The fourth edition of the international GCP standard for medical device clinical investigations is now in effect, with no transition period. Here is what sponsors, investigators, and CROs need to know.
ISO 14155:2026 was published in March 2026.
It replaces ISO 14155:2020 as the global benchmark for Good Clinical Practice (GCP) in medical device clinical investigations, covering everything from trial design and risk management to informed consent and safety reporting. There is no defined transition period. If your study is in planning, you are expected to comply now.
A Standard That Has Been a Long Time Coming
ISO 14155 has been the GCP reference for medical device clinical investigations since its first edition in 2003. The third edition, published in July 2020, made significant strides in aligning the standard with the EU Medical Devices Regulation (MDR 2017/745) and the ICH E6(R2) framework. But five years of practical implementation exposed gaps, particularly around risk management, study oversight structures, and statistical planning.
The fourth edition directly addresses those gaps. It introduces more prescriptive requirements, clearer distinctions between types of risk, new formal oversight structures, and a statistical annex that brings medical device investigations much closer to the rigour expected in pharmaceutical trials.
⚠ No transition period, requirements apply immediately
One timing point worth noting: ISO 14155:2020 had only just achieved formal harmonisation with the EU MDR when the fourth edition arrived, an unusual situation that has created legitimate questions for sponsors about the harmonisation status of the new standard. As of publication, EN ISO 14155:2020 remains the harmonised standard for MDR conformity purposes. The harmonisation process for ISO 14155:2026 is ongoing. Sponsors should monitor the EU Official Journal for updates.
The Key Changes: What’s New in ISO 14155:2026
1. Risk Management: A Clearer, More Structured Framework
If applying ISO 14971 risk management principles to clinical investigations has been a grey area in your organisation, the fourth edition addresses this directly.
The key distinction introduced is the separation of two categories of risk:
Device-related risks: including residual risks relevant to the specific study population, sample size, and indication, must be evaluated using full ISO 14971 methodology. The standard recognises that adverse device effect rates during an investigation can differ from post-market use. A small trial population amplifies ethical impact; risks must be contextualised accordingly.
Procedure-related risks: arising from non-routine clinical procedures required by the Clinical Investigation Plan (CIP) but outside standard clinical practice, require a descriptive risk assessment.
A risk based monitoring approach should be defined to manage the oversight of risks associated with the clinical investigation.
The standard clarifies how general device risk management principles translate into study-specific considerations, with focus on investigational device risks, especially residual risks relevant to the study population, sample size, and indication. These updates will require greater rigour when conducting and documenting risk assessments, but the result will be sponsors having more robust, better-documented risk management files tailored to each investigation.
Kirsty Macleod, Head of Clinical Research, MDx CRO
2. Data Monitoring Committees and Clinical Events Committees: Formal Requirements for Both
Study oversight structures receive significant attention in the fourth edition.
For DMCs, ISO 14155:2026 provides further clarification on this requirement. Where a DMC is determined to be in place, sponsors must now pre-define, and document in the CIP, the specific conditions under which a study would be suspended or stopped.
CECs are introduced for the first time in ISO 14155:2026. A Clinical Events Committee is an independent group of clinical experts established by the sponsor to ensure consistent classification and assessment of clinical events across sites. In multi-centre studies, different investigators may characterise the same event type differently, a CEC reduces that variability and strengthens data reliability. Where a CEC is used, its independence, role, and conflict-of-interest management must be formally defined at the outset of the study.
Key point for CROs and sponsors
The DMC and CEC requirements are not about adding bureaucracy. They are about ensuring that the necessary due diligence on safety review levels has been performed and captured in study documentation before the study starts, not after a safety signal emerges.
3.Informed Consent: Strengthened Expectations and Ethics Committee Implications
The fourth edition introduces more operational requirements around ethics, subject rights, and consent.
Specific updates include a prohibition on deviations from eligibility criteria without a formal CIP amendment; clearer requirements for explaining future use of health data to subjects; and expanded protection requirements for vulnerable populations and cross-border studies.
Ethics committees will scrutinise these more closely. Sponsors referencing ISO 14155:2026 compliance in submissions should expect greater attention to consent documentation, the consent process itself, and how protocol deviations are governed.
Ethics committees will have altered expectations when sponsors state compliance with the revised standard. Any mismatches between the risk management file and the informed consent form, downplaying known residual risks, using generic language, are routinely flagged during ethics review. The risk file and the consent must tell the same story, in plain language.
Kirsty Macleod, Head of Clinical Research, MDx CRO
4. Design Considerations: The Estimand Framework Arrives
The introduction of Annex K, a new informative annex on clinical investigation design considerations, brings the device world significantly closer to the statistical expectations long standard in pharmaceutical development.
In practice, this means study protocols are expected to more precisely define the clinical question being answered, including how intercurrent events (patient dropouts, treatment switches, protocol deviations) are handled in the primary analysis. Missing data strategies must be planned prospectively, not fixed post-hoc.
For organisations working across both medical devices and pharmaceuticals, this alignment reduces friction. For teams accustomed to simpler device trial designs, it will require additional investment in biostatistics at the planning stage.
5. Clinical Performance: A Sharper Definition With Real Consequences
The definition of “clinical performance” has been updated to more explicitly link device performance to measurable clinical benefit resulting from technical or functional characteristics. This is not a minor editorial change. It has direct implications for how endpoints are selected and justified in the CIP, and how clinical evidence is structured in Clinical Evaluation Reports (CERs).
Sponsors designing new studies need to ensure their primary endpoints map directly to the updated definition. For CER authors, it adds another layer of alignment to consider when assessing clinical data generated under different versions of the standard.
The Most Common Mistakes Sponsors Make regarding ISO 14155, and How to Avoid Them
When running and overseeing clinical investigations, the same errors appear repeatedly when sponsors try to apply risk management requirements to active studies. The fourth edition makes some of these errors significantly harder to ignore during regulatory or ethics review.
| The mistake | What is expected instead |
|---|---|
| Reusing the post-market risk file unchanged Clinical investigations have different risk profiles, smaller populations, learning-curve users, investigational configurations. The ISO 14971 product risk file created for design verification does not translate directly. | A study-specific risk assessment clearly linked to the CIP, subject population, site capabilities, and operator experience. Justified differences between clinical investigation risk and intended-use risk. |
| Applying full ISO 14971 to procedure risks Sponsors apply the full methodology to blood draws, biopsies, imaging, and extra clinic visits, logging these as device risks. Regulators increasingly challenge over-engineered risk files because they obscure actual device risk. | Clear separation in documentation: device-related risks, ISO 14971 process; procedure-related risks, descriptive assessment. Explicit statement in the CIP explaining this distinction. |
| Freezing the risk file once the study starts Risk management is treated as a design artefact with no named responsibility during execution. Adverse events, near-misses, and protocol deviations that reveal new hazards are not fed back into risk assessment. | Defined triggers for risk review (SADEs, DMC recommendations, deviation trends). Documented updates showing how clinical findings feed back into hazard identification, risk estimation, and benefit-risk evaluation. |
| Weak linkage between risk file and consent form The informed consent form downplays known residual risks, uses generic language, or is inconsistent with what appears in the risk management file. Ethics committees view this as a red flag. | Clear mapping between residual risks and subject-facing explanations. Justification where technical risks are simplified or grouped. Immediate consent updates if risk understanding changes. |
| Risk controls that exist on paper but not in the study Controls are listed in the risk file but not implemented, training listed but not documented, IFU warnings not reflected in consent, monitoring controls not built into the protocol. | Traceability from risk, control, CIP section, training, monitoring. Cross-checks during monitoring that controls are actively applied. This is one of the most common audit findings. |
What Happens to Studies Already Underway?
This is a frequently asked question by sponsors where the answer requires some nuance.
Studies initiated and approved under ISO 14155:2020 remain valid. The publication of the fourth edition does not retroactively invalidate work done in compliance with the previous version. A study designed, approved, and conducted in line with ISO 14155:2020 remains compliant with that version, and that data remains usable to support CE marking, clinical evaluation updates, and post-market evidence, provided it was compliant at the time of initiation.
Where things become more complex is with substantial amendments. If an ongoing study undergoes a significant change after March 2026, a protocol amendment, addition of new sites, introduction of a DMC or CEC, changes to the subject population, regulators and notified bodies may expect the affected areas to be brought into alignment with ISO 14155:2026. This is not a hard rule, but it is a risk-based expectation that should be assessed and documented.
In practice, authorities accept a clear, documented rationale: the clinical investigation was designed and initiated in compliance with ISO 14155:2020, which represented the state of the art at the time of study initiation. The publication of ISO 14155:2026 has been reviewed, and no changes were required that would materially impact subject safety, data integrity, or scientific validity. This approach is widely accepted, provided it is documented, risk-based, and justified.
Kirsty Macleod, Head of Clinical Research, MDx CRO
What Sponsors and Investigators Must Do Now
Given that there is no transition period, the question is not whether to act but how to prioritise. Here is a practical framework:
1. Run a formal gap analysis
Assess your current SOPs, CIP templates, risk management processes, and oversight structures against ISO 14155:2026. Focus first on risk management (device vs. procedure risk distinction), DMC/CEC governance, and statistical planning documentation.
2. Update your QMS and SOPs
Procedures, templates, and SOPs that reference ISO 14155:2020 need revision, particularly around CEC governance (new), DMC governance (strengthened), risk management integration, and informed consent processes.
3. Assess ongoing studies
Review active protocols or protocols in development. For studies with upcoming substantial amendments, prepare a documented assessment of whether and how ISO 14155:2026 requirements apply. Always document the rationale for decisions made, or not made.
4. Deliver structured training
Sharing the updated standard document is not sufficient. The risk management changes in particular require dedicated training for clinical affairs, regulatory affairs, and quality teams, not just a circulated PDF.
5. Monitor the harmonisation process
Keep an eye on the EU Official Journal for updates on the formal harmonisation of ISO 14155:2026 under the MDR. Until harmonised, EN ISO 14155:2020 remains the reference for MDR conformity presumption.
Key insight
The core principles of Good Clinical Practice for medical device investigations remain stable. What the 2026 revision adds is greater structure, clarity, and prescriptiveness, especially around risk management and ethical requirements. In the long run, this benefits patient safety, study design rigour, and the robustness of the evidence generated. The burden is front-loaded; the payoff is fewer audit findings and more defensible submissions.
Frequently Asked Questions about ISO 14155:2026
ISO 14155:2026 (Edition 4) was published in March 2026 and replaced ISO 14155:2020 immediately, with no defined transition period. Any new clinical investigation initiated after publication is expected to reference ISO 14155:2026 or provide a clear justification for non-alignment.
Studies initiated and approved under ISO 14155:2020 remain valid. However, any substantial amendment to an ongoing study after March 2026 may trigger an expectation to align affected parts with ISO 14155:2026, or provide a documented justification explaining why partial or full transition is not appropriate. Always document the rationale.
Not yet. As of April 2026, EN ISO 14155:2020 remains the harmonised standard providing presumption of conformity with the EU MDR. The formal harmonisation process for ISO 14155:2026 is underway. Sponsors should monitor the EU Official Journal regularly for updates.
A Data Monitoring Committee (DMC) oversees overall trial safety and has the authority to recommend stopping or modifying a study. ISO 14155:2026 requires sponsors to pre-define stopping conditions and justify the absence of a DMC. A Clinical Events Committee (CEC) newly introduced in the 2026 edition, is an independent panel of clinical experts that ensures consistent classification of events across sites in multi-centre studies, improving data reliability.
Yes. ISO 14155 applies to post-market clinical investigations, including PMCF studies. Annex I of the standard defines the applicability of requirements to different types of post-market investigations. Some requirements may be modified or exempt for observational studies, but the core GCP principles, including risk management, monitoring, and data governance, apply.
The estimand framework (from ICH E9(R1)) provides a structured approach to defining exactly what clinical question the investigation is designed to answer, and how events that disrupt the intended treatment (dropouts, protocol deviations, treatment switches) should be handled in the primary analysis. It requires these decisions to be made and documented at the design stage, not resolved post hoc in statistical analysis.
ISO 14155 applies to medical devices, not in vitro diagnostics (IVDs). IVD clinical performance studies are governed by ISO 20916:2019. However, where a medical device and an IVD are used in an integrated system, elements of both standards may apply. Sponsors of combination investigations should assess both standards.
Need support implementing ISO 14155:2026?
MDx CRO’s clinical research team supports medical device and IVD sponsors at every stage, from gap analysis and SOP updates to full clinical investigation management under the new standard.
Related Articles
ISO 14971 Applied to Clinical Investigations: A Practical Guide
PMCF Under MDR: What ISO 14155 Requires
Clinical Investigation Plan: What You Must Include (2026 Update)
