The “regulatory affairs” section comprises over 200 tasks that need to be completed during the development and approval of medical devices.

Here, you will find an overview of the most essential content so that you can get your device approved quickly.

Regulatory Affairs und Zulassung

Content

On this page, you will find articles on the following topics:

  1. What regulatory affairs is
  2. Regulatory requirements
  3. Authorization and documentation
  4. Authorities, institutions, and associations
  5. Further topics of regulatory affairs

1. What regulatory affairs is

Regulatory affairs comprises the processes and activities that ensure that medical devices meet the regulatory requirements of the countries where they are sold. This includes

  • obtaining the necessary approvals from the regulatory authorities,
  • compliance with applicable regulations and standards, and
  • maintaining conformity throughout the entire product life cycle until decommissioning.

The tasks of regulatory affairs also include monitoring changes to regulations and standards and communicating these changes to stakeholders within the company to ensure continuous compliance.

Regulatory affairs thus plays a crucial role in ensuring that medical devices are safe, effective, and comply with legal requirements.

Further information

Refer also to the article on regulatory affairs managers’ tasks, competencies, and earning potential. This includes the task of developing a regulatory strategy.

2. Regulatory requirements

a) Germany

Laws Medical Devices Law (no longer valid)

Medical Devices Implementation Act MPDG

National regulations Medical Device Operator Ordinance (Medizinprodukte-Betreiberverordnung – MPBetreibV)

Medical Device User Notification and Information Ordinance (Medizinprodukte-Anwendermelde- und Informationsverordnung – MPAMIV)

b) Europe

EU directives (only for existing devices) Medical Device Directive (MDD, 93/42/EEC) and its essential requirements

In-vitro Diagnostic Directive (IVD, 98/79/EC)

Radio Equipment Directive RED

EU regulations Medical Device Regulation MDR

In-Vitro Diagnostics Regulation (IVDR)

General Data Protection Regulation (GDPR)

AI Regulation (planned)

PFAS Regulation (planned)

EU Battery Regulation

EU Data Act

EU AI Act

EU guidelines Overview of MDCG documents

Examples

Harmonized standards Overview of harmonized standards. You will find further articles on specific standards and their implementation (also) in these categories:

c) USA

Laws Food, Drug & Cosmetic Act (FD&C)

Administrative Laws (21 CFR)

General information Request for Information: How the FDA helps with classification

FDA eCopy Program

FDA Warning Letters and FDA Form 483 (Form 483)

FDA Inspection

Software Change: What the FDA expects from you

FDA MAUDE Database: Input for risk management

Approval procedure FDA updates “Refuse to Accept Policy” for 510(k)

The FDA Pre-Submission Program

The FDA Software Precertification (Pre-Cert) Pilot Program

FDA’s De Novo Program

Level of Concern: What the FDA wants to achieve with this program

Special 510(k): When the FDA will allow this “shortcut”

Breakthrough Devices Program of the FDA

Requirements FDA Human Factors Guidances

The FDA QSIT: Quality System Inspection Technique

The FDA Benefit-Risk Guidance

Recognized Consensus Standards of the FDA

Guidance ‘Interoperable Medical Devices’

Cybersecurity: FDA guidance documents

Complete overview

d) Other markets

see section 3.a)

3. Approval and documentation

a) Approval

Approval of medical devices (overview) Please also note the presentation describing the path to the CE mark as well as the articles “7 steps to a medical device” and “Approval of IVDs.
Conformity assessment procedure (assessing conformity with statutory requirements)
Approval in China
Approval China FDA / NMPA
Approval in Brazil
Approval in Japan
Approval Saudi Arabia (SFDA)
Approval South Korea

Find more information on international approval

b) Qualification and classification (How should my device be classified?)

Qualification as a medical device (medical device yes/no). This also includes the distinction between medicinal products and medical devices, as well as the special case of combination products.
Classification according to MDR Class I, IIa, IIb, III or IVDR Class A, B, C and D
Qualification and classification of software as a medical device
Classification of devices as accessories

c) Technical documentation (What do I need to document for each device?)

Technical documentation (overview)
Intended purpose (the foundation document)
Instructions for use
Clinical evaluation of medical devices according to MEDDEV 2.7/1 rev. 4
Risk management files: risk policy, risk management plan, risk analysis, risk management report
Usability file
Software file, e.g., software requirements specification, software architecture, software tests, software release. Please also note the special features of medical apps (mobile medical apps).
Verification and validation of medical devices
Unique Device Identification

d) Quality management (What should your company fulfill?)

Quality management is not usually the responsibility of regulatory affairs. Nevertheless, we have listed some important articles for you.

Steps to a certified QM system
Audits (especially of quality management systems)
Systems for Post-Market Surveillance and PMCF (Post-Market Clinical Follow-up) and vigilance

4. Authorities, institutions, and associations

a) Germany

Federal Institute for Drugs and Medical Devices (BfArM – Bundesamt für Arzneimittel und Medizinprodukte)
German Institute for Medical Informatics (DIMDI – Deutsches Institut für medizinische Informatik); has since been integrated into the BfArM
DAkkS, the German accreditation body
State authorities: Regional councils, trade supervisory offices, governments

b) Europe

Notified bodies
NBOG: Notified Body Operations Group
MDCG: Medical Device Coordination Group

c) International

IMDRF: International Medical Device Regulators Forum

5. Regulatory affairs: Further topics

Here, you will find an article on the tasks and competencies of regulatory affairs managers.

Note the advantages and disadvantages of Regulatory Information Management Systems (RIMS) and their role in manufacturers’ digital transformation.

Part of the tasks of regulatory affairs is regulatory intelligence.

Do you still have questions, for example, about the approval of your devices? Then, take advantage of our free micro-consulting service.

If you would like support in developing and “approving” your medical devices in compliance with the law, contact us right away. The Johner Institute team will be happy to help!


Medical device approval: Approval procedures in the EU and the USA

People often talk about the approval of medical devices, even if something else is meant – sometimes a certificate of conformity, sometimes a “clearance,” sometimes a successfully completed conformity assessment procedure. Terms like “MDR approval” are even misleading. This article clarifies what a medical device approval means and when manufacturers need one in the first…

Details

Clinical endpoints: Why they are important

When notified bodies identify discrepancies in clinical evaluations, in many cases, these relate to the clinical endpoints. It is, therefore, essential for medical device manufacturers to specify the clinical endpoints precisely and to demonstrate that they have actually been achieved. This article explains what manufacturers should pay particular attention to. 1. Clinical endpoints: The basics…

Details

Special authorizations for medical devices: Last resort for manufacturers?

Special authorizations are a concept of the MDR (Article 59). In this way, the legislator wants to create a possibility to place medical devices on the market in emergency or exceptional cases, even without having gone through a complete or successful conformity assessment procedure. Special authorizations should not be confused with concessions and exemptions under…

Details

Common Specifications – Competing with standards?

Both the MDR and IVDR introduce the concept of Common Specifications. Definition of Common Specifications MDR and IVDR define Common Specifications as follows: Purpose of Common Specifications EU Directives, such as the MDD and IVDD, as well as EU Regulations, such as the MDR and IVDR impose so-called general requirements on all medical devices must meet. If the requirements are not met, manufacturers must not…

Details

MDR Classification Rule 11: The classification nightmare?

The MDR contains the Classification Rule 11. This rule is especially for software. The Rule 11 has serious implications: it bears the potential to further undermine Europe’s innovation capacity. Manufacturers should familiarize themselves with the MDCG‘s interpretation to avoid misclassifying software and to be able to follow the reasoning of notified bodies and authorities. This article…

Details

HIPAA in a nutshell

The Health Insurance Portability and Accountability Act (HIPAA) is a US law that establishes requirements for processing protected health data.  Institutions that collect or process these data in the USA and their subcontractors must comply with HIPAA if they want to avoid sanctions. For European companies in particular, HIPAA is a regulation that is difficult to understand…

Details