ISO 20417:2026 You May Have a Gap Today: What Medical Device Manufacturers Shall Do Now

April 21, 2026

Diego Rodriguez Muñoz

Written by Diego Rodriguez, Regulatory Consultant & Joana Martins, Regulatory Affairs Specialist

ISO 20417:2021 is expected to be officially withdrawn. Six key changes are now in force. Notified Bodies may already be referencing the new edition in technical file reviews. Here is what your gap could look like today.

Standard Update · March 2026

Action required now

Notified Bodies conducting EU MDR technical file reviews are already referencing ISO 20417:2026. If your documentation still references the 2021 edition, you have a gap today, not at your next scheduled review.

ISO 20417 is the horizontal standard governing all information supplied by the manufacturer of a medical device, labels, Instructions for Use (IFU), packaging, and technical descriptions. It applies to every medical device and IVD placed on the market, regardless of class or technology.

The second edition, published in March 2026, cancels and replaces ISO 20417:2021. The changes are not cosmetic. Several requirements that were either optional, flexible, or informative under the 2021 version have become mandatory under the 2026 edition, and two changes directly invalidate practices that were explicitly permitted before.

One of the most common mistakes we see is treating labeling as an administrative task to complete at the end of the development process. ISO 20417 defines information supplied by the manufacturer as a safety control, one that should be driven by risk management, not handled as a marketing afterthought. The 2026 update reinforces this exactly.

What Changed: The 6 Key Updates

The table below gives a quick reference. The sections that follow explain each change in detail, with practical guidance on what it means for your technical documentation.

Area	ISO 20417:2021	ISO 20417:2026	Audit Risk
Normative reference flexibility	Permitted: Could substitute referenced standards via risk assessment	Deleted: Must follow specific editions listed in Clause 2	Critical
IFU readability (lay users)	Vague: “Readily understood”	Mandatory: Demonstrable lower secondary education level	Critical
Label durability	Informative annex: Guidance only	Normative: Mandatory testing requirement	High
Sterile barrier configuration	Not required	Required: Must be identified on label	High
eIFU restricted access	Not specified	New obligation: Evaluate access restriction per user group	Medium
“Applicable Policy” qualifiers	Not present	~20 clauses: Market-specific documentation required	Critical

CHANGE 1

Normative reference flexibility: deleted

You can no longer self-justify substituting referenced standards. Clause 2 editions are fixed unless your regulatory authority mandates otherwise.

CHANGE 2

IFU readability: now measurable

“Readily understood” is gone. Lay-user IFUs must be tested and documented to a defined education level.

CHANGE 3

Label durability: now normative

What was informative guidance is now a mandatory requirement, including peel resistance, abrasion, and post-sterilization legibility.

CHANGE 4

Sterile barrier configuration: new labeling requirement

Sterile device labels must explicitly identify the sterile barrier configuration.

CHANGE 5

eIFU: restricted access obligation

Manufacturers must evaluate whether access to electronic accompanying information should be restricted to defined user groups.

CHANGE 6

~20 “Applicable Policy” qualifiers

Requirements now formally defer to each market’s regulatory authority, creating a new market-mapping documentation obligation.

Change 1: Normative Reference Flexibility: Deleted

Under ISO 20417:2021, manufacturers had a degree of flexibility in Clause 2. If a newer edition of a referenced standard became available, you could (in principle) apply it based on your own risk-based justification, even if it was not the edition specifically listed. This gave QMS managers room to manoeuvre when standards were updated mid-project.

That permission no longer exists in ISO 20417:2026.

Manufacturers must now strictly adhere to the specific editions listed in Clause 2, unless the Authority Having Jurisdiction (AHJ), the regulatory authority with legal oversight in your market, mandates otherwise. Internal risk-based substitution is not an acceptable justification on its own.

“In simple terms, manufacturers can no longer assume they are free to apply newer referenced standards based on internal risk-based justification alone. If their QMS was designed around that flexibility, they may now need to update procedures, standards matrices, and supporting documentation to reflect the current reference approach.”

Diego Rodriguez, Regulatory Affairs Consultant, MDx CRO

What your gap looks like today

If your labeling procedure or standards matrix included a clause permitting substitution of harmonised standards based on internal assessment, that clause is now non-compliant. Review your QMS documentation, update your standards matrix to reflect the fixed Clause 2 editions, and ensure your technical file justifications no longer rely on this flexibility.

Change 2: IFU Readability Is Now Measurable

ISO 20417:2021 required that IFUs for lay users be “readily understood.” That phrase, while well-intentioned, was effectively unenforceable, manufacturers could declare compliance without demonstrating it.

ISO 20417:2026 replaces this with a defined standard: IFUs intended for lay users must be written at a “lower secondary education level.” Critically, you must be able to demonstrate this, stating that the IFU is clear is no longer sufficient.

“It means the manufacturer must be able to show that lay users understand the IFU, not just state that it is clear. In practice, this can be checked through plain-language review, a readability check, and also during usability testing with representative lay users, to confirm they can find, understand, and follow the key instructions and warnings correctly.”

Joana Martins, Regulatory Affairs Specialist, MDx CRO

How to test and document compliance

Plain-language review: Have the IFU reviewed by someone without a medical background. Are the instructions actionable without explanation?
Readability tools: Use a validated readability scoring method (e.g. Flesch-Kincaid, SMOG) to get a quantified readability grade. Aim for grade 7–8 equivalent as a starting benchmark.
Usability testing: Include lay-user comprehension testing as part of your formative or summative usability studies. Participants should be able to find, understand, and correctly follow key instructions and warnings.
Technical Documentation: Document the methodology used, the results, and any iterations made to the IFU as a result. A Notified Body reviewer will expect to see this process evidenced, not just asserted.

This requirement connects directly with IEC 62366-1 (usability engineering). If you already have a usability engineering process for lay-user devices, integrating IFU readability testing into your existing workflow is the most efficient path.

Change 3: Label Durability Annex Is Now Normative

In ISO 20417:2021, guidance on label durability appeared in an informative annex, meaning it was advisory, not mandatory. Manufacturers could follow it or not, and auditors could not cite non-compliance against it as a finding.

In ISO 20417:2026, label durability is normative, a mandatory requirement. This is particularly significant for manufacturers of sterile devices.

“This durability is expected for the lifetime of the device. For sterile device manufacturers, it means they should be able to show that the label remains attached, readable, and intact after the relevant conditions, sterilization, handling, abrasion, or fluid exposure.”

Joana Martins, Regulatory Affairs Specialist, MDx CRO

What a Notified Body reviewer will expect

In your technical file, expect a NB reviewer to look for:

A label durability test plan covering the relevant conditions for your device (sterilization method, expected handling, cleaning agent exposure, etc.)
Test results with defined acceptance criteria
Evidence that the final label still meets all ISO 20417 labeling requirements after testing
Confirmation that durability has been validated for the device’s intended lifetime

If your current technical documentation contains no label durability testing evidence, this is a gap to close now.

Change 4: Sterile Barrier Configuration: New Labeling Requirement

Manufacturers of sterile devices must now explicitly identify the sterile barrier configuration on the device or accessory label. Previously, it was sufficient to indicate that a device was sterile, the configuration of the sterile barrier system did not need to be specified on the label itself.

“A practical example would be adding the relevant single sterile barrier or double sterile barrier symbol on the packaging label, in line with ISO 15223-1 symbols already used in the industry. For manufacturers that do not currently include this, the effort is usually a label and documentation update rather than a full redesign, but it can still be significant if they have many sterile product families, different packaging formats, or multiple market versions.”

Diego Rodriguez, Regulatory Affairs Consultant, MDx CRO

What to do

Identify all sterile device product families and their current label templates
Confirm which ISO 15223-1 symbol applies (single or double sterile barrier)
Update label templates and supporting design history documentation
Ensure all market-specific versions are updated consistently

Change 5: eIFU Restricted Access Obligation

ISO 20417:2026 introduces a new obligation for manufacturers using electronic Instructions for Use: you must evaluate whether access to certain electronic accompanying information should be restricted to defined user groups.

This is a design and documentation obligation, not just a technical one. If you operate an eIFU portal or provide accompanying information electronically, you must be able to demonstrate that you have assessed access control requirements and implemented appropriate restrictions where needed.

“Under the updated requirements, eIFU must be accessible, clearly referenced on the physical label, and the most current version must be available. For medical devices commercialised in the EU, this aligns with Regulation (EU) 2021/2226 and Amending Regulation (EU) 2025/1234 on eIFU.”

Joana Martins, Regulatory Affairs Specialist, MDx CRO

This change has implications for the design of eIFU systems and for the documentation that supports them. Manufacturers with existing portals should review their access control architecture against the new obligation.

Change 6: ~20 “Applicable Policy” Qualifiers

Across approximately 20 clauses in ISO 20417:2026, requirements now formally defer to the “applicable policy” meaning the specific requirements of the regulatory authority in each target market. This is a structural change that affects how globally-active manufacturers document and manage compliance.

The practical implication: you cannot satisfy this with a single, market-neutral labeling procedure. You need a documented mapping of how each applicable policy clause is met in each of your target markets.

“I would handle these requirements by creating a market-specific comparison table. Each clause that refers to ‘applicable policy’ can then be matched to the specific regulatory requirements in every target market, so it is clear why certain label or IFU elements may need to change from one country or region to another. In general, the EU tends to be the most complex market, especially under MDR and IVDR, because of the detailed requirements and the added challenge of consistency across different countries and languages.”

Diego Rodriguez, Regulatory Affairs Consultant, MDx CRO

A single consolidated document, rather than separate market-specific policies, is generally easier to maintain. A matrix format mapping each applicable policy clause to the specific requirements of EU MDR, FDA 21 CFR 801, TGA, and any other relevant markets is the recommended approach.

ISO 20417:2026 Gap Analysis Checklist

A structured checklist covering all 6 key changes, with a market-by-market applicable policy matrix for EU MDR, IVDR, and FDA.

All 6 change areas with specific checklist items
Applicable policy clause matrix (EU, FDA, TGA)
Label durability test plan template
IFU readability documentation guide

SaMD and AI Developers: This Standard Applies to You Too

A common misconception among software medical device manufacturers is that labeling requirements do not apply because there is no physical device. This is incorrect. ISO 20417:2026 applies to all medical devices, including SaMD and AI-based tools, and the user interface is the regulated label.

“It is common for SaMD manufacturers to incorrectly believe that labelling requirements are not applicable since they don’t have a physical device. Labelling requirements still apply, but will be provided to the user in the device’s UI, typically through an IFU, Help, or About section.”

Joana Martins, Regulatory Affairs Specialist, MDx CRO

For SaMD and AI developers, the practical implications are:

UDI and build version must be immediately accessible within the clinical workflow, not buried in an external document
Algorithmic limitations, confidence boundaries, and dataset constraints must be traceable from the UI back to the risk management file
IFU content must be accessible in-app and kept current, this is part of your post-market obligations
Your UI design process should be informed by ISO 20417 requirements from the outset, not applied retrospectively

MDR, IVDR, and Harmonisation Status

As of April 2026, ISO 20417:2026 is not yet formally harmonised under EU MDR (2017/745) or IVDR (2017/746). This requires a specific publication in the Official Journal of the EU, a process that takes time after a standard is published.

Notably, ISO 20417:2021 was never harmonised before it was withdrawn. This means the question of harmonisation is, in practice, less significant than it might appear: the standard has always been applied as State of the Art rather than through formal harmonised presumption of conformity.

“ISO 20417:2026 is now considered the State of the Art and should be followed because of that. Non-harmonised standards can still be used to show compliance with applicable requirements and this will be summarised when preparing the General Safety and Performance Requirements Checklist.”

Joana Martins, Regulatory Affairs Specialist, MDx CRO

ISO 20417:2026 in the context of your MDR/IVDR GSPR checklist

ISO 20417:2026 addresses the requirements of Annex I, Chapter III of both MDR and IVDR, the requirements regarding information supplied with the device, including labelling and instructions for use. It is, however, not a standalone solution. Compliance with the labelling GSPRs also requires:

EN ISO 15223-1:2021 for symbols to be used on labels
EN ISO 17664-1/2 for information to be supplied for device reprocessing (where applicable)
EN ISO 18113 series for IVD reagents and instruments (professional or self-testing)
IEC 60601 symbols for medical electrical equipment (where applicable)

Apply ISO 20417:2026 as the central framework, cross-referenced to the above standards as applicable to your device type.

NB Audit Risk: What to Expect in 2026–2027

Top 3 Notified Body Finding Risks: ISO 20417:2026

1 Applicable Policy Qualifiers: documentation gap

The ~20 new applicable policy clauses require market-specific mapping. Most manufacturers have not yet created this documentation. NBs will look for it.

2 Normative Reference Flexibility: deleted but still in QMS

QMS documents that still reference the now-deleted flexibility from Clause 2 of the 2021 version are a direct non-conformity. Update your standards matrix and procedures.

3 IFU Readability: assertion without evidence

Manufacturers can find it difficult to measure and demonstrate the lower secondary education level requirement. NBs will expect documented evidence, not a declaration.

Why this matters: real-world consequences

Poor compliance with manufacturer information requirements has led to real product corrections. Two FDA cases are worth noting:

FDA Correction Cases, IFU-Related

Olympus Ligating Device: Correction issued by Olympus due to unclear or incorrect IFU for a ligating device. Users were unable to safely follow the instructions as written. FDA alert

Becton Dickinson BD Alaris Pump: BD issued a correction to update instructions for the Alaris infusion pump due to information deficiencies that created a risk of use error. FDA alert

Both cases illustrate the core principle of ISO 20417: information is a safety control, not an administrative output.

Your 30-Day Action Plan

If your organisation has not yet reviewed ISO 20417:2026, this is where to start. Notified Bodies are already applying the 2026 edition in technical file reviews.

Run a gap analysis against the six key changes listed above. Use the checklist below as your starting point.
Update your standards matrix to reference ISO 20417:2026 and remove any reliance on the deleted normative reference flexibility.
Identify all products with lay-user IFUs and assess your current readability documentation. If there is no evidence of readability testing, create a plan to generate it.
Review sterile device label templates for sterile barrier configuration identification.
Audit your label durability test documentation confirm it covers the full device lifetime and all relevant conditions.
Create an applicable policy clause matrix for each of your target markets.

Frequently Asked Questions about ISO 20417:2021

Is ISO 20417:2021 still valid?

No. ISO 20417:2021 was officially withdrawn when ISO 20417:2026 was published in March 2026. The 2026 edition is now the current version and must be used for all new and updated technical documentation.

Is ISO 20417:2026 harmonised under EU MDR or IVDR?

As of April 2026, ISO 20417:2026 is not yet formally harmonised under MDR (2017/745) or IVDR (2017/746). However, ISO 20417:2021 was never harmonised before it was withdrawn either. The 2026 edition is now considered the State of the Art and should be applied. It can be used in your GSPR checklist to demonstrate compliance with Annex I, Chapter III of both regulations.

What are the three changes most likely to generate NB findings?

Based on our experience, the top three audit risks are: (1) the applicable policy qualifiers, most manufacturers have not yet created the required market-specific documentation; (2) the deletion of normative reference flexibility, QMS documents that still reference the old clause are a direct non-conformity; and (3) the IFU readability mandate, NBs will expect documented evidence of testing, not a declaration.

Does ISO 20417:2026 apply to software medical devices (SaMD)?

Yes. ISO 20417:2026 applies to all medical devices, including SaMD and AI-based tools. The user interface is the regulated label. Labeling requirements are delivered through the device’s UI, typically via an IFU, Help, or About section. UDI and build version must be immediately accessible within the clinical workflow, and algorithmic limitations must be traceable from the UI back to the risk management file.

How do I test IFU readability for lay users?

Readability for lay users can be demonstrated through three steps: (1) plain-language review by a non-technical reader; (2) formal readability scoring using a validated tool such as Flesch-Kincaid or SMOG; and (3) usability testing with representative lay users who confirm they can find, understand, and follow key instructions and warnings. All three steps and their results must be documented in the Technical Documentation.

Can I use one labeling procedure for both EU and FDA markets?

You can have one overarching procedure, but it must include a market-specific table mapping requirements for each target market. ISO 20417:2026 and 21 CFR 801 have both similarities and important differences, particularly around language requirements, which may require separate label sets for different markets. The key is consistency: any change to a device name, warning, or labeling element must be applied across all market versions as applicable.

What is a sterile barrier configuration and why does it now need to be on the label?

The sterile barrier configuration refers to whether the device uses a single or double sterile barrier system. ISO 20417:2026 now requires this to be explicitly identified on the label, not just that the device is sterile. In practice, this typically means adding the appropriate ISO 15223-1 symbol (single or double sterile barrier) to your packaging label. For manufacturers with multiple sterile product families or market-specific packaging, this may require updating several label templates and their associated documentation.

Is ISO 20417:2026 alone sufficient for MDR labeling compliance?

No. ISO 20417:2026 addresses the central framework for manufacturer information requirements, but full MDR/IVDR labeling compliance also requires EN ISO 15223-1:2021 (symbols), EN ISO 17664-1/2 (reprocessing information, where applicable), and the EN ISO 18113 series for IVDs. Additional standards such as IEC 60601 symbols may apply depending on your device type.

Need a structured gap analysis?

Our regulatory team can conduct a rapid ISO 20417:2026 gap assessment of your technical documentation and labeling, and give you a prioritised remediation plan.

Request a Gap Review

Written by:

Diego Rodríguez Muñoz, PhD

RA Specialist

Regulatory affairs specialist & CRA with expertise in EU MDR/IVDR, CE marking, Biological Evaluations (dental), and clinical investigations & technical documentation for MDs & IVDs.

Industry Insights & Regulatory Updates

Advanced digital health technology showcasing human body and medical device integration for MedTech innovation.

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

FDA QMSR: How the 2026 Regulation Shift Transforms MDSAP Audits and FDA Compliance Inspections

High-tech European Parliament building with EU flag, modern glass architecture, representing advanced government infrastructure and innovation.

Navigating the IVDR CDx Certification Pathway

iso 20916 2024 ivdr harmonization ivd studies Detailed image of female researcher examining samples through a microscope in a modern laboratory, demonstrating advancements in MedTech innovation and research in healthcare technology.

ISO 20916:2024 What You Need to Know for Clinical Performance Studies in 2026

UK flag representing UK Responsible Person services for medical devices under UK MDR 2002

IVDR Lab Readiness: Step-by-Step Transition Checklist

ISO 14155:2026 What’s Changed and What It Means for Your Clinical Investigation

April 8, 2026

The fourth edition of the international GCP standard for medical device clinical investigations is now in effect, with no transition period. Here is what sponsors, investigators, and CROs need to know.

Kirsty Macleod

ISO 14155:2026 was published in March 2026.

It replaces ISO 14155:2020 as the global benchmark for Good Clinical Practice (GCP) in medical device clinical investigations, covering everything from trial design and risk management to informed consent and safety reporting. There is no defined transition period. If your study is in planning, you are expected to comply now.

A Standard That Has Been a Long Time Coming

ISO 14155 has been the GCP reference for medical device clinical investigations since its first edition in 2003. The third edition, published in July 2020, made significant strides in aligning the standard with the EU Medical Devices Regulation (MDR 2017/745) and the ICH E6(R2) framework. But five years of practical implementation exposed gaps, particularly around risk management, study oversight structures, and statistical planning.

The fourth edition directly addresses those gaps. It introduces more prescriptive requirements, clearer distinctions between types of risk, new formal oversight structures, and a statistical annex that brings medical device investigations much closer to the rigour expected in pharmaceutical trials.

⚠ No transition period, requirements apply immediately

One timing point worth noting: ISO 14155:2020 had only just achieved formal harmonisation with the EU MDR when the fourth edition arrived, an unusual situation that has created legitimate questions for sponsors about the harmonisation status of the new standard. As of publication, EN ISO 14155:2020 remains the harmonised standard for MDR conformity purposes. The harmonisation process for ISO 14155:2026 is ongoing. Sponsors should monitor the EU Official Journal for updates.

The Key Changes: What’s New in ISO 14155:2026

1. Risk Management: A Clearer, More Structured Framework

If applying ISO 14971 risk management principles to clinical investigations has been a grey area in your organisation, the fourth edition addresses this directly.

The key distinction introduced is the separation of two categories of risk:

Device-related risks: including residual risks relevant to the specific study population, sample size, and indication, must be evaluated using full ISO 14971 methodology. The standard recognises that adverse device effect rates during an investigation can differ from post-market use. A small trial population amplifies ethical impact; risks must be contextualised accordingly.

Procedure-related risks: arising from non-routine clinical procedures required by the Clinical Investigation Plan (CIP) but outside standard clinical practice, require a descriptive risk assessment.

A risk based monitoring approach should be defined to manage the oversight of risks associated with the clinical investigation.

The standard clarifies how general device risk management principles translate into study-specific considerations, with focus on investigational device risks, especially residual risks relevant to the study population, sample size, and indication. These updates will require greater rigour when conducting and documenting risk assessments, but the result will be sponsors having more robust, better-documented risk management files tailored to each investigation.

Kirsty Macleod, Head of Clinical Research, MDx CRO

2. Data Monitoring Committees and Clinical Events Committees: Formal Requirements for Both

Study oversight structures receive significant attention in the fourth edition.

For DMCs, ISO 14155:2026 provides further clarification on this requirement. Where a DMC is determined to be in place, sponsors must now pre-define, and document in the CIP, the specific conditions under which a study would be suspended or stopped.

CECs are introduced for the first time in ISO 14155:2026. A Clinical Events Committee is an independent group of clinical experts established by the sponsor to ensure consistent classification and assessment of clinical events across sites. In multi-centre studies, different investigators may characterise the same event type differently, a CEC reduces that variability and strengthens data reliability. Where a CEC is used, its independence, role, and conflict-of-interest management must be formally defined at the outset of the study.

Key point for CROs and sponsors

The DMC and CEC requirements are not about adding bureaucracy. They are about ensuring that the necessary due diligence on safety review levels has been performed and captured in study documentation before the study starts, not after a safety signal emerges.

3.Informed Consent: Strengthened Expectations and Ethics Committee Implications

The fourth edition introduces more operational requirements around ethics, subject rights, and consent.

Specific updates include a prohibition on deviations from eligibility criteria without a formal CIP amendment; clearer requirements for explaining future use of health data to subjects; and expanded protection requirements for vulnerable populations and cross-border studies.

Ethics committees will scrutinise these more closely. Sponsors referencing ISO 14155:2026 compliance in submissions should expect greater attention to consent documentation, the consent process itself, and how protocol deviations are governed.

Ethics committees will have altered expectations when sponsors state compliance with the revised standard. Any mismatches between the risk management file and the informed consent form, downplaying known residual risks, using generic language, are routinely flagged during ethics review. The risk file and the consent must tell the same story, in plain language.

Kirsty Macleod, Head of Clinical Research, MDx CRO

4. Design Considerations: The Estimand Framework Arrives

The introduction of Annex K, a new informative annex on clinical investigation design considerations, brings the device world significantly closer to the statistical expectations long standard in pharmaceutical development.

In practice, this means study protocols are expected to more precisely define the clinical question being answered, including how intercurrent events (patient dropouts, treatment switches, protocol deviations) are handled in the primary analysis. Missing data strategies must be planned prospectively, not fixed post-hoc.

For organisations working across both medical devices and pharmaceuticals, this alignment reduces friction. For teams accustomed to simpler device trial designs, it will require additional investment in biostatistics at the planning stage.

5. Clinical Performance: A Sharper Definition With Real Consequences

The definition of “clinical performance” has been updated to more explicitly link device performance to measurable clinical benefit resulting from technical or functional characteristics. This is not a minor editorial change. It has direct implications for how endpoints are selected and justified in the CIP, and how clinical evidence is structured in Clinical Evaluation Reports (CERs).

Sponsors designing new studies need to ensure their primary endpoints map directly to the updated definition. For CER authors, it adds another layer of alignment to consider when assessing clinical data generated under different versions of the standard.

The Most Common Mistakes Sponsors Make regarding ISO 14155, and How to Avoid Them

When running and overseeing clinical investigations, the same errors appear repeatedly when sponsors try to apply risk management requirements to active studies. The fourth edition makes some of these errors significantly harder to ignore during regulatory or ethics review.

The mistake	What is expected instead
Reusing the post-market risk file unchanged Clinical investigations have different risk profiles, smaller populations, learning-curve users, investigational configurations. The ISO 14971 product risk file created for design verification does not translate directly.	A study-specific risk assessment clearly linked to the CIP, subject population, site capabilities, and operator experience. Justified differences between clinical investigation risk and intended-use risk.
Applying full ISO 14971 to procedure risks Sponsors apply the full methodology to blood draws, biopsies, imaging, and extra clinic visits, logging these as device risks. Regulators increasingly challenge over-engineered risk files because they obscure actual device risk.	Clear separation in documentation: device-related risks, ISO 14971 process; procedure-related risks, descriptive assessment. Explicit statement in the CIP explaining this distinction.
Freezing the risk file once the study starts Risk management is treated as a design artefact with no named responsibility during execution. Adverse events, near-misses, and protocol deviations that reveal new hazards are not fed back into risk assessment.	Defined triggers for risk review (SADEs, DMC recommendations, deviation trends). Documented updates showing how clinical findings feed back into hazard identification, risk estimation, and benefit-risk evaluation.
Weak linkage between risk file and consent form The informed consent form downplays known residual risks, uses generic language, or is inconsistent with what appears in the risk management file. Ethics committees view this as a red flag.	Clear mapping between residual risks and subject-facing explanations. Justification where technical risks are simplified or grouped. Immediate consent updates if risk understanding changes.
Risk controls that exist on paper but not in the study Controls are listed in the risk file but not implemented, training listed but not documented, IFU warnings not reflected in consent, monitoring controls not built into the protocol.	Traceability from risk, control, CIP section, training, monitoring. Cross-checks during monitoring that controls are actively applied. This is one of the most common audit findings.

What Happens to Studies Already Underway?

This is a frequently asked question by sponsors where the answer requires some nuance.

Studies initiated and approved under ISO 14155:2020 remain valid. The publication of the fourth edition does not retroactively invalidate work done in compliance with the previous version. A study designed, approved, and conducted in line with ISO 14155:2020 remains compliant with that version, and that data remains usable to support CE marking, clinical evaluation updates, and post-market evidence, provided it was compliant at the time of initiation.

Where things become more complex is with substantial amendments. If an ongoing study undergoes a significant change after March 2026, a protocol amendment, addition of new sites, introduction of a DMC or CEC, changes to the subject population, regulators and notified bodies may expect the affected areas to be brought into alignment with ISO 14155:2026. This is not a hard rule, but it is a risk-based expectation that should be assessed and documented.

In practice, authorities accept a clear, documented rationale: the clinical investigation was designed and initiated in compliance with ISO 14155:2020, which represented the state of the art at the time of study initiation. The publication of ISO 14155:2026 has been reviewed, and no changes were required that would materially impact subject safety, data integrity, or scientific validity. This approach is widely accepted, provided it is documented, risk-based, and justified.

Kirsty Macleod, Head of Clinical Research, MDx CRO

What Sponsors and Investigators Must Do Now

Given that there is no transition period, the question is not whether to act but how to prioritise. Here is a practical framework:

1. Run a formal gap analysis

Assess your current SOPs, CIP templates, risk management processes, and oversight structures against ISO 14155:2026. Focus first on risk management (device vs. procedure risk distinction), DMC/CEC governance, and statistical planning documentation.

2. Update your QMS and SOPs

Procedures, templates, and SOPs that reference ISO 14155:2020 need revision, particularly around CEC governance (new), DMC governance (strengthened), risk management integration, and informed consent processes.

3. Assess ongoing studies

Review active protocols or protocols in development. For studies with upcoming substantial amendments, prepare a documented assessment of whether and how ISO 14155:2026 requirements apply. Always document the rationale for decisions made, or not made.

4. Deliver structured training

Sharing the updated standard document is not sufficient. The risk management changes in particular require dedicated training for clinical affairs, regulatory affairs, and quality teams, not just a circulated PDF.

5. Monitor the harmonisation process

Keep an eye on the EU Official Journal for updates on the formal harmonisation of ISO 14155:2026 under the MDR. Until harmonised, EN ISO 14155:2020 remains the reference for MDR conformity presumption.

Key insight

The core principles of Good Clinical Practice for medical device investigations remain stable. What the 2026 revision adds is greater structure, clarity, and prescriptiveness, especially around risk management and ethical requirements. In the long run, this benefits patient safety, study design rigour, and the robustness of the evidence generated. The burden is front-loaded; the payoff is fewer audit findings and more defensible submissions.

Frequently Asked Questions about ISO 14155:2026

When did ISO 14155:2026 come into effect?

ISO 14155:2026 (Edition 4) was published in March 2026 and replaced ISO 14155:2020 immediately, with no defined transition period. Any new clinical investigation initiated after publication is expected to reference ISO 14155:2026 or provide a clear justification for non-alignment.

Do studies already underway under ISO 14155:2020 need to be updated?

Studies initiated and approved under ISO 14155:2020 remain valid. However, any substantial amendment to an ongoing study after March 2026 may trigger an expectation to align affected parts with ISO 14155:2026, or provide a documented justification explaining why partial or full transition is not appropriate. Always document the rationale.

Is ISO 14155:2026 harmonised with the EU MDR?

Not yet. As of April 2026, EN ISO 14155:2020 remains the harmonised standard providing presumption of conformity with the EU MDR. The formal harmonisation process for ISO 14155:2026 is underway. Sponsors should monitor the EU Official Journal regularly for updates.

What is the difference between a DMC and a CEC under ISO 14155:2026?

A Data Monitoring Committee (DMC) oversees overall trial safety and has the authority to recommend stopping or modifying a study. ISO 14155:2026 requires sponsors to pre-define stopping conditions and justify the absence of a DMC. A Clinical Events Committee (CEC) newly introduced in the 2026 edition, is an independent panel of clinical experts that ensures consistent classification of events across sites in multi-centre studies, improving data reliability.

Does ISO 14155:2026 apply to PMCF studies?

Yes. ISO 14155 applies to post-market clinical investigations, including PMCF studies. Annex I of the standard defines the applicability of requirements to different types of post-market investigations. Some requirements may be modified or exempt for observational studies, but the core GCP principles, including risk management, monitoring, and data governance, apply.

What is the estimand framework introduced in Annex K?

The estimand framework (from ICH E9(R1)) provides a structured approach to defining exactly what clinical question the investigation is designed to answer, and how events that disrupt the intended treatment (dropouts, protocol deviations, treatment switches) should be handled in the primary analysis. It requires these decisions to be made and documented at the design stage, not resolved post hoc in statistical analysis.

Does ISO 14155:2026 apply to IVD clinical performance studies?

ISO 14155 applies to medical devices, not in vitro diagnostics (IVDs). IVD clinical performance studies are governed by ISO 20916:2019. However, where a medical device and an IVD are used in an integrated system, elements of both standards may apply. Sponsors of combination investigations should assess both standards.

Need support implementing ISO 14155:2026?

MDx CRO’s clinical research team supports medical device and IVD sponsors at every stage, from gap analysis and SOP updates to full clinical investigation management under the new standard.

Request a Gap Analysis

Speak to our team

ISO 14971 Applied to Clinical Investigations: A Practical Guide

PMCF Under MDR: What ISO 14155 Requires

Clinical Investigation Plan: What You Must Include (2026 Update)

EN ISO 14155:2020/A11:2024 and MDR Harmonisation

Written by:

Kirsty Macleod

Head of Clinical Research

Clinical Operations leader with IVD and CDx device expertise, delivering global clinical studies while establishing best practices and high performing teams.

Industry Insights & Regulatory Updates

Researchers conducting advanced medical technology experiments in a laboratory setting, focusing on clinical research and innovative solutions for healthcare.

Making IVDR Work in Combined Studies: Scientific & Operational Lessons from 40+ Programs

Close-up of a scientist handling a test tube with DNA strands and digital medical data overlays, emphasizing advanced medical technology and research.

Portugal’s New Clinical Trials Law No. 9/2026: What Sponsors Need to Know

A tall stack of organized medical device documentation and regulatory papers against a blue background, emphasizing compliance and regulatory standards in MedTech.

IMDRF Draft N91 2026: New Clinical Evidence Requirements for IVDs Explained

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

EU MDR 2017/745 for Dental Devices: Complete Guide (2026)

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

March 9, 2026

Diego Rodriguez Muñoz

The EU AI Act (Regulation (EU) 2024/1689) applies to AI-powered medical devices automatically classified as high-risk under Annex III. Manufacturers of SaMD with AI components must comply by August 2026, or August 2027 for CE-marked devices subject to Notified Body review under MDR or IVDR. Both frameworks apply simultaneously, requiring integrated technical documentation, data governance, and human oversight mechanisms.

This is not a distant compliance horizon. The provisions most relevant to medical device AI became applicable from August 2026. Companies that have not yet assessed their AI systems against the AI Act risk gaps in their technical documentation and conformity processes at exactly the moment Notified Bodies are beginning to incorporate AI Act considerations into their assessments.

This guide explains what the AI Act requires from SaMD developers, how it interacts with MDR and IVDR, and what practical steps manufacturers should be taking now.

For general SaMD MDR compliance, see our SaMD EU MDR Compliance Guide

Timeline Update: April 2026

Since this article was originally published, two important milestones have passed and one critical deadline distinction has been clarified. If you are planning your AI Act compliance roadmap as a SaMD developer, your timeline may need adjusting.

February 2026: Commission published guidelines on Article 6

The European Commission met its deadline under Article 6(5) of the AI Act and published practical guidelines on how to classify AI systems as high-risk, including concrete examples of what qualifies and what does not. If your team has not yet reviewed these guidelines as part of your classification assessment, this is a priority action, they directly affect how you document your high-risk determination in your technical file.

2 August 2026: Most high-risk AI obligations now apply, but with a critical exception for medical devices

As of 2 August 2026, the majority of high-risk AI obligations under the AI Act entered into application. However, there is an important split that is directly relevant to SaMD developers:

Article 6(1) the provision that covers AI systems embedded in products subject to third-party conformity assessment under EU harmonisation legislation, does not apply until 2 August 2027. This is the provision that governs CE-marked medical devices and IVDs regulated under MDR and IVDR, where Notified Body involvement is required.

In practical terms, this means that manufacturers of Class IIb/III medical devices (MDR) or Class C/D IVDs (IVDR) that incorporate AI have until August 2027, not August 2026, to comply with the Article 6(1) high-risk classification pathway. The 2026 deadline applies primarily to AI systems listed in Annex III of the AI Act that are not subject to Notified Body conformity assessment under other EU legislation.

There is also a transitional provision worth noting: AI systems already placed on the market before 2 August 2026 are only subject to the new obligations if they undergo significant design changes after that date.

The full official timeline is available at the EU AI Act implementation timeline.

Revised compliance milestones for SaMD developers

February 2025: AI literacy requirements and prohibitions on unacceptable-risk AI applied
August 2025: GPAI model obligations applied (relevant if your SaMD is built on a foundation model)
February 2026: Commission guidelines on Article 6 classification published
2 August 2026: Most high-risk AI obligations apply (Annex III systems without NB assessment)
2 August 2027: Article 6(1) applies: key deadline for CE-marked MDR/IVDR SaMD

We recommend beginning compliance preparation now regardless of which deadline applies to your device. Notified Bodies are already incorporating AI Act expectations into their MDR and IVDR assessments ahead of the legal deadline, and the documentation work involved, training data governance, bias assessment, human oversight design, takes considerable time to complete properly.

The rest of this article describes what the high-risk AI obligations require in practice. Read it with the above timeline in mind.

1. Does the AI Act Apply to Your Software?

The AI Act applies to AI systems placed on the market or put into service in the EU. An AI system is defined as a machine-based system that, given explicit or implicit objectives, infers from inputs how to generate outputs such as predictions, content, recommendations, or decisions that can influence real or virtual environments.

This definition is intentionally broad. It covers:

Machine learning models (supervised, unsupervised, reinforcement learning)
Deep learning systems including convolutional neural networks used in medical imaging
Natural language processing tools used in clinical documentation or decision support
Bayesian classifiers and other probabilistic inference systems

It does not cover:

Traditional rule-based software with no learning or inference component
Software that executes fixed logic without adaptive behaviour

If your SaMD uses any form of machine learning or statistical inference to generate clinical outputs, the AI Act almost certainly applies.

2. High-Risk AI Classification for Medical Devices

The AI Act categorises AI systems by risk level. For medical device manufacturers, the critical category is high-risk AI.

Under Annex III of the AI Act, AI systems intended to be used as safety components of medical devices, or which are themselves medical devices regulated under MDR or IVDR, are automatically classified as high-risk AI.

This means: if your SaMD is a CE-marked medical device or IVD, or is a software component that performs a safety function within one, it is high-risk AI under the AI Act. There is no further classification analysis required, the medical device status determines it.

High-risk AI systems are subject to the full obligations of the AI Act, including:

Risk management system: an AI-specific risk management process, documented and integrated with the ISO 14971 risk management already required under MDR
Data and data governance: training, validation, and testing datasets must be relevant, representative, free of errors, and sufficiently complete; demographic and geographic representativeness must be documented
Technical documentation: a detailed record of the AI system’s design, development process, training methodology, validation approach, and performance characteristics
Transparency and instructions for use: users must be provided with clear information about the AI system’s capabilities, limitations, accuracy metrics, and circumstances under which human oversight is required
Human oversight: the system must be designed to allow human oversight and intervention; it must not undermine the ability of the operator or user to override, disregard, or reverse outputs
Accuracy, robustness, and cybersecurity: performance must be declared and validated; the system must be resilient to errors, faults, and adversarial manipulation
Conformity assessment: high-risk AI systems must undergo a conformity assessment before being placed on the market

3. How the AI Act Interacts with MDR and IVDR

This is where the compliance picture becomes complex, and where early planning pays off.

The AI Act does not replace MDR or IVDR. Both regulatory frameworks apply simultaneously to AI-powered SaMD. However, the EU has designed a streamlined pathway for medical devices that are already subject to Notified Body review under MDR or IVDR.

Under Article 11 and Annex II of the AI Act, AI systems that are regulated as medical devices benefit from a single technical documentation approach meaning the AI Act technical documentation requirements can be integrated into the existing MDR/IVDR technical file rather than creating a separate document set.

Similarly, for Class IIb and III medical devices (MDR) and Class C and D IVDs (IVDR) which are the most likely to contain high-risk AI the Notified Body involvement already required under MDR/IVDR can cover the AI Act conformity assessment. The Notified Body acts as the relevant conformity assessment body for both frameworks.

In practice this means:

What changes for AI-powered SaMD under the AI Act:

Technical documentation must now explicitly address AI-specific elements: training data governance, model validation across subgroups, bias assessment, explainability approach, and human oversight mechanisms
Post-market monitoring must include AI performance monitoring tracking model drift, accuracy degradation over time, and distribution shift in real-world data
Transparency obligations require new IFU content describing AI limitations and human oversight requirements
A fundamental rights impact assessment may be required for certain high-risk AI applications in healthcare

What does not change:

The MDR/IVDR conformity assessment route remains the primary pathway
The Notified Body relationship established for MDR/IVDR CE marking remains the relevant body
ISO 14971 risk management, IEC 62304 lifecycle management, and clinical evaluation requirements are unchanged AI Act risk management is additive, not a replacement

4. General Purpose AI (GPAI) Models in Medical Devices

A separate and increasingly relevant category is General Purpose AI (GPAI) large foundation models or multimodal AI systems that can be adapted or fine-tuned for specific applications.

If a SaMD developer is building on top of a GPAI model: for example, fine-tuning a large language model for clinical documentation, or adapting a vision foundation model for medical image analysis both the GPAI model provider and the SaMD developer have obligations under the AI Act.

GPAI model providers must publish technical documentation and comply with copyright and transparency requirements. SaMD developers who deploy or fine-tune GPAI models are responsible for ensuring the resulting system meets all high-risk AI obligations, including data governance, validation, and clinical performance claims. The validation methodology for fine-tuned GPAI models in medical contexts is an area where regulatory guidance is still developing, early engagement with your Notified Body is strongly recommended.

5. Key Timelines

August 2024: AI Act enters into force.

February 2025: Prohibitions on unacceptable-risk AI systems apply. Not directly relevant for medical SaMD, but important for any AI used in patient-facing administrative processes.

August 2025: GPAI model obligations apply. SaMD developers building on foundation models must assess their exposure now.

August 2026: High-risk AI obligations fully apply. This is the key deadline for medical device AI. From this date, new AI-powered SaMD placed on the EU market must comply with all high-risk AI requirements.

Post-2026: Notified Bodies designated under the AI Act will begin conducting AI Act-specific conformity assessments. The intersection with MDR/IVDR NB assessments will become a standard part of the conformity process.

6. What to Do Now: A Practical Checklist

Classify your AI systems. Identify every AI component in your SaMD portfolio and confirm whether it meets the EU’s definition of an AI system. For each, document the risk classification and the rationale.

Assess your technical documentation gaps. Review your existing MDR/IVDR technical files against the AI Act Annex IV requirements. Identify where AI-specific content, training data documentation, bias assessment, explainability approach, is missing or insufficient.

Review your data governance. The AI Act’s requirements for training data representativeness and bias documentation are more explicit than anything in MDR. If your training data governance is not documented at the level the AI Act requires, this is a gap that needs addressing before your next Notified Body audit.

Update your IFU and labelling. Transparency obligations mean users must be explicitly informed about AI limitations, performance metrics across relevant subgroups, and circumstances requiring human override. Most current SaMD IFUs are not written to this standard.

Engage your Notified Body. Ask your NB directly how they are approaching AI Act integration into MDR/IVDR assessments. Different NBs are at different stages of readiness, and early clarity on what they will expect prevents last-minute documentation gaps.

Build AI performance monitoring into your PMS. Post-market surveillance for AI-powered SaMD must now track model performance over time. If your PMS plan does not include AI-specific monitoring metrics, update it before August 2026.

Key Requirements at a Glance

AI-powered SaMD classified as high-risk under the EU AI Act must meet the following obligations before market placement:

Risk management system: An AI-specific risk management process, documented separately from but integrated with ISO 14971 requirements under MDR/IVDR.
Data governance: Training, validation, and test datasets must be representative, bias-assessed, and documented for demographic and geographic coverage.
Technical documentation: AI-specific content, including training methodology, model validation, and performance characteristics, must be incorporated into the MDR/IVDR technical file.
Human oversight: The system must be designed so clinicians can override, disregard, or reverse AI outputs at all times.
Transparency and IFU: Instructions for use must explicitly state AI limitations, accuracy metrics, and when human review is required.
Conformity assessment: CE-marked SaMD undergoes AI Act conformity assessment through the existing Notified Body route (Article 6(1), applicable from August 2027).

AI Act SaMD Classification: When Is Your Software Automatically High-Risk?

Under the EU AI Act, Software as a Medical Device does not go through a separate AI risk classification process if it is already regulated as a medical device. The classification is automatic.

The rule under Annex III: Any AI system that is itself a medical device, or functions as a safety component of a medical device, regulated under EU MDR or IVDR, is automatically classified as high-risk AI under Article 6(1).

A Class IIa diagnostic imaging AI — high-risk AI.
A Class III surgical decision-support algorithm — high-risk AI.
A Class C IVD with an AI-based interpretation engine — high-risk AI.
Rule-based software with no learning component — not covered by the AI Act.

EU AI Act August 2026 Deadline: What It Means for Medical Device Manufacturers

The date most frequently cited, 2 August 2026 is real, but it does not apply equally to all medical device AI. Understanding the split is critical for compliance planning.

What applies from 2 August 2026

High-risk AI obligations apply to Annex III AI systems not subject to third-party conformity assessment. In the medical device context: hospital workflow tools, patient triage algorithms not CE-marked as medical devices.

What applies from 2 August 2027

For CE-marked MDR/IVDR devices, Article 6(1) applies and it does not enter into force until 2 August 2027. This is the deadline that matters most for SaMD developers.

AI Act vs MDR: Understanding the Dual Compliance Framework for SaMD

AI-powered medical devices are subject to two overlapping EU regulatory frameworks simultaneously. They are not alternatives — both apply, and compliance with one does not fulfil the other.

	EU MDR / IVDR	EU AI Act
What it governs	Safety, performance, and clinical efficacy of the device	How the AI was built, trained, validated, and governed
Key deadline	Ongoing (MDR transitional periods ended)	Aug 2026 (non-NB AI) / Aug 2027 (CE-marked SaMD)

General Purpose AI (GPAI) Models in Medical Devices: What the AI Act Requires

A General Purpose AI (GPAI) model is an AI model trained on large amounts of data, capable of serving a wide range of downstream tasks. Foundation models and LLMs adapted for clinical use fall into this category.

Tier 1: GPAI model provider obligations (August 2025)

The company that trains the foundation model must document training data, comply with copyright law, and publish transparency summaries — applicable since August 2025.

Tier 2: SaMD developer obligations (August 2026/2027)

When a SaMD developer fine-tunes a GPAI model for a medical application, they become the high-risk AI provider and must conduct their own clinical validation, document training data for fine-tuning, and design human oversight mechanisms specific to the clinical context.

What is the EU AI Act?

The EU AI Act (Regulation (EU) 2024/1689) is the European Union’s comprehensive legal framework for artificial intelligence systems. It entered into force on 1 August 2024 and is being phased in progressively through 2027.

What does it regulate?

The AI Act classifies AI systems by risk level, from unacceptable-risk (prohibited) to high-risk, limited-risk, and minimal-risk, and sets obligations proportionate to that classification. High-risk AI systems, which include all AI used in medical devices regulated under MDR or IVDR, face the most stringent requirements.

Who does it apply to?

Any organisation that develops, deploys, or places on the EU market an AI system, including manufacturers of AI-powered Software as a Medical Device (SaMD), regardless of where they are based.

How does it differ from MDR?

The MDR governs whether a device is safe and performs as claimed. The AI Act governs how the AI system within that device was built, trained, and governed. Both apply simultaneously to AI-powered SaMD from 2026–2027 onwards.

Frequently Asked Questions: EU AI Act and Medical Devices

What is the difference between the EU AI Act and the MDR for medical device AI?

The MDR (Medical Device Regulation) governs the safety, efficacy, and quality of medical devices, including those powered by AI. The EU AI Act is a separate regulatory framework that addresses the risks and accountability of AI systems themselves. The AI Act focuses on how the AI system was built, trained, validated, and deployed, while MDR focuses on the clinical performance of the device. Both apply simultaneously to AI-powered SaMD from August 2026 onwards.

Does the AI Act apply to all machine learning models in medical devices?

Yes, if you use any form of machine learning, deep learning, or statistical inference to generate clinical outputs, the AI Act applies. This includes supervised learning, convolutional neural networks for medical imaging, natural language processing for clinical documentation, and Bayesian classifiers. It does NOT apply to traditional rule-based software with fixed logic and no learning or inference capability

What does ‘high-risk AI’ mean under the EU AI Act?

High-risk AI includes AI systems that are themselves medical devices or safety components of medical devices regulated under MDR, or AI systems regulated under IVDR. If your SaMD is CE-marked or classified as a medical device, it is automatically classified as high-risk AI. High-risk AI must comply with all AI Act obligations: risk management, data governance, technical documentation, transparency, human oversight, and conformity assessment.

What are the data governance requirements under the AI Act?

The AI Act requires explicit documentation that training, validation, and testing datasets are relevant, representative, free of errors and bias, and sufficiently complete. Demographic and geographic representativeness must be documented, particularly important for medical AI to ensure performance across age, sex, ethnicity, and geography. This is more explicit than MDR alone.

What are the human oversight requirements under the AI Act?

High-risk AI systems must be designed to enable human oversight and intervention. Users must be able to override, disregard, or reverse the AI’s decision, and the system must not undermine this ability. For clinical SaMD, this typically means the AI operates in decision-support mode and clinicians retain authority to override recommendations.

When do I need to comply with the AI Act?

August 2026 is the key deadline for medical device AI. From this date, all new AI-powered SaMD placed on the EU market must comply with high-risk AI requirements, Notified Bodies will incorporate AI Act assessments into MDR/IVDR reviews, and technical documentation must include AI-specific content.

Master Artificial Intelligence (AI) in Medical Devices

Medical professionals at a webinar discussing AI in medical devices, focusing on clinical evaluation, evidence, and regulatory compliance for SaMD development.

Join regulatory experts Alberto Bardají (Quixano) and Diego Rodríguez Muñoz (MDx) for a practical live webinar on building evidence for AI-powered medical device compliance.

What you’ll learn:

Regulatory pathways: How to navigate both MDR and AI Act requirements simultaneously
Data generation strategies: Building pre-clinical and clinical evidence for AI/ML models
Bias assessment & documentation: Demographic and geographic representativeness requirements
Real-world case studies: Lessons from companies navigating the August 2026 deadline
Best practices: How to integrate AI Act requirements into your existing MDR technical file

Session format: Live interactive Q&A | Duration: 60 minutes | When: Upcoming date via LinkedIn

Diego Rodríguez Muñoz, PhD

RA Specialist

Regulatory affairs specialist & CRA with expertise in EU MDR/IVDR, CE marking, Biological Evaluations (dental), and clinical investigations & technical documentation for MDs & IVDs.

Industry Insights & Regulatory Updates

Advanced MedTech solutions for healthcare innovation, focusing on accelerating medical technology development and integration within the healthcare sector.

ISO 20417:2026 You May Have a Gap Today: What Medical Device Manufacturers Shall Do Now

Making IVDR Work in Combined Studies: Scientific & Operational Lessons from 40+ Programs

Automated manufacturing of medical vials in a cleanroom environment, highlighting MedTech advancements by MDX for medical device and pharmaceutical industries.

ISO 14155:2026 What’s Changed and What It Means for Your Clinical Investigation

Portugal’s New Clinical Trials Law No. 9/2026: What Sponsors Need to Know

IMDRF Draft N91 2026: New Clinical Evidence Requirements for IVDs Explained

EU MDR 2017/745 for Dental Devices: Complete Guide (2026)

March 2, 2026

Alberto Bardaji de Qixano

Dental device regulation under EU MDR 2017/745 has increased the level of scrutiny applied to manufacturers, particularly in three areas: classification decisions, clinical evidence, and Notified Body (NB) review readiness. The practical consequence is simple: submissions that lack internal consistency generate more questions, longer review cycles, and avoidable delays.

In the 2026 webinar delivered by regulatory experts from MDx CRO, the discussion focused on the most common challenges and the most reliable strategies for dental device manufacturers. The insights were grounded in real-world regulatory work supporting more than 500 CE-marked devices, with an emphasis on reducing regulatory risk and building submissions that remain defensible under NB assessment.

Request the webinar replay

receive classification examples, common NB pitfalls, and an NB-ready evidence pack checklist.

Manufacturer priorities under EU MDR: what drives timelines and outcomes

EU MDR does not typically create delays because manufacturers do not have documents. Delays occur when documentation does not form a single, defensible position. Notified Bodies escalate questions when claims, classification rationale, risk controls, clinical evidence, and post-market plans do not support the same intended purpose and performance narrative.

Key priorities for dental device manufacturers under EU MDR:

Establish and maintain a consistent intended purpose and claim set across the file (labeling, IFU, CER, and technical documentation).
Build a classification rationale that is explicit, referenced, and difficult to misinterpret.
Demonstrate clinical evidence proportionality, clearly linked to risk, novelty, and claims.
Prepare for NB review with a coherent evidence package, including traceability from hazards to controls to verification.
Ensure PMS and PMCF are designed to confirm performance and safety in real use, not to satisfy a formal requirement.

A submission is reviewed as an argument supported by evidence. When the argument changes between sections of the file, the NB must resolve the conflict through questions. That process is where time is lost.

Step 1. Classify your dental device correctly (Annex VIII)

Classification under Annex VIII is the point where regulatory strategy becomes operational. A small change in intended purpose or in device characteristics can shift the class and materially change clinical evidence expectations, NB involvement, and post-market obligations.

In the webinar, the discussion repeatedly returned to the importance of early discipline around intended purpose. Dental manufacturers often broaden claims for commercial reasons (for example, broad “compatibility” claims or biologically ambitious performance language). Under MDR, that approach frequently increases the burden of proof.

Practical classification anchors in dental:

Implants and implantable devices frequently fall under Rule 8, with class outcomes dependent on specific characteristics and risk context.
Resorbable materials often face elevated scrutiny because performance and safety evolve as the product degrades and interacts with tissue.
Custom-made versus patient-matched frequently causes misclassification and incorrect pathway selection, particularly in digital workflows.
Software classification under Rule 11 can change significantly based on clinical impact and decision influence.

A defensible classification process typically answers these questions explicitly:

What is the intended purpose and what claims are being made?
Is the device invasive, and if so, what level of invasiveness applies?
What is the duration of use and the relevant contact type?
Is the device implantable, resorbable, or otherwise associated with long-term biological interaction?
Does the device incorporate a medicinal substance with an ancillary action?
Is any element of the product regulated as software influencing clinical decisions?

Classification is assessed as a justification, not a label. A strong justification reduces NB discretion and stabilises the remainder of the submission.

Step 2. Conformity assessment route by class, and how Notified Bodies evaluate risk

Manufacturers often plan around the conformity assessment route, but Notified Bodies allocate effort based on what drives residual risk and uncertainty. Under MDR, two devices of the same class can attract different levels of scrutiny when novelty, claim strength, or evidence quality differs.

In dental, common drivers of NB scrutiny include:

Novel materials and surface treatments particularly where particulate generation, chemical residues, coating stability, or long-term performance need stronger justification.
Compatibility and system claims, especially for implant components and abutments, where broad claims are difficult to support without precise system definition and evidence.
Borderline product categorisation, such as semi-finished CAD/CAM materials, where intended purpose determines medical device status.
Digital workflows, where the manufacturer controls design parameters and outputs are patient-specific within defined constraints.

From a submission strategy perspective, the objective is to reduce uncertainty for the reviewer. That is achieved by ensuring the file communicates a consistent position:

The intended purpose and claims are consistent and reflected in labeling and IFU.
The classification rationale is explicit and mapped to Annex VIII logic.
Risk controls are linked to verification and validation evidence.
Clinical evaluation is proportionate and aligned to claims.
PMS and PMCF demonstrate control over real-world performance.

The NB review process accelerates when the documentation structure allows rapid verification of consistency. It slows down when the reviewer has to reconcile contradictions between sections.

Step 3. Clinical evidence strategy for dental devices: CER, PMCF, and clinical investigations.

Clinical evidence is typically the largest schedule and cost driver under MDR. The core issue is not volume; it is relevance and alignment to the intended purpose, claims, and risk profile.

A manufacturer-ready clinical evidence strategy generally combines:

A Clinical Evaluation Report (CER) anchored to intended purpose and claims.
Literature appraisal aligned with state of the art and device technology.
Post-market surveillance (PMS) data, including complaint trending and failure mode monitoring.
A PMCF approach proportionate to risk and uncertainty, designed to confirm performance and safety in clinical use.

The webinar highlighted a recurring decision point for manufacturers: when “well-established technology” is an appropriate foundation for clinical justification, and when novelty requires additional clinical evidence.

Practical examples discussed in dental context:

Implantables may be approached differently depending on the maturity of the technology, materials, and the presence of novel surface engineering or expanded clinical claims.
Resorbable grafting materials and membranes often require particular attention to degradation behaviour, degradation by-products, biological response, and performance endpoints over time.
Legacy devices require a structured assessment of whether existing data remains fit for MDR expectations and current clinical practice.

Notified Bodies evaluate clinical evidence against the totality of the file. Evidence is rarely accepted in isolation if risk management, claims, and verification logic do not support it.

How to pass a Notified Body Assessment as a dental device manufacturer

In practice, manufacturers do not lose time because they miss a single document. They lose time when their file is not reviewable as a system. Notified Bodies move more efficiently when traceability is clear and when the submission reads as one coherent position.

A practical Assessment-readiness checklist:

Intended purpose and claims are consistent across IFU, labeling, CER, and technical documentation.
Classification is justified with explicit Annex VIII logic and references.
Risk management is device-specific and connects hazards to controls and to verification evidence.
Verification and validation are planned around worst cases, critical characteristics, and real-use conditions.
Clinical evaluation is aligned to claims and supported by appropriate PMS/PMCF.
PMS/PMCF plans are measurable, realistic, and proportionate.

The NB-ready evidence pack (manufacturer checklist)

For internal alignment and faster NB interaction, a compact evidence pack is often effective. A practical NB-ready pack includes:

Device description, intended purpose, and claim list (single source of truth)
Annex VIII classification memorandum (rule logic and rationale)
GSPR checklist with clear evidence references
Risk management file (ISO 14971) and traceability to controls
Verification and validation plan and reports (including worst-case rationale)
Biological evaluation strategy (ISO 10993) and, where relevant, extractables and leachables considerations
Mechanical performance evidence, acceptance criteria, and justification of test conditions
Clinical evaluation (CER), literature strategy, and equivalence rationale when applicable
PMS plan and PMCF plan/report (tailored to failure modes and risk profile)
Labeling and IFU, including UDI readiness and EUDAMED considerations as applicable

The evidence pack is not a marketing summary. It is a reviewer tool. Its value is to reduce time spent locating and reconciling information across the file.

How to categorise dental devices under EU MDR (classification shortcuts by product type)

Dental manufacturers rarely struggle with the existence of Annex VIII. The difficulty is applying it consistently across a portfolio that mixes implantables, materials, digital workflows, and patient-specific outputs. A practical way to reduce ambiguity is to group dental devices by product type first, then confirm the applicable MDR rules and evidence expectations.

Dental implants and abutments
Typical focus areas include the Annex VIII rationale (often centred on implantability), the scope of compatibility claims (system-specific definition), mechanical performance evidence, and the regulatory impact of surface treatments and coatings.
Resorbable grafting materials, membranes, and hemostats
These products often require careful justification of degradation behaviour, degradation by-products, biological response over time, and clinically relevant endpoints. Evidence expectations frequently increase with resorption and biological interaction.
Restoratives and CAD/CAM materials (including semi-finished products)
Categorisation often depends on intended purpose and how the manufacturer positions the product (medical device versus material). Performance claims, manufacturing controls, and labeling language typically drive both classification stability and clinical evidence requirements.
Custom-made versus patient-matched devices
The practical distinction is design control. Custom-made devices require a prescription-led pathway with specific documentation, while patient-matched outputs often operate within a validated design envelope controlled by the manufacturer. This distinction materially affects technical documentation and lifecycle obligations.
Dental software, AI, and digital workflows
Software categorisation under Rule 11 depends on how the software influences clinical decisions and outcomes. Validation, cybersecurity, and change control become central, and AI governance requirements can intersect with technical documentation expectations.

Common dental device categories to review:

A structured categorisation approach helps manufacturers align intended purpose, classification rationale, verification planning, and clinical evidence strategy across the full file, which reduces clarification cycles during review.

To learn more about dental device regulation and compliance support, read: Regulatory Compliance for Dental Products.

PMS, PMCF, UDI/EUDAMED, and legacy devices: maintaining market access

Under MDR, post-market obligations are part of the evidence lifecycle. PMS and PMCF support the ongoing demonstration of safety and performance and can become decisive during renewals and significant changes.

Practical PMS and PMCF considerations in dental:

Define and monitor meaningful signals: failures, revisions, fractures, loosening, complaint patterns, and trends linked to known failure modes.
Ensure PMCF is proportionate and focused on remaining uncertainty, rather than generic data collection.
Maintain a controlled approach to labeling updates, complaint handling, and vigilance reporting.

For legacy devices, manufacturers should perform a structured assessment of whether existing clinical and post-market data remains sufficient for current claims, current clinical practice, and MDR expectations. Where gaps exist, a targeted plan that links risk management to clinical evaluation and post-market follow-up reduces uncertainty and supports continuity of market access.

MDR transition in practice: Argen dental alloys case study

Many MDR transitions fail for predictable reasons: legacy documentation does not meet MDR expectations, clinical evaluation lacks alignment to intended purpose and risk management, and post-market systems are not mature enough to support lifecycle obligations. A recent example from dental materials demonstrates what a structured transition can look like in practice.

Argen transitioned a legacy dental alloy portfolio to Regulation (EU) 2017/745 for use in fabricating full-cast and ceramic-veneered restorations (including crowns, bridges, and removable partial dentures). The project required closing historical Notified Body non-conformities and strengthening core regulatory processes to achieve an audit-ready MDR position

What the work focused on:

Strengthening the clinical evaluation framework
Structuring the PMS system
Aligning risk management with MDR and ISO 14971
Establishing MDR-compliant biological evaluation
Aligning essential technical documentation

To read the full case study, click here: Case Study: How MDx Enabled Argen’s Successful Transition to MDR CE Marking for Dental Alloys.

Request the webinar replay

receive classification examples, common NB pitfalls, and an NB-ready evidence pack checklist.

Frequently Asked Questions About Dental Device Regulation

Do legacy (MDD) dental devices require new clinical data under EU MDR 2017/745?

Not automatically. The decision depends on risk profile, intended purpose, claims, and whether the technology can be justified as well established using appropriate literature, PMS data, and alignment with the state of the art.

Custom-made vs patient-matched in dentistry: what is the practical difference, and what does it change?

The practical difference is design control. Custom-made devices rely on a written prescription and patient-specific specifications defined by the healthcare professional. Patient-matched devices are typically produced within a validated “design envelope” controlled by the manufacturer. This distinction affects documentation expectations, validation logic, and lifecycle obligations.

What validation evidence is expected for patient-matched dental devices?

Manufacturers should define a validated design envelope, identify worst-case configurations within that envelope, and validate the worst case in its final condition. This approach supports a defensible argument that the full envelope remains safe and performs as intended.

Why do resorbable grafts and membranes face higher scrutiny, and what evidence is usually questioned?

Because risk and performance evolve over time as the device degrades. Evidence discussions often focus on degradation behaviour, degradation by-products, biological response, and clinically relevant performance endpoints across the functional period.

When does dental software fall under MDR Rule 11, and what is the fastest way to reduce Notified Body back-and-forth?

When software influences clinical decisions or outcomes, Rule 11 can apply and classification may increase, triggering stronger validation and control expectations. To reduce review cycles, manufacturers should maintain consistency across intended purpose and claims, classification rationale, risk management, verification evidence, clinical evaluation, and PMS/PMCF. Inconsistencies are a major driver of clarification rounds and timeline slippage

Written by:

Alberto Bardají

Head of Medical Devices

Senior med-tech expert & ex-Notified Body reviewer with deep experience in high-risk implants, orthopedics, dental & neurology.

Industry Insights & Regulatory Updates

Making IVDR Work in Combined Studies: Scientific & Operational Lessons from 40+ Programs

ISO 14155:2026 What’s Changed and What It Means for Your Clinical Investigation

Portugal’s New Clinical Trials Law No. 9/2026: What Sponsors Need to Know

IMDRF Draft N91 2026: New Clinical Evidence Requirements for IVDs Explained

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

IVDR Annex XIV Performance Studies for Companion Diagnostics: A Step-by-Step Guide 2026

February 19, 2026

This IVDR Annex XIV clinical performance study guide explains how you can plan and obtain authorisation for performance studies under Annex XIV of the IVDR when it involves a companion diagnostic. It aims to be practical and aligned with current expectations of ethics committees and competent authorities in the European Union.

If you require a structured checklist, you can download the Annex XIV Performance Study Authorisation (PSA) Toolkit, including an ISO 20916 monitoring checklist, templates, and a pre-submission workplan.

Cleared for Enrollment: A Practical Guide to IVDR Annex XIV Studies

Download the white paper here.

IVDR Annex XIV Clinical Performance Study: When PSA vs PSN Applies for Companion Diagnostics

Companion diagnostics (CDx) often require an IVDR Annex XIV clinical performance study because these tests directly influence patient management. Therefore, understanding when a Performance Study Authorisation (PSA) or a Performance Study Notification (PSN) applies is critical for effective regulatory planning and avoiding unnecessary delays.

Why Companion Diagnostics Often Fall Under Annex XIV

Companion diagnostics frequently fall under Annex XIV of the IVDR because the test result guides key treatment decisions, including:

Patient selection
Treatment allocation
Therapy continuation or discontinuation

If the study design allows test results to influence clinical decisions, regulators consider the study interventional, and this classification triggers the need for a Performance Study Authorisation (PSA). In addition, if you use the device outside its intended purpose as defined in the Instructions for Use (IFU), the IVDR framework also requires a PSA.

When Does a PSA Apply Under Article 58(1)?

For any IVDR Annex XIV clinical performance study, Article 58(1) serves as the key provision to determine whether a PSA is required. A PSA becomes mandatory if you meet any of the following three criteria:

You perform surgically invasive sample collection specifically for the clinical performance study (CPS).
You design the study as interventional in nature.
You introduce additional invasive procedures or other risks for participants.

If even one of these criteria applies, you must obtain a Performance Study Authorisation before starting the study.

When Does a PSN Apply Under Article 58(2)?

If you do not meet any of the Article 58(1) criteria, Article 58(2) may apply instead. In that case, you may submit a Performance Study Notification (PSN) when:

The study uses leftover samples only
The study includes no additional invasive procedures
Test results do not influence patient management
The design remains strictly non-interventional

However, even when these conditions apply, you must carefully evaluate national requirements and specific study design details to confirm that a PSN remains appropriate.

Combined Medicinal Product and Diagnostic Studies

An IVDR Annex XIV clinical performance study that involves both a companion diagnostic and a medicinal product requires structured coordination from the outset. When both regulatory frameworks apply, the Clinical Trials Regulation (CTR) governs the medicinal product, while the IVDR governs the diagnostic. Consequently, you must align timelines, documentation, and regulatory strategy under both frameworks to avoid inconsistencies and delays.

Step-by-Step: from planning to PSA approval

1. IB and CPSP Essentials, and the Link Between Endpoints, Intended Use, and Cut-off Strategy

Begin with a coherent Investigator’s Brochure (IB) and Clinical Performance Study Plan (CPSP). Every claim in the CPSP should trace to the intended purpose of the device and to analytical and clinical evidence that is sufficient for that claim. Endpoints must align with the intended clinical decision.

Based on our experience with more than 100 projects, the following two review findings occur repeatedly:

Analytical cut-off and validation. Authorities closely examine how the assay cut-off has been defined and supported. Sensitivity, precision, and accuracy should demonstrate that the device performs in a way that supports safe clinical decisions. Weak justification invites questions about patient misclassification risk, which frequently leads to requests for information.
Endpoints not aligned with intended use. Reviewers frequently question primary endpoints that are not clearly tied to clinical performance or to the intended use of the device. The endpoint should map directly to the decision being made for the patient.

Practical measures we have implemented in more than 100 projects:

Draft the statistical analysis plan early and show a clear line from intended use to endpoint to success criteria.
Map each analytical study (limit of detection, limit of quantitation, precision, interference, cut-off justification) to the clinical claim it supports.

2. Country Submissions: ethics committees, competent authorities, portals, translations, and fees

Plan both the ethics and competent authority pathways, including accounts for national portals, translation policies, and fee payments. Country-specific requirements can change timelines and logistics.

Some examples of country-specific requirements:

France requires an IDRCB registration code. The protocol, informed consent form, and insurance certificate must display this code. Missing or inconsistent use of the code commonly triggers requests for information.
Poland may require a physical submission package rather than a fully electronic file. Plan accordingly all documents that require original signatures. Courier time, notarised copies where applicable, and signature sequencing should also be built into the schedule.

A brief pre-submission checklist:

Identification of country EC-NCA submission approach (sequential, parallel, combined) and EC meeting schedules
Portal access verified and roles assigned for both ethics committees and competent authorities.
National identifiers obtained and propagated consistently across documents.
Translation scope defined and quality-controlled, particularly for patient-facing materials.
Insurance certificates aligned with the study footprint and national expectations.
Fee tables confirmed and purchase orders in place.

3. Timelines, Clock-Stops, and Expert Consultations

Validation and assessment phases of review often include clock-stops for clarification, where the reviewing authority can ask for further information, known as Request for Informations (RFIs). You should define internal service levels for responses in advance, and topic ownership should be clear across analytical, clinical, and biostatistics contributors. A master cross-reference that links CPSP, IB, risk management, and statistical sections reduces the risk of inconsistent responses. In Pickett’s assessment, assigning topic ownership for analytical, clinical, and statistical responses before submission helps keep clock-stops short and prevents inconsistent answers across documents.

IVDR Annex XIV Clinical Performance Study: How to Build a Robust Dossier?

A strong IVDR Annex XIV clinical performance study dossier reduces the risk of Requests for Information (RFIs), clock-stops, and approval delays.

Analytical Validation and Cut-Off Justification

For an IVDR Annex XIV clinical performance study, cut-off justification must go beyond presenting a single threshold value or ROC curve.

A robust dossier should:

Explain the clinical consequences of the selected cut-off
Describe how sensitivity and specificity change if the threshold shifts
Address false positives and false negatives at clinically relevant prevalence
Link analytical performance directly to the primary endpoint
Demonstrate how the device supports a safe clinical decision

Authorities frequently focus on misclassification risk. If the cut-off rationale does not clearly support safe decision-making, this section becomes a major driver of RFIs.

Best practice according to Callum Pickett Clinical Alliance Lead at MDx
Treat cut-off justification with the same rigor as a safety argument. Provide both statistical evidence and a clear clinical narrative.

Informed Consent Strategy Aligned With the CPSP

Misalignment between the Clinical Performance Study Plan (CPSP) and the informed consent form is a common cause of delay in an IVDR Annex XIV clinical performance study.

To reduce risk:

Finalize the CPSP first.
Draft the informed consent to mirror procedures, visit schedules, and risks.
Use clear, plain language that accurately reflects the protocol.

Reviewers assess whether participants are properly informed. If the consent document does not reflect the study design, an RFI is likely.

We recommend to include the following in the Informed Consent:

Clear summary of procedures and assessment schedule
Device-specific risks, including sample handling and possible retesting
Explanation of invalid or indeterminate results and participant implications

Consistency between the CPSP and consent documentation strengthens credibility during assessment.

Cross-Referencing: CPSP, IB, GSPR, and Study Reports

A cross-reference matrix improves both internal quality control and external review efficiency.

Your matrix should demonstrate:

Where each General Safety and Performance Requirement (GSPR) is addressed
How CPSP procedures are monitored and documented
Where statistical commitments are supported by analysis
How risk management links to study controls

For a successful IVDR Annex XIV clinical performance study submission, document traceability is critical.

Frequent RFI Drivers in IVDR Annex XIV Clinical Performance Studies

Below are common deficiencies and practical mitigation strategies:

RFI Driver	How to Address It
Primary endpoint not aligned with intended use	Redefine or restate the endpoint so it directly supports the clinical decision
Cut-off justification insufficient	Provide complete analytical data and explain clinical impact
Sample representativeness unclear	Justify matrix type, disease stage, prior therapy, and relevant variables
Misclassification of study type (leftover samples)	Clarify whether the design remains non-interventional and whether PSN is appropriate
Monitoring plan not aligned with ISO 20916	Define adverse event categories, roles, and timelines
Informed consent inconsistent with CPSP	Align language and procedural details precisely
Statistical assumptions not clinically justified	Link alpha and power to meaningful clinical differences
Device deficiency reporting unclear	Define detection, escalation, and reporting mechanisms
Risk management not connected to study controls	Trace risks to mitigation and monitoring activities
Combined CTR–IVDR governance unclear	Define roles, responsibilities, and decision pathways
Incomplete or low-quality translations	Plan professional review and back-translation
National identifiers or insurance mismatched	Ensure consistent codes and appropriate coverage limits

Country Playbook: How to plan Performance Study Applications to EU Member States

1. Identify the PSA submission approach adopted by the EU member state.

There are three models adopted by EU countries which will impact your submission strategy:

Sequential – the EC is submitted to first and NCA submission can only occur once an EC approval has been issued.
Parallel – the EC and NCA submissions can be submitted around or at the same time allowing for a “parallel” review process. However, the NCA will only approve the study once a positive EC opinion has been granted
Combined – a single PSA submission is sent to one authority which serves as the EC and NCA, a single positive opinion will be issued.

2. Choose your Ethics Committee:

It is highly recommended to submit the PSA to the same EC reviewing the associated Clinical Trial Application
Identify any EC specific templates, this may include EC-specific application forms and site document templates
Identify the EC meeting schedule and the deadlines for PSA submission to achieve review at the EC meeting date
Use the EC meeting schedule to inform your submission strategy, different ECs will meet at different frequencies.

3. Identify any specific requirements set by the National Competent Authority:

Are there any NCA specific templates to be filed with the PSA?
Is there anything that can gate submission to this country? For example, does the NCA mandate that the final Clinical Trial protocol is submitted with the submission.

4. Identify any specific laws and requirements for the EU member state being submitted to:

The EU is governed by GDPR laws, but national laws on data protection add an additional layer of requirements. Ensure that your study is developed with the national data protection requirements in mind.
EU member states have different requirements for the insurance documentation, this may include reference to national laws, inclusion of national study codes, and extra details on the number of participants.

5. Use all these points to create your submission strategy, informed by the following:

Submission approach: countries with sequential review approaches take longer on average than countries with parallel and combined review approaches.
Clinical Priority: what countries are priority for enrolment? Which countries will have the most sites and therefore need to be activated earlier?
- How often do the chosen ECs meet according to their meeting schedule?
- Are there any NCA or EC document requirements which aren’t yet available, and might delay submission?

Monitoring in Line with ISO 20916

ISO 20916 introduces additional classification categories for adverse events compared with the base IVDR text. Sites need clear training on event taxonomy, responsibilities for classification, and reporting timelines.

Content to include in the monitoring plan and site training:

Definitions and examples for adverse events and serious adverse events as used in the study.
Roles for initial classification, medical review, and final assessment.
Specific clocks for reporting from site to sponsor and from sponsor to authorities.
How to capture assess and report device deficiencies.

As our clinical team has observed under Annex XIV submissions, early training on adverse event taxonomy and reporting timelines is essential. Misclassification in the first reported case often leads to corrective actions and schedule impact.

IVDR Annex XIV clinical performance study Advanced MedTech Performance Study Workflow.

Scientific Validity within Annex XIV Performance Evaluation

From PSA to Market: coordination with the notified body and medicines regulators

For a true companion diagnostic approval, align analytical validity, clinical performance, and scientific validity with post-market plans. Label language and evidence expectations should be coordinated with the Notified Body and, where applicable, medicines regulators. Plan the handover from study evidence to post-market performance follow-up.

According to Callum Pickett, maintaining a single evidence map that links analytical validity, clinical performance, and scientific validity to the eventual label language streamlines Notified Body review and reduces post-submission clarification rounds.

Resources

Guidance from the Medical Device Coordination Group (MDCG) and the European Commission on performance studies, including Q&A on Article 58 pathways.
National guidance such as the Belgian Federal Agency for Medicines and Health Products (FAMHP) on dossier structure, timelines, and fees for performance studies.
Consultancy overviews such as DLRC Group (DLRC Group) for pan-EU context.
Standards published by the International Organization for Standardization (ISO), notably ISO 20916 for clinical performance studies of in vitro diagnostic medical devices.

Cleared for Enrollment: A Practical Guide to IVDR Annex XIV Studies

Download the white paper here.

Expert insight by Callum Pickett

Success with Annex XIV studies for companion diagnostics depends on alignment. Intended use, endpoints, analytical validation and cut-off, consent, and monitoring must be consistent and mutually supportive. Careful attention to country-specific requirements and early planning for CTR-IVDR coordination reduces the likelihood of clock-stops and requests for information. A structured checklist and disciplined cross-referencing improve dossier quality and assessment efficiency.

Read more about IVD clinical studies services.

Frequently Asked Questions (FAQ)

Performance Study Authorisation (PSA) is required for an IVDR Annex XIV clinical performance study?

A PSA is required under Article 58(1) if the study includes surgically invasive sample collection specifically for the study, uses an interventional design where test results influence patient management, or introduces additional invasive procedures or risks. In practice, companion diagnostics often trigger a PSA because their results guide treatment decisions. Therefore, as soon as one of these criteria applies, you must obtain a PSA before starting the study. For broader context on running studies under IVDR, read the following article on Running Clinical Studies Under IVDR

When can a Performance Study Notification (PSN) be used instead of a PSA?

You can use a PSN under Article 58(2) when the study remains strictly non-interventional. For example, the study may rely only on leftover samples, avoid additional invasive procedures, and ensure that test results do not influence clinical decisions. However, you must assess the design carefully, because misclassifying a study as non-interventional frequently leads to delays and reclassification requests.

How do IVDR and the Clinical Trials Regulation (CTR) interact in combined CDx–medicinal product studies?

In combined studies, you must comply with both frameworks simultaneously: the CTR governs the medicinal product, while the IVDR governs the companion diagnostic. As a result, you should align endpoints, intended use, and patient population across both submissions from the outset. Otherwise, inconsistencies between the CTR and IVDR dossiers often trigger Requests for Information and clock-stops. A structured gap analysis can help you identify and resolve these risks early. Read the article about pre submission assessment here.

What are the most common reasons authorities issue RFIs in Annex XIV studies?

Authorities typically issue RFIs when sponsors fail to align primary endpoints with the intended use, provide insufficient analytical validation or cut-off justification, or clearly explain misclassification risk. In addition, inconsistencies between the CPSP and informed consent, or weak traceability between risk management and statistical assumptions, often raise concerns. Therefore, you should build a clear cross-reference structure across all documents to reduce review friction.
For more detail on documentation expectations, read IVD technical documentation.

How can sponsors reduce approval timelines for IVDR Annex XIV performance studies?

To reduce timelines, you should define endpoints early and link them directly to intended use, justify analytical cut-offs with both statistical evidence and clinical rationale, and align the informed consent precisely with the CPSP. At the same time, confirm national submission models, ethics committee schedules, translation scope, and insurance requirements before submission. By assigning clear internal ownership for analytical, clinical, and statistical responses, you can also shorten clock-stops and maintain consistency during review.

Written by:

Callum Pickett

Clinical Alliance Lead

Experienced clinical affairs professional specialising in performance study submissions and management under IVDR, with a focus on CDx and Precision Medicine.

Industry Insights & Regulatory Updates

Making IVDR Work in Combined Studies: Scientific & Operational Lessons from 40+ Programs

ISO 14155:2026 What’s Changed and What It Means for Your Clinical Investigation

Portugal’s New Clinical Trials Law No. 9/2026: What Sponsors Need to Know

IMDRF Draft N91 2026: New Clinical Evidence Requirements for IVDs Explained

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

MDR Annex XVI: Regulating Products Without an Intended Medical Purpose Under the MDR

February 15, 2026

Carlos Galamba

How Are Medical Devices Regulated Under MDR Annex XVI?

How does MDR Annex XVI regulate products without an intended medical purpose that fall within the scope of the MDR? This question has become increasingly relevant for manufacturers seeking EU market access.

The Medical Devices Regulation (MDR) 2017/745 has transformed the European Union (EU) regulatory framework. It replaced the previous Medical Devices Directive (MDD) and introduced stricter requirements for manufacturers, notified bodies, and competent authorities.

One of the most significant changes is the expanded scope under MDR Annex XVI. The regulation now includes certain products that do not have a medical purpose but may still present similar safety risks. As a result, these products are subject to the MDR regulatory requirements, even though they are not medical devices by definition.

What Is New Under MDR Annex XVI in 2026?

Recent regulatory developments continue to clarify how MDR Annex XVI applies in practice. Authorities expect manufacturers to align with Common Specifications, updated classification rules, and strengthened clinical evaluation requirements.

This expanded scope marks a clear departure from traditional definitions of medical devices. Certain aesthetic or cosmetic products listed in Annex XVI now fall within the scope of the MDR and are subject to conformity assessment and post-market obligations.

What Products Fall Under MDR Annex XVI?

Under MDR Annex XVI, the following product groups are subject to the MDR, even though they do not have an intended medical purpose:

Contact lenses without vision correction (e.g., colored contact lenses)
Devices intended to modify the anatomy or fixation of body parts (e.g., subdermal implants without a medical purpose, such as aesthetic implants)
Facial and dermal fillers for aesthetic enhancement
Equipment for body shaping and fat reduction (e.g., liposuction devices)
High-intensity radiation devices for skin treatment, including IPL, lasers, infrared equipment, tattoo removal lasers, and hair removal systems
Equipment intended for transcranial brain stimulation without a medical purpose

Manufacturers of these products must comply with the applicable MDR safety, performance, and documentation requirements, subject to adaptations reflecting the absence of a medical purpose.

Classification of Devices Under MDR Annex XVI

How are devices classified under MDR Annex XVI?

Manufacturers must apply the relevant classification rules under Annex VIII, as modified or clarified by applicable Common Specifications and Commission Implementing Regulation (EU) 2022/2347. However, not all rules apply automatically. For example, Rules 9 and 10 address active therapeutic and diagnostic devices and assume a medical purpose. Because Annex XVI products lack a medical purpose, regulators apply specific Common Specifications and implementing regulations to determine the appropriate classification.

Understanding the correct classification is essential. It determines the conformity assessment route, the level of notified body involvement, and the overall regulatory strategy for EU market approval.

Important to note that not all rules can be applied. For instance, rules 9 and 10, which pertain to active therapeutic and diagnostic devices, assume a medical purpose.

To address this, a Commission Implementing Regulation (2022/2347) was introduced to reclassify relevant devices alongside the Common Specifications. Let’s take a closer look at the classification of specific product classes:

Certain body shaping devices are classified as Class IIb under Commission Implementing Regulation (EU) 2022/2347, depending on their specific characteristics.
Devices for skin rejuvenation, hair removal, and similar purposes may fall under Class IIa or IIb, depending on the application. This classification is explained in Section 5.
Equipment for transcranial brain stimulation is classified as Class III and is covered in Section 6.

Annex XVI Medical Devices: Key Regulatory Requirements

MDR 2017/745 establishes clear and structured obligations for products covered under MDR Annex XVI, even when they do not have an intended medical purpose. Manufacturers must meet safety, documentation, and post-market requirements comparable to those applied to traditional medical devices.

Core Compliance Requirements Under MDR Annex XVI

Manufacturers must design and manufacture devices to ensure safety and performance. They must conduct a documented risk analysis and implement appropriate risk control measures in accordance with Annex I.

They must also complete a conformity assessment procedure to demonstrate compliance with the applicable regulatory requirements. Depending on the classification of the device, a notified body may need to be involved.

In addition, manufacturers must prepare and maintain comprehensive technical documentation. This documentation must clearly describe the device design, intended purpose, manufacturing processes, risk management activities, and evidence supporting conformity.

Manufacturers must assign a Unique Device Identification (UDI) to each device. They must ensure traceability by registering the required information in the relevant UDI database.

Clinical Evaluation and Post-Market Obligations

Under MDR Annex XVI, manufacturers must perform a clinical evaluation to demonstrate safety and performance in accordance with Article 61(9) and the applicable Common Specifications. They must base this evaluation on relevant clinical data. Clinical investigations may be required unless sufficient existing clinical data can adequately demonstrate safety and performance, in line with Article 61(9) and the Common Specifications.

Manufacturers must also implement a post-market surveillance (PMS) system. This system must monitor device performance, analyze safety data, investigate complaints and adverse events, and trigger corrective actions when necessary.

Clear and accurate labeling remains essential. Manufacturers must provide instructions for use that specify the intended purpose, handling conditions, storage requirements, and relevant warnings or contraindications.

MDR 2017/745 significantly expands the regulatory scope by including devices without an intended medical purpose under MDR Annex XVI. This expansion ensures a high level of protection for users and strengthens oversight of aesthetic and non-therapeutic technologies entering the EU market.

By working with MDx CRO, manufacturers can navigate MDR Annex XVI requirements efficiently and position their products for successful EU market access.

From Annex XVI Compliance to Scientific validity reports for EU IVDR Submissions

Although Annex XVI devices do not have an intended medical purpose, they are still required to demonstrate safety and performance through robust evidence. This shift reflects a broader regulatory principle also seen under the In Vitro Diagnostic Regulation (IVDR): claims must be supported by structured, scientifically sound documentation.

Under the MDR, manufacturers of Annex XVI products must:

Conduct a clinical evaluation based on available clinical data
Justify safety and performance claims through documented evidence
Align with Common Specifications and applicable classification rules
Maintain technical documentation that withstands notified body scrutiny

This evidence-based mindset closely mirrors what is required for Scientific Validity Reports under the IVDR.

The Regulatory Convergence: MDR Annex XVI & IVDR Scientific Validity

While MDR Annex XVI focuses on devices without an intended medical purpose and IVDR governs in vitro diagnostic devices, both frameworks demand:

A clear definition of claims
Scientific substantiation of those claims
Transparent literature review methodologies
Structured documentation aligned with regulatory expectations

In IVDR submissions, the Scientific Validity Report is a foundational document demonstrating the association between an analyte and a clinical condition. Similarly, Annex XVI devices must justify safety and performance through documented clinical evaluation and risk analysis — even when no therapeutic or diagnostic purpose exists.

In both cases, regulatory authorities expect:

Systematic literature review strategies
Critical appraisal of available data
Traceable evidence linking claims to supporting documentation
Ongoing updates through post-market surveillance

The common denominator is simple: no claims without evidence.

Why This Matters for Manufacturers

Manufacturers working across MDR and IVDR portfolios increasingly face overlapping regulatory expectations. A strong internal capability to develop:

Clinical Evaluation Reports (CERs)
Scientific Validity Reports
Performance Evaluation documentation
Post-market evidence strategies

creates operational efficiency and reduces regulatory risk.

At MDx CRO, we support manufacturers not only in MDR Annex XVI compliance, but also in preparing scientifically robust documentation for EU IVDR submissions — including comprehensive Scientific Validity Reports aligned with notified body expectations.

Explore how Scientific Validity Reports are structured and what notified bodies look for under the IVDR. You can read our detailed guide on Scientific Validity Reports for EU IVDR Submissions.

FAQs

How does MDR define “intended medical purpose” for medical devices?

The MDR 2017/745 places strong emphasis on the concept of intended purpose. Manufacturers define the intended purpose through the information they provide on labeling, in the instructions for use (IFU), and in promotional materials.
The MDR defines “intended purpose” in Article 2(12). Whether a product has a medical purpose depends on the manufacturer’s intended use as reflected in labeling, instructions for use, and promotional materials.Manufacturers must clearly state whether the device supports diagnosis, treatment, monitoring, prevention, or alleviation of a disease or injury.
Under MDR Annex XVI, this distinction becomes particularly important, as certain products without a traditional medical purpose still fall within the scope of the regulation and must meet defined safety and performance requirements.

Are there any exemptions or special considerations for medical devices without an intended medical purpose?

Yes. MDR 2017/745 establishes specific requirements for products covered under MDR Annex XVI, even though they do not have an intended medical purpose.
First, manufacturers must comply with the relevant Common Specifications adopted under Article 9(4). These specifications require manufacturers to apply risk management in line with Annex I and, where necessary, conduct a clinical evaluation focused on safety and performance.
For clinical evaluation, manufacturers do not need to demonstrate a clinical benefit in the traditional medical sense. Instead, under Article 61(9), they must demonstrate the performance and safety of the product.

Are there any specific labeling or instructions for use (IFU) requirements for medical devices without an intended medical purpose under MDR 2017/745?

Yes, devices without an intended medical purpose have specific information requirements that affect both labeling and the instructions for use (IFU).According to Annex I, Section 23 of MDR 2017/745 and the applicable Common Specifications, the instructions for use must clearly state that the device has no intended medical purpose and must describe the associated risks and any limitations of use.

Written by:

Carlos Galamba

CEO

Senior regulatory leader and former BSI IVDR reviewer with deep experience in CE marking high-risk IVDs, companion diagnostics, and IVDR implementation.

Industry Insights & Regulatory Updates

Making IVDR Work in Combined Studies: Scientific & Operational Lessons from 40+ Programs

ISO 14155:2026 What’s Changed and What It Means for Your Clinical Investigation

Portugal’s New Clinical Trials Law No. 9/2026: What Sponsors Need to Know

IMDRF Draft N91 2026: New Clinical Evidence Requirements for IVDs Explained

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

Regulatory Compliance for Dental Products

February 3, 2026

Andre Moreira

A Practical Guide for Medical Device Manufacturers

Regulatory compliance for dental products has become far more complex over the past decade. What was once a relatively straightforward pathway is now a demanding, lifecycle‑driven process that requires robust technical and clinical evidence, structured post‑market surveillance, and ongoing regulatory oversight.

For manufacturers bringing dental products to market, especially under the EU Medical Device Regulation (MDR), compliance is no longer a single milestone. It is a continuous obligation that influences product design, technical documentation, clinical evidence, and post‑market performance activities throughout the entire lifecycle.

From our experience as a consulting company supporting medical device manufacturers, dental products often lie at the crossroads of material science, clinical performance, and stringent regulatory requirements. This combination makes regulatory compliance both critical and increasingly challenging for manufacturers aiming to achieve and maintain market access.

What Regulatory Compliance Means for Dental Products

Dental products as dental medical devices

Many dental products are legally classified as medical devices, even when they are commonly perceived as materials or components. Items such as dental alloys, implantable components, restorative materials, and certain software‑driven solutions fall under medical device regulations when intended for a medical purpose.

This classification carries specific regulatory obligations for manufacturers, whether the product is used directly by clinicians or indirectly through dental laboratories.

Responsibility across the dental product lifecycle

Regulatory compliance extends far beyond initial approval. As is the case for other medical device manufacturers, dental manufacturers remain responsible for:

Defining and maintaining the intended purpose
Ensuring ongoing safety and performance
Monitoring post-market data
Updating documentation as evidence evolves

Importantly, many compliance failures do not arise from missing documents, but from misalignments and inconsistencies across lifecycle activities. Maintaining clear linkage between purpose, evidence, and post-market insights is essential for demonstrating a coherent and compliant lifecycle strategy. When these key elements stay aligned, manufacturers strengthen regulatory trust, reduce risk, and support smoother long-term market access. This principle applies equally to dental medical devices and to all other medical devices, as it is transversal across the sector.

Why dental products face increased scrutiny

Dental devices frequently involve:

Implantable or long-term contact materials
Complex alloy compositions
Large legacy portfolios originally certified under previous regulations

These features introduce specific regulatory expectations. Implantable and long-term contact materials require robust biocompatibility assessments and long-term safety evaluations. Additionally, complex alloys may require chemical and toxicological evaluations to ensure that all constituent materials meet biological safety standards. Finally, legacy products, previously certified under less stringent requirements, must now be re-evaluated using updated evidence to demonstrate continued safety and performance under current frameworks.

Together, these factors increase expectations for clinical evidence, biological safety, and post-market surveillance, leading to closer regulatory scrutiny and more rigorous conformity assessment processes.

Which Regulations Apply to Dental Medical Devices?

European Union: EU MDR

In the European Union (EU), medical devices are governed by Regulation (EU) 2017/745 (MDR). Compared to the former Medical Device Directives (MDD/AIMDD), MDR introduces:

Stronger clinical evidence requirements
Enhanced post-market surveillance obligations
Increased scrutiny from Notified Bodies
Clearer expectations for technical documentation consistency

Manufacturers of dental devices are therefore required to fulfil these additional requirements to ensure the device is compliant with EU market requirements.

United Kingdom: UK MDR and UKCA Marking

In the United Kingdom (UK), medical devices are regulated under the UK Medical Devices Regulations 2002 (as amended), with oversight by the Medicines and Healthcare products Regulatory Agency (MHRA). Following Brexit, the UK has established an independent regulatory framework, while maintaining transitional recognition of CE marking in Great Britain.

Compared with the EU MDR, the UK framework introduces a parallel but distinct pathway, characterized by:

The progressive transition from CE marking to UKCA marking for Great Britain
UK-specific registration requirements with the MHRA
Potential divergence in timelines, conformity assessment routes, and regulatory interactions
The need to monitor evolving UK legislation as the framework continues to develop

Manufacturers of dental devices must therefore define a clear UK regulatory strategy, ensuring that UKCA requirements (and transitional CE provisions, where applicable) are properly addressed, while maintaining alignment with EU documentation and lifecycle activities to the extent possible.

United States of America: FDA

The United States can also be an attractive market for dental devices. For manufacturers wishing to operate beyond Europe, dental product compliance must align with FDA expectations or other international frameworks. While this article focuses on EU MDR, a global regulatory strategy should aim for evidence reuse and lifecycle consistency across jurisdictions.

Maintaining a broad perspective on regulatory expectations in different markets enables more efficient submissions at various time points, minimizing duplicated effort and ensuring smoother pathways to global market access.

Regulatory Classification of Dental Products in EU

How to determine classification

Under MDR, dental devices are classified based on:

Intended purpose
Duration of contact
Invasiveness
Implantable status

Many dental materials and alloys are classified as higher risk than expected, particularly for implantable or long-term applications. Understanding these rules early helps ensure accurate classification.

Why classification drives EU regulatory strategy

Classification decisions affect:

Conformity assessment routes
Clinical evidence depth
Post-market obligations
Notified Body involvement

Misclassification early in development often leads to costly rework later, particularly once technical documentation has been developed or regulatory submissions have begun. Manufacturers must also avoid making changes to the product or its intended purpose after commercialization that could alter its classification and trigger additional regulatory requirements. Establishing the correct classification from the outset and maintaining alignment throughout the lifecycle are essential to a smooth, predictable regulatory pathway.

Learning from Real-World MDR Transitions in Dental Products

Across MDR transition projects involving complex dental portfolios, one lesson consistently emerges: regulatory compliance succeeds when evidence, processes, and documentation are aligned from end to end.

Large dental product families require structured execution, clear ownership, and realistic timelines. Compliance is less about individual documents and more about how well the regulatory system functions as a whole.

If you want to see how these principles apply in practice, you can read our full case study on an MDR transition for dental products.

Read the full case study here

Core Regulatory Requirements for MDR Compliance of Dental Products

Technical documentation and conformity assessment

Regulatory compliance for dental products starts with technical documentation that clearly and consistently supports the device’s safety and performance. Under MDR, this documentation is reviewed as a single, connected system rather than as separate files.

Manufacturers must demonstrate that the device is well defined, risks are properly controlled, and clinical and biological evidence support the intended use. In practice, regulatory findings often arise not because documents are missing, but because different parts of the technical file are not fully aligned.

Clinical evaluation

Clinical evaluation must show that the dental device performs as intended and remains safe throughout its lifecycle. This assessment is typically based on a combination of clinical data, relevant scientific literature, and post-market evidence where available.

For dental devices, regulators closely scrutinize whether clinical claims align with the intended purpose and the conclusions from risk management activities. Any inconsistency between these elements is one of the most frequent causes of Notified Body questions during technical documentation review. Ensuring consistency across intended purpose, clinical evidence and risk conclusions is essential for a smooth clinical evaluation process.

Biological evaluation and material safety

Biological evaluation is particularly important for dental materials that come into prolonged or permanent contact with the body. Manufacturers are expected to follow a structured, risk-based approach that justifies testing, addresses worst-case configurations, and integrates toxicological considerations where relevant.

Weak biological rationales or conclusions that are not reflected in risk management and labelling are frequent sources of non-conformities. A coherent and well documented evaluation is therefore essential to demonstrate material safety and regulatory compliance.

Risk management and traceability

Risk management under MDR is a continuous process, not a one-time activity. Regulators increasingly expect clear traceability between identified hazards, risk control measures, supporting clinical and biological evidence, and the information provided to users.

Consistency over time is critical. Risk management conclusions must remain aligned with clinical evaluation updates and post-market data as new information becomes available.

Labelling and instructions for use (IFUs)

Labelling and IFUs must accurately reflect the device’s intended use, residual risks, contraindications, and safety-related information. Inconsistencies between labelling and technical documentation are a common reason for regulatory findings.

Under MDR, labelling is assessed as a direct extension of the manufacturer’s risk and clinical conclusions, not as a standalone deliverable. Correct and well-structure labelling and IFU is particularly important because it is often the only information the end user will directly interact with. Clear and accurate instructions reduce the likelihood of misuse, improve clinical outcomes, and contribute to patient safety.

Post-Market Obligations for Dental Medical Devices under MDR

Post-Market Surveillance (PMS)

PMS systems must actively collect and analyse real-world data to ensure devices continue to perform safely and effectively once in clinical use. This includes:

Complaint handling
Trend analysis and early detection of potential risks
Vigilance reporting
Periodic safety updates

For dental devices, many of which are used repeatedly and placed in the oral cavity for long durations, post-market provides essential insight into performance across different clinical environments and users.

PMCF and PSUR

Depending on classification and associated risk, manufacturers may be required to implement:

Post-Market Clinical Follow-up (PMCF)
Periodic Safety Update Reports (PSUR)

PMCF is especially relevant in dentistry, where varied patient populations and technique-sensitive procedures can impact long-term outcomes. PSURs ensure that these insights are systemically gathered, assessed and fed back into the technical documentation.

Why Post-Market Data matters beyond compliance

Post-market activities are not simply regulatory obligations. They play a strategic and clinical role, helping manufacturers:

Identify how products perform in diverse real-world dental practices
Detect early signs of wear, degradation or unexpected biological responses
Refine IFUs, contraindications or warnings based on real-use scenarios
Support claims of durability, reliability, and biocompatibility with ongoing evidence
Strengthen competitiveness by demonstrating proven, long-term performance

Post-market data is therefore not optional and is central to demonstrating ongoing compliance and to maintaining clinical confidence, improving product quality, and supporting future innovation.

Common MDR Regulatory Compliance Challenges for Dental Products

Legacy devices and MDR transitions

Many dental products on the market today were originally certified decades ago, under earlier regulatory frameworks. Although the MDR entered into full application in 2021, transition periods extend to 2028 (depending on device classification). For legacy devices, a structured gap assessment is essential to identify missing requirements or outdated evidence. Transitioning these products to MDR often reveals gaps in:

Clinical evidence
PMS systems
Biological evaluation rationale
Consistency and traceability across technical documentation

Because many legacy dental products were introduced before modern evidence expectations existed, manufacturers often face significant redevelopment of foundational documentation. Early planning is critical to avoid bottlenecks as MDR deadlines approach.

Portfolio-level complexity

Manufacturers of dental devices typically manage large and diverse portfolios, often with hundreds of variants differing in materials, shade, formulation, packaging or indications. This scale creates a substantial challenge when aligning all products with MDR requirements. To maintain control and ensure all technical documentation is complete and updated, manufacturers require:

Structured regulatory frameworks that define consistent expectations
Harmonised documentation strategies that minimise duplication of work across similar devices
Scalable and robust post-market systems capable of handling extensive product families

Without a systematic, portfolio-level approach, MDR compliance efforts can become fragmented and inefficient. In many cases, non-conformities arise from a lack of strategic coordination across product lines.

Notified Body expectations

Notified Bodies evaluate more than simply the existence of documentation. They assess how effectively manufacturers control their devices throughout the entire lifecycle. Depending on the classification of the dental device, the involvement of a Notified Body can be required for its initial certification, ongoing surveillance, and continued market access. As such, manufacturers must therefore be prepared for both announced and unannounced audits. Maintaining an “audit-ready” state requires:

Evidence coherence, ensuring clinical, biological, risk and labelling conclusions fully align
Lifecycle thinking, with post-market data and risk updates continuously feeding into the technical file
Demonstrated control, not just document availability, meaning systems, processes and records clearly show that compliance is maintained

Ultimately, maintaining this level of operational readiness demonstrates that the manufacturer is in continuous control of product quality and regulatory compliance. This proactive posture not only supports smoother audits but also builds long-term confidence with Notified Bodies. It signals that the manufacturer can reliably uphold MDR expectations throughout the entire lifecycle, ensuring stable and sustained market access.

The Role of MDx in Dental Product Regulatory Compliance

MDx supporting Manufacturers

Manufacturers typically engage MDx when:

Internal teams need execution support
Portfolios are large or complex
Timelines are constrained
Notified Body interactions intensify

MDx provides specialized regulatory expertise and operational capacity, helping manufacturers manage high workloads, accelerate progress, and confidently navigate regulatory expectations.

Execution vs. advisory support

For many manufacturers, advisory guidance alone is not sufficient to move projects forward efficiently. Effective MDx support combines strategic insight with hands-on execution, ensuring:

Development of compliant and high-quality documentation
Evidence generation and alignment across clinical, regulatory and quality domains
Practical experience navigating audits and regulatory reviews

This integrated approach strengthens submissions, accelerates timelines, and reduces pressure on internal teams. As a result, manufacturers can focus on additional projects, key milestones, and ongoing product development without compromising regulatory progress.

Supporting market access

Through close collaboration between MDx and manufacturers, companies can more effectively:

Reduce regulatory risk, by ensuring requirements are met with robust and compliant evidence
Accelerate conformity assessment through well-prepared documentation and proactive regulatory strategy
Maintain long-term compliance across the product lifecycle, from initial submission to post-market activities

Key Takeaways: Placing Dental Medical Devices on the Market

Manufacturers that treat compliance as a strategic function (supported by the right expertise) are better positioned to place and maintain their products on the market without unnecessary delays or regulatory setbacks.

Regulatory compliance for dental products is:

A lifecycle commitment, not a one-off project
Heavily dependent on consistency and traceability
Increasingly scrutinised under MDR

If you are preparing to bring a dental or medical device to market and require execution‑level MDx support, our team partners directly with manufacturers to provide comprehensive, end‑to‑end regulatory compliance services.

Let’s talk about your project, contact us.

Written by:

Andre Moreira

Regulatory Director, Medtech

Senior quality & regulatory expert, ISO 13485/MDR/IVDR auditor with expertise in CE marking MDs/IVDs, incl. dental, implantables, drug delivery, genomic tests, & MDR/IVDR implementation.

Industry Insights & Regulatory Updates

IVD analytical validation parameters under IVDR Annex I 9.1(a)

A CRO’s Guide to IVD Analytical Validation: Best Practices & Common Pitfalls

Making IVDR Work in Combined Studies: Scientific & Operational Lessons from 40+ Programs

ISO 14155:2026 What’s Changed and What It Means for Your Clinical Investigation

Portugal’s New Clinical Trials Law No. 9/2026: What Sponsors Need to Know

IMDRF Draft N91 2026: New Clinical Evidence Requirements for IVDs Explained

Case Study: How MDx Enabled Argen’s Successful Transition to MDR CE Marking for Dental Alloys

January 29, 2026

Alberto Bardaji de Qixano

The challenge: transitioning legacy dental alloys to MDR

Transitioning Argen’s dental alloy portfolio to Regulation (EU) 2017/745 (MDR) required bridging significant gaps between the former MDD framework and the reinforced MDR requirements. The devices are intended for use in the fabrication of full-cast and ceramic-veneered restorations (porcelain-fused-to-metal), including crowns, bridges, and removable partial dentures, by dentists and dental laboratory technicians.

As a dental materials manufacturer, Argen faced the additional challenge of structuring and maturing core regulatory processes, particularly in clinical evaluation, post-market surveillance, biological evaluation, and risk management. In parallel, the project required the resolution of major and minor non-conformities previously raised by the Notified Body, ensuring a robust, defensible, and audit-ready MDR transition.

MDx approach: a structured pathway for MDR transition

Strengthening the clinical evaluation framework

First, MDx developed the clinical evaluation framework to ensure full alignment with MDR requirements. Particular emphasis was placed on consistency between intended purpose, risk management, clinical evidence, and post-market activities. This work directly enabled the closure of previously identified clinical evaluation non-conformities

Structuring PMS system

Next, post-market surveillance and vigilance procedures were reviewed and restructured with a clear distinction between proactive and reactive PMS activities. The scope included the PMS plan, data collection and trending, PSUR, and PMCF planning.

Vigilance processes were clarified and strengthened, including serious incident reporting, Field Safety Corrective Actions (FSCA), trend reporting, and Field Safety Notices (FSNs), supporting systematic lifecycle monitoring and closure of PMS-related findings.

Aligning risk management with MDR and ISO 14971 requirements

In parallel, MDx supported the review and alignment of risk management documentation with MDR and ISO 14971 requirements, ensuring clear traceability between identified hazards, risk control measures, clinical evidence, biological evaluation, and information supplied to the user.

Establishing MDR-compliant biological evaluation

The biological evaluation framework was developed and aligned with MDR and ISO 10993 requirements. This included defining the required biocompatibility tests and documenting the scientific rationale supporting their selection. MDx supported the identification of worst-case configurations and coordinated with qualified test laboratories during the development of the Biological Evaluation Plan (BEP). MDx subsequently prepared the Biological Evaluation Report (BER) and the associated Toxicological Risk Assessment (TRA), supported by a structured literature review and relevant biological testing, including extractables and leachables, cytotoxicity, and other applicable endpoints. All biological safety conclusions were fully integrated into the risk management file and technical documentation.

Aligning essential technical documentation

Finally, MDx contributed to the development, alignment, and consolidation of essential technical documentation, including Device Description and Specifications (DDS), labelling, Instructions for Use (IFUs), Risk Management (RM), Summary of Safety and Clinical Performance (SSCP), and Magnetic Resonance Imaging (MRI) safety documentation. This ensured consistency, clarity, and regulatory coherence across the technical file.

Results: strengthening regulatory readiness

Critical technical documentation fully aligned with MDR requirements.
Successful closure of major and minor non-conformities identified by BSI.
Regulatory support for MDR certification of dental alloy product families, covering 600+ legacy implantable Class IIb devices.
Significant enhancement of audit readiness and overall technical robustness of the documentation.
Establishment of a solid regulatory foundation to support ongoing compliance throughout the device lifecycle.
MDR certificate successfully issued by BSI.

Why MDx

Specialised, hands-on expertise in the MDR transition of legacy medical devices, including complex, high-volume product portfolios.
Proven track record in resolving major and minor non-conformities and leading effective interactions with Notified Bodies, including BSI.
Deep technical mastery of MDR technical documentation, with particular strength in Annex II and Annex III requirements, covering the full lifecycle from conformity assessment to post-market obligations.
Pragmatic, execution-driven delivery, combining close client collaboration with the ability to perform under tight audit timelines and regulatory scrutiny

Project timeline

March 2024 – September 2025

The project was delivered through coordinated regulatory workstreams covering clinical evaluation, risk management, PMS, biological evaluation, and technical documentation alignment – enabling efficient closure of findings and long-term compliance under MDR.

Client perspective

“I would like to say thank you to the MDx team for their professionalism and dedication (especially Andre M., Kara M., and Carlos G.) to deliver their project on-time and beyond expectation. We are a small digital dental company and have many processes that need to be improved or created to be compliant with EU MDR 2017/745. Both teams have spent countless hours to create, support, and review many documents including TD gap assessments, biocompatibility testing, Clinical Evaluation, Biological Evaluation, PMS, PSUR, PMCF, surveys, and more to mend the EU MDR gap.

Without your dedication and collaboration, we wouldn’t have been able to deliver this level of quality. I look forward to more excellent work from the team. Thanks for your continued support and feedback as well as offer your own experience, expertise through past interactions with Notified Bodies. Together, we have successfully fixed a 2021 major and minor non-conformance on clinical evaluation and PMS with BSI. Our journey continues with the current EU MDR Technical Documentation Review for a product family of over 600 products with BSI. I am looking forward to more achievements and future collaboration between our teams.”

Trish L. Winterburn | Regulatory Affairs | Deputy PRRC & Regulatory Compliance

“MDx’s expertise is top-notch and state-of-the-art in both IVDR, EU MDR and more. I have worked with MDx and the previous company of the current MDx CEO in both IVDR and EU MDR including other RA Support. The team is comprised of knowledgeable SMEs, experts including ex-BSI/ex-TUV SUD personnels. They are well trained, dedicated, professional and courteous. The feedback from Risk Management Review correlates to all points as required in the EU MDR 2017/745 for risk. Beyond RMF, MDx and I have partnered to fix BSI’s major/minor NCs and completed the UKCA/EU MDR Certification of 2 medical device families with over 600 devices. The service and expertise are top-notch and exceptional. Thanks and appreciate the team! “

Trish L. Winterburn | Regulatory Affairs | Deputy PRRC & Regulatory Compliance

Planning your transition from MDD to MDR?

MDx partners with medical device manufacturers worldwide to successfully place and maintain devices on the European Union market under Medical Device Regulation (EU) 2017/745 (MDR). Whether you are transitioning legacy devices or preparing for a first MDR submission, our team provides end-to-end regulatory support tailored to your portfolio and timelines.

Quick MDR Readiness Checklist

Intended purpose clearly defined and aligned with classification and clinical strategy
Risk management file compliant with ISO 14971, with full traceability to clinical, biological, and user information
Clinical Evaluation Report (CER) aligned with MDR Annex XIV and supported by robust clinical evidence
Biological Evaluation Plan and Report (BEP / BER) compliant with ISO 10993 and integrated into risk management
Post-Market Surveillance (PMS) system in place, including PMCF and PSUR, as applicable
Technical documentation complete and compliant with MDR Annex II and III
Labeling and IFUs aligned with MDR requirements, including MRI safety where relevant
Audit readiness confirmed through internal review or mock Notified Body assessment

MDx can lead, co-author, or independently review each of these activities, providing hands-on regulatory execution and strategic oversight to accelerate approval and reduce regulatory risk.

Talk to us

MDx supports medical device manufacturers across Europe and outside Europe in navigating MDR through structured, risk-based, and Notified Body–focused regulatory strategies, helping you move efficiently from planning to certification and long-term compliance.

Written by:

Alberto Bardají

Head of Medical Devices

Senior med-tech expert & ex-Notified Body reviewer with deep experience in high-risk implants, orthopedics, dental & neurology.

Industry Insights & Regulatory Updates

Connected Europe map with colorful location markers and Wi-Fi symbols illustrating MedTech innovation and digital connectivity in Europe.

Companion Diagnostic Clinical Trial Case Study

Advanced medical researchers analyzing DNA models to accelerate innovations in MedTech and improve healthcare solutions.

IVDR CE marking NGS: MDx Case Study with Fulgent

NGS IVDR compliance framework for comprehensive genomic profiling

IVDR Transition for Precision Medicine: How MDx CRO Enabled a Seamless Portfolio Upgrade

ISO 20417:2026 You May Have a Gap Today: What Medical Device Manufacturers Shall Do Now

Making IVDR Work in Combined Studies: Scientific & Operational Lessons from 40+ Programs

MDR Clinical Evaluation Report: How MEDDEV and MDCG Guidance Shape Compliance Under the EU MDR

January 19, 2026

Preparing an MDR Clinical Evaluation Report is one of the most challenging but essential steps in demonstrating the safety and performance of a medical device under the EU Medical Device Regulation (MDR). The process requires manufacturers to integrate multiple regulatory guidances, MDCG 2020‑6, MDCG 2020‑5, MDCG 2020‑13, MEDDEV 2.7/1 rev.4, and MDR Annex XIV, into a single, structured, and evidence‑driven CER.

This article breaks down how these documents support a compliant MDR Clinical Evaluation Report and what manufacturers must focus on to meet Notified Body expectations.

Key MDR Clinical Evaluation Report Requirements in Annex XIV

Building a Strong Clinical Evaluation Plan (CEP)

Annex XIV requires manufacturers to create a Clinical Evaluation Plan outlining:

Objectives and methodology
Data sources
Appraisal criteria
Update frequency across the device lifecycle

The CEP must remain a living document that evolves with device changes, PMS findings, and state‑of‑the‑art updates.

Demonstrating Safety and Performance

Your MDR Clinical Evaluation Report must show that the device meets GSPRs based on methodologically sound, relevant, and sufficient clinical data. Evidence may include:

Literature
Clinical investigations
PMS and PMCF data
Real‑world evidence

Benefit–Risk Determination

The CER must contain a transparent benefit–risk assessment based on:

Intended purpose
Clinical outcomes
Residual risks
Available alternatives and state of the art

How MEDDEV 2.7/1 rev.4 Supports MDR Clinical Evaluation Reports

Although created for the MDD, MEDDEV 2.7/1 rev.4 still provides the methodological foundation used by notified bodies.

Stage‑Based Clinical Evaluation Framework

MEDDEV outlines a structured, reproducible approach that aligns well with MDR expectations:

CEP creation
Identification of clinical data
Appraisal of data quality and scientific validity
Analysis and risk‑benefit assessment
CER production and ongoing updates

Its systematic approach remains essential for building an MDR‑compliant CER.

How MDCG 2020‑6 Supports Legacy Devices in the MDR CER

MDCG 2020‑6 explains how to demonstrate sufficient clinical evidence for legacy devices.

When Clinical Investigations Are Necessary

Additional clinical studies may be required if:

Existing data is insufficient
The device has undergone significant changes
The device is high risk (e.g., implants, Class III)

PMCF as an Ongoing Requirement

Manufacturers must implement a PMCF plan to:

Confirm continued safety and performance
Collect real‑world evidence
Update the CER regularly

MDCG 2020‑6 reinforces that legacy devices need a full reevaluation—not a simple MDD carryover.

Using MDCG 2020‑5 for Equivalence in the MDR Clinical Evaluation Report

MDCG 2020‑5 clarifies how to establish equivalence, which is critical if you plan to use clinical data from an existing device.

Three Required Equivalence Dimensions

To claim equivalence, manufacturers must show alignment in:

Technical characteristics
Biological characteristics
Clinical characteristics

Robust documentation and legitimate access to clinical data from the equivalent device are mandatory.

Risk Considerations

Manufacturers must also show:

Differences do not impact clinical safety or performance
Risks are identified and mitigated
Claims remain scientifically justified

How MDCG 2020‑13 Aligns CERs With Notified Body Review

MDCG 2020‑13 provides the Clinical Evaluation Assessment (CEA) report template used by Notified Bodies. Understanding this structure helps manufacturers prepare CERs that meet reviewer expectations.

Key Focus Areas for Notified Bodies

Device description and intended purpose
Definition of state of the art
GSPR alignment
CEP adequacy and methodology
Data sources and appraisal quality
Clinical evidence strength and conclusions
PMCF requirements

Manufacturers who align their CER to this structure often experience smoother reviews and fewer NB questions.

Ensuring Regulatory Compliance in Your MDR Clinical Evaluation Report

To achieve a defensible, audit‑ready CER, manufacturers must integrate:

MDR Annex XIV clinical evaluation requirements
MEDDEV methodology and appraisal principles
MDCG 2020‑6 for legacy device evidence
MDCG 2020‑5 for equivalence justification
MDCG 2020‑13 for NB review expectations

A compliant MDR Clinical Evaluation Report demonstrates:

Scientific validity
Clinical performance
Clinical safety
A documented, robust benefit–risk profile

How MDx CRO Supports Your MDR Clinical Evaluation Report

MDx CRO specializes in supporting manufacturers through the full MDR CER process. Our services include:

Regulatory strategy and intended purpose definition
Customized MDR Clinical Evaluation Report templates
Clinical Evaluation Plan (CEP) development
Systematic literature reviews
CER and CEP medical writing
Gap analyses for clinical evidence and QMS alignment
Equivalence assessments
PMCF plan development
Technical documentation for MDR compliance
Support with Notified Body interactions

Our experts ensure that your CER is complete, consistent, and aligned with the latest MDR and MDCG expectations.

Request regulatory documentation services.

Industry Insights & Regulatory Updates

Making IVDR Work in Combined Studies: Scientific & Operational Lessons from 40+ Programs

ISO 14155:2026 What’s Changed and What It Means for Your Clinical Investigation

Portugal’s New Clinical Trials Law No. 9/2026: What Sponsors Need to Know

IMDRF Draft N91 2026: New Clinical Evidence Requirements for IVDs Explained

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

ISO 20417:2026 You May Have a Gap Today: What Medical Device Manufacturers Shall Do Now

What Changed: The 6 Key Updates

Normative reference flexibility: deleted

IFU readability: now measurable

Label durability: now normative

Sterile barrier configuration: new labeling requirement

eIFU: restricted access obligation

~20 “Applicable Policy” qualifiers

Change 1: Normative Reference Flexibility: Deleted

What your gap looks like today

Change 2: IFU Readability Is Now Measurable

How to test and document compliance

Change 3: Label Durability Annex Is Now Normative

What a Notified Body reviewer will expect

Change 4: Sterile Barrier Configuration: New Labeling Requirement

What to do

Change 5: eIFU Restricted Access Obligation

Change 6: ~20 “Applicable Policy” Qualifiers

ISO 20417:2026 Gap Analysis Checklist

SaMD and AI Developers: This Standard Applies to You Too

MDR, IVDR, and Harmonisation Status

ISO 20417:2026 in the context of your MDR/IVDR GSPR checklist

NB Audit Risk: What to Expect in 2026–2027

Top 3 Notified Body Finding Risks: ISO 20417:2026

1

Applicable Policy Qualifiers: documentation gap

2

Normative Reference Flexibility: deleted but still in QMS

3

IFU Readability: assertion without evidence

Why this matters: real-world consequences

FDA Correction Cases, IFU-Related

Your 30-Day Action Plan

Frequently Asked Questions about ISO 20417:2021

Need a structured gap analysis?

Diego Rodríguez Muñoz, PhD

ISO 14155:2026 What’s Changed and What It Means for Your Clinical Investigation

A Standard That Has Been a Long Time Coming

The Key Changes: What’s New in ISO 14155:2026

1. Risk Management: A Clearer, More Structured Framework

2. Data Monitoring Committees and Clinical Events Committees: Formal Requirements for Both

3.Informed Consent: Strengthened Expectations and Ethics Committee Implications

4. Design Considerations: The Estimand Framework Arrives

5. Clinical Performance: A Sharper Definition With Real Consequences

The Most Common Mistakes Sponsors Make regarding ISO 14155, and How to Avoid Them

What Happens to Studies Already Underway?

What Sponsors and Investigators Must Do Now

1. Run a formal gap analysis

2. Update your QMS and SOPs

3. Assess ongoing studies

4. Deliver structured training

5. Monitor the harmonisation process

Frequently Asked Questions about ISO 14155:2026

Need support implementing ISO 14155:2026?

Related Articles

Kirsty Macleod

EU AI Act and Medical Devices: What SaMD Developers Need to Know (2026)

Timeline Update: April 2026

February 2026: Commission published guidelines on Article 6

2 August 2026: Most high-risk AI obligations now apply, but with a critical exception for medical devices

Revised compliance milestones for SaMD developers

1. Does the AI Act Apply to Your Software?

2. High-Risk AI Classification for Medical Devices

3. How the AI Act Interacts with MDR and IVDR

4. General Purpose AI (GPAI) Models in Medical Devices

5. Key Timelines

6. What to Do Now: A Practical Checklist

Key Requirements at a Glance

AI Act SaMD Classification: When Is Your Software Automatically High-Risk?

EU AI Act August 2026 Deadline: What It Means for Medical Device Manufacturers

What applies from 2 August 2026

What applies from 2 August 2027

AI Act vs MDR: Understanding the Dual Compliance Framework for SaMD

General Purpose AI (GPAI) Models in Medical Devices: What the AI Act Requires

Tier 1: GPAI model provider obligations (August 2025)

Tier 2: SaMD developer obligations (August 2026/2027)

What is the EU AI Act?

What does it regulate?

Who does it apply to?

How does it differ from MDR?