Diapason Consulting

Medical Devices Regulations 101

November 13, 2022


Regulations are a complex topic. According to Feynman, the best way to master a complex topic is to:
(1) study it
(2) explain it simply
(3) fill any gap.

Here’s my 2cts at step 2, which I wrote for a collaborative project. Feedback welcome for step 3.

National or multinational (EU) regulations impose various requirements for the commercialization of medical devices within (or from) their jurisdictions, that consist in - roughly:

  • compliance to good practices (GxP), pre-market (design controls), post-market (good manufacturing practices, surveillance and reporting) or both (clinical evaluation, risk management)
  • compliance to various principles covering construction, safety and effectiveness (which may include national standards. Different synonyms of the word ‘principles’ are used in different jurisdictions)
  • the implementation of a quality management system to formalize these practices

Regulatory authorities control the compliance of manufacturers and distributors using various tools such as registration and reporting databases, audits and inspections, documentation assessment (technical file, design dossier) or even physical device assessment.

The depth and breadth of the required compliance to these 3 points,
The depth and breadth of how regulatory authorities use these tools,
Whether they implement them themselves or use third parties,
And whether these tools are used preemptively (pre-market approval or clearance) or only in case of reported issues,

depend on the jurisdictions and the rating of the devices according to discrete stratification systems, supposedly risk-based, that differ widely between jurisdictions in spite of using overlapping vocabulary (class 1, 2, 2a/b, 3 etc.)

Compliance to international standards, such as the ones issued by the IEC or the ISO, is in most case a voluntary option by which manufacturers can more easily demonstrate compliance to the regulations, although some of these standards (ISO13485, ISO14971) are de-facto mandatory, through a process called ‘harmonization’.