December 3, 2020

After a one-year delay due to concerns over a shortage of notified bodies, the new EU Medical Device Regulation (MDR) is set to take effect as of May 26, 2021. The regulations are a departure from the prior Medical Device Directive (MDD), which once made the EU an easier place to introduce products compared with more stringent FDA requirements.

One big area of concern is EU MDR requirements for post-market vigilance and reporting and the subsequent impact on staffing, data collection, and how companies bring new products to market.

Here we look at key changes to these requirements, and what medical device companies are doing to prepare for the compliance deadline. We also look at how to simplify the reporting process, revealing a 5-step workflow that leverages decision trees to automatically complete a manufacturer incident report (MIR) form.

Inside the EU MDR Vigilance and Reporting Requirements

The new EU MDR significantly strengthens requirements around post-market vigilance and reporting, two areas where MDD requirements were relatively light. The new regulation incorporates the principles of ISO 13485 for medical devices and ISO 14971 for medical device risk management, applying them to the entire manufacturing process.

While EU MDR closes gaps in the previous MDD regulation, it also means big changes to how companies handle customer complaints and reportable events.

One stark example of this problem:

The manufacturer incident report (MIR) form that medical device companies must submit after any reportable event has gone from five to 12 pages. The MIR form requires detailed information such as:

  • Trend data on the number of similar incidents linked to the device
  • Historical data going back three years on the number of devices sold and delivered by location
  • Number of devices currently on the market by location
  • Risk assessment to determine whether the problem is a chronic issue or an isolated incident

The result is a more complete picture of the product across its entire life cycle, with more transparency into risk—and more data required from manufacturers—than ever before.

Gathering MIR Data: A Complex Challenge

Not surprisingly, the increased data requirements of the MIR are already starting to create problems for device manufacturers

For instance, many companies now must wade into their enterprise resource planning (ERP) systems to extract sales and distribution data. They may even have to dig into clinical trial documentation to substantiate responses around whether the event was predicted while the device was under development.

Another element that makes completing the MIR more confusing is that devices aren’t classified the same in every country. For instance, the U.S. has three different classes based on device risk, while the EU and Canada each have four.

Furthermore, the MDR reporting requirements don’t just apply to devices sold in the EU. A complaint on a device sold in Brazil, for example, needs to be reported on the MIR form, complete with data on where the product was sold globally.

Implications for Human Resources and IT

The complexity of MIR requirements has several implications for medical device manufacturers. In many cases, it will mean hiring subject matter experts who know where to find the required data in order to map it to fields within the MIR form.

Companies must also decide whether to continue manually extracting the data or build a digital interface to automate the process. Logging into multiple systems to get data for the MIR is time-consuming, inefficient, and is a major contributor to poor data quality. This is especially true given the short deadline to submit the MIR form, which ranges from two to 15 days depending on the nature of the incident.

How Go-to-Market Strategies May Change

In the past, many companies opted to introduce devices in the EU before the U.S. due to MDD requirements being relatively light compared to those of the FDA.

Now that dynamic is reversed.

The new EU MDR requirements now make the FDA process simpler, an important concern is given the lack of available EU regulatory bodies. The end result may be a marked change in go-to-market strategies, potentially driving some companies to introduce devices in the U.S. before bringing them to market in the EU.

Ultimately, some companies likely will not be able to meet the new requirements due to the resources involved in compliance. As companies undertake revenue portfolio assessments to determine which products to improve (or retire), they must evaluate whether investing in changes to meet compliance will generate enough revenue to stay profitable.

Small and medium-sized businesses are those most likely to exit the market. Other companies, typically large or even medium-sized organizations, may be committed to maintaining their presence in the EU even if they must make up the profit elsewhere.

Leveraging QMS Automation to Comply with EU MDR Requirements

The quality management system (QMS) can play a key role in streamlining regulatory compliance by integrating requirements for complaint handling with automated MIR submission.

Here is the basic workflow:

  1. A complaint acts as the initial trigger for post-market investigation and reporting processes, providing a single intake point no matter where the issue originates.
  2. Decision trees designed around business rules determine whether the issue is reportable and routes the complaint through the required country-specific steps and responsible parties.
  3. If the product is sold in multiple places, the QMS tracks the complaint in parallel along with separate workflows. The QMS also documents justifications for non-reportable events.
  4. The system automatically populates data from the complaint form, including patient information. It also displays choices for all International Medical Device Regulators Forum (IMDRF) codes from Annexes A through G used to categorize events, which are also harmonized with the FDA 3500A form.
  5. The system automatically generates an XML or PDF output for internal review and regulatory submission to the European Commission (EC).

The fact that MDR closes several gaps are good news for patient safety, also further harmonizing global regulations around ISO 13485. However, it also makes manufacturers responsible for more data than ever, forcing changes in staffing, IT, and marketing strategies.

Meeting EU MDR requirements for vigilance and reporting is challenging. Fortunately, by automating processes like MIR submission, companies can minimize business disruption—and maximize ROI for their hard-won gains in the EU medical device market.


Regulatory Affairs Professionals Society (RAPS), EU MDR: Parliament overwhelmingly backs one-year delay.