What the PRRC Is (and Who Needs One)

• Manufacturers must designate a PRRC with requisite expertise (Article 15).
• Authorized Representatives (ARs) must also have a PRRC (Article 15(6)).
• Micro/small enterprises (<50 employees and ≤€10m turnover/balance) may outsource, but the PRRC must remain “permanently and continuously” at your disposal (Article 15(2)).

Core Responsibilities (Article 15)

Document these as release gates in your QMS:

1. Conformity before release — Verify each device batch/version complies with the QMS and applicable requirements before release (Article 15(3)(a)).
2. Technical documentation & EU DoC — Ensure technical documentation and the EU Declaration of Conformity are created and kept up to date (Article 15(3)(b)).
3. Post-market surveillance — Ensure PMS obligations are fulfilled (MDR Article 10(10); IVDR Article 10(9)) (Article 15(3)(c)).
4. Vigilance reporting — Ensure incident/safety reporting obligations are fulfilled (MDR Articles 87–91; IVDR Articles 82–86) (Article 15(3)(d)).
5. Investigational/Performance study statement — Ensure the required manufacturer statement is issued (MDR Annex XV, Ch. II, 4.1; IVDR Annex XIV) (Article 15(3)(e)).

Qualifications (Article 15(1))

• Education + Experience: Degree in law, medicine, pharmacy, engineering, or another relevant scientific discipline and ≥1 year professional EU RA/QMS experience in medical devices/IVDs.
• Experience only: ≥4 years professional EU RA/QMS experience in medical devices/IVDs.

Outsourcing the PRRC (Article 15(2))

Allowed only for micro/small enterprises. If you outsource, lock these into the contract and SOPs:

• Availability: “Permanently and continuously” at your disposal (coverage hours, SLAs, deputies).
• Access: Unfettered access to tech docs, PMS data, complaints, CAPA, release records.
• Authority: PRRC empowered to block release if conformity isn’t demonstrated.
• Integration: Defined touchpoints (design/risk/clinical/release meetings), system access, training.
• Independence: Clear lines of authority; avoid conflicts of interest.
• Multiple PRRCs: Write down the split of responsibilities (Article 15(4)).

How to Operationalize the PRRC in Your QMS

1) Design & Development (SaMD)

• PRRC reviews intended use, classification rationale (e.g., Rule 11), and GSPR matrix early.
• Confirm IEC 62304, ISO 14971, and IEC 62366 outputs are integrated into technical documentation.
• Gate: PRRC signs Design Review record when evidence aligns with claims.

2) Technical Documentation & DoC

• Annex II/III technical documentation complete, current, searchable.
• Gate: PRRC signs Technical Documentation Index and pre-approves DoC template content.

3) Release Management (SaMD versions)

• Risk assessment update, V&V summary, cybersecurity assessment, and IFU/labeling updates done.
• Gate: PRRC signs Release Checklist (no critical NCs; UDI/traceability updated).

4) PMS & Vigilance Preparedness

• PRRC validates PMS Plan, trend monitoring, and vigilance procedures.
• Gate: Confirm PMS evidence flows (complaints, tickets, logs) are functional pre-market.

5) Investigational/Performance Studies (if applicable)

• PRRC ensures the manufacturer’s statement is complete and filed per MDR Annex XV / IVDR Annex XIV.
• Gate: PRRC signs the study statement; align with risk management and clinical evaluation.

Minimum Document Set the PRRC Should Review/Sign

• Quality Manual (role definition, authority)
• PRRC Job Description/Competence Matrix and CV/evidence file
• Technical Documentation Index (Annex II/III) and GSPR Checklist
• Risk Management File (Plan, Analysis, Report, Benefit–Risk)
• Software V&V Summary (incl. cybersecurity and usability)
• Labeling/IFU and UDI assignments
• EU Declaration of Conformity (final sign-off post-certification)
• PMS Plan (PSUR/PMCF applicability rationale)
• Vigilance SOPs (reporting workflows and timelines)
• Investigational/Performance Study Statement (if applicable)

Common Audit Findings (and How to Avoid Them)

1. PRRC not named or unclear authority — Add to org chart; empower to halt release in job description and QM.
2. Qualifications not evidenced/EU-relevant — Maintain a Qualifications Dossier (degree, scopes, letters).
3. No written split with multiple PRRCs — Create a signed Responsibility Allocation Statement.
4. PRRC not involved in PMS/Vigilance — Add PRRC approval to PMS Plan; route metrics and triage logs.
5. Release without PRRC sign-off — Make PRRC signature a mandatory gate in SOP and eQMS workflow.
6. Outsourced PRRC lacks availability — Define SLAs, deputies, and access in the agreement.

Quick RACI (Example for a SaMD Release)

Practical Implementation Checklist

• Define the role: Add PRRC role, authority, independence to the Quality Manual and org chart.
• Prove competence: Build a Qualifications Dossier (degree/experience, EU-relevant RA/QMS).
• Wire into processes: Insert PRRC gates in Design Control, Release, PMS, Vigilance, Studies.
• Outsource (if eligible): Execute an agreement with availability, access, authority, deputy clauses.
• Make it traceable: Use a PRRC Release Checklist; store signed versions with version/UDI refs.
• Train & test: Train teams and run a table-top mock audit of a release cycle.

One-Page PRRC Release Checklist (Template)

1. Technical Documentation Index updated and complete (Annex II/III).
2. GSPR Matrix current; all claims mapped to evidence.
3. Risk Management File current; residual risks acceptable.
4. Software V&V Summary complete (incl. cybersecurity & usability).
5. Labeling/IFU/UDI updated and reviewed.
6. PMS/Vigilance procedures verified (feedback channels, triage, trending).
7. EU DoC draft ready (final sign after certification, as applicable).
8. PRRC signature (date/time, printed name, version/UDI reference).

FAQs (Concise)

Can one person be PRRC for both manufacturer and AR?
Practically uncommon; each entity must have its own PRRC (Article 15(6)). Avoid conflicts of interest.

Can we have multiple PRRCs?
Yes. Document the split in writing (Article 15(4)) and ensure full coverage.

Is the PRRC personally liable?
MDR/IVDR assign obligations to the manufacturer/AR. National law may vary; clarify responsibilities and indemnities contractually.

Can the RA/QA Manager also be PRRC?
Yes, if the person meets Article 15 qualifications and has authority.

What if our PRRC is unavailable?
Maintain a deputy and coverage plan; auditors will expect it, especially if outsourced.

Bottom Line

Treat the PRRC as a gatekeeper embedded in your QMS. When qualifications are documented, authority is explicit, responsibilities are wired into SOPs, and sign-offs are traceable, audits go smoothly and releases are defensible. That’s the difference between “we think we comply” and audit-ready.