Why the New EU MDR Is One of the Toughest Regulations in the World

Article Highlights:

• The EU MDR, formally known as Regulation (EU) 2017/745, replaced the previous Medical Devices Directive framework in Europe. Its primary goal is to improve patient safety, increase transparency, and modernize oversight of medical devices sold within the European Union.
• Unlike older regulatory frameworks that focused primarily on premarket approvals, MDR imposes extensive obligations before, during, and after a product reaches the market. In addition, the regulation also demands far greater transparency than its predecessor.
• The depth of documentation expected under MDR is significantly greater than what many manufacturers were responsible for obtaining under MDD. Even companies with mature quality management systems are finding that they have consequential data gaps while carrying out compliance checks for MDR.

When the European Union introduced its updated Medical Device Regulation (MDR) several years ago, many companies expected it to be a difficult transition. But what they actually encountered was significantly more challenging than they’d even anticipated. Indeed, some have characterized the MDR as one of the most demanding regulatory overhauls the medical device industry has seen in decades. Today, MDR compliance is reshaping how manufacturers design, manufacture, and test medical devices across global supply chains and the markets they serve.

The regulation has increased scrutiny on nearly every aspect of the medical device lifecycle, and companies that once relied on relatively straightforward approval pathways under the older Medical Devices Directive (MDD) are now dealing with far more extensive clinical evidence requirements, higher expectations for technical documentation, and tighter post-market surveillance.

But before delving into all the regulatory challenges imposed by the EU’s MDR, it’s worth reviewing how we got here.

The Transition From MDD to MDR

To understand why MDR compliance is so difficult today, it helps to understand the regulatory framework that existed before it. Prior to the MDR, medical devices in Europe were primarily regulated under the Medical Devices Directive (MDD 93/42/EEC), which was introduced in 1993. The MDD established the foundation for CE marking requirements, while also creating the framework that allowed medical devices to move freely throughout EU member states.

For years, the MDD system was viewed as more flexible and less burdensome than regulatory systems in markets like the United States. Many manufacturers appreciated the relatively streamlined approval pathways and the ability to use equivalent data to support multiple certifications.

However, several high-profile safety controversies raised concerns about weaknesses in the existing framework, arguably paving the way for the new directive that would eventually supplant the MDD. One of the most widely cited incidents involved the French company Poly Implant Prothèse (PIP). PIP was found to have used industrial-grade silicone in breast implants, rather than the approved medical-grade materials. The scandal affected hundreds of thousands of patients—both in France and all over Europe—exposing significant gaps in the MDD’s oversight within the European medical device ecosystem.

In response to growing concerns, the European Union adopted Regulation (EU) 2017/745 — better known as the EU MDR — in April 2017. Originally, the regulation was scheduled to enter into force in May 2020. However, the COVID-19 pandemic disrupted implementation efforts across the healthcare industry, leading the EU to postpone the date of application by one year.

The MDR officially became effective on May 26, 2021. Since then, manufacturers transitioning from the older MDD framework to the new MDR have faced one of the larger jumps in regulatory obligations in recent history.

What Is the EU MDR?

The EU MDR, formally known as Regulation (EU) 2017/745, replaced the previous Medical Devices Directive framework in Europe. Its primary goal is to improve patient safety, increase transparency, and modernize oversight of medical devices sold within the European Union.

The regulation was introduced because EU governments and regulators wanted a higher bar for the medical device industry, including:

• Stronger clinical validation requirements
• Improved traceability
• Greater accountability throughout the product lifecycle

While those goals sound straightforward, the resulting framework dramatically expanded the amount of work manufacturers are required to complete before—and sometimes even after—bringing products to market.

For many companies, MDR compliance now demands substantial investments in regulatory expertise, data collection, and supplier management, effectively forcing manufacturers to prioritize compliance in ways that many had never done in the past.

Why MDR Compliance Is So Difficult

There’s no single reason why MDR compliance has become so challenging. Rather, the difficulty comes from the cumulative effect of numerous detailed requirements that impact nearly every department within a medical device company.

Unlike older regulatory frameworks that focused primarily on premarket approvals, MDR imposes extensive obligations before, during, and after a product reaches the market.

In addition, the regulation also demands far greater transparency than its predecessor. Companies are expected to maintain deeper visibility into supplier networks, material compositions, and manufacturing changes, while also tracking device performance data in an ongoing way.

At the same time, regulators and notified bodies are requesting significantly larger volumes of evidence and documentation during certification reviews.

This combination creates several major operational challenges:

• Longer product development timelines
• Higher compliance costs
• More complex supplier management
• Expanded recordkeeping obligations
• Higher risk of certification delays

Many companies that were previously compliant under MDD are discovering that their existing documentation systems and processes are nowhere near sufficient for the MDR’s requirements. As a result, MDR compliance has led to many organizations rebuilding their compliance programs, sometimes from the ground up.

Many companies that were previously compliant under MDD are discovering that their existing documentation systems and processes are nowhere near sufficient for the MDR’s requirements.

Higher Clinical Evidence Standards

One of the biggest changes to achieving MDR compliance involves meeting the requisite clinical evidence requirements. Under the MDD, some manufacturers could rely on equivalence claims by demonstrating that their device was substantially similar to another device already on the market.

Under MDR, that sort of equivalence loophole is less tolerated, and regulators expect more direct clinical validation and the supporting data to bolster it.

Manufacturers are increasingly required to provide:

• Clinical investigations
• Post-market follow-up data
• Expanded clinical evaluations
• More rigorous risk-benefit analyses

For legacy devices that were approved years ago under older standards, gathering this information can be extremely difficult and expensive. Some companies have even been forced to conduct entirely new studies simply to maintain access to the European market.

Technical Documentation Requirements Have Expanded

Another major challenge is the sheer amount of documentation required for MDR compliance.

The technical files in-scope businesses must submit to EU regulators require extensive detail, including but not limited to:

• Product design
• Materials and substances
• Manufacturing processes
• Risk management
• Biocompatibility
• Cybersecurity
• Clinical data
• Labeling

The depth of documentation expected under MDR is significantly greater than what many manufacturers were responsible for obtaining under MDD. Even companies with mature quality management systems are finding that they have consequential data gaps while carrying out compliance checks for MDR.

The Notified Body Bottleneck

Another major contributor to MDR complexity has been the shortage of notified bodies approved to conduct MDR reviews. Under the previous MDD framework, there were plenty of organizations available to perform regulatory certifications for covered organizations. Under MDR, however, notified bodies are themselves facing increased scrutiny, leading to fewer of them being approved to issue certifications and ensure compliance.

Because of this, the number of certifying bodies dropped sharply during the transition from MDD to MDR. At the same time, the amount of work required for each device review has increased dramatically.

The result has been industry-wide bottlenecks that include long delays in certifications, costlier reviews, and sometimes even postponements to product launches. For smaller companies with limited regulatory resources, these delays can create major financial and operational risks.

The result has been industry-wide bottlenecks that include long delays in certifications, costlier reviews, and sometimes even postponements to product launches.

Post-Market Surveillance Is Now Continuous

A final reason why MDR compliance has proven so challenging for businesses is the regulation’s emphasis on continuous monitoring—including after products have entered the market.

Under MDR, manufacturers are expected to continuously collect and analyze real-world product performance data throughout the device lifecycle.

Requirements include:

• Complaint monitoring
• Incident investigations
• Periodic safety update reports
• Post-market clinical follow-up
• Continuous risk assessment updates

This ongoing surveillance model significantly increases long-term compliance requirements, imposing a larger and costlier regulatory burden on companies.

Tackle MDR With Compliance Software Z2

There’s a reason the EU MDR is widely viewed as one of the toughest regulatory frameworks in the world. The transition from the older MDD system to the EU’s new medical device regulation introduced stricter expectations around clinical evidence, technical documentation, post-market surveillance, and supply chain oversight. And since the regulation officially entered into force in 2021, manufacturers have faced growing pressure to maintain continuous compliance across the entire device lifecycle.

For organizations that don’t have the internal resources to conduct this kind of ongoing due diligence work on their own, compliance tool Z2 provides the expertise and software capabilities to streamline the process—while also reducing pressure on compliance and procurement teams. Z2 covers over 180 key global regulations, including the EU MDR, REACH, RoHS, POPs, the EUDR, and PFAS regulations, and the tool draws on a proven four-step process to achieve comprehensive compliance: data scoping and framework; supply chain due diligence; compliance risk analysis; and reports and declarations.

By partnering with Z2, businesses are able to:

• Understand their full regulatory data requirements.
• Rely on a team of experts to carry out supply chain due diligence.
• Participate in a full risk analysis that addresses all compliance gaps.
• Receive reports and declarations for all their regulatory obligations.

To learn more about Z2Data’s compliance services, schedule a free trial with one of our product experts.