EU MDR continues to pose challenges as companies prepare to recertify devices and bring new technologies to the European market. One of the big changes in the regulatory framework of EU MDR versus the current medical device directive (MDD) is the focus on post market surveillance (PMS) and reporting. We spoke with Karandeep Badwal, consultant and president of QRA medical in Birmingham, England, about the upcoming changes and how companies can adapt to meet new the MDR requirements.

EU MDR requires significantly more data collection and reporting than MDD. How will these new requirements for periodic safety update reports (PSUR) and post market safety reports (PMSR) affect companies?

Badwal: There is more emphasis on risk. Under the previous MDD, the way the directive was written, it had a more reactive versus proactive approach. The EU MDR now takes a more proactive approach. You do need to provide periodic safety update reports (PSUR), which you have to upload on to EUDAMED. Companies are going to need more post market and regulatory intelligence.

There is a lot more onus on the device manufacturers under MDR, and I don’t think companies are fully aware of what they’re going to need to do and the extent to which they’re going to need to do it. They are aware that there will be PMS changes, but they don’t really know how to go about making those changes and how best to structure them.

The second issue is whether they need new staff or not. They may need more resources to manage that PMS information. There are intelligence platforms that can collect the data for you, but then of course it’s managing and analyzing the data, and recognizing new risk and when there’s a need for preventive controls. These are all things they need to put into place, and this is where they will need more resources.

The MDR deadline was extended, and there is some talk that they may have to push it back again. How much time do companies have left to recertify their devices?

Badwal: Companies that already have an MDD certification, as long as they launch an application with the notified body by May 26, 2024, have until 2027 if it’s a class 2B or above device. If it’s a class one or class 2A, they have until 2028 to get the EU MDR certification in place.

The thing with notified bodies is they are not going to wait three or four years. There are only so many applications they can put through. So, strictly speaking, it’s a little bit of breathing room but it’s not a true extension. And getting a notified body can be a challenge. The process can take up to one year just to get the audit date, especially if you have something novel, like a software as a medical device (SaMD) that tends to take a little longer. So you need to start that conversation now if you want to guarantee that you have a contract in place by May 26.

If companies don’t have a great understanding of the PMS requirements and notified bodies cannot provide counsel, how do medtech companies understand and implement these new requirements?

Badwal: The system is different in the EU. In the U.S., you can speak directly with the regulators. In the EU and UK, you’ve got the notified bodies. Typically, companies will approach someone like myself or other consultants or companies who have experience in this field. And they bring us on as project consultants, or they may work with other companies who’ve already gone through this process.

Generally, you have three rounds with the EU MDR process. Meaning, as long as there is not something seriously wrong they will give you three rounds to gain certification. Now, to submit and then lose with the notified bodies is very costly, so trying multiple times is not the best approach. This is why companies will typically work with a consultant or company that has experience with the types of products they develop and ask, ‘Is the information we have adequate in your experience?’ before submitting to the notified body.

Do companies have the expertise needed to meet PMS requirements, or will they need to bring in other expertise to maintain compliance?

Badwal: My experience is they often don’t. Quality and Regulatory are often seen as an afterthought. In an Ideal world, Quality and Regulatory would be brought in right at the start of product development, because then you can map out the most efficient strategy for approval and work alongside that strategy. But what companies often focus on are the things that have an immediate return on investment. Then they bring Quality and Regulatory in either when things go wrong or at the later stages where they have to then make retrospective changes. Even prior to MDR companies were under-resourced in terms of Quality and Regulatory. It’s just become more apparent with MDR.

During the premarket phases, companies often work with consultants to prepare for regulatory submission and gain market access. With new requirements for ongoing surveillance, is relying on consultants still a viable option or should they be looking at more in-house expertise for the long term?

Badwal: Consultants are effectively support tools—or guidances—to point you in the right direction. You still need internal staff to do the day to day things such as CAPA and PMS. Unless you are a very early stage startup, relying solely on a consultant for regulatory comliance is not the best approach. Generally, companies need in-house Quality and Regulatory people. They may have two junior staff and a consultant who overlooks everything and meets with them five or 10 hours a week, but the in-house staff does the heavy lifting.