What SME Manufacturers Need to Know—and How QNET Can Support You

The U.S. Food and Drug Administration (FDA) finalized its Quality Management System Regulation (QMSR), marking the most significant overhaul of U.S. medical device quality system requirements in over two decades. The new regulation formally integrates ISO 13485:2016 into 21 CFR Part 820, aligning U.S. expectations with the internationally recognized standard already used in the EU, UK, Canada, and many other jurisdictions.

While this alignment has been widely anticipated, its practical implications for SME manufacturers are substantial.

From Awareness to Execution

Most SME medtech companies are already working with ISO 13485:2016 in some form. However, “ISO-certified” is no longer enough. The QMSR includes FDA-specific expectations that go beyond ISO 13485, such as:

• Documentation and control of complaint handling, corrections, and removals
• Enhanced requirements for software validation used in the QMS and production
• Clear expectations for labeling, packaging controls, and traceability
• Ongoing oversight and documentation for outsourced processes (aligned with 4.1.5 and 7.4)

For many organizations, QMS documents must be revised, roles clarified, and evidence of effective implementation created and maintained—without fragmenting your QMS across regions.

This is not just a regulatory exercise. The QMSR transition presents a strategic opportunity for SMEs to strengthen quality operations, improve internal coherence, and ensure regulatory agility across markets.

Why Partner with QNET?

At QNET, we understand the challenges SMEs face when navigating complex, multi-jurisdictional compliance environments with limited internal resources. We are not a generalist consultancy—we are a specialized regulatory partner offering high-level support that is practical, proportionate, and audit-ready.

Our team brings deep expertise in:

• ISO 13485:2016 implementation and remediation
• FDA QMSR interpretation and integration with MDR/IVDR, UK MDR, and Swissmedic requirements
• Supplier qualification, internal audits, PRRC responsibilities, and post-market surveillance

Whether you manufacture Class I products, operate as a virtual manufacturer, or rely on contract partners for key processes, we help you:

• Conduct a gap analysis between your current QMS and the full scope of QMSR + ISO 13485 requirements
• Develop or update compliant procedures (CAPA, complaint handling, document control, software validation, etc.)
• Prepare for FDA inspections or MDSAP audits
• Optimize your QMS for global market efficiency

Your Next Step: Clarity, Compliance, and Confidence

The transition timeline has begun—and your QMS will come under scrutiny sooner than you think. Don’t wait until notified body or FDA inspections reveal gaps that could delay market access or put your company at risk.

Now is the time to:

• Validate whether your QMS fully meets QMSR expectations
• Identify necessary updates
• Ensure your documentation, processes, and records are robust, aligned, and inspection-ready

???? Schedule a free orientation call with one of our senior consultants
???? Or contact us via This email address is being protected from spambots. You need JavaScript enabled to view it.

We’ll help you take action with confidence.

QNET – Supporting Regulatory Compliance and Market Access for MedTech Innovators
EU Authorized Representative | UK Responsible Person | Swiss CH-REP | US Agent | ISO 13485 & QMSR Experts

April 12, 2025 – The Swiss medical technology industry faces growing uncertainty following the U.S. government's recent decision to impose import tariffs on countries with trade surpluses. With a considerable surplus, Switzerland has been hit with a 31% tariff—significantly higher than many other nations. This move directly threatens the Swiss MedTech sector, which exported CHF 2.8 billion worth of medical technology products to the U.S. in 2023, making the U.S. the second most important market after the EU.

Call for Action from Industry Leaders

Swiss Medtech, the national association representing over 800 medical technology companies, has urgently called the Swiss Federal Council to initiate immediate diplomatic engagement with Washington. Damian Müller, President of Swiss Medtech, emphasized the importance of protecting Switzerland's key export channels and reiterated the demand for swift regulatory adjustments—especially regarding recognizing U.S. FDA-approved medical devices in Switzerland. This recognition, which Parliament already mandated in 2022, would ensure continued patient access and supply chain security and send a clear signal of Switzerland's openness to fair and constructive trade relations.

Relevance for Swiss Authorized Representatives (CH-REPs)

This situation also directly impacts Swiss Authorized Representatives (CH-REPs), who serve as the official point of contact in Switzerland for foreign medtech manufacturers, particularly those based in the U.S. CH-REPs like QNET CH-REP GmbH play a critical role in ensuring the regulatory compliance of non-Swiss manufacturers marketing products within the Swiss market.

The current tension between Switzerland and the U.S. underlines the importance of regulatory cooperation and alignment. As CH-REPs, we are closely monitoring the implications of these tariffs on supply chains, regulatory access, and partner confidence. We support Swiss Medtech's call for immediate action to recognize FDA-approved devices in Switzerland, as this would facilitate continued collaboration with U.S. manufacturers while reinforcing Switzerland's role as a reliable and innovation-friendly medical technology hub.

Need for Diversification and Strategic Resilience

"Export barriers not only threaten companies, but also jobs, innovation, and the security of medical supply," said Adrian Hunn, Director of Swiss Medtech. He added that Switzerland must act in a flexible, determined, and strategic manner. In addition to addressing challenges with the U.S., the industry urges the Swiss government to strengthen further trade relationships with the EU, which remains Switzerland's largest market and employment base for the MedTech sector.

While a 90-day suspension of the "reciprocal" tariffs has been announced for most countries, Switzerland continues to face the full 31% rate. The Swiss government has stated it seeks clarification and resolution through diplomatic dialogue.

QNET CH-REP GmbH's Position

As a CH-REP serving numerous international clients, QNET CH-REP GmbH stands with Swiss Medtech in advocating for regulatory pragmatism and international alignment. The recognition of FDA-approved products in the Swiss system would benefit manufacturers and CH-REPs and help safeguard Switzerland's role as a global medtech leader amid an increasingly complex geopolitical landscape.

We remain committed to supporting our clients in navigating this evolving regulatory environment and ensuring uninterrupted market access.

April 2025 – European Union
Post-Market Surveillance (PMS) is a cornerstone of the EU Medical Device Regulation (MDR) and In Vitro Diagnostic Medical Device Regulation (IVDR), requiring all manufacturers to continuously monitor the performance and safety of their devices once on the market. However, recent inspections by the Dutch Health and Youth Care Inspectorate (IGJ) have highlighted widespread non-compliance with these requirements—particularly among legacy and Class I device manufacturers.

Key Findings from IGJ PMS Inspections

Since late 2023, IGJ has stepped up its audits, focusing on PMS systems. A total of 13 manufacturers were inspected across various device types, including software and in vitro diagnostics. The audits covered PMS plans, PMS reports, Periodic Safety Update Reports (PSURs), and their integration into ISO 13485-certified Quality Management Systems (QMS).

Common deficiencies included:

• Inadequate PMS Planning: Many manufacturers either lacked a documented PMS plan or had one that was unclear or incomplete.
• Incomplete Reports: PMS reports and PSURs often lacked critical information, such as incident differentiation and corrective action indicators.
• Weak Data Management: Insufficient data collection processes and analysis frameworks were found, especially concerning the separation of serious from non-serious incidents.
• Poor Implementation: Although some corrective actions were taken, few were connected to a broader benefit-risk reassessment or clearly defined triggers.

Despite these findings, IGJ also reported that several companies showed improvement upon re-inspection, proving that compliance is achievable with proper system design and resource allocation.

Why This Matters

Failure to comply with PMS obligations under the MDR and IVDR can result in enforcement measures ranging from corrective action requests to suspension of market access. These obligations apply not only to new devices but also to legacy products still on the EU market.

For small and medium-sized manufacturers, PMS implementation may seem burdensome—but non-compliance carries greater risk. Investing in a structured PMS framework is a regulatory necessity and a business advantage supporting safer, more innovative products.

Recommendations for Manufacturers

To ensure alignment with regulatory expectations, manufacturers are advised to:

• Embed PMS into their QMS in a structured, traceable manner;
• Apply PMS obligations to all marketed devices, including legacy and Class I devices;
• Define roles and responsibilities clearly, especially for data analysis and reporting;
• Update PMS and PSURs regularly based on real-world data and product performance;
• Seek expert support to navigate complex MDR/IVDR requirements;
• Stay up to date with EU guidance and national authority communications.

Need Assistance?

Our regulatory experts are here to support you if you're unsure whether your PMS system is audit-ready or fully compliant. We help manufacturers assess, optimize, and document PMS systems in line with current EU and national expectations.

???? Contact us today to schedule a consultation.

Source:
Inspectie Gezondheidszorg en Jeugd (IGJ). Oproep aan fabrikanten van medische hulpmiddelen: zorg voor een goed PMS-systeem. October 2024.
https://www.igj.nl

Introduction

The European Union has adopted the General Product Safety Regulation (GPSR) 2023/988, which replaces the previous General Product Safety Directive (GPSD 2001/95/EC). The GPSR introduces stricter safety requirements and modernized rules to ensure that all products on the EU market are safe, particularly addressing challenges posed by online sales, globalization, and emerging technologies.

For manufacturers, importers, and distributors, GPSR 2023/988 compliance is essential to access and operate in the European Union market. Below is an overview of the regulation and what businesses must do to comply.

Why the GPSR Matters

The GPSR ensures that products not covered by sector-specific legislation (such as CE marking directives for medical devices, machinery, or toys) remain safe for consumers. It applies to all consumer products that are placed, made available, or sold in the European Union, whether through traditional or online channels.

With an increasing focus on product safety, the GPSR strengthens the regulatory framework to address modern challenges such as:

• Cross-border e-commerce and online platforms.
• Traceability of products in a globalized supply chain.
• Product risks from emerging technologies, such as connected products and IoT.

Why is this Important for Businesses?

The GPSR directly impacts manufacturers, importers, and distributors operating in the EU, as well as non-EU businesses looking to enter the EU market. Non-compliance can result in severe consequences, including:

• Product recalls or market withdrawals initiated by EU authorities.
• Fines and penalties for placing unsafe products on the market.
• Loss of consumer trust can damage a company’s brand reputation and competitiveness.

Ensuring compliance with GPSR 2023/988 is not just a regulatory obligation but a strategic necessity for businesses to safeguard market access, reduce risks, and demonstrate their commitment to consumer safety.

Key Changes Introduced by the GPSR

1.     Stricter Product Safety Requirements

Products must be safe under normal and foreseeable conditions of use, taking into account:

• Chemical, physical, mechanical, and electrical risks.
• Risks to vulnerable populations, such as children and older people.
• Emerging risks, including cybersecurity vulnerabilities in innovative products.

2.     Mandatory Technical Documentation

Manufacturers must prepare and maintain Technical Documentation to prove compliance with safety requirements (Article 9). This file must include:

• Risk Assessment: Identify hazards, mitigation measures, and residual risks.
• Safety Features: Details on product design, technical specifications, and manufacturing.
• Instructions for Use: Clear and safe usage instructions, maintenance, and warnings.
• Testing Results: Evidence of compliance with applicable safety standards.

Manufacturers must retain this documentation for 10 years after placing the product on the EU-market.

3.     Traceability and Labeling Requirements

Products must include clear, visible, and legible labeling information:

• Manufacturer’s name, registered trade name, and contact details.
• Contact details of the EU-based Economic Operator (if the manufacturer is outside the EU).
• If affixing this information to the product is not feasible, it can be placed on the packaging or accompanying documents.

Traceability measures must include batch numbers or other identifiers to ensure product identification.

4.     The Role of Economic Operators

Under Article 16, the GPSR requires that a non-EU manufacturer appoint an EU-based economic operator to ensure compliance. This can be:

• An EU Authorized Representative (EAR).
• An importer or distributor established in the EU.

The economic operator’s responsibilities include:

• Retain technical documentation and provide it to authorities when requested.
• Cooperating with EU market surveillance authorities during compliance checks.
• Ensuring product labeling, safety, and corrective actions are in place.

Appointing an Authorized Representative such as QNET BV for businesses outside the EU ensures seamless compliance and representation.

5.     Online and Distance Sales Compliance

Products sold through e-commerce and online marketplaces must comply with the same safety and traceability requirements as physical goods. Online platforms are now required to:

• Ensure that only compliant products are made available.
• Display the name and contact details of the responsible economic operator for each product.

6.     Post-Market Surveillance and Corrective Actions

The GPSR emphasizes Post-Market Surveillance (Article 19). Economic operators must:

• Monitor product safety throughout its lifecycle.
• Investigate complaints, feedback, and incidents.
• Take corrective actions, including recalls or warnings, to address safety risks.
• Notify authorities of any serious risks associated with their products.

Who Needs to Comply with GPSR 2023/988?

The regulation applies to:

• Manufacturers: Both EU-based and non-EU manufacturers are placing products on the EU market.
• Importers and Distributors: Operators making products available in the EU supply chain.
• Online Marketplaces: Platforms facilitating sales to EU consumers.

Non-EU manufacturers must appoint an Authorized Representative to serve as the contact point for regulatory authorities.

How QNET BV Can Help

At QNET BV, we specialize in acting as an EU Authorized Representative (EAR) to help non-EU manufacturers comply with GPSR 2023/988 and other EU regulations.

Our services include:

• Acting as the official EU contact point for market surveillance authorities.
• Reviewing and maintaining your Technical Documentation for compliance.
• Ensuring correct labeling and traceability requirements.
• Providing Post-Market Surveillance (PMS) support, including incident management.
• Keeping you informed of regulatory changes and obligations.

By partnering with QNET BV, you ensure that your products meet the EU’s safety requirements, enabling smooth and secure access to the European market.

Conclusion

The General Product Safety Regulation (GPSR 2023/988) is a critical regulation for manufacturers, importers, and distributors placing non-CE-marked products on the EU market. It modernizes product safety requirements, strengthens traceability, and introduces stricter obligations for online sales.

Non-EU manufacturers must work with an EU-based economic operator to remain compliant. By appointing QNET BV as your Authorized Representative, you can confidently meet these requirements and ensure consumer safety and regulatory compliance.

Contact us today for more information or to discuss how QNET BV can support your business.

QNET BV
Your Trusted Partner for EU Compliance
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +316 533 16900

The EU AI Act: How It's Transforming AI in Healthcare and Medical Devices

The EU AI Act (Regulation 2024/1689) is a groundbreaking legislation governing artificial intelligence (AI) systems across the European Union. As its first comprehensive regulatory framework, the Act has profound implications for AI, particularly in healthcare and medical devices. It seeks to ensure that AI is used safely, ethically, and transparently while encouraging innovation.

If you're developing or using AI-powered medical devices, this regulation will impact how you work. Let's explore what it means and how it changes the landscape for medical device software (MDSW).

What Is the EU AI Act?

The EU AI Act is a new legal framework for AI systems that categorizes AI based on risk and regulates its use accordingly. It aims to strike a balance between encouraging innovation and protecting people from the potential harms of AI.

The regulation uses a risk-based approach:

1. Prohibited AI: These systems are banned outright because they pose significant societal risks. Examples include AI for social scoring (like China's social credit system) or subliminal manipulation.
2. High-Risk AI: AI systems in critical fields like healthcare, education, and law enforcement are tightly regulated to ensure safety and accountability.
3. Limited-Risk AI: Systems such as chatbots or AI-generated content are allowed but must meet basic transparency requirements, like informing users they are interacting with AI.
4. Minimal-Risk AI: Simple AI applications, such as spam filters or AI in video games, face no specific requirements under the Act.

AI is almost always categorized as high-risk for healthcare and medical devices, meaning manufacturers must meet rigorous safety and transparency standards.

Why Does This Matter for Medical Devices?

AI is revolutionizing healthcare, powering applications like diagnostic tools, treatment recommendations, and patient monitoring systems. But with great potential comes great responsibility. AI systems must be trustworthy, accurate, and safe when lives are at stake.

The EU AI Act ensures that AI-powered medical devices:

• Perform reliably, even in critical scenarios.
• Are designed to minimize risks, such as data errors or biases in decision-making.
• Provide transparency so healthcare professionals and patients understand how AI works.

Key Changes for Medical Device Manufacturers

If you're developing or using AI in medical devices, here's what you'll need to do differently under the AI Act:

1. Safety and Transparency

Safety is at the heart of the AI Act. Manufacturers must prove that their AI systems:

• Meet strict safety standards, similar to traditional medical devices regulated under the MDR (Medical Device Regulation).
• Are transparent about their decision-making processes. For example, doctors should understand how an AI tool generates its recommendations so they can make informed clinical decisions.

2. Continuous Monitoring

Unlike traditional medical devices, AI systems often learn and evolve. This adaptability is both a strength and a challenge:

• Manufacturers must monitor AI systems continuously, ensuring they remain accurate and safe after deployment.
• Any updates to the AI model, such as retraining it with new data, must go through a structured risk assessment.

3. High-Quality Data

AI relies on data to function, but poor-quality or biased data can lead to serious errors. The AI Act requires:

• High standards for data quality and relevance.
• Processes to identify and mitigate biases in the training data.
• Documentation of where the data comes from and how it was processed.

4. Integration with Existing Regulations

AI-powered medical devices must comply with the AI Act and the MDR, which regulates all medical devices in Europe. This means manufacturers face dual obligations:

• Proving the safety and performance of the device under MDR rules.
• Demonstrating transparency, data governance, and risk management as required by the AI Act.

How This Aligns with Established Standards

The AI Act doesn't exist in isolation—it builds on global standards for medical devices and software. For manufacturers, compliance involves aligning with these existing frameworks:

ISO 13485 (Quality Management Systems)

This standard ensures manufacturers maintain robust processes for designing and producing medical devices. Under the AI Act, you'll need to:

• Adapt your quality management system (QMS) to include AI-specific workflows.
• Ensure traceability of all AI components, from training datasets to algorithm updates.

ISO 14971 (Risk Management)

Risk management is critical for AI systems, introducing unique challenges like algorithmic bias and cybersecurity threats. You'll need to:

• Identify hazards specific to AI, such as incorrect predictions or security vulnerabilities.
• Implement controls to mitigate these risks, like real-time monitoring or safeguards against misuse.

IEC 62304 (Software Development)

This standard governs the lifecycle of medical device software. For AI, this means:

• Treating AI training and model updates as part of the software development lifecycle.
• Testing AI systems rigorously with real-world data to validate performance.

Challenges for Manufacturers

1. Managing AI Updates

Traditional medical software is often static after deployment, but AI is dynamic. Manufacturers must:

• Develop processes for retraining and updating AI models without compromising safety.
• Document every change to ensure traceability and compliance.

2. High Compliance Costs

Meeting the AI Act's and MDR's dual requirements can be costly, especially for smaller companies. Developing documentation, testing systems, and implementing continuous monitoring all require significant resources.

3. Complexity of Regulations

The overlap between the AI Act, MDR, and other standards can be overwhelming. Manufacturers must ensure that their processes are streamlined to meet multiple regulatory requirements efficiently.

Opportunities for Growth

Despite the challenges, the AI Act opens doors for innovation and growth:

1. Trust and Transparency:
   • Complying with the AI Act ensures that your AI systems are trustworthy and transparent, building user and regulators' confidence.
2. Global Leadership:
   • Europe is leading the way in ethical AI regulation. Companies that comply with the AI Act will be well-positioned to expand globally, offering products that meet the highest safety standards.
3. Clear Guidelines for Innovation:
   • The AI Act provides a structured framework for developing AI responsibly, encouraging innovation without unnecessary risks.

What This Means for Patients and Healthcare Providers

The AI Act ensures safer and more reliable AI-powered medical devices for patients. Whether it's an app monitoring your heart or an AI tool assisting in diagnosing cancer, you can trust that these systems have been rigorously tested and are transparent about how they work.

The Act offers confidence in AI tools for healthcare providers, enabling better clinical decisions. Doctors and nurses can rely on AI systems to provide accurate, explainable insights without fearing hidden biases or risks.

Looking Ahead

The EU AI Act Regulation 2024/1689 is a transformative step forward in AI governance. By combining this new framework with existing standards like MDR, ISO 13485, ISO 14971, and IEC 62304, the EU is setting a global benchmark for safe and ethical AI.

This regulation may pose challenges for medical device manufacturers, but it also offers an opportunity to lead in an evolving, AI-driven healthcare landscape. By aligning with the AI Act, companies can innovate responsibly, build trust, and deliver solutions that improve lives.

Executive Summary

PMS is a regulatory requirement that systematically monitors a medical device's safety, performance, and quality once it enters the market. PMS processes allow manufacturers to collect real-world data, assess device efficacy, and ensure long-term compliance with regulatory standards. QNET, as your Authorized representative in the EU, UK, and Switzerland, has an important role in informing manufacturers to meet PMS requirements.

2. PMS Requirements by Region

European Union (EU)

The EU's Medical Device Regulation (MDR) 2017/745 and In Vitro Diagnostic Regulation (IVDR) 2017/746 mandate that manufacturers implement a PMS system that integrates with their Quality Management System (QMS). Essential PMS requirements include:

• PMS Plan: A detailed plan tailored to each device's risk classification, covering data collection, analysis, and corrective actions as necessary.
• PMS Report (PMSR): Required for Class I devices, providing regular updates on device safety, performance, and any corrective actions taken.
• Periodic Safety Update Report (PSUR): Required for Class IIa, IIb, and III devices, the PSUR includes annual or biennial updates on benefit-risk assessments and post-market clinical follow-up (PMCF).
• Notified Body Oversight: High-risk devices require notified body audits, but all devices are subject to PMS requirements to ensure compliance​.

United Kingdom (UK)

Post-Brexit, the UK enforces similar PMS requirements under the UK MDR, but manufacturers must navigate specific UK processes:

• UKRP Requirement: Non-UK manufacturers who designate QNET as UKRP to manage PMS responsibilities, ensure compliance with national PMS standards, and facilitate communication with MHRA.
• Incident Reporting: The UKRP ensures that adverse events and safety issues are promptly reported to MHRA in alignment with UK regulations.

Switzerland

Switzerland aligns closely with EU MDR requirements. It enforces unique PMS processes through Swissmedic:

• Swiss Ordinance on Medical Devices: Manufacturers must submit a PMS plan and regularly collect safety and performance data, especially for Class I devices that often lack notified body oversight.
• Swissmedic Inspections: Swissmedic conducts targeted inspections, ensuring compliance with PMS requirements and mandating corrective actions as necessary​.

3. Role of National Competent Authorities

National competent authorities enforce PMS compliance, using targeted inspections and regulatory action to ensure manufacturers uphold safety and quality standards.

Swissmedic (Switzerland)

• Class I Device Inspections: Swissmedic inspects Class I devices to confirm compliance with the Swiss Ordinance, requiring evidence of systematic PMS. Non-compliant manufacturers may face market restrictions until corrective actions are implemented.
• Data Transparency: The upcoming Swissdamed database will improve oversight by centralizing data on devices marketed in Switzerland​.

IGJ (Dutch Competent Authority)

• PMS Framework: The IGJ monitors compliance with PMS requirements under MDR and IVDR, strongly focusing on SMEs and legacy devices. The IGJ encourages manufacturers to proactively address compliance gaps and use PMS data for device improvements.

MHRA (United Kingdom)

• Vigilance and Incident Reporting: MHRA emphasizes prompt incident reporting and maintains strict PMS documentation requirements. The UKRP supports non-UK manufacturers in fulfilling these responsibilities by managing regulatory interactions with MHRA.

4. Specific Roles of Authorized Representatives in PMS Compliance

EU Authorized Representative (EAR) / QNET

• Primary Responsibilities: QNET, as the EAR, is the official regulatory liaison between non-EU manufacturers and the EU authorities. Responsibilities include verifying the manufacturer's PMS plan, ensuring compliance with MDR requirements, and facilitating vigilance reporting to the relevant authorities.
• PMS Documentation and Audits: QNET, as the EAR, provide support in maintain and update PMS documentation, such as PSURs and PMSRs, and prepares the manufacturer for possible audits by national authorities. QNET also supports that PMS outcomes are applied to the QMS, helping the manufacturer address and document corrective actions.
• Risk Mitigation: By coordinating communication with EU competent authorities, QNET helps mitigate regulatory risks, keeping the manufacturer informed of PMS requirements and updates within the EU.

UK Responsible Person (UKRP)

• Role as a Regulatory Contact: QNET, as the UKRP, acts as the primary regulatory contact for non-UK manufacturers, ensuring compliance with the UK MDR and maintaining the required PMS documentation. QNET, as the UKRP, must be readily available to MHRA and address all regulatory issues related to the device, particularly safety and performance concerns.
• Incident Reporting and Vigilance: QNET, as the UKRP, is responsible for reporting any adverse events or safety concerns involving the device to MHRA. QNET can coordinate closely with the manufacturer to facilitate prompt and accurate incident reporting, as well as to ensure that the PMS data remains up-to-date.
• Integration with QMS: QNET, as the UKRP, assists the manufacturer in integrating PMS findings into their QMS and implementing any necessary design or labeling updates based on PMS outcomes. They also ensure that PMS requirements adapt to any regulatory changes in the UK, such as the implementation of new guidelines.

Swiss Representative (CH-REP)

• Liaison with Swissmedic: QNET, as CH-REP, supports non-Swiss manufacturers in meeting Switzerland's PMS requirements, including device registration with Swissmedic and ensuring accurate, up-to-date PMS documentation. QNET is responsible for notifying Swissmedic of safety issues or trends and facilitating communication on regulatory matters.
• PMS Documentation and Compliance Checks: QNET, as CH-REP, ensures the manufacturer maintains comprehensive PMS documentation, including PMS plans, reports, and incident data. QNET assist in fulfilling Swissmedic's data transparency initiatives and ensure PMS findings are integrated with other QMS elements, such as risk management and performance evaluations.
• Corrective and Preventive Actions: Swissmedic expects the CH-REP to support the manufacturer in implementing corrective actions identified during PMS. By coordinating with Swissmedic, QNET, as CH-REP, helps the manufacturer demonstrate compliance and avoid regulatory action, such as market restrictions​.

5. Practical Considerations for Manufacturers

• Addressing PMS Complexity: National competent authorities emphasize that PMS is a complex requirement, and smaller manufacturers may face challenges in managing it effectively. Through EAR, UKRP, and CH-REP services, we help manufacturers build a robust PMS system that aligns with EU, UK, and Swiss regulations.
• Strategic Benefits of Authorized Representatives: Our EAR, UKRP, and CH-REP services provide essential support, ensuring that manufacturers adhere to PMS requirements while maintaining their focus on device innovation and quality.

Conclusion

PMS is a fundamental regulatory requirement, essential to device safety and public health. The roles of national competent authorities, including Swissmedic, IGJ, and MHRA, highlight the need for robust PMS practices, especially for manufacturers based outside the EU, UK, and Switzerland. By partnering with us as your EU Authorized Representative, UK Responsible Person, and Swiss Representative, manufacturers can navigate PMS requirements with confidence, knowing they have trusted regulatory support across all regions.

PMS Activities, Milestones, Time Windows, Market-Specific Requirements, and QNET’s Role

Key Takeaways

1. Unified Compliance Strategy: QNET ensures all PMS activities meet MDR, IVDR, UK MDR, and Swissmedic requirements, reducing the complexity for manufacturers.
2. Representation Across Regions:
   • As EAR, QNET manages PMS submissions and compliance in the EU.
   • As UKRP, QNET ensures alignment with MHRA’s reporting and vigilance requirements.
   • As CH-REP, QNET facilitates Swissmedic communications and supports enhanced PMS oversight for Class I devices.
3. Expert Support at Every Step: From PMS Plan development to CAPA implementation and incident reporting, QNET provides comprehensive assistance to ensure manufacturers meet their regulatory obligations.

Introduction

With the implementation of Regulation (EU) 2024/1860, the requirements and timelines for in vitro diagnostic medical devices (IVDs) under the In Vitro Diagnostic Regulation (IVDR) 2017/746 have been updated. These changes address the practical challenges of compliance and ensure that essential IVDs remain available in the European market. We outline the specific areas notified bodies will assess, highlighting the updated deadlines and procedural requirements from Regulation 2024/1860.

Key Areas of Focus for Notified Body Assessments under Regulation (EU) 2024/1860

1. Quality Management System (QMS)

Regulation Impact: According to Regulation 2024/1860, manufacturers using the extended compliance deadlines must implement a QMS in line with IVDR Article 10 by May 26, 2025. Notified bodies will assess the QMS to ensure it meets IVDR requirements.

• Implementation and Maintenance: Your QMS must be comprehensive and continuously maintained to align with IVDR standards, covering all stages of the device lifecycle.
• Process Controls: Notified bodies will examine how you manage design, production, and post-market processes to verify that they meet regulatory standards.
• Documentation: Detailed documentation is essential to demonstrate traceability and compliance, a requirement underscored by the extended deadlines in Regulation 2024/1860.

2. Technical Documentation

Regulation Impact: The transitional periods extended by Regulation 2024/1860 allow more time for compliance but require manufacturers to keep their technical documentation up to date with IVDD standards until the new deadlines.

• Device Description and Specifications: Include the intended purpose, risk classification, and design specifications to ensure compliance and avoid delays.
• Performance Evaluation: Data confirming your device's analytical and clinical performance will be required for notified body review, especially as compliance deadlines approach.
• Risk Management: Regulation 2024/1860 requires comprehensive risk documentation in line with IVDR standards, demonstrating your ability to identify and address potential risks.
• Labeling and Instructions for Use: Labels and instructions must meet IVDR clarity, accuracy, and safety standards, which notified bodies will evaluate to ensure proper use.

3. Post-Market Surveillance (PMS)

Regulation Impact: The extended deadlines grant time to finalize PMS procedures, but these must still align with IVDR's strict post-market monitoring requirements.

• PMS Plan: A proactive PMS plan is essential for ongoing safety and effectiveness monitoring, as the IVDR specifies.
• Periodic Safety Update Reports (PSUR): Regular updates on safety data are required to maintain compliance during the transitional period.
• Vigilance System: Notified bodies will evaluate your system for managing and reporting incidents as part of your ongoing compliance obligations under IVDR and Regulation 2024/1860.

4. Clinical Evidence

Regulation Impact: Despite transitional extensions, clinical evidence requirements remain unchanged. These must meet IVDR standards, proving the device's performance, scientific validity, and analytical reliability.

• Clinical Performance Studies: Data from real-world studies is required to show the device performs safely and effectively.
• Scientific Validity: Evidence for the scientific basis of the device's analyte is critical for compliance.
• Analytical Performance: Notified bodies will assess that your device reliably measures as intended, supporting both IVDR and transitional compliance under Regulation 2024/1860.

5. Regulatory Compliance

Regulation Impact: Regulation 2024/1860 mandates that manufacturers follow the appropriate IVDR conformity assessment routes, depending on the device classification, even within extended timelines.

• Conformity Assessment Procedures: The required assessment route will depend on your device's risk class, which impacts compliance timelines.
• Declarations of Conformity: These formal declarations confirm your device meets IVDR standards, an ongoing requirement even with deadline extensions.
• Unique Device Identification (UDI): Implementing UDI systems remains mandatory, improving traceability as required by IVDR and Regulation 2024/1860.

6. Supplier and Subcontractor Controls

Regulation Impact: Supplier and subcontractor management is crucial, especially for devices under extended deadlines. Compliance with quality agreements and regular audits is necessary to meet both IVDD and IVDR standards during the transitional period.

• Qualification and Monitoring: Selection, qualification, and regular monitoring of suppliers must meet IVDR standards.
• Formal Agreements: Agreements must outline clear quality and compliance requirements, with records of audits as evidence.
• Audit Records: Regular supplier audits ensure compliance continuity, meeting IVDR standards even through extended deadlines under Regulation 2024/1860.

7. Unannounced Audits

Regulation Impact: Notified bodies may conduct unannounced audits to verify ongoing compliance. Maintaining readiness for these audits is crucial, especially as the regulation emphasizes safety and reliability throughout the extended compliance period.

• Readiness: Since unannounced audits are a tool for verifying compliance, organizations should stay prepared to demonstrate compliance with IVDR and meet regulatory expectations under Regulation 2024/1860.

Conclusion

Regulation (EU) 2024/1860 introduces significant amendments that provide flexibility in IVDR compliance deadlines while maintaining strict requirements for safety and reliability. By focusing on these areas, your organization can position itself for successful compliance, meeting immediate IVDD and future IVDR requirements. Our team is here to guide you through each step, ensuring that your products continue to meet the standards for safety and effectiveness.

Don't hesitate to contact our team if you have questions or need support in preparing for notified body assessments. We're committed to helping you achieve successful, seamless compliance with IVDR and Regulation 2024/1860.

The EU's Medical Devices Regulation (MDR) addresses requirements for using CMR and/or ED substances in Chapter II Section 10.4 of Annex I (MDR).

The commission’s Scientific Committee on Health, Environmental, and Emerging Risks (SCHEER) finalized its revised phthalates benefit-risk assessment guidelines on June 17, 2024. Under the MDR, these guidelines must be updated at least every five years.

SCHEER notes that phthalates are widely used as plasticizers of polymers or additives in various applications, including medical devices. "The interaction of phthalates with the polymers they are embedded is weak, so they may be released from the plastic product into the environment and the human body when exposure occurs”.

Intended for stakeholders including manufacturers, notified bodies, and regulatory bodies, the SCHEER guidelines offer a methodology for justifying the presence of phthalates classified as CMR 1A or 1B and/or ED in devices and/or parts or materials utilized at a percentage above 0.1% by weight, which otherwise are prohibited from use in medical devices under the MDR.

Additionally, they provide a methodology for evaluating potential alternatives to CMR/ED phthalates in devices, including alternative materials, designs, or medical treatments.

SCHEER notes, “The approach of these guidelines may also be used for a [benefit-risk analysis] of other CMR/ED substances in medical devices”.

Under the MDR, medical device manufacturers must justify using hazardous phthalates and other CMR or ED chemicals. The presence of those substances above de minimis levels must be communicated using a label on the device itself and/or on the packaging for each unit.

“The information labeled should be submitted using the Unique Device Identification (UDI) Database along with the UDI-DI. If the intended use of such medical devices includes treatment of special patient groups considered particularly vulnerable to such substances and/or materials, information on residual risks for those patient groups must be provided”.

The update includes minor changes to the preexisting document, mostly focusing on “the progress made in the last five years regarding the application, exposure, and toxicology of alternatives for the phthalate plasticizers in medical devices”, which is detailed in new annexes to the guidelines.

The final guidelines include three new annexes.

• Annex 8 describes exposure to currently used CMR/ED phthalate alternatives,
• Annex 9 describes the toxicology of currently used CMR/ED phthalate alternatives, 
• Annex 10 describes progress in developing CMR/ED phthalate alternatives for use in blood bags.

Guidance for alternatives evaluation previously used wording pointing to “potentially relevant” candidates to consider as alternatives to CMR/ED phthalates; now the terminology has changed to “most relevant” candidates to help stakeholders avoid unnecessary alternatives review.

“While some alternatives might be available, the focus should be limited to the likely most relevant alternatives based on a preliminary evaluation of their suitability”, SCHEER says.

The committee recommends a minimum of three alternative evaluations and notes that less than three “needs to be justified by additional information”.

“However, risk is not the only parameter to consider: the impact of the possible alternatives on the functionality, performance, and the overall benefit-risk ratio of the medical device shall also be evaluated”, the committee says.

The guidelines include new information on regulation regarding ED hazard classification, including Category 1 comprising known or presumed EDs and Category 2 comprising suspected EDs for human health and the environment.

Summary

• Phthalates classified as CMR 1A or 1B and/or endocrine-disrupting under EU chemical regulations are prohibited in medical devices above 0.1% by weight unless justified through alternatives assessment and risk-benefit analysis.
• The EU increasingly focuses on identifying and regulating endocrine-disrupting substances as part of its Chemicals Strategy for Sustainability under the EU Green Deal.
• To ensure compliance, stakeholders can use updated phthalates benefit-risk assessment guidelines (Annex 7) to approach all such regulated substances.

Software (including AI) for medical purposes is regulated in Europe and the United Kingdom as a medical device. It requires comprehensive assessment before being placed on the EU and UK market under Medical Device Regulations (MDR) and the EU In Vitro Diagnostic Medical Devices Regulation (IVDR).

The European Union (EU) has introduced new legislation on Artificial Intelligence (AI): The “AI Act” (Regulation 2024/1689) because the current framework does not fully address the ethical and transparency risks associated with AI.

Like the General Data Protection Regulation (Regulation 2016/679 - GDPR), the AI Act applies to providers wherever they are in the world if they place or put into service an AI system in the European Union (EU).

The AI Act is one piece of new AI-related legislation and must be read in the context of changes proposed on product liability and AI liability.

The AI Act has profound implications for Medical Devices and In-vitro Diagnostic Medical Devices (MDR/IVDR) Regulations. The AI Act categorizes AI used in medical devices and in-vitro diagnostic devices (MDR/IVDR) as high-risk, which includes AI utilized for

• diagnosing,
• physiological monitoring, and
• guiding treatment choices.

The Impact on Deployers* of High-Risk AI Systems

Unlike the MDR/IVDR, which places responsibilities on economic operators in the supply chain, the AI Act also puts responsibilities onto the deployers of AI systems. These deployers will have new obligations, including:

• Taking appropriate technical and organizational measures to ensure that AI systems are used following their instructions for use (IFU)
• Assigning human oversight to competent, trained people
• Monitoring and surveillance
• Maintaining system logs when these are under their control
• Undertaking, where applicable, data protection impact assessments.

The Impact on Manufacturers of AI Act for Medical Devices:

• Medical devices are “high risk” if placed in the Class IIa category (or higher) under the Medical Devices Regulations MDR), or if placed as Class B (or higher) under the IVDR.
• Additional requirements for manufacturers of AI systems/products within the MDR/IVDR scope (high-risk devices/products) include:
  • Governance and data management requirements for training and testing data sets,
  • New record-keeping requirements, including the automatic recording of events (logs) over the system’s lifetime,
  • Transparent design requirements so deployers can interpret the output and use it appropriately,
  • Human oversight design requirements, and
  • Accuracy and cybersecurity requirements.

• More specifically, the 'AI Act' specifies that manufacturers of high-risk devices/products are required
  • To establish a risk management system throughout the product's lifecycle,
  • To implement data governance
    • to attest that data is free from errors, and
    • to provide technical documentation attesting that their products comply with the AI Act.
    • data collection,
      • data origin,
      • data quality,
      • data suitability,
      • data availability,
      • bias and control measures,
      • identification of data gaps,
      • assessment of identified data gaps in patient populations.
    • preprocessing details such as
      • data labeling,
      • data cleaning
      • aggregation of data.
    • Data governance must also cover the design processes:
    • The data set needs to be relevant and appropriate, with statistical properties to justify
      • the intended purpose,
      • the patient population,
      • the characteristics of the AI device/system.
    • To establish a quality management system (QMS) to ensure compliance, including
      • Transparency of design/technical specifications, including applicable Regulations, harmonized standards and CS,
      • Transparency of the AI operation to enable deployers to interpret a AI system’s output,
      • PMS and Vigilance,
      • Instructions for use (IFU) that provide "concise, complete, correct and clear" information to deployers,
    • To establish data management, including
      • the general logic and algorithms of the AI system,
      • the training methodologies,
      • implemented technologies,
      • training data sets and a general statistical description of them,
      • the human oversight measures,
      • the validation and testing procedures, including
        • The results will be disclosed as proof of meeting the AI's technical specifications.
        • A description of the validation and testing data and its main characteristics.
      • controller logs.

 PMS and Vigilance

• PMS and vigilance are elements within the MDR/IVDR and AI Act. The AI Act builds on the foundations of the MDR/IVDR but with specific aspects of AI systems.
• A template for the post-market monitoring plan, "PMS Plan" and PMS elements will be published.
• The vigilance process of reporting serious incidents is an exemption in the AI Act for MDR/IVDR devices.
• An additional reporting requirement for AI producers is communicating with competent authorities about threats to individual rights.

 Does the AI Act my Medical Device?

• The first consideration is whether the AI Act, based on a risk-based approach, applies to a medical device product.
• To find out, manufacturers need to:
  • Read the AI Act's recital 12 to understand how AI systems differ from traditional software systems.
  • Understand that medical devices/IVDs are considered high-risk systems, whether AI is integrated into a hardware medical device or stand-alone.
  • More specifically, Article 6 of the AI Act introduces a two-step process to understand whether a medical device is an AI system:

• If the product falls under Article 6.1 and the product or the AI system as a safety component, or a product listed in one of the legislations in Annex I (including MDR and IVDR) and undergoes a conformity assessment (i.e., all products except for class I devices under the MDR or IVDR),

then it is considered an AI system under the AIA.

• Also, in the health area, it is necessary to read Article 6.2 and consider whether the product falls into Annex III of the AIA – a long list of systems, including private and public healthcare systems - and so would be considered an AI system.

 Combined and Single CE Marking

• Manufacturers could have an integrated system for both regulations, given the overlap, a single declaration of conformity, and CE marking to demonstrate compliance with
  • AI Act, and
  • MDR or IVDR
• When the AI Act talks about providers, there is considerable overlap with what manufacturers mean under the MDR/IVDR.
• If the AI ​​product falls within the scope of the MDR/IVDR:
  • A combined CE marking and declaration of conformity is sufficient to demonstrate conformity to MDR/IVDR and the AIA.
  • Integration of corresponding processes is possible, including a consistent and integrated QMS structure on top of the existing measures of the MDR/IVDR.

 Record Keeping

• The AI Act calls for automatically recording events, which would operate like a "black box". In other words, it would keep an internal device track of and record how the AI device works. This should enable appropriate performance evaluation and be linked to PMS and vigilance data.
• Human oversight, a risk minimization measure needing a risk assessment, must be a feature, with human-machine interface tools and a means for humans to interrupt the process, such as, e.g., a "big red stop button".
• Evidence of cybersecurity's accuracy and robustness must be maintained throughout the lifecycle and disclosed in the technical documentation. Warnings in the IFU are not sufficient. A robust resistance to susceptibility to mistakes, errors, or inconsistencies must be integrated.

Compliance with other Regulations 

• Compliance with the AIA and the MDR/IVDR implies addressing other EU regulations, such as
  • The General Data Protection Regulation (GDPR),
  • The AI Liability Directive,
  • The Cyber Resilience Act (cybersecurity),
  • The Data Act,
  • The Data Governance Act,
  • The European Health Data Space Regulation (EHDS) and
  • The revised Product Liability Directive

Contact our office for more information.

Definition Artificial Intelligence (AI) System

(EU) Regulation 2024/1689 (“AI ​​Act”) defines an Artificial Intelligence system as

"A machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments". (Article 3(1))

Definition Provider

"A natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge" (Article 3(3))

*Definition Deployer

"A natural or legal person, public authority, agency or other body using an AI system under its authority, except where the AI ​​system is used in the course of a personal non-professional activity" (Article 3(4))

This initiative signals an important step towards a new regulatory framework for medical devices in the UK that

• protects public health,
• ensures access to MedTech innovations, and
• maintains an attractive market for the industry.

The framework

• ensures safe access to quality-assured medical devices,
• reduce the duplication of assessments by comparable regulators, and
• enables resources to focus on more innovative products that benefit patient health.
• allows manufacturers to start considering whether their devices will be eligible for the proposed alternative routes to market.

MHRA Strategic Direction 2023-26

There are many timetabled initiatives set out in the plan, but the one covered by section 2.6 is the most far-reaching. It promises that by 31 March 2025, the UK will have formalized new recognition pathways for UK device approvals that will complement existing national UK routes to market.

Risk-Proportionate Regulation

The MHRA aims to achieve “risk-proportionate regulation,” which will enable it to increase its regulatory oversight on high-risk medical products while at the same time reducing its regulatory oversight on products where there is “clear evidence of a lower risk to patients.”

A more significant proportion of self-declared processing will be possible by embedding lifecycle risk-proportionate approaches. This would mean that once safety and efficacy criteria are met, there will be an explicit allocation of responsibility to manufacturers.

Other timetabled initiatives are

• an improved regulatory management system;
• optimize MHRA service delivery times in priority areas, including scientific advice; and
• introduce new guidance and legislation.
• regulatory reforms, including the clinical trials framework and new provisions for point-of-care manufacture.

Contact This email address is being protected from spambots. You need JavaScript enabled to view it. for more information.

Sources

• https://www.gov.uk/government/publications/mhra-corporate-plan-2023-to-2026/medicines-and-healthcare-products-regulatory-agency-corporate-plan-2023-to-2026