Regulatory Compliance In Medtech: The Cost Of Getting It Wrong

Regulatory Compliance In Medtech: The Cost Of Getting It Wrong


Get regulatory compliance right for your medical device product, and you benefit from a smoother path to certification, a speedier time to market, and a strong competitive advantage. But get it wrong, and you’re staring at a mountain of costs in terms of time, money, and human resources. 

At best, getting it wrong can delay a product on its journey to market. At worst, it could lead to product recall or to not entering or removal from the market, not to mention lasting damage to your company's brand’s reputation. Either way, the cost of quality is lower than the cost of noncompliance. That’s why it pays to get compliance right first time. 

Notified Bodies and the regulatory landscape

Navigating the regulatory landscape for medical devices entering the EU market isn’t easy. From the complexity of the system itself to the labyrinth of legislation, there’s huge potential for things to go wrong.

In the European Union (EU), there are Notified Bodies that assess a medical device’s conformity before it can enter the market (except for simple Class I devices) or remain on the market in case of legacy devices.  Due to the current huge volume of applications since the adoption of the Medical Device Regulation (MDR), and a deficit in the number of specialists who can process and certify applications, in March 2023 the EU commission extended the deadline for manufacturers to transition to the MDR. 

Supply and demand is a huge factor in the coming years. Notified Bodies are inundated with requests for product certification under the MDR, and their time costs money. A typical review takes several days and costs between €300 and €400 per hour. That means the cost of mistakes, missing parts or lack of evidence in your dossier can quickly spiral out of control.   

In our experience, protracted, back-and-forth communication between a medtech company and the Notified Body is best avoided. That’s why, at Peercode Regulatory Consultancy, we advocate for a right-first-time approach to compliance. Much is gained at the initial stages of the certification process. 

4 pitfalls of regulatory compliance in medtech

As experts in the field of regulatory compliance for medical devices – including Software as a Medical Device (SaMD) – we know the pitfalls of regulatory compliance. Here are four:

1 Selecting a Notified Body 

A Notified Body is a commercial party accredited by the authorities. Based on its personnel and experience with certain types of medical device, each one has its own area of expertise and specific accreditations. For example, it might be able to certify software and electrical devices, but not sterile and/or invasive devices. 

Sometimes, less experienced medtech manufacturers can fall at the first hurdle. That’s because the company selects the wrong Notified Body for its medical device. With so many applications to process, it can take time – in some cases months – to get an answer. Completing an application, and waiting for a (negative) response from the wrong Notified Body, can mean time and money are wasted.   

2 Classifying a more complex product 

Innovative and more complex products that combine components from various suppliers or original equipment manufacturers (OEMs) can be challenging to classify under the Medical Device Regulation (MDR). When a legal manufacturer has outsourced the production of components which are then later assembled into a medical device adds a layer of complexity – especially if OEMs are not actively supportive or located outside the jurisdiction of the EU. 

Ultimately, the MDR addresses the compliance of straightforward products; it’s far less clear in presenting the compliance requirements for more complex products, such as assemblies of products, systems, user configurable devices, and learning software. This can also cast a shadow of doubt over whether a particular Notified Body is suitably accredited to certify the device.  

3 Lacking a robust Quality Management System 

Getting certified under the MDR is not a one-time event. It’s a continuous process that requires ongoing maintenance. Once a product is on the market, the legal manufacturer is open to inspections from auditors, who will scrutinize the Quality Management System (QMS) to ensure the company doesn’t just get it right the first time, but every time.  

A well-maintained technical dossier is vital. For that reason, it’s important to keep it updated with the latest information over the entire lifecycle of the product. As regulatory consultants, here at Peercode it’s our mission to leave medical device companies equipped with the necessary expertise to keep documentation updated and compliant.

4 Defining acceptable risk

Risk management is relevant to the entire product lifecycle, and your QMS. As a medical device manufacturer, the onus is on you to define risk acceptability criteria upfront. And, for every identifiable risk, there should be an adequate measure in place to reduce it, so that the risk is as low as possible. 

It’s a careful balancing act between medical benefit and patient risk. For that reason, acceptable risk must be based on reliable clinical evidence, user experience, and market data. In some cases, this is very easy to do because a device is very low risk. For others, like those closer to the tipping point between benefit and risk, it can be a challenge to get it right. 

This is further complicated by similar, competing products coming onto the market with better risk controls in place. This raises the bar for other devices in that particular segment. One beneficial way of handling this is to conform with international standards with requirements equal to those of the MDR. Being alert to, or involved in, standard development (such as ISO or IEC) is a means to ensure you do not drift away from being state-of-the-art. 

The consequences of getting it wrong

Audits of your QMS by independent auditors can surface different types of errors that need to be put right. This information and the corresponding actions needed are presented in an audit report. The timelines for putting things right vary, depending on the severity of the errors.  

In general, a nonconformity needs to be resolved at least before the next audit, but in severe cases, a major finding could result in a product being temporarily removed from the market. It’s also important to be aware of minor nonconformities, which have the potential to grow into major ones over time if not dealt with. 

Your technical files and QMS contain ‘living documents’ that are very much interlinked. So it follows that if your documentation is not regularly reviewed, it’s likely to contain more errors than documentation that’s regularly updated, and it will therefore cost more to put right. Solving any issues identified during an audit is going to incur a cost in time and money, and take people away from other work in order to put things right. 

These solutions also need to be reviewed by the auditors, leading to further back and forth between your company and them. Getting it wrong more than once makes the auditors suspicious. Monitoring may be stepped up, and sanctions can get tougher. When a product or process does not conform, you need to do a thorough root cause analysis and your Notified Body expects you to take away the cause and show in documentation that your corrective action was effective.

Further up the scale, unsafe or ineffective products – or even products that are deemed potentially unsafe – could be issued with a field safety notice (FSN) or corrective action (FSCA). This could be everything from alerting users to checking the procedures of a specific product or – in the worst case scenario – a full product recall. Of course, compliance is also an ongoing requirement because of the rapidly changing regulations, as covered in our blog about the MDR, and what changed in 2023.

A regulatory partnership built around you

Every medical device manufacturer, and each medical device, is different. For that reason, fixed price consultancy can be a false economy that doesn’t take individual needs into account. At Peercode Regulatory Consultancy, we take a different approach. 

We offer transparent and flexible consultancy services aligned with specific business needs. We always include a gap assessment to identify these needs. Sometimes we help clients to achieve a clear, short-term goal, or we might come aboard as a long-term quality and/or regulatory partner. There’s no one-size-fits-all solution. 

We’re a trusted regulatory partner for many leading medtech brands, helping them to not only get it right first time, but also educating their people, so the organization is left in better regulatory shape than when we found it.

Leading QA and regulatory expertise, combined with the right document management, are two major contributors to getting compliance right and avoiding the costly and damaging pitfalls of getting it wrong. Here at Peercode Regulatory Consultancy, we can help you with both. 

Speak to one of our medtech specialists today