Is Your Quality Management System Compliant with the New EU MDR and EU IVDR Regulations?

Is Your Quality Management System Compliant with the New EU MDR and EU IVDR Regulations?

A brief overview of the EU MDR and EU IVDR regulations

Following approval in March 2017 by the European Council and in April 2017 by the European Parliament, the Medical Devices Regulation (MDR) – Regulation (EU) 2017/745 – and In Vitro Diagnostic Medical Devices Regulation (IVDR) – Regulation (EU) 2017/746 – were published in the Official Journal of the European Union on 5 May 2017. Both regulations entered into force on 26 May 2017, hence the new MDR rules will apply from 26 May 2020 and the IVDR rules from 26 May 2022.

Billed as the most significant changes to medical device legislation in decades, these regulations seek to increase the safety and effectiveness of medical devices available in the EU market and address weaknesses in the regulations revealed in several high profile incidents. Medical device and in vitro diagnostic device manufacturers large and small who supply product to the EU market will be impacted and need to start planning now on how to transition to the new requirements.

The requirements for a quality management system as defined in the regulations

Article 10(9) of the EU MDR regulations and Article 10(8) of the EU IVDR regulations state that:

‘Manufacturers of devices, other than investigational devices, shall establish, document, implement, maintain, keep up to date and continually improve a quality management system that shall ensure compliance with this Regulation in the most effective manner and in a manner that is proportionate to the risk class and the type of device.

The quality management system shall cover all parts and elements of a manufacturer’s organisation dealing with the quality of processes, procedures and devices.  It shall govern the structure, responsibilities, procedures, processes and management resources required to implement the principles and actions necessary to achieve compliance with the provisions of this Regulation.’

The article then lists a series of aspects that the quality management system (QMS) shall address.

To achieve product certification under the new regulations, companies will need to be compliant with these new requirements.

For some companies, particularly those where their products have been incorporated into the new regulations but were not subject to previous versions of the legislation, a QMS may be a completely new requirement.  This can be a significant undertaking and must be planned accordingly.

ISO 13485 and the implications on the regulations

ISO 13485 Quality Management for Medical Devices was updated in 2016 and contains new requirements and more emphasis on a risk-based approach to the overall QMS process.  Previous versions of this document have outlined the standard that many organisations have used as the basis for their QMS.  The requirements of ISO 13485 and the new regulations have some overlapping provisions but for companies wishing to retain ISO certification, compliance with both will be necessary.  At the time of writing this article it was anticipated in the industry that the ISO standard and the new regulations would be harmonised.

However, in the short term, this presents a situation where regulatory and quality professionals need to ensure that their QMS is updated for both the requirements of ISO 13485 and the new regulations.

What do you need to do to meet the requirements?

From the above it can be seen that companies will have to review and update their QMS to meet the new requirements.  The first step might be to have an independent audit readiness assessment of your QMS to determine how effective your current capability is.

From there, the next logical step would be to define your approach to your QMS.  Typically, this would include:

  1. Assess the audit readiness gaps with your existing QMS
  2. Understand the requirements for quality management systems in the new regulations.
  3. A gap analysis of each relevant aspect of the company’s QMS against the audit findings and new requirements.
  4. Initial high level designs of potential new processes, capabilities and IT solutions.
  5. High level roadmap for implementing new processes, capabilities and IT solutions.
  6. Cost and resource impact estimation.
  7. Plan for the next phase of activity.

This will then allow you to resource and execute the updates required.

It is important to consider in your implementation activities that your goal should not just be to have your new QMS in-place but also ensure that it is fully in-use.  This latter condition is often the most challenging, necessitating significant change management activity across your organisation.  However, without ensuring in-use, you cannot consider that your QMS is audit ready.


As can be seen from the above, ensuring your QMS is compliant with the new regulations is not an insignificant activity.  Your updates need to be timely to meet the needs of both ISO 13485 and the new regulations and could have significant impact across your operations.  A well thought out implementation approach will help ensure a successful outcome for your organisation.


Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April on Medical Devices

About Be4ward

Be4ward has many years of experience in delivering large and complex legislative-driven change. We have written this document to capture some of our learning throughout that journey and hope it will be useful to you, the reader.

We hope you find this information useful and helpful. We are always searching for ways to improve our work, so if you have any feedback, please do not hesitate to contact us at

For more information on artwork, go to our free download section.