Navigating the New EU Medical Device and In Vitro Diagnostics Regulations

Key considerations for medtech companies

The medical device regulatory landscape in the EU is undergoing significant regulatory change with the adoption of the Medical Devices Regulations 2017/745 (“MDR”) and In Vitro Diagnostics Regulation (“IVDR”) 2017/746 at its core.

Eucharia Commins, Director, Managed Legal Solutions at KPMG, Nicole Walsh, Director, at KPMG Law and Emma Ritchie, Director, Head of Data Protection and Privacy at KPMG Law, explore the main considerations for medtech companies and how to navigate them.

• The MDR has been applicable since 26 May 2021, and the transition period ended on 26 May 2024.
• The IVDR has been applicable since 26 May 2022 with a staggered extension of its transition period, ranging from May 2025 to May 2028, depending on the risk categorisation of the device.
• For ease of reference, we shall refer to MDR and IVDR as the “Regulations”.

Key changes

• Increased Control for National Regulators
• Interaction Changes with Notified Bodies
• New / Updated Classification Rules
• New EU Database on Devices (Eudamed)
• Better Traceability of Medical Devices (UDI)
• New Clinical Evidence & Safety Requirements
• Increased Periodic Safety Update and Vigilance Reporting Requirements

”The Regulations aim to improve the safety, performance, and transparency of medical devices.” 

The impacts of the new Regulations

The impacts of the Regulations are multifaceted, and this article will focus on key considerations for legal and regulatory departments in medtech companies operating in the EU.

Risk management

The legal team will be required to liaise with risk management colleagues to conduct a comprehensive risk assessment to identify and evaluate potential risks and areas of weakness. Robust risk management procedures will need implementation to address risks and mitigate potential for non-compliance. If necessary, portfolio strategy colleagues may need to engage in portfolio rationalisation. Consideration will also need to be given to ongoing Notified Body capacity across Europe.

There is a requirement to comply with data protection regulations (GDPR) in respect of patient data, clinical data, post-market surveillance information and ensure robust consent mechanisms and data security measures are in place.

Contracts

The Regulations will require a review of contracts with suppliers, distributors, third-party entities, and intercompany agreements. All processes and agreements need to be aligned with the new legal requirements as specified by the Regulations. This includes addressing both pre-marketing and post-marketing requirements, which may necessitate adjustments to processes and agreements.

Additionally, it is essential to review all delegations of authority, powers, or obligations within the supply chain to ensure compliance with the Regulations. While the older regulatory regime addressed only the manufacturers and authorised representatives, the new MDR and IVDR directives regulate importers and distributors, targeting the entirety of the supply chain, right up to the end user.

To ensure compliance across the channels, agreements must be shared, harmonised and updated in tandem. Quality agreements between MD manufacturers and suppliers must address the new regime. It is advisable to consider adding clauses that mandate the collection of necessary information from all supply chain partners, such as distributors, third-party suppliers, and sub-contractors.

Intellectual property

With regard to an organisation’s intellectual property, it is advisable to review and ensure all company’s intellectual property in particular technical documentation, clinical evaluation reports are prepared and maintained in compliance with the Regulations. It is of note that the Regulations impose labelling and UDI (unique device identification) requirements to enhance traceability and identification of medical devices. The Regulations call for accurate product classification. This will determine the appropriate conformity assessment route and will necessitate the IP team to work with notified bodies for CE certification.

Ongoing monitoring

The Regulations impose strict post-market obligations on medtech manufacturers with the requirement to develop and maintain a Post-Market Surveillance System to monitor performance of devices once they are on the market with a mechanism to report any incidents or safety concerns to relevant bodies withing specified timelines.

Entities will be required to meticulously plan their operational initiatives, recognising critical dependencies, allocating appropriate resources, and implementing robust risk management procedures under a sound governance framework. Emphasis will be placed on fostering compliance with the Regulation’s provisions, necessitating a comprehensive review of existing operational practices and contracts to align with the new regulatory requirements.

By addressing the above considerations and actions, legal and regulatory departments can help the organisation navigate the complexities of the changing regulatory landscape, ensuring compliance, mitigating risk and enabling market success in the EU.

How can KPMG help?

KPMG helps organisations face many of these challenges. Our team leverages our broad technical experience with deep industry knowledge to deliver issues-based support that is both timely and relevant. Our team works closely with many of the most successful businesses in the sector.

KPMG’s Strategy Team is experienced in supporting medical device companies with portfolio strategy and optimisation, particularly in response to new regulations. Our team is composed of life science strategy professionals and individuals with previous experience as a medical device regulator.

As a full-service law firm, KPMG Law can help entities navigate the Regulations, in particular in relation to the interaction with other areas of law, such as the GDPR and commercial contracts to ensure that compliance with the Regulations does not expose an entity to non-compliance with another regulatory regime.

KPMG Managed Legal Solutions, our alternative legal services are fully supported by expert staff who bring project management, solution design, operational excellence and KPMG tooling to deliver high-quality solutions at compelling price points.

With KPMG, you can have confidence that you are partnering with the best team in the market, with unrivalled experience, insight and commitment.

For more information, visit kpmg.ie.