Summary

A List of Regulatory Requirements is a structured document that identifies and tracks all applicable regulations, standards, and guidance documents that apply to your medical device. It serves as the foundation for regulatory compliance by ensuring you understand and address every legal obligation relevant to your product. This living document must be regularly updated to reflect changes in regulatory landscapes and supports systematic compliance verification throughout your quality management system.

Why is a List of Regulatory Requirements important?

The List of Regulatory Requirements exists because medical device regulations are complex, constantly evolving, and vary by jurisdiction. You cannot achieve compliance without first understanding exactly which requirements apply to your specific device and intended markets. This document prevents regulatory gaps that could delay market access or result in enforcement actions. For medical device manufacturers, this list is essential because it drives all other compliance activities throughout your product lifecycle. It informs your quality management system design, clinical evaluation strategy, technical documentation requirements, and post-market obligations. The list also demonstrates due diligence to regulatory authorities by showing you’ve systematically identified applicable requirements rather than making assumptions. Without a comprehensive regulatory requirements list, you risk missing critical obligations, facing regulatory delays, or discovering compliance gaps during inspections that could have been prevented through proper planning.

Regulatory Context

Under 21 CFR Part 820 (Quality System Regulation):
  • Quality planning must address applicable regulatory requirements (Section 820.20)
  • Design controls must ensure compliance with applicable standards (Section 820.30)
  • Must maintain current awareness of regulatory changes affecting your devices
  • Documentation must demonstrate systematic compliance with all applicable requirements
Special attention required for:
  • FDA guidance documents - while not legally binding, they represent FDA’s current thinking
  • Consensus standards referenced in FDA guidance (e.g., ISO 14971, IEC 62304)
  • State-specific requirements that may apply in addition to federal regulations
  • International standards that may be required for global market access

Guide

Your List of Regulatory Requirements must systematically capture every regulatory obligation that applies to your medical device across all intended markets. This comprehensive approach ensures no compliance gaps and supports systematic verification of regulatory adherence. The regulations section identifies the primary legal frameworks that govern your medical device. You must list each applicable regulation with its full title and reference number, specify whether your coverage is full, partial, or none, provide a clear description of what the regulation covers, and document the last review date to ensure currency. For medical devices, core regulations typically include the EU MDR 2017/745 for European markets, FDA 21 CFR Part 820 for US markets, and jurisdiction-specific laws like the German Medical Devices Law (MPDG) for national requirements. You must also consider data protection regulations like GDPR if your device processes personal data, and cybersecurity frameworks if your device has network connectivity. Your coverage assessment should be realistic - many regulations apply partially to specific device types or use cases. Document exactly which sections apply to avoid unnecessary compliance burden while ensuring you don’t miss applicable requirements.

2. Standards and Technical Requirements

Standards provide the technical specifications and methodologies for demonstrating regulatory compliance. Your list must include quality management standards (ISO 13485), risk management standards (ISO 14971), software lifecycle standards (IEC 62304), usability engineering standards (ISO 62366), and clinical evaluation standards (ISO 14155) as applicable to your device type. For each standard, document the specific version and amendments you’re implementing, as regulatory authorities often reference specific versions. Include the publication date and last review date to ensure you’re working with current versions. Note any transition periods for new standard versions that may affect your compliance timeline.

3. Guidance Documents and Interpretive Materials

The guidance documents section captures non-binding but influential regulatory guidance that clarifies how authorities interpret legal requirements. These documents often provide practical implementation advice and represent current regulatory thinking on complex topics. Key guidance documents include MDCG guidance for EU MDR implementation, FDA guidance documents for specific device types or regulatory pathways, ISO technical reports that supplement standards, and industry consensus documents that provide best practices. While not legally binding, following recognized guidance documents demonstrates good regulatory practice and reduces inspection risk.

4. Maintenance and Review Process

Your regulatory requirements list must be a living document that reflects the current regulatory landscape. Establish a regular review cycle (typically annually or semi-annually) to identify new requirements, updated standards, or changed guidance documents. Assign responsibility for monitoring regulatory changes and updating the list accordingly. Document the last review date for each requirement to demonstrate currency and establish review triggers such as new product releases, market expansion, or significant regulatory announcements. This systematic approach ensures your compliance activities remain aligned with current requirements.

Example

Scenario: You’re developing a software-based medical device for both EU and US markets. Your list includes EU MDR, FDA QSR, GDPR for data protection, ISO 13485 for quality management, IEC 62304 for software lifecycle, and relevant MDCG and FDA guidance documents. You review the list quarterly and update it whenever you receive regulatory alerts or plan market expansion.

Complete List of Regulatory Requirements Document

List of Regulatory Requirements ID: LRR-2024-001

1. Purpose

The purpose of this document is to provide a structured list of applicable regulations, ensuring that all necessary compliance obligations are met. By maintaining an up-to-date record of standards and legal requirements, this document helps facilitate regulatory adherence and supports the ongoing quality and safety of the medical device.

2. Scope

This document applies to all medical devices managed by the organization.

3. Regulations

RegulationCoverage (Full / Partial / None)DescriptionLast Review
EU Medical Device Regulations 2017/745FullRegulations required for CE marking of medical devices in the EU.2024-03-15
(GDPR) General Data Protection RegulationFullRegulates the protection of natural persons with regard to the processing of personal data.2024-03-15
(MPDG) German Medical Devices LawFullLaw providing additional medical device requirements to medical products listed in Germany.2024-03-15
FDA 21 CFR Part 820FullQuality System Regulation for medical devices marketed in the United States.2024-03-15
FDA 21 CFR Part 814PartialPremarket approval requirements for Class III devices (applicable if pursuing PMA pathway).2024-03-15
FDA 21 CFR Part 807PartialEstablishment registration and device listing requirements for US market.2024-03-15
ISO 13485:2016 + AC:2018 + A11:2021FullQuality management systems for medical devices.2024-03-15
ISO 14971:2019FullApplication of risk management to medical devices.2024-03-15
IEC 62304:2006FullMedical device software lifecycle processes.2024-03-15
ISO 62366-1:2015 + A1:2021FullMedical devices - Application of usability engineering to medical devices.2024-03-15
ISO 14155:2020PartialClinical investigation of medical devices for human subjects (if clinical studies required).2024-03-15
ISO 15223-1:2016FullMedical devices - Symbols to be used with medical device labels, labelling and information to be supplied.2024-03-15
ISO/TR 24971:2020FullMedical devices - Guidance on the application of ISO 14971.2024-03-15
ISO 20417:2021FullMedical devices - Information to be provided by the manufacturer.2024-03-15

4. Guidance Documents

RegulationCoverage (Full / Partial / None)DescriptionLast Review
MDCG 2020-1FullGuidance on clinical evaluation (MDR) / Performance evaluation (IVDR) of medical device software2024-03-15
MDCG 2020-5FullGuidance on Clinical Evaluation – Equivalence2024-03-15
MDCG 2019-11FullGuidance on Qualification and Classification of Software2024-03-15
MDCG 2019-16 rev.1FullGuidance on cybersecurity for medical devices2024-03-15
MDCG 2020-7FullGuidance on PMCF plan template2024-03-15
MDCG 2020-8FullGuidance on significant changes to the intended purpose2024-03-15
MDCG 2020-13FullGuidance on clinical evaluation of medical devices2024-03-15
MDCG 2022-12FullGuidance on harmonized administrative practices and alternative technical solutions until Eudamed is fully functional2024-03-15
MDCG 2019-7FullGuidance on Article 15 of the MDR and IVDR regarding a “person responsible for regulatory compliance”2024-03-15
MDCG 2022-21FullGuidance on Periodic Safety Update Reports (PSURs) according to Regulation (EU) 2017/7452024-03-15
MDCG 2018-1 rev.4FullGuidance on basic UDI-DI and changes to UDI-DI2024-03-15
FDA Software as Medical Device GuidanceFullFDA guidance on software as a medical device (SaMD) regulatory framework2024-03-15
FDA Cybersecurity GuidanceFullContent of Premarket Submissions for Management of Cybersecurity in Medical Devices2024-03-15
FDA Clinical Evaluation GuidancePartialClinical evaluation guidance for specific device types (as applicable)2024-03-15
FDA 510(k) GuidancePartialGuidance for 510(k) submissions (if pursuing 510(k) pathway)2024-03-15
ISO/IEC 27001:2013PartialInformation security management systems (for cybersecurity compliance)2024-03-15
NIST Cybersecurity FrameworkPartialFramework for improving critical infrastructure cybersecurity2024-03-15

Q&A