SlideShare a Scribd company logo

New legal obligations and liability under MDR and IVDR

Download as PPTX, PDF
Erik Vollebregt, profile picture
Erik Vollebregt

The document discusses new legal obligations under the Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR), focusing on various aspects such as claims, authorized representatives, supply chain responsibilities, and liability. It highlights critical provisions, including prohibitions against misleading claims, the role of authorized representatives, and changes in regulatory compliance requirements. Additionally, it addresses potential impacts on manufacturers, including increased liability and the intersection with GDPR compliance for devices processing personal data.

Health & Medicine
Related topics:
medical-devices
1 of 35
Downloaded 191 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
NEW LEGAL OBLIGATIONS UNDER MDR AND IVDR Medtech Summit, Amsterdam 19 June 2017 Erik Vollebregt www.axonadvocaten.nl
Agenda • Some of the “legal” stuff / obligations in the MDR/IVDR: • New claims article • Authorised representative • Supply chain: obligations of the others • Responsible person • Liability and NCA facilitating liability claims • Third parties: repacking/relabelling, parts & components • National implementation of MDR/IVDR • General Data Protection Regulation and its interface with Annex I chapter 17 MDR / 16 IVDR • Where does this fit into your overall transition plan?
New legal obligations and liability under MDR and IVDR
Are you on your way with your transition plan, or are you still in denial?
Claims Article 7 MDR / IVDR In the labelling, instructions for use, making available, putting into service and advertising of devices, it is prohibited to use text, names, trademarks, pictures and figurative or other signs that may mislead the user or the patient with regard to the device’s intended purpose, safety and performance by: (a) ascribing functions and properties to the product which the product does not have; (b) creating a false impression regarding treatment or diagnosis, functions or properties which the product does not have; (c) failing to inform of a likely risk associated with the use of the product in line with its intended purpose; (d) suggesting uses of the product other than those declared in the intended purpose when the conformity assessment was carried out.
Claims Provisions apply not only to advertising but also to other materials and actions involving intended use: • labelling, • instructions for use, • making available, • putting into service, and • advertising Similar system as under Unfair B2C Commercial Practices Directive – look at concept of ‘commercial practice’ (“any act, omission, course of conduct or representation, commercial communication including advertising and marketing, by a trader, directly connected with the promotion, sale or supply of a product”)
Claims • What does “prohibited” mean? • NCAs can enforce (fines and retraction / rectification) • Notified Body can write you up for a major non-conformity (e.g. if the claim is made in the IFU or label) • Under EU advertising law it means that competitors have a direct action in court in the member states • Will need to see how this affects current wide differences between member states with regard to private enforcement of claims regarding medical devices
Claims What does it mean for the manufacturer? • A lot easier for competitors to challenge claims in more places • Need for careful vetting of supporting evidence in accuracy over time • • “failing to inform of a likely risk associated with the use of the product in line with its intended purpose” is relevant for product liability as well (Art. 6 (1) Directive 85/374 defines a defect product as: ”when it does not provide the safety which a person is entitled to expect, taking all circumstances into account, including: (a) the presentation of the product; (b) the use to which it could reasonably be expected that the product would be put;” • Tricky off-label use provision (“suggesting uses of the product other than those declared in the intended purpose”) – normally active suggestions / soliciting of off-label use is not allowed; how should we read “suggesting” in this context?
Authorised representative • Big changes for authorised representatives, both ‘in-house’ and external • Implementation of AR MEDDEV • Prescriptive rules for AR mandate and contract – like notified bodies ARs are recruited into market surveillance • AR must provide information, cooperate in investigation and verify that appropriate conformity assessment procedure has been carried out by the manufacturer • AR must have person responsible for regulatory compliance • Problematic: • terminate the mandate if the manufacturer acts contrary to his obligations • In case of termination, notify CA and Notified Body of termination and reasons for termination
Authorised representative The modalities of a change of authorised representative shall be clearly defined in an agreement between the manufacturer, where practicable the outgoing authorised representative and the incoming authorised representative (art. 12 MDR / IVDR) This agreement shall address at least the following aspects: (a) the date of termination and date of beginning of the mandates; (b) the date until which the outgoing authorised representative may be indicated in the information supplied by the manufacturer, including any promotional material; (c) the transfer of documents, including confidentiality aspects and property rights; (d) the obligation of the outgoing authorised representative after the end of the mandate to forward to the manufacturer or incoming authorised representative any complaints or reports that may be incident related
Supply chain obligations • Each link in the supply chain gets the responsibility to check compliance of the previous one • Review autonomous general obligations of importers and distributors (articles 13-14 MDR / IVDR), e.g. • verify compliance of the device, • inform competent authority of non-compliance of the device • implement corrective action • amend contracts accordingly
Supply chain controls Manufacturer Importer Distributor End User Post market surveillance and vigilance Regulatory compliance of device Verify compliance Verify compliance Supplier Unannounced NB inspections
Responsible person • Looks like a pharma QP but isn’t • Manufacturers shall have available within their organisation at least one person responsible for regulatory compliance who possesses the requisite expertise in the field of medical devices • May be more; role(s) may be split over persons • Qualifications necessary in MDR / IVDR • Can you outsource the role? • Unsure what “available within their organisation” means but SMEs and ARs are not required to have the person responsible for regulatory compliance within their organisation but shall have such person permanently and continuously at their disposal. • Suggests that SMEs and ARs can outsource but bigger companies / non-ARs cannot
Liability and NCA facilitating liability claims - manufacturer Article 10 (16) MDR / IVDR : “Natural or legal persons may claim compensation for damage caused by a defective device in accordance with applicable Union and national law. Manufacturers shall, in a manner that is proportionate to the risk class, type of device and the size of the enterprise, have measures in place to provide sufficient financial coverage in respect of their potential liability under Directive 85/374/EEC, without prejudice to more protective measures under national law.” • “Sufficient financial coverage proportionate to risk class, type and size of enterprise” • How to interpret this reliably and predictably? How is size of the enterprise relevant for example (PIP was a small company)? • “Without prejudice to more protective measures under national law” • What can those be? They cannot provide for anything that detracts from the useful effect of Directive 85/374
Liability and NCA facilitating liability claims - AR Article 11 (5) MDR / IVDR: “[…] where the manufacturer is not established in any Member State, and has not complied with the obligations laid down in Article 10 MDR/IVDR, the authorised representative shall be legally liable for defective devices on the same basis as, jointly and severally with, the manufacturer. • Also in case the manufacturer misled the AR (think PIP)? • “has not complied” – where and by whom is this determined? • This will lead to a situation in which ARs will be even more trigger happy to terminate agreements and manufacturers will have difficulties engaging a new one • AR agreements will be more and more sources of dispute • AR costs base will change completely
NCA facilitating liability claims Article 10 (14) last para MDR / IVDR: “If a competent authority considers or has reason to believe that a device has caused damage, it shall, upon request, facilitate the provision, of the information and documentation referred to in the first sub-paragraph to the potentially injured patient or user and, as appropriate, the patient's or user's successor in title, the patient's or user's health insurance company or other third parties affected by the damage caused to the patient or user, without prejudice to the data protection rules and, unless there is an overriding public interest in disclosure, without prejudice to the protection of intellectual property rights. The competent authority need not comply with this obligation where disclosure of the information referred to in the first subparagraph is ordinarily dealt with in the context of legal proceedings.”
NCA facilitating liability claims Some practical comments: • “potentially injured” – what does that mean? • ”caused damage” – not defect? broader than by a defective device? • What information? “all the information and documentation necessary to demonstrate the conformity of the device”, information regarding vigilance and corrective action – non-conforming is not necessarily defective in the meaning of Directive 85/374 • To whom? Basically everyone ‘affected by the damage caused to the patient or user’ – that’s a broad class of persons and entities (this could have been used in the Guidant pacemaker and ICD case (C-503/13) for example) • Except if • Data protection, except if public interest in disclosure (balance of interests) – unpredictable and easily influenced, and what is the public interest in a private liability claim? • Intellectual property – what does an NCA know about this? • Disclosure of the information is ordinarily dealt with in the context of legal proceedings – it basically always is in liability suits
Liability and NCA facilitating liability claims What does all of this mean for the market? • Costs – insurance companies will be the laughing third party here • More protection of patients? No, they could always sue for damage resulting from defective devices and the NCAs’ facilitation will invoke evasive manoeuvres all over the place, because the NCA would likely see the information that the claimant receives • Does it solve PIP type issues with manufacturer going bankrupt? No, because insurance policies expire typically when a company goes bankrupt.
Third parties: parts & components Article 23 MDR / 20 IVDR: “1. Any natural or legal person who makes available on the market an article intended specifically to replace an identical or similar integral part or component of a device that is defective or worn in order to maintain or re-establish the function of the device without changing its performance or safety characteristics or its intended purpose, shall ensure that the article does not adversely affect the safety and performance of the device. Supporting evidence shall be kept available to the competent authorities of the Member States. 2. An article that is intended specifically to replace a part or component of a device and that significantly changes the performance or safety characteristics or the intended purpose of the device shall be considered as a device and shall meet the requirements laid down in this Regulation.
Third parties: parts & components • Non-OEM replacement parts and components must have supporting evidence that they do not adversely affect the safety and performance of the device • Standard of supporting evidence? Criterion presumes a validation • Is OEM obliged to cooperate in validation? • Non-OEM enhancement parts are devices • How will that work in practice? – accessory type evaluation? • Is manufacturer obliged to development of supporting evidence for competing non-OEM parts/components? • Printer cartridge competition law cases
Third parties: repacking & relabelling • Basically pharma repacking case law written down for devices • Strangely enough stricter regime than outcome of the EU Court Servoprax case (C-277/15) • Article 17 (2) MDR / 16 (2) IVDR: • Translation of IFU and other information and repacking do not make someone a manufacturer • Indicated person responsible for activity on the pack or accompanying document • Have notified body blessed QMS and vigilance for activity • Reporting and mock-up to manufacturer and NCA for each time repacked / relabelled device is made available
National implementation of MDR/IVDR • Many legal obligations will follow from national implementation of MDR • E.g. national choices on fines and costs of surveillance • Reprocessing allowed or not? • Outsourced reprocessing allowed or not? • Types of devices for hospital production? • Require custom made devices manufacturers to submit lists of devices made available • Require HCPs and institutions to store UDI of implants • Implementation of clinical trial provisions (e.g. require EU representative appointment or not) • Etc.
General Data Protection Regulation and its interface with Annex I chapter 17 MDR / 16 IVDR • Annex I chapter 17 MDR / 16 IVDR contains security rules in relation to software (both embedded and stand alone) • “17.2 / 16.2 For devices that incorporate software or for software that are devices in themselves, the software shall be developed and manufactured according to the state of the art taking into account the principles of development life cycle, risk management, including information security, verification and validation.” • GDPR requires compliance by design and default for any device processing personal data • If a device processes personal data (concerning health), it will have to conform to design principles under two different regulations
Concurrent privacy by design requirements under GDPR • General Data Protection Regulation has already entered into force, transitional period ending 25 May 2018 • Will apply to any device that processes personal data, both on hardware and software level – possible overlaps with MDR • Requires privacy by • Design • Default • Requires cybersecurity measures, but so does the MDR • GSPRs 17.1, 17.2 and 17.4
GDRP security thinking Recital 81: “the controller should use only processors providing sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organisational measures which will meet the requirements of this Regulation, including for the security of processing. ”
GDPR security thinking • Under the MDR / IVDR costs of implementation are irrelevant for risk reduction (AFAP principle in GSPR 2)
Security requirements
Security design requirements (art. 32) Controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymisation and encryption of personal data (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Take account of risks that are presented by processing, e.g. accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
Overlap of risks and different approaches MDR / IVDR • Security by design aimed to safeguard safety and performance (Safety, Reliability and Availability (SRA) for cyber physical systems) GDPR • Security by design and default aimed at data integrity (Confidentiality– Integrity–Availability (CIA) for corporate processes) Map security risks under GDPR that are also (partially) safety and performance risks under MDR / IVDR • Those risks are subject to AFAP reduction by means of design insofar as they concern the device (GSPR 2 and EN ISO 14971:2012 ZABC annexes)
Overlap of risks and different approaches - nice model GDPR orientation MDR / IVDR orientation
New legal obligations and liability under MDR and IVDR
New legal obligations and liability under MDR and IVDR
New legal obligations and liability under MDR and IVDR
New legal obligations and liability under MDR and IVDR
www.axonlawyers.com THANKS FOR YOUR ATTENTION Erik Vollebregt Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam T +31 88 650 6500 M +31 6 47 180 683 E erik.vollebregt@axonlawyers.com @meddevlegal B http://medicaldeviceslegal.com READ MY BLOG: http://medicaldeviceslegal.com

More Related Content

PPTX
Medical Device Regulations - 510(k) Process
Michael Haessly - SSBB, CQE, CRE, CQM, CSQE, CQA
 
PPT
CE Mark: Where to Start
f2labs13
 
PDF
Classification of In Vitro Diagnostic Devices per FDA and IVDR Rules
Zafirios Gourgouliatos, Ph.D.
 
PPTX
Future of EU In Vitro Diagnostics Regulation
Erik Vollebregt
 
PDF
IVDR Readiness Checklist
Greenlight Guru
 
PDF
Mdr 17 with 2020 rules
Prasad Bhat
 
PDF
Webinar: Europe's new Medical Device Regulations (MDR)
EMERGO
 
PPTX
Commonwealth of independent states
garimasaini33
 
Medical Device Regulations - 510(k) Process
Michael Haessly - SSBB, CQE, CRE, CQM, CSQE, CQA
 
CE Mark: Where to Start
f2labs13
 
Classification of In Vitro Diagnostic Devices per FDA and IVDR Rules
Zafirios Gourgouliatos, Ph.D.
 
Future of EU In Vitro Diagnostics Regulation
Erik Vollebregt
 
IVDR Readiness Checklist
Greenlight Guru
 
Mdr 17 with 2020 rules
Prasad Bhat
 
Webinar: Europe's new Medical Device Regulations (MDR)
EMERGO
 
Commonwealth of independent states
garimasaini33
 

What's hot (20)

PPTX
Medical Device Regulation (MDR) overview for Technion, May 25, 2021
Levi Shapiro
 
PPTX
Premarket Notification 510(k) for Biologics [Autosaved].pptx
SusmithaTella2
 
PPT
The Impact of Directive 2007/47/EC
Colin Rylett
 
PDF
How to Prepare for the New EU Medical Device Regulations (MDR)
Greenlight Guru
 
PDF
Regulatory Approval Process for Medical Devices in EU - Presentation by Aksha...
Akshay Anand
 
PPTX
Medical Devices Regulation (MDR) 2017/745 - Classification of devices
Arete-Zoe, LLC
 
PPTX
ISO: 14971 Quality risk management of medical devices
Atul Bhombe
 
DOCX
Medical device clinical evaluation
Malesh M
 
PDF
Effective Complaint Management: The Key to a Competitive Edge for Medical Dev...
Cognizant
 
PPT
Volume 9 A Guidelines On Pharmacovigilance[1]
siddharthchachad
 
PDF
Risk Management for Medical Devices - ISO 14971 Overview
Greenlight Guru
 
PDF
General principles of Periodic Safety Update Reports(PSUR)Psur by Julia Appel...
László Árvai
 
PPTX
CE marking and CE certification
meddevicemarking
 
PPTX
Regulatory requirements for CE CERTIFICATION of Medical Devices in European U...
Pallavi Christeen
 
PPTX
Medical Device Regulatory Affairs.
Anjali Gupta
 
PDF
The 510(k) Process
Michael Swit
 
PPTX
ISO Standard 13485
Himanshi Arora
 
PPTX
Ce marking and methods to apply presentation
Rajashekhara Gowda
 
PPTX
TSE/BSE Evaluation
Sridhar S
 
PPTX
Ce marking of medical devices
Pallavi Christeen
 
Medical Device Regulation (MDR) overview for Technion, May 25, 2021
Levi Shapiro
 
Premarket Notification 510(k) for Biologics [Autosaved].pptx
SusmithaTella2
 
The Impact of Directive 2007/47/EC
Colin Rylett
 
How to Prepare for the New EU Medical Device Regulations (MDR)
Greenlight Guru
 
Regulatory Approval Process for Medical Devices in EU - Presentation by Aksha...
Akshay Anand
 
Medical Devices Regulation (MDR) 2017/745 - Classification of devices
Arete-Zoe, LLC
 
ISO: 14971 Quality risk management of medical devices
Atul Bhombe
 
Medical device clinical evaluation
Malesh M
 
Effective Complaint Management: The Key to a Competitive Edge for Medical Dev...
Cognizant
 
Volume 9 A Guidelines On Pharmacovigilance[1]
siddharthchachad
 
Risk Management for Medical Devices - ISO 14971 Overview
Greenlight Guru
 
General principles of Periodic Safety Update Reports(PSUR)Psur by Julia Appel...
László Árvai
 
CE marking and CE certification
meddevicemarking
 
Regulatory requirements for CE CERTIFICATION of Medical Devices in European U...
Pallavi Christeen
 
Medical Device Regulatory Affairs.
Anjali Gupta
 
The 510(k) Process
Michael Swit
 
ISO Standard 13485
Himanshi Arora
 
Ce marking and methods to apply presentation
Rajashekhara Gowda
 
TSE/BSE Evaluation
Sridhar S
 
Ce marking of medical devices
Pallavi Christeen
 
Ad

Viewers also liked (6)

PPTX
Regulation of Economic Operators under the MDR and IVDR
Erik Vollebregt
 
PPTX
Use of left over samples under the IVDR and GDPR
Erik Vollebregt
 
PPTX
Advamed EU MDR and IVDR panel presentation
Erik Vollebregt
 
PDF
Medical device reporting 27 sep2016
Ann-Marie Roche
 
PDF
Europe CE Marking for medical devices under new MDR
EMERGO
 
PDF
New European Medical Device Regulations: Keeping Your Orthopaedic and Spine ...
April Bright
 
Regulation of Economic Operators under the MDR and IVDR
Erik Vollebregt
 
Use of left over samples under the IVDR and GDPR
Erik Vollebregt
 
Advamed EU MDR and IVDR panel presentation
Erik Vollebregt
 
Medical device reporting 27 sep2016
Ann-Marie Roche
 
Europe CE Marking for medical devices under new MDR
EMERGO
 
New European Medical Device Regulations: Keeping Your Orthopaedic and Spine ...
April Bright
 
Ad

Similar to New legal obligations and liability under MDR and IVDR (20)

PPTX
New legal obligations under MDR and IVDR
Erik Vollebregt
 
PPTX
MDR aspects for the sterilisation industry
Erik Vollebregt
 
PPTX
Economic operators and post market surveillance under the proposed EU medicin...
Erik Vollebregt
 
PPTX
Liability insurance requirements under the new EU Medical Devices Regulation ...
Erik Vollebregt
 
PPTX
Q1 Medical Devices Regulation - practical consequences for manufacturers
Erik Vollebregt
 
PPTX
MD project seminar how to manage the maid short version
Erik Vollebregt
 
PPT
Presentation re promotion 8 june 2011(2)
Erik Vollebregt
 
PPTX
Economic operators under the MDR and IVDR
Erik Vollebregt
 
PPTX
The New EU MDR and What You Need to Know
EMMAIntl
 
PPTX
Eu hot topics alliance presentation 2
Erik Vollebregt
 
PPTX
Eu hot topics alliance presentation
Erik Vollebregt
 
PPTX
Eu hot topics alliance presentation 3
Erik Vollebregt
 
PPTX
Q1 MDR and IVDR PRRC presentation
Erik Vollebregt
 
PPTX
Managing New Requirement for Economic Operator Regime
Erik Vollebregt
 
PDF
From Servers to Medical Devices
Plan de Calidad para el SNS
 
PPTX
EU cybersecurity requirements under current and future medical devices regula...
Erik Vollebregt
 
PPTX
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
Erik Vollebregt
 
PPTX
mHealth Israel_EU MedTech and eHealth Regulatory Framework
Levi Shapiro
 
PPTX
Economic operators and the exits
Erik Vollebregt
 
PPTX
ACTIVE IMPLANTABLE MEDICAL DEVICE IN EUROPE
Charmi13
 
New legal obligations under MDR and IVDR
Erik Vollebregt
 
MDR aspects for the sterilisation industry
Erik Vollebregt
 
Economic operators and post market surveillance under the proposed EU medicin...
Erik Vollebregt
 
Liability insurance requirements under the new EU Medical Devices Regulation ...
Erik Vollebregt
 
Q1 Medical Devices Regulation - practical consequences for manufacturers
Erik Vollebregt
 
MD project seminar how to manage the maid short version
Erik Vollebregt
 
Presentation re promotion 8 june 2011(2)
Erik Vollebregt
 
Economic operators under the MDR and IVDR
Erik Vollebregt
 
The New EU MDR and What You Need to Know
EMMAIntl
 
Eu hot topics alliance presentation 2
Erik Vollebregt
 
Eu hot topics alliance presentation
Erik Vollebregt
 
Eu hot topics alliance presentation 3
Erik Vollebregt
 
Q1 MDR and IVDR PRRC presentation
Erik Vollebregt
 
Managing New Requirement for Economic Operator Regime
Erik Vollebregt
 
From Servers to Medical Devices
Plan de Calidad para el SNS
 
EU cybersecurity requirements under current and future medical devices regula...
Erik Vollebregt
 
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
Erik Vollebregt
 
mHealth Israel_EU MedTech and eHealth Regulatory Framework
Levi Shapiro
 
Economic operators and the exits
Erik Vollebregt
 
ACTIVE IMPLANTABLE MEDICAL DEVICE IN EUROPE
Charmi13
 

More from Erik Vollebregt (18)

PPTX
Q1 medical device packaging conference 10 november 2020
Erik Vollebregt
 
PPTX
Easy medical devices podcast self tests ivdr
Erik Vollebregt
 
PPTX
Your legal relationship with your notified body
Erik Vollebregt
 
PPTX
Point of-care, biosensors & mobile diagnostics europe 2019
Erik Vollebregt
 
PPTX
HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?
Erik Vollebregt
 
PPTX
M&A and medical devices presentation
Erik Vollebregt
 
PPTX
MDR and class I medical devices presentation
Erik Vollebregt
 
PPTX
Advamed Med Tech 2019 countdown presentation
Erik Vollebregt
 
PPTX
Legal and regulatory developments in precision medicine and diagnostic devices
Erik Vollebregt
 
PPTX
GDPR and eHealth for the pharma industry (VFenR presentation)
Erik Vollebregt
 
PPTX
VZI jaarcongres: de MDR en IVDR - de impact in de medische techniek
Erik Vollebregt
 
PPTX
NEN symposium on Medical Devices and IVD Regulation
Erik Vollebregt
 
PPTX
Trends in EU regulation of software as medical device
Erik Vollebregt
 
PPTX
Legal issues relating to clinical investigation with medical devices
Erik Vollebregt
 
PPTX
3D medtech printing under EU Medical Devices Directive and under future Medic...
Erik Vollebregt
 
PPTX
Transparency under the new MDR and IVDR
Erik Vollebregt
 
PPTX
Advamed MDR IVDR update
Erik Vollebregt
 
PPTX
Changes in device classification under the EU Medical Devices and In Vitro Di...
Erik Vollebregt
 
Q1 medical device packaging conference 10 november 2020
Erik Vollebregt
 
Easy medical devices podcast self tests ivdr
Erik Vollebregt
 
Your legal relationship with your notified body
Erik Vollebregt
 
Point of-care, biosensors & mobile diagnostics europe 2019
Erik Vollebregt
 
HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?
Erik Vollebregt
 
M&A and medical devices presentation
Erik Vollebregt
 
MDR and class I medical devices presentation
Erik Vollebregt
 
Advamed Med Tech 2019 countdown presentation
Erik Vollebregt
 
Legal and regulatory developments in precision medicine and diagnostic devices
Erik Vollebregt
 
GDPR and eHealth for the pharma industry (VFenR presentation)
Erik Vollebregt
 
VZI jaarcongres: de MDR en IVDR - de impact in de medische techniek
Erik Vollebregt
 
NEN symposium on Medical Devices and IVD Regulation
Erik Vollebregt
 
Trends in EU regulation of software as medical device
Erik Vollebregt
 
Legal issues relating to clinical investigation with medical devices
Erik Vollebregt
 
3D medtech printing under EU Medical Devices Directive and under future Medic...
Erik Vollebregt
 
Transparency under the new MDR and IVDR
Erik Vollebregt
 
Advamed MDR IVDR update
Erik Vollebregt
 
Changes in device classification under the EU Medical Devices and In Vitro Di...
Erik Vollebregt
 

Recently uploaded (20)

PDF
NEET PG 2025 | 200 High-Yield Recall Topics Across All Subjects
Shivankan Kakkar
 
DOCX
NEET PG 2025 | Pharmacology Recall: 20 High-Yield Questions Simplified
Shivankan Kakkar
 
PPTX
Slider: TOC sampling methods for cleaning validation
Markus Janssen
 
PDF
CT Anatomy for Radiotherapy.pdf eryuioooop
DrHabtamu1
 
PPTX
Self-nanoemulsifying Drug Delivery (SNEDDS) Approach To Improve Felodipine So...
Arpan Das
 
PPTX
Blood transfusion in first degree relatives and TA-GVHD pros and cons.pptx
AbrarKabir3
 
PPTX
Thyroid Applied Anatomy, Pysiology, Development with MCQs.pptx
PradeepPande8
 
PDF
Histology of Nose & paranasal sinuses - Dr Muhammad Ali Rabbani
MedicoseAcademics
 
PPTX
LARYNX CANCER 5.pptx,presentation,signs and symptoms
Latha Sukumar Dasi
 
PPTX
Patholysiology of MAFLD/MASLD and Role of GLP 1 agonist in obesity and cardio...
Dr. Atanu Sarkar
 
PPTX
Pharmacology is the scientific study of how drugs and other chemical substanc...
tarun35435605
 
PPT
Off-the-Shelf and on the Mark in NHL: Strategic Approaches With Bispecific An...
PVI, PeerView Institute for Medical Education
 
PPTX
ABO Blood grouping serological practices against the standard and challenges ...
AbrarKabir3
 
PPTX
INFLAMMATION
Soumyadip Datta
 
PDF
Solution of Psycho ED: Best Sexologist in Patna, Bihar India Dr. Sunil Dubey
Sexologist Dr. Sunil Dubey - Dubey Clinic
 
PDF
july 2025 DERMATOLOGY diseases atlas with hyperlink.pdf
Hany salah Soliman
 
PPT
lecture on testicular tumour urology.ppt
mahadihabibu983
 
PPTX
1.2) Congestive Cardiac Failure.pptx Cardiovascular disease
Dr. Sarita Sharma
 
PPT
CHAPTER FIVE. '' Association in epidemiological studies and potential errors
Abdihakim Guray
 
PPTX
Nirsevimab in India - Single-Dose Monoclonal Antibody to Combat RSV .pptx
Gaurav Gupta
 
NEET PG 2025 | 200 High-Yield Recall Topics Across All Subjects
Shivankan Kakkar
 
NEET PG 2025 | Pharmacology Recall: 20 High-Yield Questions Simplified
Shivankan Kakkar
 
Slider: TOC sampling methods for cleaning validation
Markus Janssen
 
CT Anatomy for Radiotherapy.pdf eryuioooop
DrHabtamu1
 
Self-nanoemulsifying Drug Delivery (SNEDDS) Approach To Improve Felodipine So...
Arpan Das
 
Blood transfusion in first degree relatives and TA-GVHD pros and cons.pptx
AbrarKabir3
 
Thyroid Applied Anatomy, Pysiology, Development with MCQs.pptx
PradeepPande8
 
Histology of Nose & paranasal sinuses - Dr Muhammad Ali Rabbani
MedicoseAcademics
 
LARYNX CANCER 5.pptx,presentation,signs and symptoms
Latha Sukumar Dasi
 
Patholysiology of MAFLD/MASLD and Role of GLP 1 agonist in obesity and cardio...
Dr. Atanu Sarkar
 
Pharmacology is the scientific study of how drugs and other chemical substanc...
tarun35435605
 
Off-the-Shelf and on the Mark in NHL: Strategic Approaches With Bispecific An...
PVI, PeerView Institute for Medical Education
 
ABO Blood grouping serological practices against the standard and challenges ...
AbrarKabir3
 
INFLAMMATION
Soumyadip Datta
 
Solution of Psycho ED: Best Sexologist in Patna, Bihar India Dr. Sunil Dubey
Sexologist Dr. Sunil Dubey - Dubey Clinic
 
july 2025 DERMATOLOGY diseases atlas with hyperlink.pdf
Hany salah Soliman
 
lecture on testicular tumour urology.ppt
mahadihabibu983
 
1.2) Congestive Cardiac Failure.pptx Cardiovascular disease
Dr. Sarita Sharma
 
CHAPTER FIVE. '' Association in epidemiological studies and potential errors
Abdihakim Guray
 
Nirsevimab in India - Single-Dose Monoclonal Antibody to Combat RSV .pptx
Gaurav Gupta
 

New legal obligations and liability under MDR and IVDR

  • 1. NEW LEGAL OBLIGATIONS UNDER MDR AND IVDR Medtech Summit, Amsterdam 19 June 2017 Erik Vollebregt www.axonadvocaten.nl
  • 2. Agenda • Some of the “legal” stuff / obligations in the MDR/IVDR: • New claims article • Authorised representative • Supply chain: obligations of the others • Responsible person • Liability and NCA facilitating liability claims • Third parties: repacking/relabelling, parts & components • National implementation of MDR/IVDR • General Data Protection Regulation and its interface with Annex I chapter 17 MDR / 16 IVDR • Where does this fit into your overall transition plan?
  • 4. Are you on your way with your transition plan, or are you still in denial?
  • 5. Claims Article 7 MDR / IVDR In the labelling, instructions for use, making available, putting into service and advertising of devices, it is prohibited to use text, names, trademarks, pictures and figurative or other signs that may mislead the user or the patient with regard to the device’s intended purpose, safety and performance by: (a) ascribing functions and properties to the product which the product does not have; (b) creating a false impression regarding treatment or diagnosis, functions or properties which the product does not have; (c) failing to inform of a likely risk associated with the use of the product in line with its intended purpose; (d) suggesting uses of the product other than those declared in the intended purpose when the conformity assessment was carried out.
  • 6. Claims Provisions apply not only to advertising but also to other materials and actions involving intended use: • labelling, • instructions for use, • making available, • putting into service, and • advertising Similar system as under Unfair B2C Commercial Practices Directive – look at concept of ‘commercial practice’ (“any act, omission, course of conduct or representation, commercial communication including advertising and marketing, by a trader, directly connected with the promotion, sale or supply of a product”)
  • 7. Claims • What does “prohibited” mean? • NCAs can enforce (fines and retraction / rectification) • Notified Body can write you up for a major non-conformity (e.g. if the claim is made in the IFU or label) • Under EU advertising law it means that competitors have a direct action in court in the member states • Will need to see how this affects current wide differences between member states with regard to private enforcement of claims regarding medical devices
  • 8. Claims What does it mean for the manufacturer? • A lot easier for competitors to challenge claims in more places • Need for careful vetting of supporting evidence in accuracy over time • • “failing to inform of a likely risk associated with the use of the product in line with its intended purpose” is relevant for product liability as well (Art. 6 (1) Directive 85/374 defines a defect product as: ”when it does not provide the safety which a person is entitled to expect, taking all circumstances into account, including: (a) the presentation of the product; (b) the use to which it could reasonably be expected that the product would be put;” • Tricky off-label use provision (“suggesting uses of the product other than those declared in the intended purpose”) – normally active suggestions / soliciting of off-label use is not allowed; how should we read “suggesting” in this context?
  • 9. Authorised representative • Big changes for authorised representatives, both ‘in-house’ and external • Implementation of AR MEDDEV • Prescriptive rules for AR mandate and contract – like notified bodies ARs are recruited into market surveillance • AR must provide information, cooperate in investigation and verify that appropriate conformity assessment procedure has been carried out by the manufacturer • AR must have person responsible for regulatory compliance • Problematic: • terminate the mandate if the manufacturer acts contrary to his obligations • In case of termination, notify CA and Notified Body of termination and reasons for termination
  • 10. Authorised representative The modalities of a change of authorised representative shall be clearly defined in an agreement between the manufacturer, where practicable the outgoing authorised representative and the incoming authorised representative (art. 12 MDR / IVDR) This agreement shall address at least the following aspects: (a) the date of termination and date of beginning of the mandates; (b) the date until which the outgoing authorised representative may be indicated in the information supplied by the manufacturer, including any promotional material; (c) the transfer of documents, including confidentiality aspects and property rights; (d) the obligation of the outgoing authorised representative after the end of the mandate to forward to the manufacturer or incoming authorised representative any complaints or reports that may be incident related
  • 11. Supply chain obligations • Each link in the supply chain gets the responsibility to check compliance of the previous one • Review autonomous general obligations of importers and distributors (articles 13-14 MDR / IVDR), e.g. • verify compliance of the device, • inform competent authority of non-compliance of the device • implement corrective action • amend contracts accordingly
  • 12. Supply chain controls Manufacturer Importer Distributor End User Post market surveillance and vigilance Regulatory compliance of device Verify compliance Verify compliance Supplier Unannounced NB inspections
  • 13. Responsible person • Looks like a pharma QP but isn’t • Manufacturers shall have available within their organisation at least one person responsible for regulatory compliance who possesses the requisite expertise in the field of medical devices • May be more; role(s) may be split over persons • Qualifications necessary in MDR / IVDR • Can you outsource the role? • Unsure what “available within their organisation” means but SMEs and ARs are not required to have the person responsible for regulatory compliance within their organisation but shall have such person permanently and continuously at their disposal. • Suggests that SMEs and ARs can outsource but bigger companies / non-ARs cannot
  • 14. Liability and NCA facilitating liability claims - manufacturer Article 10 (16) MDR / IVDR : “Natural or legal persons may claim compensation for damage caused by a defective device in accordance with applicable Union and national law. Manufacturers shall, in a manner that is proportionate to the risk class, type of device and the size of the enterprise, have measures in place to provide sufficient financial coverage in respect of their potential liability under Directive 85/374/EEC, without prejudice to more protective measures under national law.” • “Sufficient financial coverage proportionate to risk class, type and size of enterprise” • How to interpret this reliably and predictably? How is size of the enterprise relevant for example (PIP was a small company)? • “Without prejudice to more protective measures under national law” • What can those be? They cannot provide for anything that detracts from the useful effect of Directive 85/374
  • 15. Liability and NCA facilitating liability claims - AR Article 11 (5) MDR / IVDR: “[…] where the manufacturer is not established in any Member State, and has not complied with the obligations laid down in Article 10 MDR/IVDR, the authorised representative shall be legally liable for defective devices on the same basis as, jointly and severally with, the manufacturer. • Also in case the manufacturer misled the AR (think PIP)? • “has not complied” – where and by whom is this determined? • This will lead to a situation in which ARs will be even more trigger happy to terminate agreements and manufacturers will have difficulties engaging a new one • AR agreements will be more and more sources of dispute • AR costs base will change completely
  • 16. NCA facilitating liability claims Article 10 (14) last para MDR / IVDR: “If a competent authority considers or has reason to believe that a device has caused damage, it shall, upon request, facilitate the provision, of the information and documentation referred to in the first sub-paragraph to the potentially injured patient or user and, as appropriate, the patient's or user's successor in title, the patient's or user's health insurance company or other third parties affected by the damage caused to the patient or user, without prejudice to the data protection rules and, unless there is an overriding public interest in disclosure, without prejudice to the protection of intellectual property rights. The competent authority need not comply with this obligation where disclosure of the information referred to in the first subparagraph is ordinarily dealt with in the context of legal proceedings.”
  • 17. NCA facilitating liability claims Some practical comments: • “potentially injured” – what does that mean? • ”caused damage” – not defect? broader than by a defective device? • What information? “all the information and documentation necessary to demonstrate the conformity of the device”, information regarding vigilance and corrective action – non-conforming is not necessarily defective in the meaning of Directive 85/374 • To whom? Basically everyone ‘affected by the damage caused to the patient or user’ – that’s a broad class of persons and entities (this could have been used in the Guidant pacemaker and ICD case (C-503/13) for example) • Except if • Data protection, except if public interest in disclosure (balance of interests) – unpredictable and easily influenced, and what is the public interest in a private liability claim? • Intellectual property – what does an NCA know about this? • Disclosure of the information is ordinarily dealt with in the context of legal proceedings – it basically always is in liability suits
  • 18. Liability and NCA facilitating liability claims What does all of this mean for the market? • Costs – insurance companies will be the laughing third party here • More protection of patients? No, they could always sue for damage resulting from defective devices and the NCAs’ facilitation will invoke evasive manoeuvres all over the place, because the NCA would likely see the information that the claimant receives • Does it solve PIP type issues with manufacturer going bankrupt? No, because insurance policies expire typically when a company goes bankrupt.
  • 19. Third parties: parts & components Article 23 MDR / 20 IVDR: “1. Any natural or legal person who makes available on the market an article intended specifically to replace an identical or similar integral part or component of a device that is defective or worn in order to maintain or re-establish the function of the device without changing its performance or safety characteristics or its intended purpose, shall ensure that the article does not adversely affect the safety and performance of the device. Supporting evidence shall be kept available to the competent authorities of the Member States. 2. An article that is intended specifically to replace a part or component of a device and that significantly changes the performance or safety characteristics or the intended purpose of the device shall be considered as a device and shall meet the requirements laid down in this Regulation.
  • 20. Third parties: parts & components • Non-OEM replacement parts and components must have supporting evidence that they do not adversely affect the safety and performance of the device • Standard of supporting evidence? Criterion presumes a validation • Is OEM obliged to cooperate in validation? • Non-OEM enhancement parts are devices • How will that work in practice? – accessory type evaluation? • Is manufacturer obliged to development of supporting evidence for competing non-OEM parts/components? • Printer cartridge competition law cases
  • 21. Third parties: repacking & relabelling • Basically pharma repacking case law written down for devices • Strangely enough stricter regime than outcome of the EU Court Servoprax case (C-277/15) • Article 17 (2) MDR / 16 (2) IVDR: • Translation of IFU and other information and repacking do not make someone a manufacturer • Indicated person responsible for activity on the pack or accompanying document • Have notified body blessed QMS and vigilance for activity • Reporting and mock-up to manufacturer and NCA for each time repacked / relabelled device is made available
  • 22. National implementation of MDR/IVDR • Many legal obligations will follow from national implementation of MDR • E.g. national choices on fines and costs of surveillance • Reprocessing allowed or not? • Outsourced reprocessing allowed or not? • Types of devices for hospital production? • Require custom made devices manufacturers to submit lists of devices made available • Require HCPs and institutions to store UDI of implants • Implementation of clinical trial provisions (e.g. require EU representative appointment or not) • Etc.
  • 23. General Data Protection Regulation and its interface with Annex I chapter 17 MDR / 16 IVDR • Annex I chapter 17 MDR / 16 IVDR contains security rules in relation to software (both embedded and stand alone) • “17.2 / 16.2 For devices that incorporate software or for software that are devices in themselves, the software shall be developed and manufactured according to the state of the art taking into account the principles of development life cycle, risk management, including information security, verification and validation.” • GDPR requires compliance by design and default for any device processing personal data • If a device processes personal data (concerning health), it will have to conform to design principles under two different regulations
  • 24. Concurrent privacy by design requirements under GDPR • General Data Protection Regulation has already entered into force, transitional period ending 25 May 2018 • Will apply to any device that processes personal data, both on hardware and software level – possible overlaps with MDR • Requires privacy by • Design • Default • Requires cybersecurity measures, but so does the MDR • GSPRs 17.1, 17.2 and 17.4
  • 25. GDRP security thinking Recital 81: “the controller should use only processors providing sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organisational measures which will meet the requirements of this Regulation, including for the security of processing. ”
  • 26. GDPR security thinking • Under the MDR / IVDR costs of implementation are irrelevant for risk reduction (AFAP principle in GSPR 2)
  • 28. Security design requirements (art. 32) Controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymisation and encryption of personal data (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Take account of risks that are presented by processing, e.g. accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
  • 29. Overlap of risks and different approaches MDR / IVDR • Security by design aimed to safeguard safety and performance (Safety, Reliability and Availability (SRA) for cyber physical systems) GDPR • Security by design and default aimed at data integrity (Confidentiality– Integrity–Availability (CIA) for corporate processes) Map security risks under GDPR that are also (partially) safety and performance risks under MDR / IVDR • Those risks are subject to AFAP reduction by means of design insofar as they concern the device (GSPR 2 and EN ISO 14971:2012 ZABC annexes)
  • 30. Overlap of risks and different approaches - nice model GDPR orientation MDR / IVDR orientation
  • 35. www.axonlawyers.com THANKS FOR YOUR ATTENTION Erik Vollebregt Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam T +31 88 650 6500 M +31 6 47 180 683 E [email protected] @meddevlegal B http://medicaldeviceslegal.com READ MY BLOG: http://medicaldeviceslegal.com