EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)
March 9, 2026
The EU AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 and is being phased in progressively through 2026 and beyond. For companies developing AI-powered Software as a Medical Device (SaMD), it introduces a second, overlapping regulatory obligation that runs alongside, and interacts with, the existing requirements of EU MDR and IVDR.
This is not a distant compliance horizon. The provisions most relevant to medical device AI became applicable from August 2026. Companies that have not yet assessed their AI systems against the AI Act risk gaps in their technical documentation and conformity processes at exactly the moment Notified Bodies are beginning to incorporate AI Act considerations into their assessments.
This guide explains what the AI Act requires from SaMD developers, how it interacts with MDR and IVDR, and what practical steps manufacturers should be taking now.
The AI Act applies to AI systems placed on the market or put into service in the EU. An AI system is defined as a machine-based system that, given explicit or implicit objectives, infers from inputs how to generate outputs such as predictions, content, recommendations, or decisions that can influence real or virtual environments.
This definition is intentionally broad. It covers:
Deep learning systems including convolutional neural networks used in medical imaging
Natural language processing tools used in clinical documentation or decision support
Bayesian classifiers and other probabilistic inference systems
It does not cover:
Traditional rule-based software with no learning or inference component
Software that executes fixed logic without adaptive behaviour
If your SaMD uses any form of machine learning or statistical inference to generate clinical outputs, the AI Act almost certainly applies.
2. High-Risk AI Classification for Medical Devices
The AI Act categorises AI systems by risk level. For medical device manufacturers, the critical category is high-risk AI.
Under Annex III of the AI Act, AI systems intended to be used as safety components of medical devices, or which are themselves medical devices regulated under MDR or IVDR, are automatically classified as high-risk AI.
This means: if your SaMD is a CE-marked medical device or IVD, or is a software component that performs a safety function within one, it is high-risk AI under the AI Act. There is no further classification analysis required, the medical device status determines it.
High-risk AI systems are subject to the full obligations of the AI Act, including:
Risk management system: an AI-specific risk management process, documented and integrated with the ISO 14971 risk management already required under MDR
Data and data governance: training, validation, and testing datasets must be relevant, representative, free of errors, and sufficiently complete; demographic and geographic representativeness must be documented
Technical documentation: a detailed record of the AI system’s design, development process, training methodology, validation approach, and performance characteristics
Transparency and instructions for use: users must be provided with clear information about the AI system’s capabilities, limitations, accuracy metrics, and circumstances under which human oversight is required
Human oversight: the system must be designed to allow human oversight and intervention; it must not undermine the ability of the operator or user to override, disregard, or reverse outputs
Accuracy, robustness, and cybersecurity: performance must be declared and validated; the system must be resilient to errors, faults, and adversarial manipulation
Conformity assessment: high-risk AI systems must undergo a conformity assessment before being placed on the market
3. How the AI Act Interacts with MDR and IVDR
This is where the compliance picture becomes complex, and where early planning pays off.
The AI Act does not replace MDR or IVDR. Both regulatory frameworks apply simultaneously to AI-powered SaMD. However, the EU has designed a streamlined pathway for medical devices that are already subject to Notified Body review under MDR or IVDR.
Under Article 11 and Annex II of the AI Act, AI systems that are regulated as medical devices benefit from a single technical documentation approach meaning the AI Act technical documentation requirements can be integrated into the existing MDR/IVDR technical file rather than creating a separate document set.
Similarly, for Class IIb and III medical devices (MDR) and Class C and D IVDs (IVDR) which are the most likely to contain high-risk AI the Notified Body involvement already required under MDR/IVDR can cover the AI Act conformity assessment. The Notified Body acts as the relevant conformity assessment body for both frameworks.
In practice this means:
What changes for AI-powered SaMD under the AI Act:
Technical documentation must now explicitly address AI-specific elements: training data governance, model validation across subgroups, bias assessment, explainability approach, and human oversight mechanisms
Post-market monitoring must include AI performance monitoring tracking model drift, accuracy degradation over time, and distribution shift in real-world data
Transparency obligations require new IFU content describing AI limitations and human oversight requirements
A fundamental rights impact assessment may be required for certain high-risk AI applications in healthcare
What does not change:
The MDR/IVDR conformity assessment route remains the primary pathway
The Notified Body relationship established for MDR/IVDR CE marking remains the relevant body
ISO 14971 risk management, IEC 62304 lifecycle management, and clinical evaluation requirements are unchanged AI Act risk management is additive, not a replacement
4. General Purpose AI (GPAI) Models in Medical Devices
A separate and increasingly relevant category is General Purpose AI (GPAI) large foundation models or multimodal AI systems that can be adapted or fine-tuned for specific applications.
If a SaMD developer is building on top of a GPAI model: for example, fine-tuning a large language model for clinical documentation, or adapting a vision foundation model for medical image analysis both the GPAI model provider and the SaMD developer have obligations under the AI Act.
GPAI model providers must publish technical documentation and comply with copyright and transparency requirements. SaMD developers who deploy or fine-tune GPAI models are responsible for ensuring the resulting system meets all high-risk AI obligations, including data governance, validation, and clinical performance claims. The validation methodology for fine-tuned GPAI models in medical contexts is an area where regulatory guidance is still developing, early engagement with your Notified Body is strongly recommended.
5. Key Timelines
August 2024: AI Act enters into force.
February 2025: Prohibitions on unacceptable-risk AI systems apply. Not directly relevant for medical SaMD, but important for any AI used in patient-facing administrative processes.
August 2025: GPAI model obligations apply. SaMD developers building on foundation models must assess their exposure now.
August 2026: High-risk AI obligations fully apply. This is the key deadline for medical device AI. From this date, new AI-powered SaMD placed on the EU market must comply with all high-risk AI requirements.
Post-2026: Notified Bodies designated under the AI Act will begin conducting AI Act-specific conformity assessments. The intersection with MDR/IVDR NB assessments will become a standard part of the conformity process.
6. What to Do Now: A Practical Checklist
Classify your AI systems. Identify every AI component in your SaMD portfolio and confirm whether it meets the EU’s definition of an AI system. For each, document the risk classification and the rationale.
Assess your technical documentation gaps. Review your existing MDR/IVDR technical files against the AI Act Annex IV requirements. Identify where AI-specific content, training data documentation, bias assessment, explainability approach, is missing or insufficient.
Review your data governance. The AI Act’s requirements for training data representativeness and bias documentation are more explicit than anything in MDR. If your training data governance is not documented at the level the AI Act requires, this is a gap that needs addressing before your next Notified Body audit.
Update your IFU and labelling. Transparency obligations mean users must be explicitly informed about AI limitations, performance metrics across relevant subgroups, and circumstances requiring human override. Most current SaMD IFUs are not written to this standard.
Engage your Notified Body. Ask your NB directly how they are approaching AI Act integration into MDR/IVDR assessments. Different NBs are at different stages of readiness, and early clarity on what they will expect prevents last-minute documentation gaps.
Build AI performance monitoring into your PMS. Post-market surveillance for AI-powered SaMD must now track model performance over time. If your PMS plan does not include AI-specific monitoring metrics, update it before August 2026.
Regulatory affairs specialist & CRA with expertise in EU MDR/IVDR, CE marking, Biological Evaluations (dental), and clinical investigations & technical documentation for MDs & IVDs.
EU MDR 2017/745 for Dental Devices: Complete Guide (2026)
March 2, 2026
Dental device regulation under EU MDR 2017/745 has increased the level of scrutiny applied to manufacturers, particularly in three areas: classification decisions, clinical evidence, and Notified Body (NB) review readiness. The practical consequence is simple: submissions that lack internal consistency generate more questions, longer review cycles, and avoidable delays.
In the 2026 webinar delivered by regulatory experts from MDx CRO, the discussion focused on the most common challenges and the most reliable strategies for dental device manufacturers. The insights were grounded in real-world regulatory work supporting more than 500 CE-marked devices, with an emphasis on reducing regulatory risk and building submissions that remain defensible under NB assessment.
Request the webinar replay
receive classification examples, common NB pitfalls, and an NB-ready evidence pack checklist.
Manufacturer priorities under EU MDR: what drives timelines and outcomes
EU MDR does not typically create delays because manufacturers do not have documents. Delays occur when documentation does not form a single, defensible position. Notified Bodies escalate questions when claims, classification rationale, risk controls, clinical evidence, and post-market plans do not support the same intended purpose and performance narrative.
Key priorities for dental device manufacturers under EU MDR:
Establish and maintain a consistent intended purpose and claim set across the file (labeling, IFU, CER, and technical documentation).
Build a classification rationale that is explicit, referenced, and difficult to misinterpret.
Demonstrate clinical evidence proportionality, clearly linked to risk, novelty, and claims.
Prepare for NB review with a coherent evidence package, including traceability from hazards to controls to verification.
Ensure PMS and PMCF are designed to confirm performance and safety in real use, not to satisfy a formal requirement.
A submission is reviewed as an argument supported by evidence. When the argument changes between sections of the file, the NB must resolve the conflict through questions. That process is where time is lost.
Step 1. Classify your dental device correctly (Annex VIII)
Classification under Annex VIII is the point where regulatory strategy becomes operational. A small change in intended purpose or in device characteristics can shift the class and materially change clinical evidence expectations, NB involvement, and post-market obligations.
In the webinar, the discussion repeatedly returned to the importance of early discipline around intended purpose. Dental manufacturers often broaden claims for commercial reasons (for example, broad “compatibility” claims or biologically ambitious performance language). Under MDR, that approach frequently increases the burden of proof.
Practical classification anchors in dental:
Implants and implantable devices frequently fall under Rule 8, with class outcomes dependent on specific characteristics and risk context.
Resorbable materials often face elevated scrutiny because performance and safety evolve as the product degrades and interacts with tissue.
Custom-made versus patient-matched frequently causes misclassification and incorrect pathway selection, particularly in digital workflows.
Software classification under Rule 11 can change significantly based on clinical impact and decision influence.
A defensible classification process typically answers these questions explicitly:
What is the intended purpose and what claims are being made?
Is the device invasive, and if so, what level of invasiveness applies?
What is the duration of use and the relevant contact type?
Is the device implantable, resorbable, or otherwise associated with long-term biological interaction?
Does the device incorporate a medicinal substance with an ancillary action?
Is any element of the product regulated as software influencing clinical decisions?
Classification is assessed as a justification, not a label. A strong justification reduces NB discretion and stabilises the remainder of the submission.
Step 2. Conformity assessment route by class, and how Notified Bodies evaluate risk
Manufacturers often plan around the conformity assessment route, but Notified Bodies allocate effort based on what drives residual risk and uncertainty. Under MDR, two devices of the same class can attract different levels of scrutiny when novelty, claim strength, or evidence quality differs.
In dental, common drivers of NB scrutiny include:
Novel materials and surface treatments particularly where particulate generation, chemical residues, coating stability, or long-term performance need stronger justification.
Compatibility and system claims, especially for implant components and abutments, where broad claims are difficult to support without precise system definition and evidence.
Borderline product categorisation, such as semi-finished CAD/CAM materials, where intended purpose determines medical device status.
Digital workflows, where the manufacturer controls design parameters and outputs are patient-specific within defined constraints.
From a submission strategy perspective, the objective is to reduce uncertainty for the reviewer. That is achieved by ensuring the file communicates a consistent position:
The intended purpose and claims are consistent and reflected in labeling and IFU.
The classification rationale is explicit and mapped to Annex VIII logic.
Risk controls are linked to verification and validation evidence.
Clinical evaluation is proportionate and aligned to claims.
PMS and PMCF demonstrate control over real-world performance.
The NB review process accelerates when the documentation structure allows rapid verification of consistency. It slows down when the reviewer has to reconcile contradictions between sections.
Step 3. Clinical evidence strategy for dental devices: CER, PMCF, and clinical investigations.
Clinical evidence is typically the largest schedule and cost driver under MDR. The core issue is not volume; it is relevance and alignment to the intended purpose, claims, and risk profile.
A manufacturer-ready clinical evidence strategy generally combines:
A Clinical Evaluation Report (CER) anchored to intended purpose and claims.
Literature appraisal aligned with state of the art and device technology.
Post-market surveillance (PMS) data, including complaint trending and failure mode monitoring.
A PMCF approach proportionate to risk and uncertainty, designed to confirm performance and safety in clinical use.
The webinar highlighted a recurring decision point for manufacturers: when “well-established technology” is an appropriate foundation for clinical justification, and when novelty requires additional clinical evidence.
Practical examples discussed in dental context:
Implantables may be approached differently depending on the maturity of the technology, materials, and the presence of novel surface engineering or expanded clinical claims.
Resorbable grafting materials and membranes often require particular attention to degradation behaviour, degradation by-products, biological response, and performance endpoints over time.
Legacy devices require a structured assessment of whether existing data remains fit for MDR expectations and current clinical practice.
Notified Bodies evaluate clinical evidence against the totality of the file. Evidence is rarely accepted in isolation if risk management, claims, and verification logic do not support it.
How to pass a Notified Body Assessment as a dental device manufacturer
In practice, manufacturers do not lose time because they miss a single document. They lose time when their file is not reviewable as a system. Notified Bodies move more efficiently when traceability is clear and when the submission reads as one coherent position.
A practical Assessment-readiness checklist:
Intended purpose and claims are consistent across IFU, labeling, CER, and technical documentation.
Classification is justified with explicit Annex VIII logic and references.
Risk management is device-specific and connects hazards to controls and to verification evidence.
Verification and validation are planned around worst cases, critical characteristics, and real-use conditions.
Clinical evaluation is aligned to claims and supported by appropriate PMS/PMCF.
PMS/PMCF plans are measurable, realistic, and proportionate.
The NB-ready evidence pack (manufacturer checklist)
For internal alignment and faster NB interaction, a compact evidence pack is often effective. A practical NB-ready pack includes:
Device description, intended purpose, and claim list (single source of truth)
Annex VIII classification memorandum (rule logic and rationale)
GSPR checklist with clear evidence references
Risk management file (ISO 14971) and traceability to controls
Verification and validation plan and reports (including worst-case rationale)
Biological evaluation strategy (ISO 10993) and, where relevant, extractables and leachables considerations
Mechanical performance evidence, acceptance criteria, and justification of test conditions
Clinical evaluation (CER), literature strategy, and equivalence rationale when applicable
PMS plan and PMCF plan/report (tailored to failure modes and risk profile)
Labeling and IFU, including UDI readiness and EUDAMED considerations as applicable
The evidence pack is not a marketing summary. It is a reviewer tool. Its value is to reduce time spent locating and reconciling information across the file.
How to categorise dental devices under EU MDR (classification shortcuts by product type)
Dental manufacturers rarely struggle with the existence of Annex VIII. The difficulty is applying it consistently across a portfolio that mixes implantables, materials, digital workflows, and patient-specific outputs. A practical way to reduce ambiguity is to group dental devices by product type first, then confirm the applicable MDR rules and evidence expectations.
Dental implants and abutments Typical focus areas include the Annex VIII rationale (often centred on implantability), the scope of compatibility claims (system-specific definition), mechanical performance evidence, and the regulatory impact of surface treatments and coatings.
Resorbable grafting materials, membranes, and hemostats These products often require careful justification of degradation behaviour, degradation by-products, biological response over time, and clinically relevant endpoints. Evidence expectations frequently increase with resorption and biological interaction.
Restoratives and CAD/CAM materials (including semi-finished products) Categorisation often depends on intended purpose and how the manufacturer positions the product (medical device versus material). Performance claims, manufacturing controls, and labeling language typically drive both classification stability and clinical evidence requirements.
Custom-made versus patient-matched devices The practical distinction is design control. Custom-made devices require a prescription-led pathway with specific documentation, while patient-matched outputs often operate within a validated design envelope controlled by the manufacturer. This distinction materially affects technical documentation and lifecycle obligations.
Dental software, AI, and digital workflows Software categorisation under Rule 11 depends on how the software influences clinical decisions and outcomes. Validation, cybersecurity, and change control become central, and AI governance requirements can intersect with technical documentation expectations.
Common dental device categories to review:
A structured categorisation approach helps manufacturers align intended purpose, classification rationale, verification planning, and clinical evidence strategy across the full file, which reduces clarification cycles during review.
PMS, PMCF, UDI/EUDAMED, and legacy devices: maintaining market access
Under MDR, post-market obligations are part of the evidence lifecycle. PMS and PMCF support the ongoing demonstration of safety and performance and can become decisive during renewals and significant changes.
Practical PMS and PMCF considerations in dental:
Define and monitor meaningful signals: failures, revisions, fractures, loosening, complaint patterns, and trends linked to known failure modes.
Ensure PMCF is proportionate and focused on remaining uncertainty, rather than generic data collection.
Maintain a controlled approach to labeling updates, complaint handling, and vigilance reporting.
For legacy devices, manufacturers should perform a structured assessment of whether existing clinical and post-market data remains sufficient for current claims, current clinical practice, and MDR expectations. Where gaps exist, a targeted plan that links risk management to clinical evaluation and post-market follow-up reduces uncertainty and supports continuity of market access.
MDR transition in practice: Argen dental alloys case study
Many MDR transitions fail for predictable reasons: legacy documentation does not meet MDR expectations, clinical evaluation lacks alignment to intended purpose and risk management, and post-market systems are not mature enough to support lifecycle obligations. A recent example from dental materials demonstrates what a structured transition can look like in practice.
Argen transitioned a legacy dental alloy portfolio to Regulation (EU) 2017/745 for use in fabricating full-cast and ceramic-veneered restorations (including crowns, bridges, and removable partial dentures). The project required closing historical Notified Body non-conformities and strengthening core regulatory processes to achieve an audit-ready MDR position
receive classification examples, common NB pitfalls, and an NB-ready evidence pack checklist.
Frequently Asked Questions About Dental Device Regulation
Do legacy (MDD) dental devices require new clinical data under EU MDR 2017/745?
Not automatically. The decision depends on risk profile, intended purpose, claims, and whether the technology can be justified as well established using appropriate literature, PMS data, and alignment with the state of the art.
Custom-made vs patient-matched in dentistry: what is the practical difference, and what does it change?
The practical difference is design control. Custom-made devices rely on a written prescription and patient-specific specifications defined by the healthcare professional. Patient-matched devices are typically produced within a validated “design envelope” controlled by the manufacturer. This distinction affects documentation expectations, validation logic, and lifecycle obligations.
What validation evidence is expected for patient-matched dental devices?
Manufacturers should define a validated design envelope, identify worst-case configurations within that envelope, and validate the worst case in its final condition. This approach supports a defensible argument that the full envelope remains safe and performs as intended.
Why do resorbable grafts and membranes face higher scrutiny, and what evidence is usually questioned?
Because risk and performance evolve over time as the device degrades. Evidence discussions often focus on degradation behaviour, degradation by-products, biological response, and clinically relevant performance endpoints across the functional period.
When does dental software fall under MDR Rule 11, and what is the fastest way to reduce Notified Body back-and-forth?
When software influences clinical decisions or outcomes, Rule 11 can apply and classification may increase, triggering stronger validation and control expectations. To reduce review cycles, manufacturers should maintain consistency across intended purpose and claims, classification rationale, risk management, verification evidence, clinical evaluation, and PMS/PMCF. Inconsistencies are a major driver of clarification rounds and timeline slippage
Written by:
Alberto Bardají
Head of Medical Devices
Senior med-tech expert & ex-Notified Body reviewer with deep experience in high-risk implants, orthopedics, dental & neurology.
This article explains what the FDA QMSR changes in practical terms.
Specifically, it clarifies:
How the updated MDSAP Audit Approach aligns with QMSR
How FDA inspections now operate under CP 7382.850
Which documentation areas receive increased inspection attention
How manufacturers can structure a QMSR gap assessment
What inspection exposure points regulatory teams should proactively address
These changes are particularly relevant for manufacturers operating in complex regulatory environments, including companies developing FDA companion diagnostics. In these companies design controls, labeling, clinical evidence, and post-market monitoring must operate as an integrated lifecycle system.
Why the FDA QMSR Matters Now?
The FDA QMSR represents more than structural alignment with ISO 13485. It modernizes inspection methodology, expands documentation accessibility, and reinforces a lifecycle-based, risk-driven enforcement approach.
Under the former QSR model, inspections often focused on subsystem compliance using QSIT checklists. Under QMSR, investigators evaluate how quality processes function collectively across the total product lifecycle.
MDSAP Audit Approach 2026: How It Differs from FDA Inspections Under QMSR
MDSAP audits and FDA inspections are frequently discussed together. However, they serve fundamentally different regulatory functions.
An MDSAP audit is conducted by an FDA-recognized Auditing Organization. It provides a structured, scheduled, and standardized assessment covering ISO 13485 and the regulatory requirements of participating authorities, including the FDA. The audit focuses on conformity with harmonized quality management system requirements. Participation remains voluntary.
An FDA inspection, by contrast, is a statutory enforcement activity conducted directly by FDA investigators. Its objective is not certification, but the evaluation of compliance with U.S. legal requirements and the identification of potential violations, systemic weaknesses, or public health risks.
Under the FDA QMSR framework, this distinction remains critical.
In practical terms:
MDSAP is conformity-focused, scheduled, and audit-driven.
FDA inspections are compliance-driven, investigative, and enforceable.
Because of these structural differences:
MDSAP does not replace FDA’s legal authority to inspect.
FDA inspections are not limited by the MDSAPtask structure.
A successful MDSAP audit does not guarantee a favorable FDA inspection outcome.
While strong MDSAP performance may influence FDA surveillance planning, it does not eliminate the possibility of routine, risk-based, or for-cause inspections.
Common Industry Assumptions That Elevate Inspection Risk Under QMSR
Despite years of MDSAP implementation and increasing alignment with ISO 13485, several structural misunderstandings remain common within regulatory teams. Under the FDA QMSR framework, these assumptions may create unintended inspection exposure.
Among the most frequent are:
“MDSAP replaces FDA inspections.” MDSAP may inform FDA’s surveillance planning. However, it does not limit FDA’s statutory authority to conduct routine, risk-based, or for-cause inspections.
“If the MDSAP auditor did not identify it, FDA will not pursue it.” FDA investigators are not constrained by MDSAP audit depth, sampling methodology, or task sequencing. They may pursue any line of inquiry necessary to evaluate U.S. compliance.
“MDSAP and FDA inspections evaluate the same criteria.” MDSAP assesses conformity to harmonized quality system requirements. FDA inspections evaluate compliance with U.S. law and potential public health impact.
“ISO 13485 certification ensures FDA compliance.” Although ISO 13485 is incorporated by reference into QMSR, FDA-specific statutory and regulatory requirements remain fully enforceable.
“MDSAP covers all U.S.-specific expectations.” While the audit model maps U.S. requirements, FDA inspections may extend beyond mapped tasks and request additional evidence where risk or compliance concerns arise.
Collectively, these assumptions overlook a central element of the FDA QMSR transition.
QMSR vs QSR vs ISO 13485: What Actually Changed
Many organizations assume that QMSR simply “equals ISO 13485.” However, that interpretation is incomplete.
Although ISO 13485:2016 is incorporated by reference into U.S. law, FDA-specific statutory and regulatory requirements remain fully enforceable. Therefore, obligations related to UDI, Medical Device Reporting (MDR), device listing, and labeling controls continue to apply.
As a result, companies that focus solely on ISO 13485 conformity may overlook additional documentation, traceability, and enforcement expectations that FDA investigators apply during inspections.
Comparison: QSR vs QMSR vs ISO 13485
Element
Former QSR (21 CFR 820)
FDA QMSR (2026)
ISO 13485:2016
Legal Status
U.S. regulation
U.S. regulation incorporating ISO 13485 by reference
International standard (voluntary unless required)
Inspection Model
QSIT-based
CP 7382.850 lifecycle & risk-based
Certification audit model
Internal Audit Access
Certain protections under §820.180(c)
Internal audit & management review records reviewable
Auditor access during certification
CAPA Focus
Procedural compliance
Demonstrated effectiveness & root cause verification
Effectiveness required but certification-oriented
Design Controls
Detailed QSR-specific structure
ISO 13485 clause 7.3 structure + FDA overlays
Clause 7.3 framework
FDA-Specific Requirements
Fully embedded
Still fully enforceable (UDI, MDR, labeling, etc.)
Not included
Key takeaway: ISO 13485 alignment does not eliminate FDA-specific compliance obligations. FDA retains enforcement authority under U.S. law.
FDA Compliance Program 7382.850: How Inspections Work Under QMSR
As of February 2, 2026, FDA retired QSIT and implemented Compliance Program 7382.850.
Inspections now organize around:
Six Quality Management System (QMS) Areas:
Change Control
Design & Development
Management Oversight
Outsourcing & Purchasing
Production & Service Provision
Measurement, Analysis & Improvement
Four Other Applicable FDA Requirements (OAFRs):
Tracking
Corrections & Removals
Medical Device Reporting (MDR)
Unique Device Identification (UDI)
Under this model, FDA evaluates how quality subsystems operate as an interconnected framework rather than as isolated elements. Inspectors assess whether risk information, design decisions, post-market data, and management oversight are aligned throughout the product lifecycle.
For manufacturers of companion diagnostics, this system-level evaluation is particularly significant, as design inputs, labeling claims, clinical performance data, and post-market monitoring directly influence one another.
What FDA Inspectors Scrutinize Most Under QMSR
Based on regulatory inspection support experience, three documentation areas now present heightened exposure.
1. Internal Audits, Supplier Audits, and Management Review Records
Under QMSR, FDA inspectors may review:
Internal audit reports
Supplier audit outcomes
Management review records
As our QA/RA Specialist Joana Martins notes from inspection support experience, investigators increasingly evaluate whether quality processes function effectively in practice, not merely whether procedures formally exist.
Records must clearly demonstrate:
Identified issues
Root cause analysis
Corrective actions
Follow-up and documented closure
Incomplete or draft audit records increase inspection risk.
2. Design Controls and Traceability (ISO 13485 Clause 7.3)
QMSR aligns with ISO 13485 clause 7.3. However, manufacturers must demonstrate full traceability across:
User needs
Design inputs
Design outputs
Verification and validation
Residual risks
Traceability weaknesses frequently arise between:
Risk management files
Labeling claims
UDI triggers
MDR criteria
Inspectors expect objective evidence that these elements remain consistently aligned across documentation and decision-making processes.
For companion diagnostics, this alignment is especially critical because intended use, biomarker claims, and clinical evidence directly impact regulatory risk classification.
3. CAPA and Effectiveness Verification
CAPA remains one of the most enforcement-sensitive areas under QMSR.
A recurring weakness observed during inspection preparation is the absence of documented effectiveness verification following corrective actions. Closing a CAPA administratively is insufficient. Investigators expect objective evidence demonstrating that actions eliminated root causes and prevented recurrence.
Documented effectiveness checks are not procedural formalities, they serve as evidence that the quality system operates as intended.
Inspection Risk Indicators Under FDA QMSR
The transition to the FDA QMSR has altered not only inspection structure but also inspection depth. Under Compliance Program 7382.850, FDA investigators apply a lifecycle and risk-based model that prioritizes system effectiveness, data integrity, and management oversight.
For this reason, manufacturers should not wait until an inspection is scheduled to evaluate potential vulnerabilities. Identifying structural weaknesses in advance is critical because inspection findings under the QMSR framework increasingly derive from systemic inconsistencies rather than isolated documentation gaps.
Proactive identification of inspection risk indicators allows organizations to:
Reduce the likelihood of Form 483 observations
Prevent escalation to warning letters or enforcement action
Shorten remediation timelines
Demonstrate mature quality governance
Below are recurring inspection risk indicators observed in practice under the evolving QMSR inspection model:
Examples of Documentation Weaknesses Observed During Inspections
Risk Area
Typical Vulnerability
CAPA
Repeated issues without documented effectiveness verification
Design Controls
Incomplete traceability between risk analysis and design inputs
Management Review
Minutes lacking documented decisions, metrics, or follow-up actions
Supplier Oversight
Absence of risk-based justification for audit scope
Post-Market Surveillance
Complaint trends not connected to CAPA or design updates
Documentation Areas Receiving Increased Inspection Attention Under QMSR
The transition to QMSR expands the practical scope of documentation that investigators may review.
Under the former QSR, certain internal records were less frequently examined due to inspection structure and interpretative practice. Under QMSR, those same records may serve as direct evidence of whether management oversight, supplier controls, and internal audit processes operate effectively.
Investigators assess whether:
Issues are identified systematically
Root causes are documented clearly
Decisions are traceable
Corrective actions are verified for effectiveness
Inconsistent documentation, incomplete audit closure, or lack of traceability between systems may now carry greater inspection consequences than under the previous model.
QMSR Gap Assessment Framework
ISO 13485 certification does not automatically confirm FDA QMSR compliance. A structured gap assessment helps identify regulatory overlays and inspection exposure points.
A practical QMSR gap assessment should include:
1. Clause Mapping
Map ISO 13485 clauses to QMSR references and confirm terminology alignment.
2. FDA-Specific Overlay Identification
Verify incorporation of:
UDI requirements
MDR reporting triggers
Labeling obligations
Device listing controls
3. Documentation Exposure Review
Assess:
Internal audit completeness
CAPA effectiveness evidence
Management review decision traceability
Supplier risk classification
4. Inspection Simulation
Conduct mock inspections aligned with CP 7382.850 to test system coherence.
Even when corrective actions remain in progress, documented identification and remediation planning demonstrate regulatory control and transparency.
What the QMSR Means for U.S. Manufacturers and FDA Inspections
The most important U.S.-specific change is the removal of references to the former FDA Quality System Regulation (21 CFR 820). These have been replaced with references aligned to the QMSR, under which ISO 13485:2016 is now incorporated by reference into U.S. law. This does not mean that all FDA-specific requirements disappear. U.S. statutory and regulatory obligations continue to apply where relevant.
The updated MDSAP Audit Approach also reflects several U.S. regulatory updates that have been in effect since March 2024:
Device listing updates: Manufacturers must confirm or update their device listing information annually between October 1 and December 31, or whenever a relevant change occurs (21 CFR 807).
Predetermined Change Control Plans (PCCPs): The audit model now clarifies how PCCPs are assessed, particularly for software-based and AI-enabled devices, aligning with FDA’s existing change control requirements under 21 CFR 807.81 and 21 CFR 814.39.
These requirements are not new, but the 2026 MDSAP update removes inconsistencies between what auditors assess and what FDA expects.
Beyond the U.S.-specific updates, there is also a broader change that affects all participating jurisdictions. The term “critical supplier” has been removed and replaced with more practical language referring to “suppliers that should be considered for audit as part of the MDSAP audit of the organization.” This better reflects ISO 13485 risk-based thinking and reduces ambiguity around supplier oversight across different regulatory systems.
Other international changes Under the FDA’s QMSR Framework
While this article focuses on the U.S. regulatory framework, the updated audit approach also incorporates important revisions from other participating regulatory authorities:
Australia (TGA): Alignment with the Procedure for Recalls, Product Alerts and Product Corrections (PRAC), which came into effect in March 2025.
Brazil (ANVISA): Updated references to RDC 830/2023 (IVDs) and RDC 751/2022 (medical devices).
These changes ensure the audit model reflects current regulatory frameworks across all participating jurisdictions.
Practical implications for medical device manufacturers
FDA’s new compliance program significantly raises expectations for how manufacturers demonstrate quality system effectiveness during inspections:
FDA inspectors are evaluating how quality processes work together in practice. Making a strong emphasis on risk management, data integrity, and decision-making across the total product lifecycle.
Previously “internal” records are now fair game. Internal audit reports, supplier audit outcomes, and management review records may be reviewed during inspections. These documents must clearly reflect issues identified, decisions made, and actions taken.
Risk management must be continuous and demonstrable. FDA expects risk to be actively monitored and linked to CAPA, design changes, supplier controls, and post-market surveillance, and not treated as a static or one-time exercise.
Post-market data is a primary inspection focus. Complaint trends, medical device reporting, recalls, UDI, and tracking data are increasingly used to assess whether the quality system is effective and responsive to real-world performance.
Inspection scope may be driven by data. FDA may use pre-inspection data reviews or remote assessments to target areas of concern, increasing scrutiny where trends or inconsistencies are identified.
To summarize, manufacturers should ensure their quality systems tell a coherent, data-supported story and demonstrate not just compliance, but control and effectiveness.
What medical device manufacturers should do before their next audit or inspection
Manufacturers should:
Strengthen internal audits to test effectiveness, not just compliance
Ensure management review and CAPA are data-driven and risk-focused
Prepare clear inspection narratives, not just procedures
Train teams on inspection behavior and communication
By strengthening these foundations, manufacturers can approach their next audit or inspection with clarity, confidence, and control.
Key takeaways for companies targeting the US market
MDSAP remains valuable, but it is no longer sufficient on its own
FDA inspections are becoming more structured, consistent, and data-driven
Early alignment with QMSR expectactions reduces inspection risk, delays and remediation costs
Strategies for Modern and effective compliance.
How MDx Supports FDA QMSR Readiness: Expert Insight
Transitioning from QSR to FDA QMSR requires more than updating terminology. It demands structural alignment, inspection-oriented preparation.
Based on field experience supporting manufacturers through inspection preparation and regulatory alignment projects, Joana Martins, QA/RA Specialist at MDx, emphasizes that the most frequent vulnerabilities do not stem from missing procedures, but from insufficiently demonstrated system effectiveness.
According to Joana’s inspection readiness experience, organizations often underestimate three exposure points during FDA inspection preparation:
The depth of documentation review now permitted under QMSR
The need for traceability between risk management, design controls, and post-market data
The importance of documented effectiveness verification within CAPA systems
To address these exposure points, MDx supports medical device manufacturers through:
Independent QMSR-aligned readiness assessments focused on inspection exposure
Structured QMSR gap analysis incorporating FDA-specific regulatory overlays
Mock FDA inspections aligned with Compliance Program 7382.850
Strategic support for companies developing FDA companion diagnostics, where design traceability, labeling controls, and lifecycle data integration require heightened regulatory coherence
Rather than approaching FDA QMSR as a documentation update, MDx works with organizations to ensure their quality systems demonstrate operational integrity, risk-based decision-making, and inspection resilience.
Organizations preparing for FDA inspection or evaluating their QMSR alignment can benefit from early, structured assessment. Proactive evaluation reduces remediation timelines, minimizes inspection disruption, and strengthens regulatory confidence.
Frequently Asked Questions About FDA QMSR, MDSAP, and Inspections
What is the main difference between QSR and QMSR?
The main difference is structural alignment. Under QSR, FDA requirements were written directly into 21 CFR Part 820. Under QMSR, the FDA incorporates ISO 13485:2016 by reference into U.S. law while keeping FDA-specific obligations in force. In short, QMSR harmonizes structure with ISO 13485. However, it does not reduce FDA enforcement authority or eliminate U.S.-specific requirements such as MDR, UDI, or device listing.
Does ISO 13485 certification guarantee FDA compliance under QMSR?
No, it does not. Although ISO 13485 forms the backbone of QMSR, FDA-specific statutory requirements still apply. Manufacturers must comply with MDR, UDI, corrections and removals, and other U.S. obligations. Based on regulatory experience, companies often assume ISO certification closes all gaps. In practice, a targeted QMSR gap assessment is necessary to confirm full FDA alignment.
What replaced QSIT in FDA inspections?
FDA replaced QSIT with Compliance Program 7382.850, effective February 2, 2026. This new program aligns inspections with the QMSR framework. Instead of subsystem checklists, FDA now organizes inspections around six QMS areas and four Other Applicable FDA Requirements (OAFRs). As a result, inspections follow a more integrated, risk-based, lifecycle-focused approach.
Can FDA inspect internal audit reports under QMSR?
Yes. Under QMSR, FDA investigators may review internal audit reports, supplier audits, and management review records. In practice, inspectors now verify whether issues were identified, documented, and effectively closed. They no longer focus only on whether procedures exist, they assess whether the system works as intended. Incomplete or unverified audit actions may increase inspection risk.
What records are now receiving greater scrutiny during FDA inspections?
FDA now places greater scrutiny on: – Internal and supplier audit reports – Management review documentation – Design control traceability records – CAPA procedures and effectiveness checks From inspection experience, CAPA effectiveness verification is a frequent weak point. Companies often implement corrective actions but fail to document objective evidence that the action resolved the root cause. Under QMSR, effectiveness matters as much as documentation.
Why are companies that passed MDSAP still receiving FDA 483 observations?
Because MDSAP and FDA inspections serve different purposes. MDSAP evaluates conformity. FDA inspections assess legal compliance and public health risk. FDA investigators are not bound by MDSAP sampling methods or audit scope. If inspectors identify ineffective CAPA, weak traceability, or gaps between procedures and actual practice, they may issue Form 483 observations, even after a successful MDSAP audit.
How should manufacturers prepare for FDA inspections under QMSR?
Start early. Preparation often takes longer than expected. Then conduct a structured QMSR gap assessment. ISO 13485 compliance alone does not confirm full FDA alignment. Finally, train teams on Compliance Program 7382.850. Mock interviews and inspection simulations help identify weaknesses. Even documented remediation in progress demonstrates system control and reduces inspection risk.
When does FDA QMSR enforcement begin?
FDA QMSR enforcement began on February 2, 2026, when the new Quality Management System Regulation officially replaced the former Quality System Regulation (21 CFR Part 820). From that date, FDA inspections operate under Compliance Program 7382.850.
What are the FDA QMSR and ISO 13485 harmonization requirements for 2026?
Under the 2026 QMSR, ISO 13485:2016 is incorporated by reference into U.S. law. This means manufacturers must meet ISO 13485 requirements as part of FDA compliance. However, harmonization is not complete equivalence, FDA-specific obligations such as UDI, MDR reporting, device listing, and labeling controls remain fully enforceable and are not covered by ISO 13485 alone. See the QSR vs QMSR vs ISO 13485 comparison table above for a detailed breakdown.
Written by:
Joana Martins
QARA Specialist
QA/RA Specialist supporting teams in clinical evaluations and regulatory compliance with ISO 13485, MDR, and international medical device requirements (FDA, Health Canada, ANVISA).
IVDR Annex XIV Performance Studies for Companion Diagnostics: A Step-by-Step Guide 2026
February 19, 2026
This IVDR Annex XIV clinical performance study guide explains how you can plan and obtain authorisation for performance studies under Annex XIV of the IVDR when it involves a companion diagnostic. It aims to be practical and aligned with current expectations of ethics committees and competent authorities in the European Union.
If you require a structured checklist, you can download the Annex XIV Performance Study Authorisation (PSA) Toolkit, including an ISO 20916 monitoring checklist, templates, and a pre-submission workplan.
Cleared for Enrollment: A Practical Guide to IVDR Annex XIV Studies
Download the white paper here.
IVDR Annex XIV Clinical Performance Study: When PSA vs PSN Applies for Companion Diagnostics
Companion diagnostics (CDx) often require an IVDR Annex XIV clinical performance study because these tests directly influence patient management. Therefore, understanding when a Performance Study Authorisation (PSA) or a Performance Study Notification (PSN) applies is critical for effective regulatory planning and avoiding unnecessary delays.
Why Companion Diagnostics Often Fall Under Annex XIV
Companion diagnostics frequently fall under Annex XIV of the IVDR because the test result guides key treatment decisions, including:
Patient selection
Treatment allocation
Therapy continuation or discontinuation
If the study design allows test results to influence clinical decisions, regulators consider the study interventional, and this classification triggers the need for a Performance Study Authorisation (PSA). In addition, if you use the device outside its intended purpose as defined in the Instructions for Use (IFU), the IVDR framework also requires a PSA.
When Does a PSA Apply Under Article 58(1)?
For any IVDR Annex XIV clinical performance study, Article 58(1) serves as the key provision to determine whether a PSA is required. A PSA becomes mandatory if you meet any of the following three criteria:
You perform surgically invasive sample collection specifically for the clinical performance study (CPS).
You design the study as interventional in nature.
You introduce additional invasive procedures or other risks for participants.
If even one of these criteria applies, you must obtain a Performance Study Authorisation before starting the study.
When Does a PSN Apply Under Article 58(2)?
If you do not meet any of the Article 58(1) criteria, Article 58(2) may apply instead. In that case, you may submit a Performance Study Notification (PSN) when:
The study uses leftover samples only
The study includes no additional invasive procedures
Test results do not influence patient management
The design remains strictly non-interventional
However, even when these conditions apply, you must carefully evaluate national requirements and specific study design details to confirm that a PSN remains appropriate.
Combined Medicinal Product and Diagnostic Studies
An IVDR Annex XIV clinical performance study that involves both a companion diagnostic and a medicinal product requires structured coordination from the outset. When both regulatory frameworks apply, the Clinical Trials Regulation (CTR) governs the medicinal product, while the IVDR governs the diagnostic. Consequently, you must align timelines, documentation, and regulatory strategy under both frameworks to avoid inconsistencies and delays.
Step-by-Step: from planning to PSA approval
1. IB and CPSP Essentials, and the Link Between Endpoints, Intended Use, and Cut-off Strategy
Begin with a coherent Investigator’s Brochure (IB) and Clinical Performance Study Plan (CPSP). Every claim in the CPSP should trace to the intended purpose of the device and to analytical and clinical evidence that is sufficient for that claim. Endpoints must align with the intended clinical decision.
Based on our experience with more than 100 projects, the following two review findings occur repeatedly:
Analytical cut-off and validation. Authorities closely examine how the assay cut-off has been defined and supported. Sensitivity, precision, and accuracy should demonstrate that the device performs in a way that supports safe clinical decisions. Weak justification invites questions about patient misclassification risk, which frequently leads to requests for information.
Endpoints not aligned with intended use. Reviewers frequently question primary endpoints that are not clearly tied to clinical performance or to the intended use of the device. The endpoint should map directly to the decision being made for the patient.
Practical measures we have implemented in more than 100 projects:
Draft the statistical analysis plan early and show a clear line from intended use to endpoint to success criteria.
Map each analytical study (limit of detection, limit of quantitation, precision, interference, cut-off justification) to the clinical claim it supports.
2. Country Submissions: ethics committees, competent authorities, portals, translations, and fees
Plan both the ethics and competent authority pathways, including accounts for national portals, translation policies, and fee payments. Country-specific requirements can change timelines and logistics.
Some examples of country-specific requirements:
France requires an IDRCB registration code. The protocol, informed consent form, and insurance certificate must display this code. Missing or inconsistent use of the code commonly triggers requests for information.
Poland may require a physical submission package rather than a fully electronic file. Plan accordingly all documents that require original signatures. Courier time, notarised copies where applicable, and signature sequencing should also be built into the schedule.
A brief pre-submission checklist:
Identification of country EC-NCA submission approach (sequential, parallel, combined) and EC meeting schedules
Portal access verified and roles assigned for both ethics committees and competent authorities.
National identifiers obtained and propagated consistently across documents.
Translation scope defined and quality-controlled, particularly for patient-facing materials.
Insurance certificates aligned with the study footprint and national expectations.
Fee tables confirmed and purchase orders in place.
3. Timelines, Clock-Stops, and Expert Consultations
Validation and assessment phases of review often include clock-stops for clarification, where the reviewing authority can ask for further information, known as Request for Informations (RFIs). You should define internal service levels for responses in advance, and topic ownership should be clear across analytical, clinical, and biostatistics contributors. A master cross-reference that links CPSP, IB, risk management, and statistical sections reduces the risk of inconsistent responses. In Pickett’s assessment, assigning topic ownership for analytical, clinical, and statistical responses before submission helps keep clock-stops short and prevents inconsistent answers across documents.
IVDR Annex XIV Clinical Performance Study: How to Build a Robust Dossier?
A strong IVDR Annex XIV clinical performance study dossier reduces the risk of Requests for Information (RFIs), clock-stops, and approval delays.
Analytical Validation and Cut-Off Justification
For an IVDR Annex XIV clinical performance study, cut-off justification must go beyond presenting a single threshold value or ROC curve.
A robust dossier should:
Explain the clinical consequences of the selected cut-off
Describe how sensitivity and specificity change if the threshold shifts
Address false positives and false negatives at clinically relevant prevalence
Link analytical performance directly to the primary endpoint
Demonstrate how the device supports a safe clinical decision
Authorities frequently focus on misclassification risk. If the cut-off rationale does not clearly support safe decision-making, this section becomes a major driver of RFIs.
Best practice according to Callum Pickett Clinical Alliance Lead at MDx Treat cut-off justification with the same rigor as a safety argument. Provide both statistical evidence and a clear clinical narrative.
Informed Consent Strategy Aligned With the CPSP
Misalignment between the Clinical Performance Study Plan (CPSP) and the informed consent form is a common cause of delay in an IVDR Annex XIV clinical performance study.
To reduce risk:
Finalize the CPSP first.
Draft the informed consent to mirror procedures, visit schedules, and risks.
Use clear, plain language that accurately reflects the protocol.
Reviewers assess whether participants are properly informed. If the consent document does not reflect the study design, an RFI is likely.
We recommend to include the following in the Informed Consent:
Clear summary of procedures and assessment schedule
Device-specific risks, including sample handling and possible retesting
Explanation of invalid or indeterminate results and participant implications
Consistency between the CPSP and consent documentation strengthens credibility during assessment.
Cross-Referencing: CPSP, IB, GSPR, and Study Reports
A cross-reference matrix improves both internal quality control and external review efficiency.
Your matrix should demonstrate:
Where each General Safety and Performance Requirement (GSPR) is addressed
How CPSP procedures are monitored and documented
Where statistical commitments are supported by analysis
How risk management links to study controls
For a successful IVDR Annex XIV clinical performance study submission, document traceability is critical.
Frequent RFI Drivers in IVDR Annex XIV Clinical Performance Studies
Below are common deficiencies and practical mitigation strategies:
RFI Driver
How to Address It
Primary endpoint not aligned with intended use
Redefine or restate the endpoint so it directly supports the clinical decision
Cut-off justification insufficient
Provide complete analytical data and explain clinical impact
Sample representativeness unclear
Justify matrix type, disease stage, prior therapy, and relevant variables
Misclassification of study type (leftover samples)
Clarify whether the design remains non-interventional and whether PSN is appropriate
Monitoring plan not aligned with ISO 20916
Define adverse event categories, roles, and timelines
Informed consent inconsistent with CPSP
Align language and procedural details precisely
Statistical assumptions not clinically justified
Link alpha and power to meaningful clinical differences
Device deficiency reporting unclear
Define detection, escalation, and reporting mechanisms
Risk management not connected to study controls
Trace risks to mitigation and monitoring activities
Combined CTR–IVDR governance unclear
Define roles, responsibilities, and decision pathways
Incomplete or low-quality translations
Plan professional review and back-translation
National identifiers or insurance mismatched
Ensure consistent codes and appropriate coverage limits
Country Playbook: How to planPerformance Study Applications to EU Member States
1. Identify the PSA submission approach adopted by the EU member state.
There are three models adopted by EU countries which will impact your submission strategy:
Sequential – the EC is submitted to first and NCA submission can only occur once an EC approval has been issued.
Parallel – the EC and NCA submissions can be submitted around or at the same time allowing for a “parallel” review process. However, the NCA will only approve the study once a positive EC opinion has been granted
Combined – a single PSA submission is sent to one authority which serves as the EC and NCA, a single positive opinion will be issued.
2. Choose your Ethics Committee:
It is highly recommended to submit the PSA to the same EC reviewing the associated Clinical Trial Application
Identify any EC specific templates, this may include EC-specific application forms and site document templates
Identify the EC meeting schedule and the deadlines for PSA submission to achieve review at the EC meeting date
Use the EC meeting schedule to inform your submission strategy, different ECs will meet at different frequencies.
3. Identify any specific requirements set by the National Competent Authority:
Are there any NCA specific templates to be filed with the PSA?
Is there anything that can gate submission to this country? For example, does the NCA mandate that the final Clinical Trial protocol is submitted with the submission.
4. Identify any specific laws and requirements for the EU member state being submitted to:
The EU is governed by GDPR laws, but national laws on data protection add an additional layer of requirements. Ensure that your study is developed with the national data protection requirements in mind.
EU member states have different requirements for the insurance documentation, this may include reference to national laws, inclusion of national study codes, and extra details on the number of participants.
5. Use all these points to create your submission strategy, informed by the following:
Submission approach: countries with sequential review approaches take longer on average than countries with parallel and combined review approaches.
Clinical Priority: what countries are priority for enrolment? Which countries will have the most sites and therefore need to be activated earlier?
How often do the chosen ECs meet according to their meeting schedule?
Are there any NCA or EC document requirements which aren’t yet available, and might delay submission?
Monitoring in Line with ISO 20916
ISO 20916 introduces additional classification categories for adverse events compared with the base IVDR text. Sites need clear training on event taxonomy, responsibilities for classification, and reporting timelines.
Content to include in the monitoring plan and site training:
Definitions and examples for adverse events and serious adverse events as used in the study.
Roles for initial classification, medical review, and final assessment.
Specific clocks for reporting from site to sponsor and from sponsor to authorities.
How to capture assess and report device deficiencies.
As our clinical team has observed under Annex XIV submissions, early training on adverse event taxonomy and reporting timelines is essential. Misclassification in the first reported case often leads to corrective actions and schedule impact.
From PSA to Market: coordination with the notified body and medicines regulators
For a true companion diagnostic approval, align analytical validity, clinical performance, and scientific validity with post-market plans. Label language and evidence expectations should be coordinated with the Notified Body and, where applicable, medicines regulators. Plan the handover from study evidence to post-market performance follow-up.
According to Callum Pickett, maintaining a single evidence map that links analytical validity, clinical performance, and scientific validity to the eventual label language streamlines Notified Body review and reduces post-submission clarification rounds.
Resources
Guidance from the Medical Device Coordination Group (MDCG) and the European Commission on performance studies, including Q&A on Article 58 pathways.
National guidance such as the Belgian Federal Agency for Medicines and Health Products (FAMHP) on dossier structure, timelines, and fees for performance studies.
Consultancy overviews such as DLRC Group (DLRC Group) for pan-EU context.
Standards published by the International Organization for Standardization (ISO), notably ISO 20916 for clinical performance studies of in vitro diagnostic medical devices.
Cleared for Enrollment: A Practical Guide to IVDR Annex XIV Studies
Success with Annex XIV studies for companion diagnostics depends on alignment. Intended use, endpoints, analytical validation and cut-off, consent, and monitoring must be consistent and mutually supportive. Careful attention to country-specific requirements and early planning for CTR-IVDR coordination reduces the likelihood of clock-stops and requests for information. A structured checklist and disciplined cross-referencing improve dossier quality and assessment efficiency.
Frequently Asked Questions (FAQ)
Performance Study Authorisation (PSA) is required for an IVDR Annex XIV clinical performance study?
A PSA is required under Article 58(1) if the study includes surgically invasive sample collection specifically for the study, uses an interventional design where test results influence patient management, or introduces additional invasive procedures or risks. In practice, companion diagnostics often trigger a PSA because their results guide treatment decisions. Therefore, as soon as one of these criteria applies, you must obtain a PSA before starting the study. For broader context on running studies under IVDR, read the following article on Running Clinical Studies Under IVDR
When can a Performance Study Notification (PSN) be used instead of a PSA?
You can use a PSN under Article 58(2) when the study remains strictly non-interventional. For example, the study may rely only on leftover samples, avoid additional invasive procedures, and ensure that test results do not influence clinical decisions. However, you must assess the design carefully, because misclassifying a study as non-interventional frequently leads to delays and reclassification requests.
How do IVDR and the Clinical Trials Regulation (CTR) interact in combined CDx–medicinal product studies?
In combined studies, you must comply with both frameworks simultaneously: the CTR governs the medicinal product, while the IVDR governs the companion diagnostic. As a result, you should align endpoints, intended use, and patient population across both submissions from the outset. Otherwise, inconsistencies between the CTR and IVDR dossiers often trigger Requests for Information and clock-stops. A structured gap analysis can help you identify and resolve these risks early. Read the article about pre submission assessment here.
What are the most common reasons authorities issue RFIs in Annex XIV studies?
Authorities typically issue RFIs when sponsors fail to align primary endpoints with the intended use, provide insufficient analytical validation or cut-off justification, or clearly explain misclassification risk. In addition, inconsistencies between the CPSP and informed consent, or weak traceability between risk management and statistical assumptions, often raise concerns. Therefore, you should build a clear cross-reference structure across all documents to reduce review friction. For more detail on documentation expectations, read IVD technical documentation.
How can sponsors reduce approval timelines for IVDR Annex XIV performance studies?
To reduce timelines, you should define endpoints early and link them directly to intended use, justify analytical cut-offs with both statistical evidence and clinical rationale, and align the informed consent precisely with the CPSP. At the same time, confirm national submission models, ethics committee schedules, translation scope, and insurance requirements before submission. By assigning clear internal ownership for analytical, clinical, and statistical responses, you can also shorten clock-stops and maintain consistency during review.
Written by:
Callum Pickett
Clinical Alliance Lead
Experienced clinical affairs professional specialising in performance study submissions and management under IVDR, with a focus on CDx and Precision Medicine.
MDR Annex XVI: Regulating Products Without an Intended Medical Purpose Under the MDR
February 15, 2026
How Are Medical Devices Regulated Under MDR Annex XVI?
How does MDR Annex XVI regulate products without an intended medical purpose that fall within the scope of the MDR? This question has become increasingly relevant for manufacturers seeking EU market access.
The Medical Devices Regulation (MDR) 2017/745 has transformed the European Union (EU) regulatory framework. It replaced the previous Medical Devices Directive (MDD) and introduced stricter requirements for manufacturers, notified bodies, and competent authorities.
One of the most significant changes is the expanded scope under MDR Annex XVI. The regulation now includes certain products that do not have a medical purpose but may still present similar safety risks. As a result, these products are subject to the MDR regulatory requirements, even though they are not medical devices by definition.
What Is New Under MDR Annex XVI in 2026?
Recent regulatory developments continue to clarify how MDR Annex XVI applies in practice. Authorities expect manufacturers to align with Common Specifications, updated classification rules, and strengthened clinical evaluation requirements.
This expanded scope marks a clear departure from traditional definitions of medical devices. Certain aesthetic or cosmetic products listed in Annex XVI now fall within the scope of the MDR and are subject to conformity assessment and post-market obligations.
What Products Fall Under MDR Annex XVI?
Under MDR Annex XVI, the following product groups are subject to the MDR, even though they do not have an intended medical purpose:
Contact lenses without vision correction (e.g., colored contact lenses)
Devices intended to modify the anatomy or fixation of body parts (e.g., subdermal implants without a medical purpose, such as aesthetic implants)
Facial and dermal fillers for aesthetic enhancement
Equipment for body shaping and fat reduction (e.g., liposuction devices)
High-intensity radiation devices for skin treatment, including IPL, lasers, infrared equipment, tattoo removal lasers, and hair removal systems
Equipment intended for transcranial brain stimulation without a medical purpose
Manufacturers of these products must comply with the applicable MDR safety, performance, and documentation requirements, subject to adaptations reflecting the absence of a medical purpose.
Classification of Devices Under MDR Annex XVI
How are devices classified under MDR Annex XVI?
Manufacturers must apply the relevant classification rules under Annex VIII, as modified or clarified by applicable Common Specifications and Commission Implementing Regulation (EU) 2022/2347. However, not all rules apply automatically. For example, Rules 9 and 10 address active therapeutic and diagnostic devices and assume a medical purpose. Because Annex XVI products lack a medical purpose, regulators apply specific Common Specifications and implementing regulations to determine the appropriate classification.
Understanding the correct classification is essential. It determines the conformity assessment route, the level of notified body involvement, and the overall regulatory strategy for EU market approval.
Important to note that not all rules can be applied. For instance, rules 9 and 10, which pertain to active therapeutic and diagnostic devices, assume a medical purpose.
To address this, a Commission Implementing Regulation (2022/2347) was introduced to reclassify relevant devices alongside the Common Specifications. Let’s take a closer look at the classification of specific product classes:
Certain body shaping devices are classified as Class IIb under Commission Implementing Regulation (EU) 2022/2347, depending on their specific characteristics.
Devices for skin rejuvenation, hair removal, and similar purposes may fall under Class IIa or IIb, depending on the application. This classification is explained in Section 5.
Equipment for transcranial brain stimulation is classified as Class III and is covered in Section 6.
Annex XVI Medical Devices: Key Regulatory Requirements
MDR 2017/745 establishes clear and structured obligations for products covered under MDR Annex XVI, even when they do not have an intended medical purpose. Manufacturers must meet safety, documentation, and post-market requirements comparable to those applied to traditional medical devices.
Core Compliance Requirements Under MDR Annex XVI
Manufacturers must design and manufacture devices to ensure safety and performance. They must conduct a documented risk analysis and implement appropriate risk control measures in accordance with Annex I.
They must also complete a conformity assessment procedure to demonstrate compliance with the applicable regulatory requirements. Depending on the classification of the device, a notified body may need to be involved.
In addition, manufacturers must prepare and maintain comprehensive technical documentation. This documentation must clearly describe the device design, intended purpose, manufacturing processes, risk management activities, and evidence supporting conformity.
Manufacturers must assign a Unique Device Identification (UDI) to each device. They must ensure traceability by registering the required information in the relevant UDI database.
Clinical Evaluation and Post-Market Obligations
Under MDR Annex XVI, manufacturers must perform a clinical evaluation to demonstrate safety and performance in accordance with Article 61(9) and the applicable Common Specifications. They must base this evaluation on relevant clinical data. Clinical investigations may be required unless sufficient existing clinical data can adequately demonstrate safety and performance, in line with Article 61(9) and the Common Specifications.
Manufacturers must also implement a post-market surveillance (PMS) system. This system must monitor device performance, analyze safety data, investigate complaints and adverse events, and trigger corrective actions when necessary.
Clear and accurate labeling remains essential. Manufacturers must provide instructions for use that specify the intended purpose, handling conditions, storage requirements, and relevant warnings or contraindications.
MDR 2017/745 significantly expands the regulatory scope by including devices without an intended medical purpose under MDR Annex XVI. This expansion ensures a high level of protection for users and strengthens oversight of aesthetic and non-therapeutic technologies entering the EU market.
By working with MDx CRO, manufacturers can navigate MDR Annex XVI requirements efficiently and position their products for successful EU market access.
Although Annex XVI devices do not have an intended medical purpose, they are still required to demonstrate safety and performance through robust evidence. This shift reflects a broader regulatory principle also seen under the In Vitro Diagnostic Regulation (IVDR): claims must be supported by structured, scientifically sound documentation.
Under the MDR, manufacturers of Annex XVI products must:
Conduct a clinical evaluation based on available clinical data
Justify safety and performance claims through documented evidence
Align with Common Specifications and applicable classification rules
Maintain technical documentation that withstands notified body scrutiny
This evidence-based mindset closely mirrors what is required for Scientific Validity Reports under the IVDR.
The Regulatory Convergence: MDR Annex XVI & IVDR Scientific Validity
While MDR Annex XVI focuses on devices without an intended medical purpose and IVDR governs in vitro diagnostic devices, both frameworks demand:
A clear definition of claims
Scientific substantiation of those claims
Transparent literature review methodologies
Structured documentation aligned with regulatory expectations
In IVDR submissions, the Scientific Validity Report is a foundational document demonstrating the association between an analyte and a clinical condition. Similarly, Annex XVI devices must justify safety and performance through documented clinical evaluation and risk analysis — even when no therapeutic or diagnostic purpose exists.
In both cases, regulatory authorities expect:
Systematic literature review strategies
Critical appraisal of available data
Traceable evidence linking claims to supporting documentation
Ongoing updates through post-market surveillance
The common denominator is simple: no claims without evidence.
Why This Matters for Manufacturers
Manufacturers working across MDR and IVDR portfolios increasingly face overlapping regulatory expectations. A strong internal capability to develop:
Clinical Evaluation Reports (CERs)
Scientific Validity Reports
Performance Evaluation documentation
Post-market evidence strategies
creates operational efficiency and reduces regulatory risk.
At MDx CRO, we support manufacturers not only in MDR Annex XVI compliance, but also in preparing scientifically robust documentation for EU IVDR submissions — including comprehensive Scientific Validity Reports aligned with notified body expectations.
How does MDR define “intended medical purpose” for medical devices?
The MDR 2017/745 places strong emphasis on the concept of intended purpose. Manufacturers define the intended purpose through the information they provide on labeling, in the instructions for use (IFU), and in promotional materials. The MDR defines “intended purpose” in Article 2(12). Whether a product has a medical purpose depends on the manufacturer’s intended use as reflected in labeling, instructions for use, and promotional materials.Manufacturers must clearly state whether the device supports diagnosis, treatment, monitoring, prevention, or alleviation of a disease or injury. Under MDR Annex XVI, this distinction becomes particularly important, as certain products without a traditional medical purpose still fall within the scope of the regulation and must meet defined safety and performance requirements.
Are there any exemptions or special considerations for medical devices without an intended medical purpose?
Yes. MDR 2017/745 establishes specific requirements for products covered under MDR Annex XVI, even though they do not have an intended medical purpose. First, manufacturers must comply with the relevant Common Specifications adopted under Article 9(4). These specifications require manufacturers to apply risk management in line with Annex I and, where necessary, conduct a clinical evaluation focused on safety and performance. For clinical evaluation, manufacturers do not need to demonstrate a clinical benefit in the traditional medical sense. Instead, under Article 61(9), they must demonstrate the performance and safety of the product.
Are there any specific labeling or instructions for use (IFU) requirements for medical devices without an intended medical purpose under MDR 2017/745?
Yes, devices without an intended medical purpose have specific information requirements that affect both labeling and the instructions for use (IFU).According to Annex I, Section 23 of MDR 2017/745 and the applicable Common Specifications, the instructions for use must clearly state that the device has no intended medical purpose and must describe the associated risks and any limitations of use.
The evolving landscape of Companion Diagnostics (CDx) introduces complexities in regulatory and certification processes. Engaging in IVDR Companion Diagnostic Consulting is essential to ensure a streamlined and compliant journey.
Deciphering Regulatory Nuances: US vs. EU
Historically, CDx devices in the EU were self-certified under the IVDD. A CDx manufacturer may have had experience with the FDA but the regulatory process in the EU is only now emerging.
The EU IVDR defines a CDx as a device which is essential for the safe and effective use of a corresponding medicinal product to identify, before and/or during treatment:
Patients who are most likely to benefit from the corresponding medicinal product
Patients likely to be at increased risk of serious adverse reaction as a result of treatment with a corresponding medicinal product
The FDA’s definition is similar but extends to devices used for “monitoring treatment responses with a particular therapeutic product”. Unlike in the US such devices are not considered companion diagnostics in the EU. Furthermore, the FDA acknowledges a category of devices termed complementary diagnostics. These diagnostics are characterized as tests that pinpoint a group of patients, identified by specific biomarkers, who respond well to a drug. While they assist in evaluating the risk-benefit ratio for individual patients, they aren’t mandatory for drug administration. Within the IVDR framework, complementary diagnostics aren’t explicitly detailed, nor do they have specific prerequisites for CE certification
These nuances are key for any CDx regulatory strategy and for the planning of CDx clinical trials. Aspecialized IVDR CDx consulting company like MDx CRO can help diagnostic companies and their pharma partners navigate global differences and ensure CDx regulatory compliance.
The EMA Consultation Process
EMA’s guidance stands as a pivotal component in IVDR Companion Diagnostic Consulting. The EMA CDx Assessment Report Template, publicly available, provides a comprehensive blueprint. It is a great source of information for the expectations in CDx submission content, particularly useful for when drafting SSPs and IFUs.
Optional, but highly recommended, pre-submission meeting.
Application submission.
Interactive Q&A phases.
EMA’s final verdict.
Crafting of SSP & IFU with Detail
For successful IVDR CDx certification, the SSP and IFU documents should be meticulously detailed as they are the 2 key documents used during the EMA consultation process.
Diagnostic manufacturers should ensure they include:
Emphasis on scientific validity of the biomarker
Comprehensive detail on performance evaluation, study design descriptions, encompassing both analytical and clinical performance.
Insight into clinical data, detail on device modifications during or after the clinical performance study, and associated impacts, rationale for cut-off point selection and more.
A deep dive into the risk-benefit analysis is pivotal, concentrating on major residual risks and device limitations.
Time Considerations for IVDR CDx Certification
The certification process for CDx under IVDR is extensive. From the initial 3-month EMA notification to the concluding recommendation, the timeline can span 8-18 months. Such extended durations underline the criticality of early preparations. Engaging early with a specialized CDx consulting company can help avoid surprises and streamline the CDx certification journey.
The expertise offered by the notified body can significantly enrich IVDR Companion Diagnostic certification. Early engagements, prior to document submissions, can provide clarity, ensuring alignment with EMA requirements.
Selecting your IVDR CDx Consulting partner
MDx CRO has published a deep dive into the crucial factors to bear in mind when picking an IVD consultant.
In the dynamic realm of CDx, efficient navigation is paramount. If you’re seeking specialized insights into IVDR certification, explore our IVD services. At MDx CRO, our experts offers tailored IVDR Companion Diagnostic Consulting, ensuring optimal integration of CDx within the regulatory framework.
Contact our team today to discuss your CDx product needs!
Written by:
Carlos Galamba
CEO
Senior regulatory leader and former BSI IVDR reviewer with deep experience in CE marking high-risk IVDs, companion diagnostics, and IVDR implementation.
Gain access to MDx’s Precision Medicine Services Pack—detailing our capabilities in clinical research, regulatory strategy, and companion diagnostics. Learn how we support pharma, CDx, and advanced therapy developers across the clinical and regulatory lifecycle.
