It can soon become overwhelming, especially as not everything results in certification. Here’s an overview of the certifications you need, plus the optional standards that can make life easier.  

Why Certification Matters

Getting any product or service certified is important from a legal standpoint. That’s because certification is written proof that a product or applied process meets certain quality or safety requirements. Certified products typically receive a certificate, and use of a certification mark.

Certificates are issued on the basis of certification schemes and schedules, which list the requirements that the product, service, or system must meet now and over time. Manufacturers use certification to demonstrate their product, service, or company is trustworthy. It also helps potential customers make informed choices between similar products or services in a specific market. 

Medical devices in the EU must comply with the Medical Device Regulation (MDR). For new medical devices in high-risk categories (IIa and above) companies must seek approval and certification from Notified Bodies. Simpler (low-risk) devices don’t actually get a certificate – companies simply self-certify. 

The great thing about the MDR is that one certification opens up market access across multiple European countries and can also be of value in non-EU markets. 

Certifications You Need

Like any product, the certification you need depends on the market your product is entering. Here’s a summary of the requirements of key markets:

European Union (EU)

Medical devices destined for the EU market need the CE marking to be compliant. CE stands for "conformité européenne" (French for "European conformity"). As already mentioned, approval must be sought from a Notified Body for devices that are Class IIa and above. That means all the relevant product and Quality Management System (QMS) documentation must be completed, submitted, and approved before a product can enter the market.  

The EU Notified Bodies provide the opportunity to simultaneously certify your applied QMS via an ISO 13485 quality system certificate.   

United States (US)

There’s a lot of overlap between the regulations for medical devices in the US through the Food and Drug Administration (FDA)  and the EU’s MDR. For example, in the US medical device companies need a QMS, technical documentation, and all the verification testing.  However, there is no certification. Products are simply “Section 510(k) cleared” or approved and registered for the US market on the FDA’s device database.

United Kingdom (UK)

Formerly part of the EU, the UK has its own quality mark requirements.  From 1st July 2024 medical devices must be registered with the UK’s Medicines and Healthcare products Regulatory Agency (MHRA). After this date, the UK requires medical device companies to obtain separate clearance and certification for products entering the UK market.

Under the new legislation, the UK no longer accepts the EU’s mark of conformity with health, safety, and environmental protection standards, and companies must obtain the UKCA marking. That said, there is likely to be a transition period for medical devices that meet certain requirements. This will allow companies more time to comply.

The salient point to take away is this: each market has its own approval process and classification systems, so it’s important to check entry requirements with the relevant authorities to see what must be done, where to submit or register your documentation, and who should do it (e.g. a representative in the actual country or region).

Standards To Consider

Choosing to conform with relevant (and optional) international standards can be a useful approach when launching the same medical device on multiple markets. That’s because there is often overlap between mandatory requirements and those described in standards, such as those from ISO (International Organization for Standardization). Here’s a summary of the most relevant and useful standards for medical devices:

• ISO 13485 (Quality Systems for Medical Devices) is highly recommended, and your internal processes can be certified for it. In the EU, medical device manufacturers are expected to comply with this standard as it is the “gold-standard” for development and manufacturing processes. Also, the US is adopting it. ISO 13485 also references Risk Management, for which ISO 14971 provides the best guidance on how to address product and process risks. These standards are EU harmonized, which means that they are developed by the EU Standards Organization CEN or CENELEC. 

• ISO 27001 (Information Security) is recommended for ‘software as a medical device’. The market demands essential security safety measures, including cybersecurity, to protect important data. Certification is also a feature of this standard – so it helps to build trust in medical professionals and patients. In addition, the EU’s General Data Protection Regulation (GDPR) acknowledges ISO 27001.

• ISO 17025 (Testing and calibration laboratories) ensures testing labs fulfill relevant safety requirements. Most manufacturers don’t do the actual product testing themselves, so it’s essential that a reliable approval system is in place for suppliers. That’s where a certificate in ISO 17025 can help. It’s easy proof that a testing laboratory is up to standard. At the same time, as most medical devices are sterile, validation according to standards in sterilization is also important –  ISO 11135 for ethylene oxide (EtO) sterilization, and ISO 11137 for gamma sterilization are recognized standards in the US, EU and other countries and regions. 

Keeping Up Standards 

This may sound obvious, but it’s easy to miss the details when your product is destined for multiple markets. The key to compliance is to meet the legislative and regulatory requirements, but to use the Standards as a means to get there. Therefore, check that you comply with all the processes and product standards relevant to your device in specific markets. Meeting the relevant ISO or other standards can help get your medical device closer to the market, no matter where it’s heading.

In the EU, a Notified Body will presume you comply with the latest standards and will expect this claim to be in your technical file. And as soon as standards are harmonized under the EU MDR, this will provide a framework for which version of the standard is the most important to comply with. That said, the latest technological developments should not be ignored, as harmonization will always follow a new version of a published standard.

Need expert help with regulatory compliance for your medical device? Speak to a specialist