ISO Standards for Medical Devices and IVDs: Your Complete Reference
The essential ISO standards that govern quality, risk, software, usability, and clinical performance across MDR and IVDR — explained by the team that applies them every day.
ISO and IEC Standards: The Operational Backbone of MDR and IVDR
Medical device and IVD manufacturers must navigate a complex landscape of international standards to achieve and maintain regulatory compliance in Europe. While the EU MDR and IVDR set the legal requirements, ISO and IEC standards provide the operational framework for meeting them, from quality management systems to clinical performance studies.
At MDx CRO, we don’t just advise on these standards, we apply them across 20+ active projects for manufacturers ranging from IVD startups to top-10 global pharma companies. This page is your guide to the ISO standards that matter most for MedTech and IVD compliance in 2026 and beyond.
ISO STANDARDS
Quality Management Systems
ISO 13485:2016 is the cornerstone standard for medical device quality management. It defines the QMS requirements that manufacturers, suppliers, and service providers must meet to demonstrate their ability to provide devices that consistently meet customer and regulatory requirements. Under both MDR and IVDR, Notified Bodies expect ISO 13485 compliance during every conformity assessment audit.
Risk Management
ISO 14971:2019 provides the framework for identifying, evaluating, controlling, and monitoring risks throughout the entire lifecycle of a medical device or IVD. It applies from initial concept through post-market surveillance. Under IVDR and MDR, risk management is embedded in virtually every General Safety and Performance Requirement (GSPR), making ISO 14971 one of the most cross-referenced standards in any technical documentation.
Clinical Performance Studies for IVDs
ISO 20916:2024 defines good study practice for planning, designing, conducting, and reporting clinical performance studies for IVD medical devices. Since the 2024 revision and the addition of Annex ZA, it is directly harmonized with IVDR — giving manufacturers a presumption of conformity for clinical performance study requirements. This is the standard MDx CRO applies across all our IVD clinical performance studies.
Software Lifecycle Processes
IEC 62304:2006+A1:2015 establishes the lifecycle requirements for medical device software, including Software as a Medical Device (SaMD). It covers development planning, requirements analysis, architectural design, implementation, verification, and maintenance. For any IVD or medical device that includes software, from embedded firmware to AI-driven diagnostic algorithms, compliance with IEC 62304 is expected by Notified Bodies.
Usability Engineering
IEC 62366-1:2015+A1:2020 specifies the process for manufacturers to analyse, design, verify, and validate the usability of medical devices. It focuses on minimising use errors that could compromise patient safety. For IVDs, particularly self-testing devices and point-of-care diagnostics, usability engineering is a critical part of the technical documentation reviewed during conformity assessment.
The Role of Harmonized Standards in European Medical Device Regulation
The relationship between ISO standards and European regulation is often misunderstood. ISO standards are technically voluntary — manufacturers are not legally required to follow them. However, when a standard is formally harmonized under the MDR or IVDR and published in the Official Journal of the European Union (OJEU), applying that standard gives the manufacturer a “presumption of conformity” with the corresponding General Safety and Performance Requirements.
In practice, this means that Notified Bodies expect manufacturers to follow harmonized standards. When a manufacturer chooses an alternative approach, they must provide robust justification demonstrating that their method achieves an equivalent level of safety and performance. Most manufacturers find that following the harmonized standard is the most efficient path.
The Harmonization Gap: What Manufacturers Need to Know
One of the biggest challenges facing medical device and IVD manufacturers in 2026 is the harmonization gap. Under the former EU Directives (MDD, AIMDD, and IVDD), over 300 standards were harmonized. Under the current MDR and IVDR, fewer than 30 have been formally harmonized to date.
This gap means that many standards manufacturers rely on daily, including critical ones like IEC 62304 for software and IEC 62366 for usability, have not yet been officially harmonized under MDR or IVDR. To address this, the Medical Device Coordination Group issued MDCG 2021-5, which introduced the concept of “state-of-the-art” standards: even without formal harmonization, manufacturers are expected to apply the most current version of relevant standards as representing the current state of the art.
For manufacturers, this creates a dual obligation. You need to track which standards are formally harmonized (and therefore confer presumption of conformity) and which are considered state of the art (and therefore expected by Notified Bodies even without formal harmonization).
How MDx CRO Applies These Standards in Practice
At MDx CRO, ISO standards are not abstract documents sitting on a shelf. They are the operational backbone of every project we deliver, from clinical performance studies governed by ISO 20916, to risk management processes following ISO 14971, to quality systems built on ISO 13485.
Our team includes former Notified Body reviewers who evaluated technical documentation against these exact standards. This gives us a practical understanding not just of what the standards require, but of how Notified Bodies interpret and apply them during conformity assessment. When we review a manufacturer’s documentation, we do so through the lens of what a Notified Body auditor would flag, because we’ve been on that side of the table.
For IVD manufacturers navigating clinical performance studies, our expertise with ISO 20916 is particularly deep. We have designed, monitored, and reported studies under this standard across multiple EU Member States, managing everything from site qualification to ethics committee submissions to clinical performance study reports.
Choosing Which Standards Apply to Your Device
Not every standard applies to every device. The standards relevant to your product depend on its classification, intended use, technology, and the regulatory pathway you are pursuing. A Class A non-sterile IVD has very different standard requirements than a Class C companion diagnostic running on an NGS platform.
The starting point is always the General Safety and Performance Requirements (GSPRs) in Annex I of the MDR or IVDR. Each GSPR maps to specific standards. Your technical documentation must include a standards checklist showing which standards you have applied, which clauses are relevant, and (where you have deviated) the justification for your alternative approach.
MDx CRO helps manufacturers build this mapping from the beginning of the product development process, ensuring that the right standards are identified early and applied consistently throughout the lifecycle.
ISO-Related Insights from Our Blog
RELATED ARTICLES
Not Sure Which Standards Apply to Your Device?
Our regulatory team, including former Notified Body reviewers, can map the ISO standards relevant to your product and identify compliance gaps before your Notified Body does.
