Home
Services
Clinical evaluation EU Authorized representative Notified bodies Post-market surveillance PRRC Quality management system Risk management Technical documentation
Devices
General devices and equipment In vitro diagnostics Medical software
Articles About Contact us

Send us an email:
info@mdrc-services.com

Or use the contact form below

 
Technical documentation EU Authorized representative Clinical evaluation PRRC services Risk management Notified bodies Quality management system Post-market surveillance
General medical devices and equipment In vitro diagnostics (IVD) Medical Device Software (MDSW)
CE-marking process for medical devices CE-marking process for in vitro diagnostics PRRC under MDR or IVDR Checklists >>
CE-Certificate vs. EC-Certificate Basic UDI-DI (bUDI) EUDAMED registration - a brief guide Read more >>

Strategy for regulatory compliance under MDR - how to document it and demonstrate compliance to a notified body

Medical device manufacturers operating in the European Union must have a regulatory compliance strategy in place as required by Article 10(9a) of the MDR (EU 2017/745). This requirement isn’t just about having the right documentation. It’s about demonstrating a structured and proactive approach to compliance.

One of the key challenges manufacturers face is proving to a notified body that they have a comprehensive strategy to maintain regulatory compliance. This is particularly important during initial audits, conformity assessments, and ongoing surveillance. But what exactly does this strategy involve, and how can manufacturers demonstrate it effectively?

What is a regulatory compliance strategy?

A regulatory compliance strategy is essentially a roadmap that guides a manufacturer in achieving and maintaining compliance throughout the entire lifecycle of their medical devices. It is not just a single document but a structured system of policies, procedures, and plans that ensure the manufacturer consistently meets the requirements of the MDR and other applicable regulations.

This strategy needs to be tailored to the manufacturer’s specific products and markets while also addressing:

  • Regulatory monitoring and updates (keeping up with evolving regulations).
  • Device classification and conformity assessment (ensuring the correct pathway is followed).
  • Technical documentation management (ensuring compliance with Annex II and III of the MDR).
  • Risk management and clinical evaluation (showing evidence of device safety and performance).
  • Post-market surveillance and vigilance reporting (ensuring continuous monitoring).
  • Interaction with notified bodies and competent authorities (demonstrating a structured approach to compliance and certification).

The regulatory compliance strategy isn’t a static document. It must evolve as regulations change, new risks emerge, or updates are made to the technical documentation and clinical evaluation of a device.

How to demonstrate a compliance strategy to a notified body

First off, you should have a policy or procedure for regulatory compliance strategy. But that's not it. When a notified body audits a manufacturer, they don’t just look at whether a strategy exists. They assess whether it is being properly implemented and followed. To demonstrate compliance effectively, manufacturers should have:

  • A documented compliance strategy that clearly outlines how they meet MDR obligations.
  • Established roles and responsibilities, particularly regarding the Person Responsible for Regulatory Compliance (PRRC).
  • Well-maintained technical documentation, ensuring up-to-date records that align with Annexes II and III of the MDR.
  • A Quality Management System demonstrating a structured approach to quality and regulatory controls.
  • Regular internal audits and regulatory monitoring, showing a commitment to continuous improvement.
  • Active post-market surveillance and vigilance reporting, proving that device safety and performance are being monitored.

Having these elements in place and clearly documented, a manufacturer can confidently present its regulatory compliance strategy during notified body assessments and avoid delays in the certification process.

Exemplary content of a regulatory compliance strategy

A compliance strategy policy or procedure should be structured to provide a clear framework for regulatory adherence. Below is an example based on best practices. It should be adjusted to you company's situation.

Objective

The objective of this strategy is to outline the regulatory compliance framework followed by [Company Name] to ensure that all medical devices conform to MDR (EU 2017/745) and other applicable regulations. This strategy defines the roles, responsibilities, and processes necessary for achieving and maintaining compliance throughout the product lifecycle.

Regulatory monitoring and legal compliance

The Regulatory Affairs Team is responsible for continuously monitoring EU regulations, MDCG guidance documents, harmonized standards, and notified body requirements. Any regulatory changes that impact the compliance strategy will be analyzed, and necessary actions will be implemented.

Device classification and conformity assessment

Each device is classified according to Annex VIII of the MDR to determine the appropriate conformity assessment pathway. The Regulatory Affairs Team ensures that all necessary documentation and testing are in place before submitting applications to a Notified Body.

Technical documentation management

All technical documentation is compiled, reviewed, and updated as required under Annexes II and III of MDR. This includes:

  • Device description and specifications
  • Risk management and clinical evaluation
  • Performance testing and biocompatibility data
  • Labeling and instructions for use (IFU)

The Quality Management Team ensures that document control procedures maintain traceability, version control, and accessibility for audits.

Clinical evaluation and post-market clinical follow-up (PMCF)

A structured Clinical Evaluation Plan (CEP) is implemented to assess the safety and performance of devices based on clinical data, literature reviews, and post-market feedback. PMCF studies are conducted as necessary to provide ongoing evidence of compliance with General Safety and Performance Requirements (GSPRs).

Risk management and post-market surveillance (PMS)

Risk management is conducted in accordance with ISO 14971, identifying, evaluating, and mitigating risks throughout the device’s lifecycle. A PMS Plan is established, ensuring continuous monitoring of device performance, complaint handling, and trend analysis. Field Safety Corrective Actions (FSCAs) and vigilance reporting are managed according to MDR timelines.

Collaboration with notified bodies and competent authorities

[Company Name] ensures active collaboration with Notified Bodies for:

  • Initial certification audits
  • Surveillance audits
  • Technical documentation reviews
  • Recertification

All regulatory submissions, corrective actions, and risk updates are communicated transparently to regulatory authorities.

Training and continuous improvement

Personnel involved in regulatory compliance, quality assurance, and clinical affairs undergo regular training to stay updated on MDR requirements. Internal audits are conducted periodically to identify and address compliance gaps.

Record-keeping and documentation

All regulatory records, certificates, and compliance-related reports are maintained for at least 10 years after the last device is placed on the market, ensuring traceability and regulatory preparedness.

Final thoughts

A solid regulatory compliance strategy is not just about passing audits. It’s about ensuring that medical devices remain safe, effective, and compliant throughout their lifecycle. By having a clear, structured, and well-documented approach, manufacturers can confidently demonstrate compliance to notified bodies and maintain smooth market access in the EU.

Need a regulatory compliance policy? We’ll make it for you!

Contact us >>

What you need to have to succeed in certification and sell your products in the EU:

Notified body
certificate
Learn more >>

Basic UDI

Learn more >>

EUDAMED registration
Learn more >>

What you need to know to succeed in certification and sell your products in the EU:

CE-marking process under MDR

Learn more >>

CE-marking process under IVDR

Learn more >>

MDR checklist
Learn more >>

Strategy for regulatory compliance under MDR - how to document it and demonstrate compliance to a notified body

Medical device manufacturers operating in the European Union must have a regulatory compliance strategy in place as required by Article 10(9a) of the MDR (EU 2017/745). This requirement isn’t just about having the right documentation. It’s about demonstrating a structured and proactive approach to compliance.

One of the key challenges manufacturers face is proving to a notified body that they have a comprehensive strategy to maintain regulatory compliance. This is particularly important during initial audits, conformity assessments, and ongoing surveillance. But what exactly does this strategy involve, and how can manufacturers demonstrate it effectively?

What is a regulatory compliance strategy?

A regulatory compliance strategy is essentially a roadmap that guides a manufacturer in achieving and maintaining compliance throughout the entire lifecycle of their medical devices. It is not just a single document but a structured system of policies, procedures, and plans that ensure the manufacturer consistently meets the requirements of the MDR and other applicable regulations.

This strategy needs to be tailored to the manufacturer’s specific products and markets while also addressing:

  • Regulatory monitoring and updates (keeping up with evolving regulations).
  • Device classification and conformity assessment (ensuring the correct pathway is followed).
  • Technical documentation management (ensuring compliance with Annex II and III of the MDR).
  • Risk management and clinical evaluation (showing evidence of device safety and performance).
  • Post-market surveillance and vigilance reporting (ensuring continuous monitoring).
  • Interaction with notified bodies and competent authorities (demonstrating a structured approach to compliance and certification).

The regulatory compliance strategy isn’t a static document. It must evolve as regulations change, new risks emerge, or updates are made to the technical documentation and clinical evaluation of a device.

How to demonstrate a compliance strategy to a notified body

First off, you should have a policy or procedure for regulatory compliance strategy. But that's not it. When a notified body audits a manufacturer, they don’t just look at whether a strategy exists. They assess whether it is being properly implemented and followed. To demonstrate compliance effectively, manufacturers should have:

  • A documented compliance strategy that clearly outlines how they meet MDR obligations.
  • Established roles and responsibilities, particularly regarding the Person Responsible for Regulatory Compliance (PRRC).
  • Well-maintained technical documentation, ensuring up-to-date records that align with Annexes II and III of the MDR.
  • A Quality Management System demonstrating a structured approach to quality and regulatory controls.
  • Regular internal audits and regulatory monitoring, showing a commitment to continuous improvement.
  • Active post-market surveillance and vigilance reporting, proving that device safety and performance are being monitored.

Having these elements in place and clearly documented, a manufacturer can confidently present its regulatory compliance strategy during notified body assessments and avoid delays in the certification process.

Exemplary content of a regulatory compliance strategy

A compliance strategy policy or procedure should be structured to provide a clear framework for regulatory adherence. Below is an example based on best practices. It should be adjusted to you company's situation.

Objective

The objective of this strategy is to outline the regulatory compliance framework followed by [Company Name] to ensure that all medical devices conform to MDR (EU 2017/745) and other applicable regulations. This strategy defines the roles, responsibilities, and processes necessary for achieving and maintaining compliance throughout the product lifecycle.

Regulatory monitoring and legal compliance

The Regulatory Affairs Team is responsible for continuously monitoring EU regulations, MDCG guidance documents, harmonized standards, and notified body requirements. Any regulatory changes that impact the compliance strategy will be analyzed, and necessary actions will be implemented.

Device classification and conformity assessment

Each device is classified according to Annex VIII of the MDR to determine the appropriate conformity assessment pathway. The Regulatory Affairs Team ensures that all necessary documentation and testing are in place before submitting applications to a Notified Body.

Technical documentation management

All technical documentation is compiled, reviewed, and updated as required under Annexes II and III of MDR. This includes:

  • Device description and specifications
  • Risk management and clinical evaluation
  • Performance testing and biocompatibility data
  • Labeling and instructions for use (IFU)

The Quality Management Team ensures that document control procedures maintain traceability, version control, and accessibility for audits.

Clinical evaluation and post-market clinical follow-up (PMCF)

A structured Clinical Evaluation Plan (CEP) is implemented to assess the safety and performance of devices based on clinical data, literature reviews, and post-market feedback. PMCF studies are conducted as necessary to provide ongoing evidence of compliance with General Safety and Performance Requirements (GSPRs).

Risk management and post-market surveillance (PMS)

Risk management is conducted in accordance with ISO 14971, identifying, evaluating, and mitigating risks throughout the device’s lifecycle. A PMS Plan is established, ensuring continuous monitoring of device performance, complaint handling, and trend analysis. Field Safety Corrective Actions (FSCAs) and vigilance reporting are managed according to MDR timelines.

Collaboration with notified bodies and competent authorities

[Company Name] ensures active collaboration with Notified Bodies for:

  • Initial certification audits
  • Surveillance audits
  • Technical documentation reviews
  • Recertification

All regulatory submissions, corrective actions, and risk updates are communicated transparently to regulatory authorities.

Training and continuous improvement

Personnel involved in regulatory compliance, quality assurance, and clinical affairs undergo regular training to stay updated on MDR requirements. Internal audits are conducted periodically to identify and address compliance gaps.

Record-keeping and documentation

All regulatory records, certificates, and compliance-related reports are maintained for at least 10 years after the last device is placed on the market, ensuring traceability and regulatory preparedness.

Final thoughts

A solid regulatory compliance strategy is not just about passing audits. It’s about ensuring that medical devices remain safe, effective, and compliant throughout their lifecycle. By having a clear, structured, and well-documented approach, manufacturers can confidently demonstrate compliance to notified bodies and maintain smooth market access in the EU.

Similar Articles

Clinical Evaluation, PMCF, and PMS in Medical Device Lifecycle

Strategy for regulatory compliance under MDR – how to document it and demonstrate compliance to a notified body

How clinical investigations fit into the MDR-compliant clinical evaluation process

Legacy Device Timelines and Deadlines Under IVDR Amendments

Is your software a medical device or an accessory? Understanding EU MDR classification

GSPR – General Safety and Performance Requirements for medical devices in the European Union

Should my medical device comply with GDPR?

Understanding MDA, MDN, MDS, and MDT codes in the context of MDR and IVDR

Further reading

CE-Certificate vs. EC-Certificate

Basic UDI-DI (bUDI) - what is it, where to obtain it, and what to do with it

EUDAMED registration - a brief guide

Contract with the Authorised Representative in the European Union (Authorised Representative Mandate)

GSPR – General Safety and Performance Requirements for medical devices in the European Union

How to obtain CE marking for medical software under the EU MDR or IVDR?

Technical documentation for Medical Device Software in the EU

IEC 62304 - the pivotal standard for software medical devices

Medical Device Regulation (MDR) - basics

ISO and IEC standards for medical device software

Clinical Evaluation, PMCF, and PMS in Medical Device Lifecycle

Notified Bodies and their role in certification of medical devices

What is NANDO and why medical device companies should know about it?

Labeling and UDI requirements for medical devices in the EU

Understanding the roles of Authorised Representatives and Importers under MDR/IVDR

MDR implementation - challenges and solutions

Post-market surveillance under MDR and IVDR - requirements and best practices

Notified Body audit - a manufacturer's guide

Risk management plan - guide for medical device companies

Should my medical device comply with GDPR?

EC-certificate for a medical device - Q&A

How long does it take to CE-mark a medical device?

What is a PRRC?

Essential requirements for importers and distributors under MDR and IVDR

Language requirements for IFUs and labels under the MDR and IVDR

Legal Manufacturer and Original Equipment Manufacturer in medical devices

How to structure a PRRC contract for effective compliance

How to Create a Declaration of Conformity According to MDR or IVDR

All articles >>

Get in touch

We're ready to help you. Contact us whether you have a question about our solutions or need help with regulatory issues

Our EU office

MedDev Compliance Ltd
Souliou 1, Strovolos, 2018 Nicosia, Cyprus
Phone: +357 22253765
Email: info@mdrc-services.com
 

©2025 MDRC - Medical Devices Regulatory Compliance

Solutions

EU Authorised Representative (EC REP)

PRRC

Technical documentation

Risk management

Clinical evaluation

Notified bodies

Quality management system

Post-market surveillance system

Your products

Medical devices and medical equipment

In vitro diagnostic medical devices

Medical software

Resources

Medical Device Regulation (MDR) - basics

CE-marking process for medical devices

CE-marking process for in vitro diagnostic medical devices

UDI infographic

EUDAMED registration step by step instruction

ISO 14155:2020 structure and content

Checklists

MDR technical documentation checklist

IVDR technical documentation checklist

Technical documentation checklist for medical device software (MDSW)

MDR-compliant quality system documentation checklist

Clinical Evaluation Plan checklist

Clinical Evaluation Report checklist

All checklists >>


Useful information

CE-Certificate vs. EC-Certificate

Basic UDI-DI (bUDI)

EUDAMED registration - a brief guide

Authorised Representative Mandate

GSPR – General Safety and Performance Requirements

How to obtain CE marking for medical software under the EU MDR or IVDR?

Technical documentation for Medical Device Software in the EU

Read more >>


Cookie Policy

We only use essential cookies that enable core functionality and proper operation of the website. These cookies do not store any personally identifiable data. By continuing to use this website, you consent to the use of the essential cookies. You may disable these cookies by changing your browser settings, but this may affect how the website functions.
We do not use our own or third-party analytical, preferences, statistics, marketing, functional, advertisement, performance or any other non-essential cookies.

Send us an email:
info@mdrc-services.com

Or use the contact form below

 

Solutions

EU Authorised Representative (EC REP)

EU PRRC

Technical documentation

Risk management

Clinical evaluation

Notified Bodies

Quality management system

Post-market surveillance

Resources

Medical Device Regulation (MDR) - basics

CE-marking process for medical devices

CE-marking process for in vitro diagnostic medical devices

PRRC under MDR or IVDR

UDI infographic

EUDAMED registration step by step instruction

ISO 14155:2020 structure and content

Checklists

MDR technical documentation checklist

IVDR technical documentation checklist

Technical documentation checklist for medical device software (MDSW)

MDR-compliant quality system documentation checklist

Clinical Evaluation Plan checklist

Clinical Evaluation Report checklist

All checklists >>

Articles

CE-Certificate vs. EC-Certificate

Basic UDI-DI (bUDI)

EUDAMED registration - a brief guide

Authorised Representative Mandate

GSPR – General Safety and Performance Requirements

More articles >>

Devices

General medical devices and equipment

In vitro diagnostics (IVD)

Medical software

Cookie Policy

We only use essential cookies that enable core functionality and proper operation of the website. These cookies do not store any personally identifiable data. By continuing to use this website, you consent to the use of the essential cookies. You may disable these cookies by changing your browser settings, but this may affect how the website functions.
We do not use our own or third-party analytical, preferences, statistics, marketing, functional, advertisement, performance or any other non-essential cookies.