Does compliance with ISO 13485 automatically mean MDR compliance?

For manufacturers of medical devices, compliance with ISO 13485 is often considered a cornerstone of demonstrating quality management and regulatory readiness. However, a question arises: does adherence to ISO 13485 automatically equate to compliance with the MDR?

The short answer is NO — but the relationship between the two is integral.

ISO 13485 is recognized as a harmonized standard under the MDR. This designation means that compliance with ISO 13485 ensures conformity with specific portions of the MDR—primarily those related to quality management systems (QMS).

However, the relationship is not reciprocal. While adherence to ISO 13485 provides a strong foundation for MDR compliance, it does not automatically cover all MDR requirements. ISO 13485 focuses on the QMS framework for medical devices, whereas the MDR encompasses a broader scope, including device classification, clinical evaluation, post-market surveillance, and regulatory obligations such as Unique Device Identification (UDI) and EUDAMED registration.

What does ISO 13485 mean?

ISO 13485 is the internationally recognized standard for quality management systems (QMS) specific to medical device manufacturers. It outlines the requirements for a system that ensures consistent design, production, installation, and servicing of medical devices, with a strong focus on safety and performance. The standard covers:

• Risk management.
• Documented procedures and records.
• Design and development processes.
• Supply chain management.
• Complaint handling and corrective/preventive actions.

What is MDR compliance?

The MDR is the regulatory framework that governs the safety and performance of medical devices within the EU. It introduces strict requirements for:

• Device classification and risk assessment.
• Clinical evaluation and post-market surveillance (PMS).
• Unique Device Identification (UDI) and EUDAMED registration.
• Quality Management Systems aligned with EU-specific requirements.

While the MDR emphasizes the importance of a robust QMS, it encompasses additional obligations that go beyond ISO 13485.

Key Differences Between ISO 13485 and MDR Requirements

1. Regulatory Focus
   ISO 13485 is a global standard focused on establishing a robust QMS but does not address specific regulatory requirements unique to the EU. MDR includes EU-specific requirements such as UDI, EUDAMED, and detailed post-market surveillance obligations.
2. Clinical Evidence
   ISO 13485 requires a design process that considers clinical requirements but does not specify how to generate or maintain clinical evidence. MDR mandates rigorous clinical evaluation and continuous post-market clinical follow-up (PMCF).
3. Risk Management
   ISO 13485 integrates risk management into QMS processes but references ISO 14971 for detailed guidance. MDR requires not only comprehensive risk management but also its integration with benefit-risk analysis and post-market surveillance activities.
4. Market Access Elements
   ISO 13485 lacks specific provisions for EU regulatory tools like UDI or EUDAMED registration. MDR explicitly requires these elements for market access.

Conclusion

While compliance with ISO 13485 is an important step for medical device manufacturers, it does not guarantee compliance with the MDR. Manufacturers must address the EU-specific requirements set forth by the MDR, which include clinical, post-market, and regulatory obligations. By building upon the ISO 13485 framework, organizations can efficiently adapt their QMS to meet MDR standards and ensure their devices are fit for the EU market.