Regulatory Affairs

« Back to Glossary Index

What it is

Regulatory Affairs is the discipline that plans, assembles, and maintains the evidence and filings needed to place and keep medical devices and IVDs on the market. It aligns product claims, quality systems, and post-market duties with legal requirements across jurisdictions (e.g., EU MDR/IVDR; US 21 CFR Parts 807/801/830/820; Canada SOR/98-282; Japan PMD Act; Australia TGA rules).

Market accessLifecycle complianceRisk & evidence

Regulatory framework

  • EU: MDR 2017/745 and IVDR 2017/746—classification (Annex VIII), GSPRs (Annex I), technical documentation (Annex II–III), conformity assessment (Annex IX–XI), UDI/EUDAMED (Arts. 27–33), PMS/vigilance (Arts. 83–92).
  • US (FDA): Registration/listing (21 CFR 807), labeling/UDI (21 CFR 801/830), QMSR (21 CFR 820), submissions: 510(k) (21 CFR 807 Subpart E), De Novo (21 CFR 860), PMA (21 CFR 814), MDR reporting (21 CFR 803), corrections/removals (21 CFR 806).
  • Canada: Medical Devices Regulations SOR/98-282—licensing, problem reporting (§§59–61), recalls (§§57–65).
  • Japan: PMD Act with QMS Ordinance No. 169/2004 and GVP No. 135/2004; PMDA review/inspections.
  • Australia: TGA—Therapeutic Goods Act & Medical Devices Regulations 2002; ARTG inclusion, conformity assessment, incident reporting (e.g., r. 5.7–5.8).

Key elements

  • Strategy: Intended use/purpose, classification, and route (CE marking or 510(k)/De Novo/PMA).
  • Dossiers: Technical documentation/CER/PMCF (EU) or FDA submissions with clear traceability to requirements.
  • Labeling & UDI: IFU, symbols, claims, language control, and database entries (EUDAMED/GUDID).
  • Change control: Impact assessment for design, manufacturing, and claim changes; NB/FDA engagement when required.
  • PMS & vigilance: PSUR/PMS Report, MDR/eMDR, trend reporting, recalls, and CAPA linkage.

Process — how it works

  • Define & map: Write precise intended purpose/claims; pick pathway and standards list.
  • Build evidence: Coordinate V&V, clinical evaluation/PE, and risk/usability/cybersecurity files.
  • Compile & submit: Assemble Annex II–III file (EU) or FDA dossier; ensure clean GSPR/requirement mapping and indexing.
  • Review & respond: Manage NB/FDA questions with documented rationales and exact cross-references.
  • Release & register: Affix CE mark or obtain FDA decision; complete listings/UDI databases and country registrations.
  • Maintain & improve: Operate PMS, manage changes, renew certificates, and support inspections/audits.

Common pitfalls

  • Choosing the wrong class/pathway or weak intended use wording.
  • Claims outpacing clinical evidence or risk controls.
  • Poor GSPR/requirements traceability and inconsistent labels/UDI/database entries.
  • Late vigilance or incomplete PSUR/PMS Reports.
  • Uncontrolled changes that diverge from the approved/CE-marked configuration.

Quick checks / Tips

  • Trace every claim → test/study → acceptance criteria → labeling.
  • Confirm class and route early; align with standards and guidance.
  • Keep technical files, UDI databases, and certificates synchronized.
  • Pre-stage PMCF/real-world evidence plans for higher-risk or novel tech.

FAQ

What does Regulatory Affairs actually do?

It designs the market-access strategy, builds and submits dossiers, maintains licenses/certificates, manages labeling and UDI, and runs change control and post-market reporting.

How is RA different from Quality Assurance?

RA focuses on external requirements, submissions, and market access; QA runs the internal QMS for consistent execution. They intersect on evidence, change control, and audits.

Do all devices need clinical evidence?

Yes, in the EU a clinical evaluation is required for all devices (MDR Art. 61). New trials depend on risk and gaps. In the US, clinical data are required for PMA and sometimes for De Novo or 510(k) depending on claims.

When does a change need new approval?

US: significant changes to intended use, technology, or risk can trigger a new 510(k) or PMA supplement (21 CFR 807.81(a)(3); 21 CFR 814.39). EU: significant changes typically require NB review and certificate updates.

What makes a strong submission?

Precise claims, complete GSPR/requirements mapping, clean evidence tables, consistent labeling/UDI, and fast, traceable responses to reviewer questions.