Medical Device Assessment and Approval Methods – A Study

Objective: This study compares regulatory assessment and approval methods for medical devices and IVDs in the US (FDA), EU (MDR/IVDR), and India (MDR 2017), focusing on global recognition and trust.

Table of Contents

Key Observations & Points for Consideration EU MDR & IVDR Assessment Techniques US FDA Medical Device Assessment Techniques India’s Medical Device Regulatory Model Summary Comparison Conclusion

Briefing Note for Regulatory Review

Purpose of the Study:

This study compares the regulatory assessment and approval methods of medical devices and IVDs in the United States (FDA), European Union (EU MDR/IVDR), and India (Medical Device Rules, 2017). The aim is to understand the disparity in global recognition and acceptance, and to examine why US and EU approvals continue to be preferred benchmarks for manufacturers, healthcare providers, and importers—even within India.

Key Observations and Points for Consideration

1. Global Trust and Recognition of Regulatory Systems

• The US FDA and EU MDR/IVDR systems are considered gold standards globally due to their rigorous, transparent, and science-based assessments.
• FDA 510(k), De Novo, PMA, and the EU’s CE marking process are internationally recognized and often accepted or fast-tracked in other jurisdictions, including the Middle East, Southeast Asia, and Latin America.
• Conversely, India’s CDSCO approvals are not yet globally recognized or considered sufficient as a standalone assurance of safety and performance outside the country.

2. History and Maturity of the Systems

• The US FDA has regulated medical devices since 1976, and the European regulatory framework began evolving formally in the 1990s, reaching new maturity with MDR/IVDR implementation (2021 onwards).
• India began formally regulating devices under the Medical Device Rules (2017), but comprehensive coverage and risk-based classification only became structured recently.
• The comparatively recent implementation of medical device regulations in India results in limited historical performance data and variable enforcement.

3. Scientific Rigor and Data Requirements

• The FDA and EU require clinical evidence, design dossiers, quality system audits (QMS), risk management, usability engineering, and post-market surveillance.
• In India, while many of these elements are now being adopted, the depth of technical review (especially for Class B devices and below) can still be limited to document verification and less on active technical evaluation.
• Clinical performance studies or equivalence pathways in India are not yet harmonized with international standards like ISO 14155, which are routine under FDA/CE evaluations.

4. Role of Notified Bodies and External Expertise

• The EU MDR/IVDR relies on Notified Bodies (NBs) that conduct independent assessments with technical and clinical experts.
• The FDA employs multidisciplinary teams for product-specific evaluations.
• In India, the absence of third-party technical reviewers or NBs often leads to an overburdened centralized regulator, affecting the depth of review and timelines.

5. Transparency, Public Databases, and Stakeholder Trust

• FDA maintains open databases (e.g., MAUDE, 510(k) clearance, PMA approvals, recalls, etc.) which are extensively used by industry and clinicians for benchmarking and safety monitoring.
• The EU has EUDAMED (in stages of public rollout) for similar traceability and vigilance.
• In India, limited access to approval decisions, PMS data, or adverse event reports reduces the ability of stakeholders to verify or trust regulatory outcomes at par with international benchmarks.

This comparative study is not intended to criticize but to highlight opportunities for Indian regulators to further strengthen credibility, consistency, and technical rigor in medical device and IVD regulation.

There is a growing need to build international confidence in India’s approval systems through:

• Transparent technical reviews.
• Stronger post-market surveillance.
• Active engagement with international harmonization programs.
• Potential introduction of third-party evaluators or technical panels.
• Public databases of device approvals and adverse events.

Strengthening these areas will not only reduce over-reliance on US/EU certifications but also establish India as a trusted regulatory hub, especially for Asia-Pacific and developing markets.

EU MDR & IVDR Assessment Techniques – A Product-Centric, Transparent, and Structured Approach

The European Union's Medical Device Regulation (EU MDR - Regulation (EU) 2017/745) and In Vitro Diagnostic Regulation (EU IVDR - Regulation (EU) 2017/746) represent a modernized and strengthened regulatory framework with a product assessment-driven methodology.

Key Features of EU MDR & IVDR Assessment Framework:

1. Single, Streamlined Route for Approval

• Unlike fragmented or document-based systems, EU MDR and IVDR follow a clear, unified route of conformity assessment based on the risk classification of the device.
• Manufacturers must demonstrate compliance with General Safety and Performance Requirements (GSPRs) through Technical Documentation, Clinical Evaluation (MDR) or Performance Evaluation (IVDR), and QMS conformity.
• Assessment is carried out by designated Notified Bodies (NBs) for all but the lowest-risk categories.

2. Focus on Individual Product Assessment

• The system is built around product-specific reviews, with significant emphasis on:
• Design Dossier/Technical File Review
• Device-specific Clinical Data/Performance Evidence
• Post-Market Clinical Follow-up (PMCF) or Post-Market Performance Follow-up (PMPF)
• For Class IIb and III devices (MDR) and Class C and D IVDs (IVDR), assessment is deeply granular, ensuring that each product’s design, labeling, indications, and claims are fully evaluated before CE Marking.

3. Defined Review Cycles and Re-certification Frequency

• EU MDR/IVDR introduces fixed re-certification cycles (5 years) with annual surveillance audits.
• Regular technical file updates, clinical/performance monitoring, and Periodic Safety Update Reports (PSURs) are mandatory.
• This periodic scrutiny helps maintain continuous compliance and ensures ongoing device safety and performance in the market.

4. Integration with Unique Device Identification (UDI)

• Every device must be assigned a UDI—comprising a Device Identifier (DI) and Production Identifier (PI)—to enable precise tracking, recall, and market surveillance.
• UDI allows seamless traceability from the manufacturer to the patient level and is also linked to packaging levels, including reusable and implantable devices.

5. Centralized Transparency via EUDAMED

• The EUDAMED database serves as a publicly accessible, centralized platform providing information on:
• Device registrations and certificates
• Notified Bodies and their scopes
• Clinical investigation data
• Vigilance reports
• Economic operators and authorized representatives
• EUDAMED significantly enhances trust and traceability for all stakeholders: patients, healthcare providers, regulators, and market players.

6. Strengthened Role of Notified Bodies (NBs)

• Notified Bodies are now subject to designation and oversight by EU authorities, and must demonstrate high levels of technical and clinical competence.
• Assessments are device-specific, not just system-based, and NBs are accountable for conducting robust reviews, including:
• Unannounced audits
• Sampling of devices
• On-site inspections and technical interviews

US FDA Medical Device Assessment Techniques – A Control-Based, Product/Item-Centric, and Specific Model

The US Food and Drug Administration (FDA) employs a control-based and product-specific regulatory framework for medical devices and IVDs, focusing on individual device types through assigned Product Codes. This system ensures that each device is assessed with precise and tailored regulatory expectations—beyond just broad risk categories.

Key Features of the US FDA Assessment Framework:

1. Product/Item-Centric Regulation via Product Codes

• Every device type is assigned a unique Product Code that determines:
• Applicable regulatory pathway (510(k), PMA, De Novo, etc.)
• Required performance testing, labeling controls, special controls, and clinical data
• Related device guidance documents, consensus standards, and recognized risk mitigations
• This system enables granular oversight, where even two Class II devices can have entirely different approval requirements based on their intended use and technological characteristics.

2. Control-Based Oversight, Not Just Risk Classification

• The FDA’s model is heavily control-driven, where regulatory requirements are defined per device type—not just by Class I, II, or III.
• Devices are governed by a combination of:
• General Controls (e.g., establishment registration, labeling, QSR compliance)
• Special Controls (device-specific testing, standards, postmarket controls)
• Premarket Approval Controls (scientific evidence, clinical trials)
• Specific manufacturing and quality expectations are enforced per product category, with device-specific validations, process controls, and inspection protocols.

3. Total Product Life Cycle (TPLC) Approach

• FDA emphasizes a Total Product Life Cycle (TPLC) model—managing device safety and effectiveness from concept to post-market.
• TPLC covers:
• Pre-market review (design, testing, labeling, clinical evaluation)
• Market authorization (510(k), PMA, De Novo)
• Post-market monitoring (MDR, recalls, corrections, CAPAs)
• Real-world evidence integration (RWE, device tracking, UDI)
• The TPLC database consolidates information on recalls, adverse events, inspections, and approvals for each Product Code and manufacturer, enhancing regulatory learning and vigilance.

4. Transparency and Public Access to Device-Level Information

• FDA maintains device-specific, open-access databases, including:
• 510(k), PMA, De Novo listings
• MAUDE (adverse event reports)
• TPLC database (safety + compliance history)
• UDI/GUDID database for supply chain traceability
• This enables public and professional confidence, supporting global alignment and benchmarking.

5. UDI-Based Traceability & GUDID System

• FDA mandates Unique Device Identification (UDI) for nearly all marketed devices.
• The UDI is linked to the GUDID database, providing:
• Product attributes
• Packaging levels
• Model/version history
• Issuance of recalls or corrections
• This system enhances traceability across hospitals, supply chains, and patient records.

6. Technical Review by Domain Experts

• FDA reviewers from the Center for Devices and Radiological Health (CDRH) conduct reviews with a science-first mindset, involving:
• Pre-submission meetings (Q-Sub)
• Interactive reviews and deficiency responses
• Clinical and non-clinical specialists
• The agency’s technical depth helps ensure that each product is suitable for its intended use, backed by real-world performance expectations.

🇮🇳 India – A License-Centric, Compliance-Oriented, and Manufacturer-Based Regulatory Model

India’s regulatory system for medical devices, as laid out in the Medical Device Rules (MDR) 2017 under the Drugs and Cosmetics Act, 1940, has made substantial progress in creating a formal structure for medical device oversight. However, the current framework primarily focuses on granting licenses for manufacturing, import, or sale of medical devices, rather than a product-centric, technical approval model.

🔍 Key Characteristics of India’s Medical Device Assessment Model:

1. License-Oriented Regulatory Control

• The MDR 2017 defines the process for issuing licenses to manufacturers and importers.
• The approval is typically for the organization and its facility, not a rigorous technical evaluation of each product.
• The license is granted based on submission of:
• Device Master File (DMF)
• Plant Master File (PMF)
• Quality management certifications (e.g., ISO 13485)
• Basic performance data or equivalent foreign approvals

2. No Product-Specific Technical Review or Public Evaluation

• Unlike FDA (with Product Codes) or EU MDR (with Common Specifications), India does not have defined, category-wise assessment pathways or performance benchmarks for most devices.
• Devices are not subject to systematic product-level clinical evaluation, lab testing, or risk-specific scrutiny as part of the approval process (except under BIS schemes, where applicable).

3. Absence of a Centralized Product Approval System

• India’s MDR framework is not a product approval mechanism in the regulatory sense.
• Product approval, where applicable, is typically done under the Bureau of Indian Standards (BIS)—especially for devices notified under mandatory certification (e.g., thermometers, blood pressure monitors).
• However, BIS certification applies to only a limited list of medical devices, and is focused on conformance to Indian Standards (IS) rather than regulatory lifecycle monitoring.

4. Limited Product Traceability and No UDI Enforcement

• There is no publicly accessible database (like EUDAMED or GUDID) that provides traceability or approval details of each registered medical device.
• Though Unique Device Identification (UDI) has been proposed, it has not yet been mandated or fully integrated into the regulatory system.
• This restricts the ability of users and authorities to track performance, usage, or recall data for specific models or batches.

5. Post-Market Surveillance (PMS) Still in Early Development

• India’s post-market vigilance requirements exist but are limited in scope and poorly enforced.
• There is no Total Product Life Cycle (TPLC) model, and complaint handling/reporting is largely decentralized.
• Manufacturers are not subjected to routine post-market technical reassessments or periodic reviews as seen in EU MDR.

6. Fragmented Oversight: CDSCO for Licensing, BIS for Product Approval

• The CDSCO oversees the regulatory licensing process, while the BIS is responsible for product-level conformance assessment (for a small list of notified devices).
• This dual structure means that India lacks a unified, single-window regulatory system that assesses both organizational capability and technical product performance under one framework.

🔄 Summary Comparison of Indian Model:

Feature	India (MDR 2017)
Regulatory Focus	License to manufacture/import/sell
Product Approval Body	BIS (only for specific notified items)
Product-Specific Assessment	❌ Largely absent (no structured model)
Public Device Database	❌ Not available
UDI System	❌ Not implemented/enforced
Post-Market Vigilance	⚠️ Exists but weakly integrated
Risk-Based Review	✅ Basic classification used, but not deep
Lifecycle Monitoring	❌ No TPLC or defined reassessment intervals

📌 Conclusion:

India’s current medical device regulatory model

India’s current medical device regulatory model is compliance- and license-centric, with an emphasis on manufacturer accountability and basic conformity. However, it lacks:

• A central product approval mechanism
• Risk-specific, product-centric evaluation models
• Public transparency systems like EUDAMED, GUDID, or TPLC

This structural gap makes Indian regulatory approvals less favorable or reference-worthy in international markets or institutional procurement when compared to US FDA or EU MDR/IVDR systems.