The European Union has been a leader in recent years when it comes to regulatory reform intended to protect individuals’ privacy, safety, and health. As Europe leads the way, regulators in the United States often follow suit on the federal or state level. The EU’s passage of the General Data Protection Regulation (GDPR), intended to protect personal data, is a prime example. Several years after GDPR enactment, California adopted a privacy rights statute of its own, the California Consumer Privacy Act (CCPA). Other states have since passed comprehensive consumer privacy laws, with similar proposals under consideration in many state legislatures. This progression should serve as a reminder for those in the United States to keep a watchful eye on European regulatory activity as a potential harbinger of things to come in the U.S.
Medical device researchers, designers, and manufacturers may want to pay close attention in particular to new EU legislation concerning medical devices and in-vitro diagnostic devices. Originally passed in May 2017, Regulation 2017/745 on Medical Devices (MDR) became effective in May 2021 and Regulation 2017/746 on In-Vitro Diagnostic Devices (IVDR) becomes effective in May 2022. Both regulations are intended to enhance public health and ensure access to safe and effective medical devices.
The regulations achieve health and safety improvements in a variety of ways. The MDR and IVDR aim to provide more clarity regarding what data must be collected during clinical studies and how they must be submitted to regulatory bodies. Likewise, the MDR and IVDR place special focus on “high risk” devices, which will now be subject to additional scrutiny by an independent regulatory panel. The regulations also aim to increase transparency by making much of the newly required information available to the public. Further, the MDR and IVDR require manufacturers to take an active role in post-market surveillance of their products, including a heightened vigilance requirement to monitor, assess, and report adverse events.
While substantial overlap exists between the two regulations, only IVDR includes specific changes for in-vitro devices (IVDs). Under the current regime, a medical device is self-declared to be an IVD by the developer or manufacturer. Under IVDR, regulatory bodies will now determine whether a medical device meets the parameters of an IVD, and whether the IVD presents a low or high risk. That risk classification may subject the device to heightened regulatory requirements and scrutiny from regulatory bodies.
Similar regulations for medical devices have not yet been proposed in the United States, but they may not be far away. Earlier this year, the U.S. Food and Drug Association (FDA) took steps to increase cybersecurity for medical devices and to prepare for the increased use of artificial intelligence and machine learning-based medical software. It would not be a stretch for the FDA to follow up with requests for more robust data in the vein of MDR and IVDR.
Medical device researchers, developers, and manufacturers in the United States may want to lay the groundwork for compliance with MDR and IVDR, to the extent they have not already done so, to prepare for expansion into the EU market and in anticipation of potential future regulatory action from the FDA.