Glossaire réglementaire

Termes clés et définitions en réglementation des dispositifs médicaux

A

Annex II: An annex to the EU MDR (2017/745) that specifies the requirements for technical documentation. Manufacturers must compile and maintain comprehensive documentation demonstrating conformity with the regulation.
Annex III: An annex to the EU MDR (2017/745) that defines the content of the EU Declaration of Conformity. It specifies the information that manufacturers must include when declaring their device meets applicable requirements.
Annex XIV: An annex to the EU MDR (2017/745) detailing requirements for clinical evaluation and post-market clinical follow-up. It sets out the methodology for clinical evaluation and the criteria for PMCF studies.
Authorized Representative: A natural or legal person established within the EU who has been designated by a manufacturer located outside the EU to act on their behalf for specified regulatory tasks. The authorized representative ensures compliance with EU MDR obligations including device registration and vigilance reporting.

B

Biocompatibility: The ability of a material or device to perform with an appropriate host response when applied as intended. Biocompatibility evaluation, conducted per ISO 10993, is a critical requirement for medical devices that have direct or indirect patient contact.

C

CAPA: Corrective and Preventive Action. A systematic approach to identifying, investigating, and resolving quality issues. Corrective actions address existing nonconformities, while preventive actions eliminate the causes of potential nonconformities before they occur.
CE Marking: The conformity marking required to place medical devices on the European Economic Area market. It indicates that a device meets the applicable EU regulatory requirements, including the MDR or IVDR, and has undergone the necessary conformity assessment procedures.
CER: Clinical Evaluation Report. A document that compiles and critically evaluates clinical data relating to a medical device to verify its clinical safety and performance. Under the EU MDR, the CER must be updated throughout the device lifecycle.
CEP: Clinical Evaluation Plan. A document that defines the scope, methodology, and acceptance criteria for the clinical evaluation of a medical device. It outlines the strategy for collecting and assessing clinical data to demonstrate compliance with General Safety and Performance Requirements.
Class I: The lowest risk classification for medical devices under the EU MDR. Class I devices generally do not require Notified Body involvement for conformity assessment, although measuring, sterile, and reusable surgical devices within this class have additional requirements.
Class IIa: A medium-low risk classification for medical devices under the EU MDR. Class IIa devices require Notified Body assessment of the quality management system or type examination as part of the conformity assessment process.
Class IIb: A medium-high risk classification for medical devices under the EU MDR. Class IIb devices require more extensive Notified Body involvement, including assessment of both the quality management system and technical documentation.
Class III: The highest risk classification for medical devices under the EU MDR. Class III devices, such as implantable devices and those incorporating medicinal substances, require the most rigorous conformity assessment procedures, including full Notified Body review of technical documentation.
Clinical Evaluation: A systematic and planned process to continuously generate, collect, analyze, and assess clinical data pertaining to a medical device. It verifies the clinical safety, performance, and clinical benefit of the device when used as intended by the manufacturer.
Clinical Investigation: A systematic study involving human subjects undertaken to assess the safety or performance of a medical device. Clinical investigations must comply with the EU MDR requirements and are typically required when existing clinical data is insufficient to demonstrate conformity.
Cybersecurity: The practice of protecting medical devices and their associated systems from unauthorized access, modification, or disruption. For medical devices, cybersecurity is addressed through standards such as IEC 62443 and IEC 81001-5-1, and is increasingly a regulatory requirement under the EU MDR and FDA guidance.

D

De Novo: An FDA regulatory pathway for novel, low-to-moderate risk medical devices that lack a predicate device for 510(k) clearance. The De Novo process establishes a new device classification and can create a new regulatory category, allowing subsequent similar devices to use the 510(k) pathway.
Design Controls: A set of practices and procedures used during the design and development of medical devices to ensure that specified requirements are met. Design controls, required by the FDA QSR and ISO 13485, include design planning, inputs, outputs, reviews, verification, validation, and transfer.
Design History File: A compilation of records describing the design history of a finished medical device. The DHF contains or references all design control documentation including design inputs, outputs, reviews, verification and validation results, and any design changes.
Design Input: The physical and performance requirements of a medical device that are used as a basis for device design. Design inputs include intended use, functional requirements, safety requirements, regulatory requirements, and applicable standards.
Design Output: The results of the design effort at each design phase and at the end of the total design effort. Design outputs include the device specifications, production specifications, drawings, and labeling, and must be documented in terms that allow adequate evaluation of conformance to design inputs.
Design Review: A formal, documented, comprehensive, and systematic examination of a design to evaluate its adequacy in meeting specified requirements, to identify problems, and to propose solutions. Design reviews must be conducted at appropriate stages of the design process.
Design Validation: Establishing by objective evidence that the device specifications conform to user needs and intended uses. Design validation ensures the final device meets the needs of the user under actual or simulated use conditions.
Design Verification: Confirmation by examination and provision of objective evidence that specified design output requirements have been fulfilled. Design verification confirms that each design output meets the corresponding design input requirement.
DHF: Design History File. A compilation of records that describes the complete design history of a finished medical device, including all design control activities from initial concept through design transfer to production.
DHR: Device History Record. A compilation of records containing the complete production history of a specific finished medical device. The DHR includes manufacturing dates, quantities, acceptance records, labeling, and the unique device identifier or batch number.
DMR: Device Master Record. A compilation of records containing the procedures and specifications for a finished medical device. The DMR includes device specifications, production process specifications, quality assurance procedures, packaging and labeling specifications, and installation and servicing procedures.

E

Economic Operator: A collective term under the EU MDR for manufacturers, authorized representatives, importers, and distributors of medical devices. Each economic operator has defined regulatory obligations to ensure the traceability and compliance of devices on the EU market.
EN ISO 15223-1: An international standard specifying requirements for symbols used in medical device labeling. It provides a standardized set of graphical symbols that convey information about the safe and effective use of medical devices, recognized across global markets.
Essential Requirements: The fundamental safety and performance criteria that medical devices had to meet under the former Medical Devices Directive (MDD 93/42/EEC). Under the EU MDR, these have been replaced and expanded by the General Safety and Performance Requirements (GSPRs).
EU Declaration of Conformity: A legally binding document issued by the manufacturer confirming that a medical device complies with the applicable provisions of the EU MDR or IVDR. The declaration must be kept up to date and made available to competent authorities upon request.
EUDAMED: The European Database on Medical Devices. A centralized EU platform for registering medical devices, economic operators, Notified Bodies, certificates, clinical investigations, vigilance data, and post-market surveillance information. EUDAMED aims to enhance transparency and improve coordination among EU member states.

F

FDA 510(k): A premarket notification submitted to the U.S. Food and Drug Administration to demonstrate that a medical device is substantially equivalent to a legally marketed predicate device. Most Class II and some Class I devices require 510(k) clearance before marketing in the United States.
Field Safety Corrective Action: An action taken by a manufacturer to reduce a risk of death or serious deterioration in the state of health associated with the use of a medical device that is already placed on the market. FSCAs include device recalls, modifications, updates to instructions for use, and customer notifications.

G

General Safety and Performance Requirements: The fundamental requirements listed in Annex I of the EU MDR that all medical devices must fulfill. GSPRs cover general requirements such as risk management, clinical evaluation, design and manufacture, and specific requirements for particular device types including software and connected devices.
GMP: Good Manufacturing Practice. A system of quality management requirements for the manufacturing of medical devices, ensuring products are consistently produced and controlled according to defined quality standards. In the U.S., GMP for medical devices is governed by the FDA Quality System Regulation.
GSPR: General Safety and Performance Requirements. The set of essential requirements in Annex I of the EU MDR (2017/745) that medical devices must satisfy to be placed on the EU market. These requirements address safety, performance, design, manufacture, risk management, and clinical evaluation.
GUDID: Global Unique Device Identification Database. The FDA-managed repository where manufacturers must submit device identification information for devices marketed in the United States. GUDID stores the Device Identifier (DI) portion of the UDI and key device attributes.

I

IEC 62304: An international standard for medical device software lifecycle processes. IEC 62304 defines requirements for the development and maintenance of medical device software, including software development planning, requirements analysis, architectural design, implementation, verification, and release.
IEC 62366: An international standard specifying a process for analyzing, specifying, developing, and evaluating the usability of medical devices. It requires manufacturers to apply usability engineering to optimize the user interface and minimize use errors that could compromise safety.
IEC 62443: A series of international standards addressing cybersecurity for industrial automation and control systems, increasingly applied to networked medical devices. IEC 62443 provides a framework for securing devices and systems against cyber threats across the product lifecycle.
IEC 81001-5-1: An international standard specifying security requirements for the development lifecycle of health software and health IT systems. It defines activities for secure design, implementation, verification, release, and maintenance, and is referenced by the EU MDR for medical device cybersecurity.
IFU (Instructions for Use): The information provided by the manufacturer to convey to the user the intended purpose and proper use of a medical device. IFUs must include essential safety information, contraindications, warnings, precautions, and instructions for installation, use, and maintenance as required by the EU MDR and FDA regulations.
Importer: A natural or legal person established within the EU who places a medical device from a third country on the EU market. Importers have specific obligations under the EU MDR, including verifying that the manufacturer has fulfilled its regulatory requirements and that the device bears appropriate conformity marking.
ISO 10993: A series of international standards for evaluating the biological safety of medical devices. ISO 10993 provides a framework for planning and conducting biocompatibility assessments, including cytotoxicity, sensitization, irritation, systemic toxicity, and other biological effect testing.
ISO 13485: The international standard specifying requirements for a quality management system for the design and manufacture of medical devices. ISO 13485:2016 is the current version and is recognized globally as the foundation for regulatory compliance in the medical device industry.
ISO 14971: The international standard for the application of risk management to medical devices. ISO 14971 establishes a framework for identifying hazards, estimating and evaluating associated risks, controlling risks, and monitoring the effectiveness of risk controls throughout the device lifecycle.
IVDR: In Vitro Diagnostic Regulation (EU 2017/746). The European regulation governing in vitro diagnostic medical devices, replacing the former IVD Directive (98/79/EC). The IVDR introduces a new classification system, stricter conformity assessment requirements, and increased clinical evidence obligations for IVD devices.

M

MDCG: Medical Device Coordination Group. An expert group established under the EU MDR and IVDR to provide advice and guidance on the implementation of the regulations. The MDCG publishes guidance documents that help harmonize interpretation and application of regulatory requirements across EU member states.
MDR: Medical Device Regulation (EU 2017/745). The European regulation governing medical devices, replacing the former Medical Devices Directive (MDD 93/42/EEC). The MDR introduces stricter requirements for clinical evidence, post-market surveillance, traceability, and transparency for medical devices placed on the EU market.
MDSAP: Medical Device Single Audit Program. A program that allows a single regulatory audit of a medical device manufacturer to satisfy the requirements of multiple participating regulatory authorities, including those from the U.S., Canada, Brazil, Australia, and Japan.
MEDDEV: A series of non-binding guidance documents published by the European Commission under the former Medical Devices Directives. While many MEDDEVs have been superseded by MDCG guidance documents under the EU MDR, they remain useful reference points for established regulatory principles.
Medical Device Coordination Group (MDCG): An expert advisory group composed of representatives from EU member states, established under Article 103 of the EU MDR. The MDCG publishes guidance on topics including clinical evaluation, post-market surveillance, UDI, EUDAMED, and classification to support consistent regulatory implementation.

N

NBOp: Notified Body Opinion. A formal opinion issued by a Notified Body as part of the conformity assessment of certain medical devices, particularly drug-device combination products. The NBOp evaluates the device component and its integration with the medicinal substance.
Notified Body: An organization designated by an EU member state to assess the conformity of medical devices with applicable regulatory requirements. Notified Bodies conduct conformity assessments including technical documentation reviews, quality management system audits, and type examinations for higher-risk device classifications.

P

PMA: Premarket Approval. The most rigorous FDA regulatory pathway required for high-risk (Class III) medical devices. PMA requires clinical evidence of safety and effectiveness and involves a thorough review of the device design, manufacturing, and labeling.
PMCF: Post-Market Clinical Follow-up. A proactive and continuous process of collecting and evaluating clinical data from devices already placed on the market. PMCF is part of the clinical evaluation process under the EU MDR and is used to confirm the ongoing safety and performance of a device throughout its lifetime.
PMOA: Primary Mode of Action. The principal mechanism by which a combination product achieves its intended therapeutic effect. Determining the PMOA is critical for establishing which regulatory framework (medicinal product, medical device, or both) applies to a combination product.
PMS: Post-Market Surveillance. A systematic process by which manufacturers proactively collect and review experience gained from devices placed on the market. PMS activities include collecting user feedback, monitoring complaints, analyzing trends, and updating risk assessments to ensure continued safety and performance.
Post-Market Clinical Follow-up: A continuous process of proactively collecting and evaluating clinical data related to a medical device that is already on the market. PMCF studies are required under Annex XIV of the EU MDR to confirm safety, clinical performance, and the benefit-risk ratio throughout the device lifecycle.
Post-Market Surveillance: A proactive and systematic process established by manufacturers to gather, record, and analyze relevant data on the quality, performance, and safety of a medical device after it has been placed on the market. PMS is a legal requirement under the EU MDR and feeds into vigilance, PSUR, and clinical evaluation activities.
Process Validation: Establishing by objective evidence that a manufacturing process consistently produces a result or product meeting its predetermined specifications. Process validation is required for production processes where the output cannot be fully verified by subsequent inspection and testing.
PRRC: Person Responsible for Regulatory Compliance. A role mandated by the EU MDR requiring manufacturers to have at least one qualified person responsible for ensuring regulatory compliance. The PRRC must have expertise in medical device regulatory affairs and is accountable for activities such as conformity verification and vigilance reporting.
PSUR: Periodic Safety Update Report. A summary report prepared by manufacturers as part of post-market surveillance obligations under the EU MDR. PSURs compile and analyze safety and performance data, provide conclusions on the benefit-risk ratio, and are submitted at defined intervals depending on device classification.

Q

QSR: Quality System Regulation. The U.S. FDA regulation (21 CFR Part 820) that establishes Good Manufacturing Practice requirements for medical device manufacturers. The QSR covers design controls, production and process controls, corrective and preventive actions, and other quality management requirements.

R

Risk Management: The systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling, and monitoring risk associated with a medical device. Risk management, governed by ISO 14971, is a fundamental regulatory requirement and must be maintained throughout the entire device lifecycle.

S

SaMD: Software as a Medical Device. Software intended to be used for one or more medical purposes that performs these purposes without being part of a hardware medical device. SaMD is subject to regulatory requirements including classification based on the significance of the information it provides and the healthcare situation.
SBOM: Software Bill of Materials. A formal, structured inventory of all software components, libraries, and dependencies included in a medical device or its supporting systems. An SBOM is increasingly required by regulatory authorities, including the FDA, to enable vulnerability management and cybersecurity risk assessment.
Serious Incident: An incident that directly or indirectly led, might have led, or might lead to the death of a patient, user, or other person, or a serious deterioration in their health, or a serious public health threat. Manufacturers must report serious incidents to competent authorities through the vigilance system.
SiMD: Software in a Medical Device. Software that is integral to a medical device and is necessary for the device to achieve its intended purpose. Unlike SaMD, SiMD operates as part of the hardware device and is regulated as a component of the overall device system.
SOUP: Software of Unknown Provenance. A software item that is already developed and generally available but was not developed for the purpose of being incorporated into a medical device. Under IEC 62304, manufacturers must identify, evaluate, and manage risks associated with SOUP components, including open-source and third-party libraries.
SSCP: Summary of Safety and Clinical Performance. A document required under Article 32 of the EU MDR for implantable and Class III medical devices. The SSCP provides a summary of clinical data, safety information, and performance evidence, and must be made publicly available through EUDAMED.

T

Technical File: The comprehensive documentation compiled by a manufacturer to demonstrate that a medical device conforms to the EU MDR. The Technical File, specified in Annex II, includes device description, design and manufacturing information, General Safety and Performance Requirements checklist, risk management, clinical evaluation, and labeling.

U

UDI: Unique Device Identification. A system for identifying medical devices throughout their distribution and use using a standardized identifier. The UDI system, mandated by both the EU MDR and FDA, consists of a Device Identifier (UDI-DI) and a Production Identifier (UDI-PI), enabling improved traceability and post-market surveillance.
UDI-DI: Unique Device Identifier — Device Identifier. The fixed, mandatory portion of a UDI that identifies the specific version or model of a medical device and its manufacturer. The UDI-DI serves as the primary key for device identification in regulatory databases such as EUDAMED and GUDID.
UDI-PI: Unique Device Identifier — Production Identifier. The variable portion of a UDI that identifies the production-specific data of a medical device, such as lot or batch number, serial number, expiration date, or manufacturing date. The UDI-PI enables traceability of individual units or batches.
Usability: The characteristic of a user interface that establishes effectiveness, efficiency, and user satisfaction in the intended use environment. Usability engineering for medical devices, governed by IEC 62366, aims to minimize use errors that could lead to hazardous situations or compromise clinical outcomes.

V

V&V (Verification and Validation): Verification is the confirmation through objective evidence that specified requirements have been fulfilled. Validation is the confirmation through objective evidence that the requirements for a specific intended use or application have been fulfilled. Together, V&V ensures a medical device meets both its design specifications and user needs.
Vigilance: The system of monitoring, reporting, and investigating serious incidents and field safety corrective actions related to medical devices after they are placed on the market. Under the EU MDR, manufacturers must report serious incidents to competent authorities and implement corrective actions when necessary.

Prêt à accélérer votre conformité réglementaire ?

Planifiez une consultation gratuite avec nos experts réglementaires seniors

Réservez une consultation gratuite

info@swissmpc.com