent authorities present are repeating over and over is: start now if you haven’t already. The gap is large. The impact enormous. Your EU market is at risk, as I have been saying myself too. One of the best statements I heard from the authorities and notified bodies was: “if you start immediately you are already rather late”.



San Jose CA workshop: Everything You Always Wanted to Know about the EU Medical Devices Regulation, but Were Afraid to Ask

agent-smith-matrix-hear-that-that-is-the-sound-of-inevitabilityIf you have questions about what the MDR will mean for your company and happen to be in San Jose in California on 25 September, consider attending the evening workshop that Factory (the Dutch devices CRO) and I are organizing on Monday, 25 September 2017 from 19:30 to 21:30 (PDT). You may be in San Jose anyway for the Advamed MedTech conference so this is a nice opportunity to get a more detailed perspective on the MDR and IVDR.

As I am writing this I’m at the RAPS Regulatory Convergence conference in Washington DC (another nice opportunity to educate yourself on the EU MDR and IVDR by the way), finding that way too many US companies have no idea what the new EU regulations will mean for their company and how to implement them. And implement them you must because the regulations will not provide for grandfathering. Just not – so not being compliant by 25 May 2020 means (subject to some very limited and inconvenient exceptions) no more placing additional products on the EU market, even if you have been selling into the EU for decades without any incident ever. Timely compliance is a must and while already 1/9 of the transitional period has expired by now, so if you haven’t started by now you are not in a good place. Read up on how to and timelines here.

The workshop will specifically focus on the new clinical evidence requirements but it will give you a great opportunity to ask any other questions that you may have about the new MDR (or IVDR) requirements and how to transition to compliance. It’s exciting for me too  because it’s the first ever US event I’m organising.

Because we need to rent a location we are asking a small nominal contribution to pay for location and snacks/drinks. Space is limited unfortunately and so are the tickets (we have a 100 available so be quick) – purchase yours here.


  • 19:30        Major changes in Clinical Evidence for CE marking: MDR/MEDDEV Rev 4.
  • 20:00        Clinical Evaluation Reports under the new regulations
  • 20:30        Clinical Investigations and Post Market Clinical Follow-up
  • 21:00        How to close the gap towards the MDR: legal and practical perspectives

Hope to see you then and there!

MDR and IVDR transitioning – where are you in your process?

agent-smith-matrix-hear-that-that-is-the-sound-of-inevitabilityI see in practice that some companies are well on their way with implementing the new MDR and IVDR regulations, while a lot of others are not. It will be interesting where everyone will be by the time the transitional period of the MDR ends and then when the IVDR transitional period ends.

This post is intended to address some seemingly quite ingrained misunderstandings about the MDR and IVDR. If you don’t believe me, that’s fine. Double check with your international branch associations, MedTech Europe, COCIR, Advamed – they will tell you the same.

No grandfathering, no extensions

Many companies misunderstand the transitional regime and think that medical devices and IVDs currently on the EU market with a valid CE mark will automatically slide into the new system. This is not the case.

Other companies that understand the transitional system somewhat better and realise that there will be a bottleneck in notified body capacity towards the end of the MDR and IVDR transitional periods. I have heard management of those companies say: ‘the EU cannot afford chaos in the market, they will have to give companies more time’. There is nothing to indicate that the EU is planning that and there is no precedent of the EU doing this.

As I have repeated like a broken record: there will be no grandfathering and you should not count on the EU relaxing the deadlines. I mean, you could but it would be a kind of ‘kamikaze-with-option-of-survival’ business strategy that is difficult to explain to shareholders:

-“What’s your plan again?”

-“Our plan is to – rather than put in the work now that is required for being compliant in time – bet on the EU legislator changing the law against all odds and expectations, and in a way they haven’t done before in the EU. Oh yeah, and we also bet on them changing the law in a way that will actually work for us.”

Sounds very much like a nomination for a corporate Darwin award to me, pardon the cynicism. It’s like juggling burning running chainsaws as a business model.

If your management does not understand this, tell them in these words: the company will not be able to sell products in the EU anymore if you do not get this right in time. Cash flow will collapse, the business will tank, competitors will take your market share, your company may go bankrupt or be acquired by another as the sitting duck that it has become. It will be ugly, it will be costly and the business may not recover. And they could have seen it coming from light years away and you have been told about too. But hey, why worry about this – it’s only the company core business, right?

Start tackling this thing

Deadlines in the mirror of denial are closer than they appear – just remember that I told you to start sooner rather than later. Make a plan and follow through – see here for the presentations at my firm’s seminar on this by the Dutch competent authority IGZ, Qserve and myself.

I will be speaking about this at the RAPS and Advamed conferences in Washington DC and San Jose in September and you can ask me anything you want there, or just contact me before. These are good conferences to go to to get the full picture. But please do not do nothing.

An unsurprising case of software qualification

logo-curiaFirst: my apologies for the collapsed frequency of articles on this blog – I’m very very busy, literally day and night, with questions about any and all aspects of the MDR and the IVDR. The summer is a bit more quiet so you can expect more content again.

Intermezzo on software under MDR and GDPR

While everybody should be beavering away on the implementation of the MDR and IVDR or overcoming their inertia do so ASAP, still some interesting things happen in the mean time. If your company is in software as medical device, there is even more reason to do so because of the MDR changes the classification rules for software as medical device dramatically, expands the scope of the concept of accessory (which enlarges the scope of software regulation) and includes a whole chapter on software design requirements.

And then there is the new General Data Protection Regulation that your software needs to be compliant with by 25 May 2018 – less than a year, that’s right. How long is your company’s software development cycle? See my presentation at the Personal Connected Health Alliance in May this year below for a very brief overview of MDR and GDPR compliance requirements coming your way very fast:

If you have class I software on the market now, and it is up-classified under the new classification rules, you need an MDR certificate from a notified body by 25 May 2020.

New EU court case law on software qualification as a medical device

Back to the topic at hand: this opinion of the AG at the European Court of 28 June may have gone somewhat unnoticed because it’s not available in English yet (and not in German, Swedish and Gaelic either). I linked to the Spanish version because it’s the language in which it was written, but you can toggle the language of the document as preferred on the EU Court’s site.

Decision support software

The Advocate General at the EU Court issued the opinion in the SNITEM case on 28 June, a preliminary reference from the French Conseil d’ Etat (Administrative High Court) about the question whether software that supports physicians with information regarding contra indications, dosis and interactions between medicinal products when prescribing medicinal products for reanimation and anaesthesia.

French additional software certification requirement for prescription support software

France has a rule that requires a national certification of software that is used for support in prescription of medicinal products. SNITEM, the French medical devices branch association, and one of its members, started proceedings against the French state based on the argument that CE marking as a medical device precludes additional national certifications for the same software. The French Administrative High Court decided to check in a preliminary reference if the software concerned really was a medical device, because this was crucial for resolving the dispute. The French government argued that the software was not a medical device because support of prescription of medicines did not constitute support of an intended purpose within the definition of medical device, while SNITEM and the manufacturer of the software (that had CE marked the software as medical device already) argued that it was a medical devices.

As per normal procedure the Advocate General at the EU Courtopines on the matter, after which the Court renders judgment, usually in line with the AG’s opinion. While the AG’s opinion is not the Court’s judgment, it’s a good indication of where that will go. It would be news if the Court would diverge significantly. So let’s see what the AG has to say.

Clearly a medical device

The AG’s reasoning is very straightforward: both for anaesthesia as for intensive care purposes the software has functionality with which prescribers can determine what medicines to prescribe, map possible allergies and calculate the duration of treatment. Given that finding, the AG says it can hardly be denied that the software is specifically intended for diagnostic or therapeutic purposes, as required under the definition of medical device after the change in 2007 by means of Directive 2007/47 (see paras 48 and 49 of the opinion). The AG remarks that it is important in this regard that the software is not used after the physician has already determined the right treatment, but rather is used by the physician to do exactly that (para 52). I would argue that even in the first case the software would still be a medical device if it was intended to provide a double check  on the physician’s decision.

Some discussion of the software MEDDEV

There is a discussion of the modules section of the software MEDDEV, which is less interesting because the discussion is mainly about whether the preliminary request for interpretation to the EU Court concerned all modules of the software or just one. It is however interesting that the AG also refers to the national guidances on qualification of software ‘that all lead to the same conclusion’. That’s a hopeful statement that I do not necessarily share, as I have demonstrated in the past how different these national guidances are. I personally like the MHRA interactive pdf document the best – practical and comprehensive. If the Brexit goes south I’ll miss the MHRA and it’s contributions to guidance and implementation. Oddly the AG does not refer to any of the qualification statements in the Borderline and Classification Manual, which has a software qualification section (chapter 9) in it for some time now.

Not surprising

I would be surprised if the EU Court rules differently from the AG in its judgment – it’s obvious that the software is a medical device. The only reason why the EU court had to be involved in the first place is because of the French government pigheadedly holding on to the position that it was not as best argument for defending a national rule that in my view is clearly pre-empted by the Medical Devices Directive. It’s a demonstration of why we now have a regulation for medical devices: to give member states less room for this kind of stuff. In sum: this case adds but does not add anything surprising to the acquis on qualification of software as a medical device in the EU.

Netherlands to adopt medical devices anti-corruption legislation

il_570xn-1096935598_e8z4As we say in Dutch: the day that you knew that would come is finally here. The legislative proposal to grant the Healthcare Inspectorate (IGZ) IGZ enforcement powers in the field of industry/HCP interactions (the “Wet van 17 mei 2017 tot wijziging van wetgeving op het terrein van de zorg in verband met het invoeren van een wettelijke regeling voor gunstbetoon bij medische hulpmiddelen en enkele bepalingen over transparantie tussen beroepsbeoefenaren en bedrijven op het terrein van geneesmiddelen en medische hulpmiddelen” – yes, we like very long descriptive titles for laws in the Netherlands) that was a long time in the making has finally been finally published. It amends the Act on Medical Devices and the Act on Healthcare Professions.


The aim of the law is twofold:

  • enable similar controls for the IGZ in the field of medical devices as it has regarding  industry/HCP interactions in the field of medicinal products and allow the IGZ to use these controls only in excessive cases where the current self-regulation under the GMH Code does not provide for sufficient control.
  • implement a legal basis for mandatory Sunshine type transparency reporting (which currently happens on a self-regulatory basis under the GMH Code).

A novelty is that contravention of the industry/HCP interactions rules is now subject to criminal enforcement in the Netherlands, and not only for industry but also for the persons accepting unlawful hospitality, i.e. HCPs but also healthcare insurance fund staff and employees of the purchasing department of healthcare institutions.


The scope of the law is not identical to that of the GMH Code. An important difference is that the law defines ‘hospitality’ (gunstbetoon), which the GMH Code deliberately does not do because of its special connotation as relevant to the medicinal products field. This is obviously not ideal, because it provides for a bad interface between the GMH Code and the law. Yet, the explanatory memorandum to the act says that the intention is that the act intends to follow the substantive provisions of the GMH Code. The act seeks to capture that entire scope regarding hospitality in one single short and rather generally worded article addressing:

  • meeting attendance (necessary costs)
  • consultancy (reasonable in relation to the work)
  • gifts (minor value and relevant to the practice)
  • purchase related bonuses / rebates

While the article is very general, there is of course a limitation in its generality and that is none of the preciseness of the GMH Code reflected in the amounts and hourly rates that industry can pay has found its way to the law. That means that the IGZ could theoretically have a completely different idea of what is necessary, reasonable or minor and relevant. It is expected however that the government will publish further policy regarding interpretation by the IGZ, so we will need to see how this will land in the end.


The act will enter into force at a date to be determined by implementing act, which no doubt will take place soon.

Companies already diligently implementing the GMH Code for the Netherlands (likely) will not see any substantive changes (we hope) as a result of this law and companies that do not have some additional compliance implementation work to look forward to.

%d bloggers like this: