EU MDD vs. EU MDR

“EU MDD” is the abbreviation for European Medical Devices Directive. This Directive gave the Essential Requirements for safety and performance that medical devices had to meet for market access. The EU MDD was introduced in 1993. Because it was a Directive, the provisions had to be transposed and implemented into national legislation by the Member States of the European Union. The three signatory countries to the European Economic Area (EEA) Norway, Iceland and Liechtenstein, and Switzerland chose to transpose the Medical Devices Directive into their national laws as well. 

The manufacturer was allowed to choose a route for conformity assessment. This was depending on the risk classification of the medical device. The EU MDD defined various possible conformity assessment routes. The classification rules were based on the vulnerability of the human body. In particular, the potential risks to people that come with the design and development of the medical device. 

A distinction is made between self-certification and third-party certification: 

• Low risk. Manufacturers of class I medical devices performed self-certification. The manufacturer self-assessed whether all requirements of the MDD were met and prepared a Declaration of Conformity for this purpose. 

• Moderate to high risk. For medical devices that pose moderate to high risk, a third party (notified body) must be involved with the conformity assessment. This includes medical devices of class IIa, IIb, III and medical devices of class I that are sterile or fulfil a measurement function. The notified body assessed conformity with the MDD and then issued the Declaration of Conformity.

“EU MDR” is short for European Medical Devices Regulation. The EU MDR replaced the EU MDD as of May 26, 2021.  

It provides a regulatory framework for ensuring safety and effectiveness of medical devices. Although the EU MDD has been replaced by the EU MDR, no existing requirements have been removed from the regulatory framework. The EU MDR also sets general requirements for the safety and performance of medical devices. The EU MDR merely adds new, strengthened requirements over the EU MDD. 

Since 1993, many developments have taken place in the social, technological and scientific fields. It became necessary to update and strengthen the regulatory framework. When transposing the EU MDD into national laws, all countries had given their own interpretation to the provisions. As a result, the regulatory framework for medical devices varied throughout the EEA. Regulations are directly applicable without transposition into national laws. Therefore, the provisions of the EU MDR are the same in all countries.

The EU MDR has replaced the EU MDD. This has renewed the regulatory framework for medical devices. A few of the most important changes are described below.  

• The scope of the EU MDR is broader than the EU MDD’s: more products must comply with the medical device regulatory framework. For example, there is a list in the EU MDR’s appendices of products that do not have a medical purpose, but because of the risk they pose to patient safety must still meet the requirements for medical devices. Examples include contact lenses, lasers for hair removal, tattoo equipment and fillers. 
• Stricter requirements are placed on notified bodies through the EU MDR. All notified bodies that were designated under the EU MDD must meet more stringent requirements under the EU MDR to be re-designated as notified bodies. 
• The procedure for conformity assessment based on risk classification is maintained under the EU MDR, except that the risk classification rules are partially modified. As a result, medical devices may end up in a higher risk classification than under the EU MDD. For example, the EU MDR includes a specific risk classification rule for software. This means that virtually all medical device software is considered class IIa or higher. Under the EU MDD, virtually all medical device software was classified as class I. 
• Such up classification can have a major impact on the organization. This applies all the more as from a risk classification IIa onwards, the conformity assessment must be done by a notified body. Only a few notified bodies have been reallocated and are therefore competent to carry out conformity assessment procedures under the EU MDR. The waiting lines at notified bodies can therefore be very long. 
• The overall focus of the regulatory framework has become more medical device life cycle oriented with the advent of the EU MDR. The manufacturer must be able to demonstrate and substantiate the safety of the device with clinical data at each stage of the medical device. This includes from design and development to marketing the medical device to the post-marketing phase. 
• This is demonstrated by, among other things, the new Unique Device Identifier (UDI) system. This will significantly improve traceability. By assigning unique identifiers to all medical devices and storing them centrally, medical devices can be traced at any stage in case of safety problems and/or (safety) improvements. 
• A European database (EUDAMED) will be established. Information about medical devices and studies will be made publicly available. This will give not only authorities and notified bodies, but also healthcare institutions and healthcare consumers and patients, access to all relevant information about the medical device and its manufacturer. 

The changes in the regulatory framework may affect the manufacturer’s products and processes. Some of the biggest changes for manufacturers are listed below. 

• More products are subject to the provisions of the EU MDR. As a result, more companies may be required to comply with the EU MDR. Manufacturers of cosmetic and aesthetic products may therefore suddenly be required to consider the EU MDR. 
• For manufacturers of products that were already classified as medical devices, the risk classification could be changed. In case of up classification, the manufacturer may now have to involve a notified body in the conformity assessment process. Besides, other/new requirements may be applicable. 
• For example, the higher the risk class of the product, the higher the requirements for clinical evidence. For a risk class I, a literature study in combination with post-marketing data may be sufficient. However, a clinical investigation with human subjects may be necessary to gather clinical evidence for a risk class III medical device. 
• There is a real possibility that medical device manufacturers will need to collect additional clinical evidence because of the regulatory framework’s focus on the entire medical device life cycle. Pre-market clinical evidence alone is not sufficient, but clinical evidence must be collected throughout the life cycle to ensure safety and efficacy continuously. 
• The Quality Management System (QMS) under EU MDR must be significantly expanded. Virtually all processes that must be in place become part of the QMS. From design and development of the medical device to post-market surveillance: it must be part of the QMS to ensure quality throughout the medical device’s life cycle. It also enables the manufacturer to intervene more quickly in the event of incidents after marketing the device. 
• In the unlikely event that damage is caused by the medical device, the manufacturer must have ensured sufficient financial coverage (e.g., through insurance). 
• Every manufacturer of medical devices must appoint a person responsible for compliance with laws and regulations. Practical experience tells us that many organizations, especially the smaller and/or younger (software) companies do not employ someone with sufficient substantive legal and regulatory knowledge. Fortunately for these companies, under the EU MDR they must always have access to such a person rather than have someone employed.