Regulatory Compliance for Dental Products

February 3, 2026

A Practical Guide for Medical Device Manufacturers

Regulatory compliance for dental products has become far more complex over the past decade. What was once a relatively straightforward pathway is now a demanding, lifecycle‑driven process that requires robust technical and clinical evidence, structured post‑market surveillance, and ongoing regulatory oversight.

For manufacturers bringing dental products to market, especially under the EU Medical Device Regulation (MDR), compliance is no longer a single milestone. It is a continuous obligation that influences product design, technical documentation, clinical evidence, and post‑market performance activities throughout the entire lifecycle.

From our experience as a consulting company supporting medical device manufacturers, dental products often lie at the crossroads of material science, clinical performance, and stringent regulatory requirements. This combination makes regulatory compliance both critical and increasingly challenging for manufacturers aiming to achieve and maintain market access.

What Regulatory Compliance Means for Dental Products

Dental products as dental medical devices

Many dental products are legally classified as medical devices, even when they are commonly perceived as materials or components. Items such as dental alloys, implantable components, restorative materials, and certain software‑driven solutions fall under medical device regulations when intended for a medical purpose.

This classification carries specific regulatory obligations for manufacturers, whether the product is used directly by clinicians or indirectly through dental laboratories.

Responsibility across the dental product lifecycle

Regulatory compliance extends far beyond initial approval. As is the case for other medical device manufacturers, dental manufacturers remain responsible for:

Defining and maintaining the intended purpose
Ensuring ongoing safety and performance
Monitoring post-market data
Updating documentation as evidence evolves

Importantly, many compliance failures do not arise from missing documents, but from misalignments and inconsistencies across lifecycle activities. Maintaining clear linkage between purpose, evidence, and post-market insights is essential for demonstrating a coherent and compliant lifecycle strategy. When these key elements stay aligned, manufacturers strengthen regulatory trust, reduce risk, and support smoother long-term market access. This principle applies equally to dental medical devices and to all other medical devices, as it is transversal across the sector.

Why dental products face increased scrutiny

Dental devices frequently involve:

Implantable or long-term contact materials
Complex alloy compositions
Large legacy portfolios originally certified under previous regulations

These features introduce specific regulatory expectations. Implantable and long-term contact materials require robust biocompatibility assessments and long-term safety evaluations. Additionally, complex alloys may require chemical and toxicological evaluations to ensure that all constituent materials meet biological safety standards. Finally, legacy products, previously certified under less stringent requirements, must now be re-evaluated using updated evidence to demonstrate continued safety and performance under current frameworks.

Together, these factors increase expectations for clinical evidence, biological safety, and post-market surveillance, leading to closer regulatory scrutiny and more rigorous conformity assessment processes.

Which Regulations Apply to Dental Medical Devices?

European Union: EU MDR

In the European Union (EU), medical devices are governed by Regulation (EU) 2017/745 (MDR). Compared to the former Medical Device Directives (MDD/AIMDD), MDR introduces:

Stronger clinical evidence requirements
Enhanced post-market surveillance obligations
Increased scrutiny from Notified Bodies
Clearer expectations for technical documentation consistency

Manufacturers of dental devices are therefore required to fulfil these additional requirements to ensure the device is compliant with EU market requirements.

United Kingdom: UK MDR and UKCA Marking

In the United Kingdom (UK), medical devices are regulated under the UK Medical Devices Regulations 2002 (as amended), with oversight by the Medicines and Healthcare products Regulatory Agency (MHRA). Following Brexit, the UK has established an independent regulatory framework, while maintaining transitional recognition of CE marking in Great Britain.

Compared with the EU MDR, the UK framework introduces a parallel but distinct pathway, characterized by:

The progressive transition from CE marking to UKCA marking for Great Britain
UK-specific registration requirements with the MHRA
Potential divergence in timelines, conformity assessment routes, and regulatory interactions
The need to monitor evolving UK legislation as the framework continues to develop

Manufacturers of dental devices must therefore define a clear UK regulatory strategy, ensuring that UKCA requirements (and transitional CE provisions, where applicable) are properly addressed, while maintaining alignment with EU documentation and lifecycle activities to the extent possible.

United States of America: FDA

The United States can also be an attractive market for dental devices. For manufacturers wishing to operate beyond Europe, dental product compliance must align with FDA expectations or other international frameworks. While this article focuses on EU MDR, a global regulatory strategy should aim for evidence reuse and lifecycle consistency across jurisdictions.

Maintaining a broad perspective on regulatory expectations in different markets enables more efficient submissions at various time points, minimizing duplicated effort and ensuring smoother pathways to global market access.

Regulatory Classification of Dental Products in EU

How to determine classification

Under MDR, dental devices are classified based on:

Intended purpose
Duration of contact
Invasiveness
Implantable status

Many dental materials and alloys are classified as higher risk than expected, particularly for implantable or long-term applications. Understanding these rules early helps ensure accurate classification.

Why classification drives EU regulatory strategy

Classification decisions affect:

Conformity assessment routes
Clinical evidence depth
Post-market obligations
Notified Body involvement

Misclassification early in development often leads to costly rework later, particularly once technical documentation has been developed or regulatory submissions have begun. Manufacturers must also avoid making changes to the product or its intended purpose after commercialization that could alter its classification and trigger additional regulatory requirements. Establishing the correct classification from the outset and maintaining alignment throughout the lifecycle are essential to a smooth, predictable regulatory pathway.

Learning from Real-World MDR Transitions in Dental Products

Across MDR transition projects involving complex dental portfolios, one lesson consistently emerges: regulatory compliance succeeds when evidence, processes, and documentation are aligned from end to end.

Large dental product families require structured execution, clear ownership, and realistic timelines. Compliance is less about individual documents and more about how well the regulatory system functions as a whole.

If you want to see how these principles apply in practice, you can read our full case study on an MDR transition for dental products.

Read the full case study here

Core Regulatory Requirements for MDR Compliance of Dental Products

Technical documentation and conformity assessment

Regulatory compliance for dental products starts with technical documentation that clearly and consistently supports the device’s safety and performance. Under MDR, this documentation is reviewed as a single, connected system rather than as separate files.

Manufacturers must demonstrate that the device is well defined, risks are properly controlled, and clinical and biological evidence support the intended use. In practice, regulatory findings often arise not because documents are missing, but because different parts of the technical file are not fully aligned.

Clinical evaluation

Clinical evaluation must show that the dental device performs as intended and remains safe throughout its lifecycle. This assessment is typically based on a combination of clinical data, relevant scientific literature, and post-market evidence where available.

For dental devices, regulators closely scrutinize whether clinical claims align with the intended purpose and the conclusions from risk management activities. Any inconsistency between these elements is one of the most frequent causes of Notified Body questions during technical documentation review. Ensuring consistency across intended purpose, clinical evidence and risk conclusions is essential for a smooth clinical evaluation process.

Biological evaluation and material safety

Biological evaluation is particularly important for dental materials that come into prolonged or permanent contact with the body. Manufacturers are expected to follow a structured, risk-based approach that justifies testing, addresses worst-case configurations, and integrates toxicological considerations where relevant.

Weak biological rationales or conclusions that are not reflected in risk management and labelling are frequent sources of non-conformities. A coherent and well documented evaluation is therefore essential to demonstrate material safety and regulatory compliance.

Risk management and traceability

Risk management under MDR is a continuous process, not a one-time activity. Regulators increasingly expect clear traceability between identified hazards, risk control measures, supporting clinical and biological evidence, and the information provided to users.

Consistency over time is critical. Risk management conclusions must remain aligned with clinical evaluation updates and post-market data as new information becomes available.

Labelling and instructions for use (IFUs)

Labelling and IFUs must accurately reflect the device’s intended use, residual risks, contraindications, and safety-related information. Inconsistencies between labelling and technical documentation are a common reason for regulatory findings.

Under MDR, labelling is assessed as a direct extension of the manufacturer’s risk and clinical conclusions, not as a standalone deliverable. Correct and well-structure labelling and IFU is particularly important because it is often the only information the end user will directly interact with. Clear and accurate instructions reduce the likelihood of misuse, improve clinical outcomes, and contribute to patient safety.

Post-Market Obligations for Dental Medical Devices under MDR

Post-Market Surveillance (PMS)

PMS systems must actively collect and analyse real-world data to ensure devices continue to perform safely and effectively once in clinical use. This includes:

Complaint handling
Trend analysis and early detection of potential risks
Vigilance reporting
Periodic safety updates

For dental devices, many of which are used repeatedly and placed in the oral cavity for long durations, post-market provides essential insight into performance across different clinical environments and users.

PMCF and PSUR

Depending on classification and associated risk, manufacturers may be required to implement:

Post-Market Clinical Follow-up (PMCF)
Periodic Safety Update Reports (PSUR)

PMCF is especially relevant in dentistry, where varied patient populations and technique-sensitive procedures can impact long-term outcomes. PSURs ensure that these insights are systemically gathered, assessed and fed back into the technical documentation.

Why Post-Market Data matters beyond compliance

Post-market activities are not simply regulatory obligations. They play a strategic and clinical role, helping manufacturers:

Identify how products perform in diverse real-world dental practices
Detect early signs of wear, degradation or unexpected biological responses
Refine IFUs, contraindications or warnings based on real-use scenarios
Support claims of durability, reliability, and biocompatibility with ongoing evidence
Strengthen competitiveness by demonstrating proven, long-term performance

Post-market data is therefore not optional and is central to demonstrating ongoing compliance and to maintaining clinical confidence, improving product quality, and supporting future innovation.

Common MDR Regulatory Compliance Challenges for Dental Products

Legacy devices and MDR transitions

Many dental products on the market today were originally certified decades ago, under earlier regulatory frameworks. Although the MDR entered into full application in 2021, transition periods extend to 2028 (depending on device classification). For legacy devices, a structured gap assessment is essential to identify missing requirements or outdated evidence. Transitioning these products to MDR often reveals gaps in:

Clinical evidence
PMS systems
Biological evaluation rationale
Consistency and traceability across technical documentation

Because many legacy dental products were introduced before modern evidence expectations existed, manufacturers often face significant redevelopment of foundational documentation. Early planning is critical to avoid bottlenecks as MDR deadlines approach.

Portfolio-level complexity

Manufacturers of dental devices typically manage large and diverse portfolios, often with hundreds of variants differing in materials, shade, formulation, packaging or indications. This scale creates a substantial challenge when aligning all products with MDR requirements. To maintain control and ensure all technical documentation is complete and updated, manufacturers require:

Structured regulatory frameworks that define consistent expectations
Harmonised documentation strategies that minimise duplication of work across similar devices
Scalable and robust post-market systems capable of handling extensive product families

Without a systematic, portfolio-level approach, MDR compliance efforts can become fragmented and inefficient. In many cases, non-conformities arise from a lack of strategic coordination across product lines.

Notified Body expectations

Notified Bodies evaluate more than simply the existence of documentation. They assess how effectively manufacturers control their devices throughout the entire lifecycle. Depending on the classification of the dental device, the involvement of a Notified Body can be required for its initial certification, ongoing surveillance, and continued market access. As such, manufacturers must therefore be prepared for both announced and unannounced audits. Maintaining an “audit-ready” state requires:

Evidence coherence, ensuring clinical, biological, risk and labelling conclusions fully align
Lifecycle thinking, with post-market data and risk updates continuously feeding into the technical file
Demonstrated control, not just document availability, meaning systems, processes and records clearly show that compliance is maintained

Ultimately, maintaining this level of operational readiness demonstrates that the manufacturer is in continuous control of product quality and regulatory compliance. This proactive posture not only supports smoother audits but also builds long-term confidence with Notified Bodies. It signals that the manufacturer can reliably uphold MDR expectations throughout the entire lifecycle, ensuring stable and sustained market access.

The Role of MDx in Dental Product Regulatory Compliance

MDx supporting Manufacturers

Manufacturers typically engage MDx when:

Internal teams need execution support
Portfolios are large or complex
Timelines are constrained
Notified Body interactions intensify

MDx provides specialized regulatory expertise and operational capacity, helping manufacturers manage high workloads, accelerate progress, and confidently navigate regulatory expectations.

Execution vs. advisory support

For many manufacturers, advisory guidance alone is not sufficient to move projects forward efficiently. Effective MDx support combines strategic insight with hands-on execution, ensuring:

Development of compliant and high-quality documentation
Evidence generation and alignment across clinical, regulatory and quality domains
Practical experience navigating audits and regulatory reviews

This integrated approach strengthens submissions, accelerates timelines, and reduces pressure on internal teams. As a result, manufacturers can focus on additional projects, key milestones, and ongoing product development without compromising regulatory progress.

Supporting market access

Through close collaboration between MDx and manufacturers, companies can more effectively:

Reduce regulatory risk, by ensuring requirements are met with robust and compliant evidence
Accelerate conformity assessment through well-prepared documentation and proactive regulatory strategy
Maintain long-term compliance across the product lifecycle, from initial submission to post-market activities

Key Takeaways: Placing Dental Medical Devices on the Market

Manufacturers that treat compliance as a strategic function (supported by the right expertise) are better positioned to place and maintain their products on the market without unnecessary delays or regulatory setbacks.

Regulatory compliance for dental products is:

A lifecycle commitment, not a one-off project
Heavily dependent on consistency and traceability
Increasingly scrutinised under MDR

If you are preparing to bring a dental or medical device to market and require execution‑level MDx support, our team partners directly with manufacturers to provide comprehensive, end‑to‑end regulatory compliance services.

Let’s talk about your project, contact us.

Written by:

Andre Moreira

Regulatory Director, Medtech

Senior quality & regulatory expert, ISO 13485/MDR/IVDR auditor with expertise in CE marking MDs/IVDs, incl. dental, implantables, drug delivery, genomic tests, & MDR/IVDR implementation.

Industry Insights & Regulatory Updates

IVD analytical validation parameters under IVDR Annex I 9.1(a)

A CRO’s Guide to IVD Analytical Validation: Best Practices & Common Pitfalls

Advanced digital health technology showcasing human body and medical device integration for MedTech innovation.

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

EU MDR 2017/745 for Dental Devices: Complete Guide (2026)

FDA QMSR: How the 2026 Regulation Shift Transforms MDSAP Audits and FDA Compliance Inspections

IVDR Annex XIV clinical performance study a complete guide

IVDR Annex XIV Performance Studies for Companion Diagnostics: A Step-by-Step Guide 2026

IVDR Lab Readiness: Step-by-Step Transition Checklist

January 28, 2026

The IVDR Shift and What It Means for Clinical Laboratories

The in Vitro Diagnostic Regulation (IVDR) (EU) 2017/746 came into force on 26 May 2022, representing a paradigm shift for diagnostic testing in Europe. Its purpose is clear: ensure safety, traceability, and performance of all in vitro diagnostic devices (IVDs). Unlike its predecessor, the IVDD (98/79/EC), the IVDR applies far-reaching obligations not only to manufacturers but also to clinical laboratories that develop and use their own in-house IVDs (IH-IVDs).

A cornerstone of this new landscape is Article 5(5), which sets conditions under which health institutions may continue manufacturing and using in-house devices without CE marking. While this exemption acknowledges the clinical need for tailored diagnostics, it also imposes new responsibilities.

This blog provides a step-by-step readiness checklist for laboratories to guide you through the transition.

Step 1: Do You Know What Counts as an In-House IVD?

What exactly is an in-house IVD under the IVDR?

An in-house IVD (sometimes called a laboratory-developed test or LDT) is any in vitro diagnostic device manufactured and used only within a health institution, not supplied to another legal entity, and not manufactured on an industrial scale

Examples include:

PCR assays where the lab develops its own probes.
Custom-developed software tools for diagnostic interpretation.

Excluded are:

General laboratory supplies.
RUO (research use only) products – unless repurposed for diagnostic use. If an RUO product is used for diagnostic purposes (i.e., results are communicated to the patient for medical decision-making), it ceases to be RUO and must comply with IVDR Article 5(5), thereby becoming subject to the same obligations as an in-house IVD/LDT.
Commercially available CE-marked IVDs (which must be purchased and used as intended) – unless it is modified, combined or used outside it’s intended purpose.

Takeaway:

You must determine whether you are using an in-house IVD. If you are modifying, combining, or using CE-marked diagnostic tests outside their intended purpose, or if you are repurposing RUO products for diagnostic use, you must ensure compliance with Article 5(5).

Step 2: Is Your Laboratory Recognized as a Health Institution?

Who is entitled to the Article 5(5) exemption?

Only health institutions may use in-house IVDs. According to the IVDR, a health institution is an organization whose primary purpose is patient care or public health. This includes:

Hospitals
Clinical laboratories
Public health institutes

Importantly, the recognition of health institutions may depend on national legislation. For instance, some countries require formal registration or accreditation to benefit from Article 5(5).

Takeaway:

Always check your national laws to confirm whether your laboratory qualifies as a “health institution” and whether additional national restrictions or obligations apply.

Step 3: CE-Marked or In-House? Make a Strategic Choice

Should your lab buy CE-marked tests or continue with in-house ones?

Under IVDR, labs face a strategic decision:

Purchase CE-marked IVDs: These carry regulatory assurance but may not always exist for niche diagnostic needs, and market withdrawals could limit supply.
Develop and use in-house IVDs: Allowed under Article 5(5) if your lab demonstrates compliance with conditions (e.g., GSPR, QMS, technical documentation).

From 31 December 2030, labs must justify why an equivalent CE-marked device is not suitable if they want to continue using their in-house test (article 5(5)(g))

Takeaway:

Begin analyzing your portfolio now. Which tests could be replaced by CE-IVDs, and which must remain in-house due to clinical need?

Step 4: Do You Comply with General Safety and Performance Requirements (GSPR)?

What technical documentation requirements already apply?

Since 26 May 2022, all in-house devices must comply with Annex I of the IVDR (GSPR). This includes:

Risk management system covering patient, user, and use error risks.
Performance evaluation based on scientific validity, analytical performance, and clinical performance.
Traceability and identification (lot numbers, production dates).
Appropriate instructions for use and safety information

Takeaway:

Treat your in-house tests with the same rigor as CE-marked devices. Maintain documentation to always prove compliance with the GSPRs.

Step 5: Have You Implemented an Appropriate QMS?

What does IVDR require for quality management when operating under article 5.5?

Since 26 May 2024, labs must manufacture and use in-house devices under an appropriate Quality Management System (QMS). For in-house IVDs, this generally means compliance with EN ISO 15189 or equivalent national provisions

However, note:

ISO 15189 covers quality in medical laboratories but not necessarily manufacturing processes.
Therefore, supplement with elements of ISO 13485 for design and production control.
In addition, laboratories must address the QMS requirements described in Article 10(8) IVDR, which outline the minimal aspects of a system covering risk management, manufacturing documentation, monitoring, corrective actions, and communication with authorities.

Takeaway:

Expand your QMS to cover risk management, manufacturing documentation, monitoring, and corrective actions, and the additional QMS obligations set out in Article 10 IVDR. Note that ISO 15189 alone is not sufficient; relevant elements of design and manufacturing from ISO 13485 must also be considered, as the IVDR introduces further QMS requirements that must be fulfilled.

Step 6: Can You Provide a Public Declaration?

Do labs need to publish information about their in-house devices?

Article 5(5)(f) IVDR requires health institutions to draw up and make publicly available a declaration for each in-house device. This obligation has applied since 26 May 2024, following the end of the initial transition period.

What must the declaration contain? At minimum:

Name and address of the health institution manufacturing the device.
Details necessary to identify the device (e.g., designation, type, internal code).
A declaration of compliance with Annex I (GSPR), or where full compliance is not possible, a reasoned justification explaining the deviations.
Confirmation that the device is manufactured under an appropriate QMS.

This declaration must be kept up to date and made easily accessible, typically via the laboratory or hospital’s website This transparency ensures accountability and facilitates oversight.

Takeaway:

Prepare standardized declarations for each in-house device. A practical tool exists: the IVDR Taskforce Guidance on LDTs (2020) provides a template (Appendix B) for the declaration that can be directly adapted by laboratories.

Step 7: Are You Ready for Competent Authority Oversight?

What role do regulators play?

Competent authorities may request documentation or even audit your lab to verify compliance. Labs must be prepared to show:

Design, manufacturing, and performance documentation of their in-house devices.
Clinical justification for developing or using the test instead of a CE-marked alternative.
Ongoing performance review and vigilance records, including corrective actions and monitoring of clinical use.
Evidence of an appropriate Quality Management System (QMS), as required since 26 May 2024.

The degree of oversight varies across Member States. For example, Belgium and Ireland already operate registration portals where laboratories must register their in-house tests. In other countries, legislation is still under development (Spain) or practices remain vague.

Takeaway:

Anticipate audits. Keep a compliance file for each in-house IVD.

Step 8: How Will You Justify Non-Equivalence? (2030 Requirement)

What happens in 2030?

From 31 December 2030, labs must justify why the specific needs of their target patient group cannot be met by a CE-marked device – Article 5(5)(g).

This justification may be based on:

Technical aspects (e.g., higher sensitivity).
Biological aspects (e.g., pediatric vs adult reference ranges).
Clinical needs (e.g., unmet diagnostic gaps).

Takeaway:

Start now by mapping your portfolio and identifying tests likely to face challenges in proving non-equivalence.

Step 9: Do You Have the Resources?

Why are many labs struggling?

Challenges highlighted in recent analyses include:

Lack of dedicated regulatory staff.
Limited time and budget for documentation.
Unfamiliarity with regulatory terminology.

Takeaway:

Seek structured support, whether through consultants, digital tools, or peer networks, to avoid non-compliance.

Step 10: Checklist. Is Your Lab Ready?

Step 1: Perform a GAP Assessment

Map your current situation: List all in-house IVDs and how they are used in your lab.
Check national status: Verify if your institution qualifies as a “health institution” under national law, and review whether national legislation imposes additional obligations such as mandatory QMS accreditation (e.g., ISO 15189), registration of in-house IVDs with competent authorities, or other reporting requirements that go beyond the IVDR.
Compare requirements vs. practice: Review the IVDR Article 5(5) obligations and identify where your lab already complies (e.g., risk management, traceability) and where gaps exist (e.g., QMS documentation, technical documentation).
Prioritize risks: Highlight critical areas (such as missing QMS procedures or incomplete Annex I documentation) that could block compliance in an inspection.

Step 2 – Take Action to Close the Gaps

Strategic choice: Decide whether to replace tests with CE-IVDs or maintain in-house versions. Document the rationale.
Annex I (GSPR): Ensure all in-house IVDs comply with General Safety and Performance Requirements (effective since 26 May 2022).
Quality Management System: Implement or update your QMS to align with ISO 15189, supplemented with elements from ISO 13485 and Article 10(8) IVDR.
Compliance documentation & oversight readiness: Compile and maintain a compliance file for each in-house IVD, including full technical documentation (design, manufacturing, risk management, and performance evaluation). Ensure these files are audit-read and can be provided upon request by competent authorities.
Vigilance & corrective actions: Set up procedures for monitoring performance, handling incidents, and implementing corrective/preventive measures.
Public declaration: Draft and publish a declaration for each in-house device (mandatory since 26 May 2024). Use available templates from guidance.
2030 justification: Start documenting why no equivalent CE-IVD meets the needs of your patient population to support continued in-house use after 31 December 2030.

Closing Thoughts

The IVDR sets high expectations for laboratory-developed in-house IVDs, transforming informal diagnostic practices into rigorously controlled processes. While compliance requires effort, resources, and cultural change, it also strengthens quality, safety, and patient trust. For laboratories, the transition is not optional, it is an opportunity to embed regulatory excellence into daily operations and secure the future of innovative diagnostics. Are you ready for the IVDR transition? Start today with a gap analysis, QMS reinforcement, and documentation plan. The earlier you act, the smoother your path to compliance will be.

At MDx CRO, we specialize in helping clinical laboratories navigate the IVDR, from gap assessments to QMS implementation and technical documentation. We support laboratories in demonstrating compliance with Article 5(5) for in-house IVDs by assisting with:

Gap assessments: Mapping all in-house IVDs, comparing current practice with IVDR Article 5(5) requirements, and identifying compliance gaps.
QMS alignment: Extending ISO 15189-based systems with manufacturing and design elements from ISO 13485, plus additional QMS obligations under IVDR.
Technical documentation: Preparing complete compliance files per device.
Public declarations: Drafting and publishing Article 5(5)(f) declarations using recognized templates, ensuring accessibility and consistency.
Regulatory readiness: Preparing for competent authority oversight, including audits and requests for documentation.
Strategic portfolio decisions: Advising whether to replace tests with CE-IVDs or justify continued in-house use, including preparing 2030 equivalence justifications.
Vigilance systems: Setting up monitoring, incident reporting, and corrective/preventive actions in line with IVDR obligations.

Our team knows the pitfalls and the solutions. Let us support you in achieving full compliance. Contact us today to discuss how we can help.

Written by:

Hugo Leis, PhD

Training & Quality Manager

Quality & Training Manager and Senior IVDR consultant with expertise in CE marking, Clinical Laboratories, SaMD, Precision Medicine, Quality Assurance, and academic lecturing.

Industry Insights & Regulatory Updates

Laboratory science equipment and glassware for medical research and testing.

New Regulation on In Vitro Diagnostic Medical Devices in Spain: Are You Ready?

The Impact of the IVDR and MDCG 2023-1 on LDTs

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

EU MDR 2017/745 for Dental Devices: Complete Guide (2026)

FDA QMSR: How the 2026 Regulation Shift Transforms MDSAP Audits and FDA Compliance Inspections

IVD Clinical Trials: The Do’s and Don’ts

January 26, 2026

What are some of the most important things you’ll need to know for IVD clinical trials? Continue reading to learn more.

In-vitro diagnostics (IVD) are tests performed on biological samples, such as blood or tissue, to diagnose or monitor medical conditions. IVD devices are coming out with new and improved features leading to more accurate results than ever.

According to a report by Grand View Research, the global IVD market is expected to reach $113.38 billion by 2030, with increasing demand for early disease detection, personalized medicine, and technological advancements driving growth.

However, developing and bringing an IVD device to market often requires extensive clinical trials (or IVD clinical performance studies as referred to in the EU IVDR 2017/746). They should be designed to demonstrate sufficient clinical performance and compliance with the general safety and performance requirements (GSPRs).

Clinical trials play a crucial role in the development and approval of IVD products, but navigating the complex regulatory landscape can be a challenge.

So here we will explore some do’s and don’ts of IVD clinical trials, focusing on key considerations for study design, recruitment, data management, and regulatory compliance. This will lead to better market success for the product. Keep reading to know more.

IVD Clinical Trials: Do’s

Here is what you must consider doing when conducting clinical trials.

1. Develop A Comprehensive Clinical Performance Study Plan

Developing a comprehensive clinical performance study plan is critical to the success of IVD clinical trials. The plan should include the trial’s objectives, design, endpoints, sample size, inclusion/exclusion criteria, and statistical analysis plan. The plan should also indicate the study design type such as observational or interventional and adhere to regulatory requirements.

There should also be a detailed timeline, budget, and risk management plan. This will ensure that the trial is conducted efficiently, safely, and with the necessary regulatory compliance.

2. Prioritize Patient Safety

Patient or participant safety should be the top priority in any clinical study, including IVD clinical performance study. The Clinical Performance Study Plan should include measures to ensure patient safety, such as monitoring adverse events and implementing safety stopping rules.

Patients should be informed of potential risks and benefits before participating in the trial, and their consent should be obtained in accordance with regulatory requirements.

3. Utilize Validated Assays And Methods

Validated assays and methods are essential to ensure the accuracy and reliability of IVD clinical trials. Assays and methods should be validated in accordance with regulatory requirements, and any modifications to validated methods should be properly documented and justified. In essence, the IVDs utilized in clinical performance studies should accurately represent the final product as it is intended for commercial distribution.

Failure to use validated assays and methods can result in inaccurate or unreliable results and will not be accepted by regulatory bodies.

4. Maintain Good Communication With Regulatory Agencies

Maintaining good communication with regulatory agencies throughout the clinical trial process can help ensure the trial’s success. Certain clinical performance studies require an application for authorization to be submitted to the competent authority.

The member state(s) responsible for the authorization may assess several factors, including the statistical approach, study design, sample size, selected comparators, choice of endpoints and others as per article 67 of the EU IVDR.

Unlike in the US, regulatory agencies in the EU (including notified bodies) do not provide guidance on trial design. However, for companion diagnostics there is the possibility for a pre-submission meeting with the European Medicines Agency (EMA) to align on timelines, which is particularly important in co-development scenarios.

Manufacturers should also be transparent with regulatory agencies regarding any issues that arise during the IVDR Clinical Performance Study, such as adverse events or protocol deviations, including substantial modifications.

5. Include Biostatistics

The involvement of biostatistics is pivotal in the design of clinical trials as it aids in determining the trial’s framework, choosing the appropriate sample size, selection of randomization and blinding methods, and data analysis.

You must involve biostatisticians in all stages of a clinical trial, from protocol development to final analysis. Biostatisticians will ensure that the study design is robust, the data collection methods are valid and reliable, and the results are statistically sound.

Put simply, biostatistics helps researchers make accurate inferences from the data and draw valid conclusions.

6. Use Qualified Personnel

The success of IVD clinical trials depends on the expertise of the personnel involved. It’s essential to have a team of qualified professionals, including, where appropriate, physicians, researchers, laboratory professionals and support staff, who have the necessary knowledge and experience to conduct the study safely and effectively.

It’s also important to ensure that all personnel are adequately trained in the study protocol and are aware of their responsibilities and obligations.

7. Maintain Accurate And Complete Documentation

Proper documentation is essential to ensure the quality and integrity of the trial data. This includes study reports, case report forms, and other documents related to the trial.

Make sure to have all the required documentation for the study.

8. Ensure Efficient Data Management

Data management starts with the development of a data management plan that outlines how the data will be collected, stored, and analyzed. During the trial, data must be collected accurately, efficiently, and securely.

The data must also be monitored for quality and completeness. After data collection, it must be entered into a secure database and verified for accuracy.

It must then be analyzed and reported in a timely manner. Data management is crucial in clinical trial design because it ensures that the data generated is accurate, reliable, and can be used to draw valid conclusions.

9. Incorporate User Feedback Into Trial Design And Execution

User input can provide valuable insights into the use experience, including ease of use and comprehension of the IVD device and its instructions for use, as well as potential challenges or concerns. In the contemporary world, feedback is crucial. This area is particularly important for IVDs intended for lay-users and should be available in the technical documentation that is submitted to the notified body.

IVD Clinical Trials: Dont’s

Here is what you should completely avoid doing in the case of IVDR Clinical Performance Studies.

1. Don’t Neglect Regulatory Compliance

IVD clinical trials must comply with regulatory requirements from various governing bodies. In the United States, IVD clinical studies must follow guidelines from the Food and Drug Administration (FDA) for investigational device exemption (IDE) studies.

The European Union has similar requirements for IVD clinical trials, but compliance is overseen by various stakeholders. These include competent authorities, responsible for authorizing the conduct of certain performance studies, Notified Bodies (NBs), tasked with assessing IVD conformity and the European Medicines Agency (EMA) which evaluates companion diagnostics to ensure they are suitable to guide the safe and effective use of medicines. Failure to comply with regulatory requirements can result in delays in approval or even rejection of the device.

2. Don’t Overlook Sample Size And Population Selection

Sample size and population selection are critical components of any clinical trial, including IVD clinical performance studies. A sample size that is too small can result in unreliable results, while a sample size that is too large can lead to unnecessary costs and delays.

Population selection is also crucial, as the trial population should represent the intended use population for the device. Failure to consider sample size and population selection can result in inconclusive or biased results.

3. Don’t Ignore Data Integrity

Data integrity is critical to the validity and credibility of the results of IVD clinical trial, with data management being a key component of ISO 20916. Data should be recorded accurately and completely, and any modifications to data should be properly documented and justified.

Data integrity violations can result in the rejection of the device by regulatory agencies and damage the reputation of the manufacturer.

4. Don’t Rush The Clinical Trial Process

Rushing the IVD clinical trial / clinical performance study process can lead to errors, inaccuracies, and potential safety issues. Manufacturers should allow sufficient time for the trial to be conducted properly, including patient recruitment, data collection, and analysis.

Skipping crucial steps or not taking the time needed for each one can result in incomplete or inaccurate data, leading to inconclusive or misleading results.

5. Don’t Cut Corners On Ethics

Ethical considerations should be at the forefront of IVD clinical trials. This includes obtaining informed consent from study participants in the case of interventional or risky studies for example, ensuring that the study protocol is reviewed and approved by an ethics committee, and adhering to strict guidelines for data collection, analysis, and dissemination.

Cutting corners on ethics can not only compromise the integrity of the trial but also have legal and financial consequences.

6. Don’t Over Promise Results

It’s important not to overpromise results or make false claims about the performance of the product being tested. This not only undermines the integrity of the trial but also puts patients at risk.

It’s essential to be transparent about the limitations of the study and provide accurate information about the product’s potential benefits and risks.

7. Don’t Neglect The Potential Impact Of Regulatory Changes

The regulatory landscape for IVDs is constantly evolving, and it is important to stay up to date on changes that may impact trial design or require additional approvals.

Failure to do so could result in delays or even the need to repeat parts of the trial. This can lead to increased cost and lead time. So, stay on top of what’s changing and have a mechanism to quickly adapt it to the process.

Key Takeaways For Successful IVD Clinical Trials in 2023

Conducting successful IVD clinical studies (or IVD clinical performance studies as defined in the EU) in 2023 requires careful planning, execution, and adherence to regulatory guidelines. As the demand for precision medicine and personalized healthcare continues to grow, the importance of IVDs in diagnostics and patient care will only increase. Therefore, it is crucial to conduct robust and reliable clinical trials to ensure the safety and effectiveness of IVDs.

The IVD industry is constantly evolving, and it is important to stay up to date with the latest developments and best practices to ensure success. By embracing innovation, collaboration, and a patient-centric approach, researchers can help bring safe, effective, and innovative IVDs to market.

The process of planning and conducting IVD clinical trials can be daunting and complex. If you find yourself struggling or experiencing a lack of progress during the research process, we are here to assist you. You can contact us at any stage of development.

Industry Insights & Regulatory Updates

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

EU MDR 2017/745 for Dental Devices: Complete Guide (2026)

FDA QMSR: How the 2026 Regulation Shift Transforms MDSAP Audits and FDA Compliance Inspections

IVDR Annex XIV Performance Studies for Companion Diagnostics: A Step-by-Step Guide 2026

MDR Annex XVI: Regulating Products Without an Intended Medical Purpose Under the MDR

MDR Clinical Evaluation Report: How MEDDEV and MDCG Guidance Shape Compliance Under the EU MDR

January 19, 2026

Preparing an MDR Clinical Evaluation Report is one of the most challenging but essential steps in demonstrating the safety and performance of a medical device under the EU Medical Device Regulation (MDR). The process requires manufacturers to integrate multiple regulatory guidances, MDCG 2020‑6, MDCG 2020‑5, MDCG 2020‑13, MEDDEV 2.7/1 rev.4, and MDR Annex XIV, into a single, structured, and evidence‑driven CER.

This article breaks down how these documents support a compliant MDR Clinical Evaluation Report and what manufacturers must focus on to meet Notified Body expectations.

Key MDR Clinical Evaluation Report Requirements in Annex XIV

Building a Strong Clinical Evaluation Plan (CEP)

Annex XIV requires manufacturers to create a Clinical Evaluation Plan outlining:

Objectives and methodology
Data sources
Appraisal criteria
Update frequency across the device lifecycle

The CEP must remain a living document that evolves with device changes, PMS findings, and state‑of‑the‑art updates.

Demonstrating Safety and Performance

Your MDR Clinical Evaluation Report must show that the device meets GSPRs based on methodologically sound, relevant, and sufficient clinical data. Evidence may include:

Literature
Clinical investigations
PMS and PMCF data
Real‑world evidence

Benefit–Risk Determination

The CER must contain a transparent benefit–risk assessment based on:

Intended purpose
Clinical outcomes
Residual risks
Available alternatives and state of the art

How MEDDEV 2.7/1 rev.4 Supports MDR Clinical Evaluation Reports

Although created for the MDD, MEDDEV 2.7/1 rev.4 still provides the methodological foundation used by notified bodies.

Stage‑Based Clinical Evaluation Framework

MEDDEV outlines a structured, reproducible approach that aligns well with MDR expectations:

CEP creation
Identification of clinical data
Appraisal of data quality and scientific validity
Analysis and risk‑benefit assessment
CER production and ongoing updates

Its systematic approach remains essential for building an MDR‑compliant CER.

How MDCG 2020‑6 Supports Legacy Devices in the MDR CER

MDCG 2020‑6 explains how to demonstrate sufficient clinical evidence for legacy devices.

When Clinical Investigations Are Necessary

Additional clinical studies may be required if:

Existing data is insufficient
The device has undergone significant changes
The device is high risk (e.g., implants, Class III)

PMCF as an Ongoing Requirement

Manufacturers must implement a PMCF plan to:

Confirm continued safety and performance
Collect real‑world evidence
Update the CER regularly

MDCG 2020‑6 reinforces that legacy devices need a full reevaluation—not a simple MDD carryover.

Using MDCG 2020‑5 for Equivalence in the MDR Clinical Evaluation Report

MDCG 2020‑5 clarifies how to establish equivalence, which is critical if you plan to use clinical data from an existing device.

Three Required Equivalence Dimensions

To claim equivalence, manufacturers must show alignment in:

Technical characteristics
Biological characteristics
Clinical characteristics

Robust documentation and legitimate access to clinical data from the equivalent device are mandatory.

Risk Considerations

Manufacturers must also show:

Differences do not impact clinical safety or performance
Risks are identified and mitigated
Claims remain scientifically justified

How MDCG 2020‑13 Aligns CERs With Notified Body Review

MDCG 2020‑13 provides the Clinical Evaluation Assessment (CEA) report template used by Notified Bodies. Understanding this structure helps manufacturers prepare CERs that meet reviewer expectations.

Key Focus Areas for Notified Bodies

Device description and intended purpose
Definition of state of the art
GSPR alignment
CEP adequacy and methodology
Data sources and appraisal quality
Clinical evidence strength and conclusions
PMCF requirements

Manufacturers who align their CER to this structure often experience smoother reviews and fewer NB questions.

Ensuring Regulatory Compliance in Your MDR Clinical Evaluation Report

To achieve a defensible, audit‑ready CER, manufacturers must integrate:

MDR Annex XIV clinical evaluation requirements
MEDDEV methodology and appraisal principles
MDCG 2020‑6 for legacy device evidence
MDCG 2020‑5 for equivalence justification
MDCG 2020‑13 for NB review expectations

A compliant MDR Clinical Evaluation Report demonstrates:

Scientific validity
Clinical performance
Clinical safety
A documented, robust benefit–risk profile

How MDx CRO Supports Your MDR Clinical Evaluation Report

MDx CRO specializes in supporting manufacturers through the full MDR CER process. Our services include:

Regulatory strategy and intended purpose definition
Customized MDR Clinical Evaluation Report templates
Clinical Evaluation Plan (CEP) development
Systematic literature reviews
CER and CEP medical writing
Gap analyses for clinical evidence and QMS alignment
Equivalence assessments
PMCF plan development
Technical documentation for MDR compliance
Support with Notified Body interactions

Our experts ensure that your CER is complete, consistent, and aligned with the latest MDR and MDCG expectations.

Industry Insights & Regulatory Updates

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

EU MDR 2017/745 for Dental Devices: Complete Guide (2026)

FDA QMSR: How the 2026 Regulation Shift Transforms MDSAP Audits and FDA Compliance Inspections

IVDR Annex XIV Performance Studies for Companion Diagnostics: A Step-by-Step Guide 2026

MDR Annex XVI: Regulating Products Without an Intended Medical Purpose Under the MDR

MDR and IVDR Targeted Revision

January 16, 2026

What EU Manufacturers Need to Know in 2026

If you build, launch, or maintain medical devices or IVDs in the EU, the MDR/IVDR targeted revision is the most consequential regulatory update since 2017. On 16 December 2025, the European Commission unveiled a proposal to simplify and streamline MDR and IVDR, cutting administrative drag while keeping safety standards intact.

From our side, 40+ consultants supporting manufacturers across the UK, US, Spain, Belgium, Portugal and the wider EU, we’ve already mapped the practical impact by role, class, and portfolio. Our team of experts analyzed the revision and wrote this article, with action steps you can start this quarter.

Download the complete regulatory analysis

Want the article-by-article breakdown, templates (structured NB dialogue, PSUR cadence, Basic UDI-DI timing), and role-based checklists?

The Big Picture: why the EU proposed a targeted revision

The Commission’s objective is simple: reduce burden, improve predictability, and protect innovation, without lowering safety or performance requirements. The move responds to structural bottlenecks (NB capacity, uneven practices, and certification timelines) that have strained SMEs and constrained product availability.

Team insight
In recent NB projects for UK and US manufacturers seeking EU CE, we’ve observed that early, structured NB engagement eliminates avoidable review loops and reduces time-to-decisionespecially for complex portfolios.

What actually changes (and what doesn’t)

The proposal retains MDR/IVDR safety foundations but changes how processes are applied, more proportionate and digital by default. Key areas:

PRRC, certificate validity and risk-based reviews

PRRC: Simplifies qualification requirements; SMEs using an external PRRC no longer need them “permanently and continuously” available—just available.
Certificate validity: The fixed 5-year cycle is removed. Expect risk-based periodic reviews rather than hard recertification clocks.

Team insight
In multi-site recertifications, moving to risk-based reviews lets RA/QA concentrate on signals instead of calendar milestones, our clients expect a significant reduction in PSUR-related rework after sequencing updates with PMS findings.

PSUR & SSCP/SSP: lighter, risk-driven reporting

PSUR: Class IIb/III (update in Year 1 and every 2 years after; Class IIa) only when necessary based on PMS. NB reviews PSURs for high-risk classes during surveillance.
SSCP/SSP: Scope limited to devices under systematic TD assessment; no separate NB validation.

Classification tweaks: software, reusable instruments & more

Expect targeted rule adjustments that lower risk class for certain categories (e.g., some reusable surgical instruments, accessories to active implantables, software) with proportional evidence expectations-details to crystallise via the legislative process.

IVDR Focus: In-house Devices, Studies and Class C/D Impacts

In-house devices (Article 5(5)): More flexibility, including the ability to transfer in-house devices where public health justifies it; removal of the “no equivalent on the market” condition; central labs for clinical trials fall under the in-house exemption.
Performance studies: Routine blood draws no longer need prior authorisation; leftover-specimen companion diagnostic studies drop notification requirements.

Team insight
Early expert-panel advice for Class C/D IVDs has prevented costly re-works in multiple dossiers. The proposal formalises earlier, faster scientific input to use it.

Faster, Clearer Market Access

Structured dialogue with Notified Bodies (and change control plans)

The proposal creates a formal legal basis for structured dialogue pre and post-submission, plus pre-agreed change control plans to reduce surprises. It also distinguishes changes needing notification, approval, or none.

Breakthrough & orphan devices: priority and rolling reviews

New articles define breakthrough and orphan criteria with priority/rolling conformity assessment and expert access; legacy orphan devices may continue beyond transition under conditions.

Regulatory sandboxes for emerging tech

EU or MS-level sandboxes will enable supervised testing and data-generation for novel tech—accelerating de-risking while maintaining safeguards.

Team insight
For AI-enabled diagnostics, a sandbox + early panel advice creates a two-track plan (evidence + regulatory) that keeps development on schedule while aligning with cyber and data obligations.

Going Digital: EUDAMED, UDI and e-Labelling

The revision pushes digital-by-default:

Digital DoC, electronic submissions, NB-manufacturer digital TD, and eIFU for near-patient tests.
Online sales: essential ID and IFU must be available to users.
UDI: Basic UDI-DI reinforced (assign before NB submission where applicable), more public UDI data, proportionality for small volumes/individualised devices, and preferential conditions for SMEs.

Separately, the Commission has signalled the EUDAMED clock and mandatory use in 2026, which amplifies the value of getting your UDI and EUDAMED data house in order now.

The MDR/IVDR targeted revision is a course correction: proportionate requirements, predictable reviews, and a digital backbone—without compromising safety. Manufacturers that act early—codifying structured NB engagement, recalibrating PSURs, and industrialising UDI/EUDAMED—will convert complexity into speed and resilience. Start with the 90-day plan; the rest gets easier.

Download the complete regulatory analysis

Want the article-by-article breakdown, templates (structured NB dialogue, PSUR cadence, Basic UDI-DI timing), and role-based checklists?

FAQ

Does this lower safety standards?

No. The proposal keeps safety intact while simplifying process steps and aligning evidence with risk.

What’s the new PSUR rhythm?

For IIb/III: update in Year 1 then every 2 years; IIa: update when necessary per PMS. NBs review PSURs for certain high-risk classes during surveillance.

What’s “structured dialogue” in practice?

A formal framework to engage NBs before/after submission, with change-control plans and clear differentiation of changes needing notification/approval/none.

What changes for in-house IVDs?

More flexibility, including transfer options and inclusion of central labs for clinical trials within the exemption; removal of the “no equivalent device” clause.

Where does EUDAMED/UDI fit?

Digital submissions, Basic UDI-DI before NB submission (where applicable), and broader public UDI data access; plan for 2026 EUDAMED milestones now.

Ready to transform regulatory complexity into competitive advantage?

Contact MDx today and let us support your journey through the next chapter of MDR and IVDR.

Written by:

Andre Moreira

Regulatory Director, Medtech

Senior quality & regulatory expert, ISO 13485/MDR/IVDR auditor with expertise in CE marking MDs/IVDs, incl. dental, implantables, drug delivery, genomic tests, & MDR/IVDR implementation.

Industry Insights & Regulatory Updates

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

EU MDR 2017/745 for Dental Devices: Complete Guide (2026)

FDA QMSR: How the 2026 Regulation Shift Transforms MDSAP Audits and FDA Compliance Inspections

IVDR Annex XIV Performance Studies for Companion Diagnostics: A Step-by-Step Guide 2026

MDR Annex XVI: Regulating Products Without an Intended Medical Purpose Under the MDR

SaMD Compliance Guide: Navigating Regulations for Software as a Medical Device

January 8, 2026

Software as a Medical Device (SaMD) occupies a unique position in the regulatory landscape. Unlike physical devices, software can be updated continuously, deployed across borders instantly, and embedded into clinical workflows in ways that are difficult to audit or reverse. These characteristics make it one of the most complex categories to bring to market under the EU Medical Device Regulation (MDR, Regulation (EU) 2017/745).

This guide covers what SaMD developers, digital health companies, and regulatory teams need to understand to achieve and maintain CE marking under EU MDR, from initial classification through to post-market surveillance.

For companies developing AI-powered SaMD, see our companion guide: EU AI Act and Medical Devices: What SaMD Developers Need to Know

1. Does Your Software Qualify as SaMD?

Not all medical software is a medical device. The first and most important step is determining whether your software falls within the MDR’s scope.

The International Medical Device Regulators Forum (IMDRF) defines SaMD as:
“Software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.”

Under MDCG 2019-11 the EU guidance document on software qualification and classification, software qualifies as a medical device when the manufacturer’s intended purpose includes one or more of the following: diagnosis, prevention, monitoring, prediction, prognosis, treatment, or alleviation of disease or injury in individual patients.

The key word is intended. It is not the capability of the software that determines its regulatory status, it is how the manufacturer positions, labels, and markets it.

Software that qualifies as SaMD:

An AI-based image analysis tool that assists radiologists in detecting tumours
A mobile app that predicts hypoglycaemic events for diabetic patients
A cloud algorithm that classifies ECG signals to detect arrhythmias
A clinical decision support tool that recommends treatment options based on patient data

Software that does not qualify as SaMD:

Scheduling, billing, or administrative healthcare software
General wellness or fitness apps not marketed for disease diagnosis or monitoring
General-purpose image viewers used in clinical settings but not intended for diagnosis
Software that drives or controls a hardware medical device (classified as software in a device, not as a device)

If there is genuine uncertainty about whether your software qualifies, document the reasoning explicitly. This is one of the first things a Notified Body will look for.

2. Classification Under MDR Rule 11

Once software is confirmed to be a medical device, it must be classified according to Annex VIII, Rule 11 of the MDR. This is the rule specifically designed for software, and it determines whether you need a Notified Body and which conformity assessment route applies.

Rule 11 classification depends on the intended purpose and the consequences of error:

Class III — Software intended to provide information used to make decisions for diagnosis or therapy of life-threatening conditions, where an error could cause immediate deterioration or irreversible harm. Examples: software diagnosing acute MI from ECG, cancer detection algorithms used in surgical planning.

Class IIb — Software intended to provide information for diagnosis or therapy of serious conditions where an error could cause significant deterioration. Examples: software classifying radiology images for treatment planning, AI tools supporting oncology staging.

Class IIa — Software intended to provide information for diagnosis or monitoring, where errors are unlikely to cause serious harm. Examples: chronic disease monitoring apps, software flagging abnormal lab values for clinical review.

Class I — Software intended only for administrative purposes, or software that monitors physiological processes in non-critical contexts. Class I requires no Notified Body involvement (unless sterile, with a measurement function, or reusable surgical).

The critical implication: the majority of clinically meaningful SaMD — any tool that informs a clinical decision, will land in Class IIa or above, requiring Notified Body review. Plan for this from the start of development.

3. The MDR Compliance Roadmap for SaMD

Achieving CE marking for SaMD under MDR requires a structured process across multiple technical and quality domains. These are not sequential checkboxes — they must be built in parallel and integrated throughout the software development lifecycle.

Intended Purpose and Use Context

Define the intended medical purpose with precision: who the users are, in what environment the software will be used, what inputs it processes, and what outputs or decisions it supports. This definition drives classification, clinical evidence requirements, labelling, and risk management. Changes to intended purpose late in development are expensive and disruptive.

Risk Management (ISO 14971)

Software-specific hazards go beyond physical failure. For SaMD, risk management must address algorithm drift (model performance changing over time on real-world data), cybersecurity vulnerabilities, data input errors, interoperability failures, and the consequences of false positives and false negatives in different clinical scenarios. Risk management is a lifecycle activity — it does not end at submission.

Quality Management System (ISO 13485)

A QMS certified to ISO 13485 is mandatory. For software, the QMS must specifically address design control, configuration management, version control, change control, software validation, and CAPA processes for software defects. Many software organisations transitioning from commercial development processes (Agile, DevOps) find that adapting these to ISO 13485 requirements is one of the most significant operational challenges.

Software Lifecycle (IEC 62304 and IEC 82304-1)

IEC 62304 is the harmonised standard for medical device software lifecycle processes. It requires software safety classification (Class A, B, or C based on the severity of harm if the software fails), and mandates specific documentation, verification, and validation activities proportionate to that class. IEC 82304-1 extends this to standalone health software. Compliance with these standards, evidenced in the technical documentation, significantly streamlines Notified Body review.

Clinical Evaluation (MDCG 2020-1)

SaMD must demonstrate clinical benefit not just technical performance. Under MDCG 2020-1, clinical evaluation for software must include a systematic literature review, analysis of clinical data from studies or real-world evidence, and a clear demonstration that the software’s outputs lead to measurable benefit in the intended patient population. “The algorithm is accurate” is not sufficient. The evaluation must show that clinical accuracy translates to clinical benefit.

Cybersecurity

Cybersecurity is a GSPR requirement (Annex I, section 13.6) and is assessed as part of conformity. Requirements include: ensuring confidentiality, integrity, and availability of data throughout the lifecycle; defining minimum IT requirements and secure configurations; implementing and validating security controls; providing clear IFU guidance on data protection, updates, and decommissioning; and maintaining a post-market security plan that tracks vulnerabilities and manages patches. The MDCG 2019-16 guidance and the IMDRF cybersecurity framework are the primary references.

Technical Documentation (Annex II and III)

SaMD technical documentation must include software architecture documentation, the software development plan and lifecycle records, risk management file, usability engineering file (IEC 62366), verification and validation records, clinical evaluation report, and labelling. For AI-based SaMD, documentation of training data, model validation methodology, and performance across demographic subgroups is increasingly expected by Notified Bodies.

Conformity Assessment and CE Marking

For Class IIa and above, a Notified Body must review the QMS and technical documentation. Once conformity is demonstrated, the manufacturer issues a Declaration of Conformity and applies the CE mark. Post-CE marking, the technical documentation must be kept current and the Notified Body must conduct periodic surveillance audits.

Post-Market Surveillance and Software Updates

PMS for SaMD is not passive. Manufacturers must actively monitor real-world performance data, including clinical outcomes where available, algorithm performance metrics, user feedback, and incident reports. Critically, every software update must be assessed to determine whether it constitutes a significant change requiring re-assessment or Notified Body notification. Changes to the algorithm, training data, intended use, or clinical claims are most likely to trigger this requirement.

4. Common Pitfalls and How to Avoid Them

Underestimating classification. Many developers initially classify their software as Class I, expecting to self-certify, only to discover during technical documentation preparation that the intended purpose clearly falls under Rule 11 Class IIa or above. Classification should be confirmed with regulatory input before development begins, not after.

Clinical evidence left to the end. Clinical evidence for SaMD takes time prospective studies, real-world performance evaluations, and literature reviews cannot be conducted in parallel with Notified Body submission. Build the clinical evidence strategy into the development plan from the start.

Treating the QMS as a documentation exercise. Notified Bodies now conduct in-depth QMS audits that test whether processes are genuinely embedded in the organisation. A QMS that exists only in documentation will not survive an audit.

Ignoring post-market obligations. The MDR’s post-market surveillance requirements for software are active and ongoing. Failure to establish functioning PMS processes before launch is a common finding in post-certification audits.

5. SaMD Under IVDR

If the software is intended to process data from in vitro diagnostic tests for example, software that interprets NGS data for clinical decision-making, or a companion diagnostic algorithm — it may be regulated under IVDR (2017/746) rather than MDR. The classification rules differ (IVDR uses Annex VIII Rules 1–7), and the clinical evidence requirements under IVDR are in some ways more stringent, requiring performance evaluation under ISO 20916 and, for Class D IVD software, EMA consultation.

If your software sits at the boundary of MDR and IVDR, an early regulatory opinion is essential. Getting the regulatory framework wrong at the start can require complete rework of technical documentation.

Challenges, Risks & Strategic Recommendations for SaMD

Challenge	Mitigation / Best Practice
Unclear intended purpose or software classification	Define the medical purpose at project initiation. Align IFU, labeling, marketing, and technical files with intended use and Rule 11 logic.
Insufficient clinical/performance evidence	Use prospective studies or robust real-world performance evaluations aligned with MDR Annex XIV and, where applicable, AI Act testing provisions.
Data quality and representativeness	Implement data governance for acquisition, preprocessing, and validation. Ensure datasets represent the intended patient population and use context.
Transparency and user comprehension	Provide clinically interpretable outputs. Explain functionality, limitations, and user responsibilities in the IFU and training materials.
Traceability gaps between requirements, risks, and tests	Maintain a requirements-to-verification traceability matrix that links requirements, risk controls, verification results, and clinical claims.
Software updates and regulatory impact	Establish change management to evaluate whether updates are significant and require re-assessment. Integrate these controls into the QMS.
Regulatory and Notified Body capacity constraints	Engage early with a qualified Notified Body. Provide clear, harmonized documentation to streamline assessments.
Evolving standards and regulatory guidance	Monitor new EU and MDCG guidance and standards (ISO 14971, ISO 13485, IEC 62304, IEC 81001-5-1) and the EU AI Act. Review QMS procedures periodically to stay aligned.

Where to Start: step-by-step for SaMD Manufacturers

Delivering safe and compliant Software as a Medical Device (SaMD) requires a structured approach that integrates regulatory, technical, and quality considerations across the lifecycle. Compliance with the EU MDR ensures that safety, performance, and clinical benefit remain clear and consistently supported.

Advanced technologies, including AI, can enhance SaMD functionality; however, they should not overshadow the core principles of safety, effectiveness, and human oversight. The same regulatory rigor and lifecycle management practices apply to all SaMD, regardless of the underlying technology.

Manufacturers should:

Define a clear intended purpose aligned with clinical benefit
Maintain a QMS that addresses MDR and, where relevant, AI Act obligations
Engage early with Notified Bodies and keep documentation, risk, and cybersecurity controls consistent
Treat post-market surveillance and maintenance as continuous improvement

By embedding these principles, manufacturers can reach compliance efficiently and deliver trustworthy, clinically valuable SaMD solutions.

Plan your SaMD strategy with MDx

Diego Rodrigues, PhD

RA Specialist

Regulatory affairs specialist with expertise in EU MDR/IVDR, CE marking, SaMD & AI for MDs & IVDs.

Industry Insights & Regulatory Updates

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

EU MDR 2017/745 for Dental Devices: Complete Guide (2026)

FDA QMSR: How the 2026 Regulation Shift Transforms MDSAP Audits and FDA Compliance Inspections

IVDR Annex XIV Performance Studies for Companion Diagnostics: A Step-by-Step Guide 2026

MDR Annex XVI: Regulating Products Without an Intended Medical Purpose Under the MDR