Summary
A List of Regulatory Requirements is a structured document that identifies and tracks all applicable regulations, standards, and guidance documents that apply to your medical device. It serves as the foundation for regulatory compliance by ensuring you understand and address every legal obligation relevant to your product. This living document must be regularly updated to reflect changes in regulatory landscapes and supports systematic compliance verification throughout your quality management system.Why is a List of Regulatory Requirements important?
The List of Regulatory Requirements exists because medical device regulations are complex, constantly evolving, and vary by jurisdiction. You cannot achieve compliance without first understanding exactly which requirements apply to your specific device and intended markets. This document prevents regulatory gaps that could delay market access or result in enforcement actions. For medical device manufacturers, this list is essential because it drives all other compliance activities throughout your product lifecycle. It informs your quality management system design, clinical evaluation strategy, technical documentation requirements, and post-market obligations. The list also demonstrates due diligence to regulatory authorities by showing you’ve systematically identified applicable requirements rather than making assumptions. Without a comprehensive regulatory requirements list, you risk missing critical obligations, facing regulatory delays, or discovering compliance gaps during inspections that could have been prevented through proper planning.Regulatory Context
- FDA
- MDR
Under 21 CFR Part 820 (Quality System Regulation):
- Quality planning must address applicable regulatory requirements (Section 820.20)
- Design controls must ensure compliance with applicable standards (Section 820.30)
- Must maintain current awareness of regulatory changes affecting your devices
- Documentation must demonstrate systematic compliance with all applicable requirements
Special attention required for:
- FDA guidance documents - while not legally binding, they represent FDA’s current thinking
- Consensus standards referenced in FDA guidance (e.g., ISO 14971, IEC 62304)
- State-specific requirements that may apply in addition to federal regulations
- International standards that may be required for global market access
Guide
Your List of Regulatory Requirements must systematically capture every regulatory obligation that applies to your medical device across all intended markets. This comprehensive approach ensures no compliance gaps and supports systematic verification of regulatory adherence.1. Regulations and Legal Requirements
The regulations section identifies the primary legal frameworks that govern your medical device. You must list each applicable regulation with its full title and reference number, specify whether your coverage is full, partial, or none, provide a clear description of what the regulation covers, and document the last review date to ensure currency. For medical devices, core regulations typically include the EU MDR 2017/745 for European markets, FDA 21 CFR Part 820 for US markets, and jurisdiction-specific laws like the German Medical Devices Law (MPDG) for national requirements. You must also consider data protection regulations like GDPR if your device processes personal data, and cybersecurity frameworks if your device has network connectivity. Your coverage assessment should be realistic - many regulations apply partially to specific device types or use cases. Document exactly which sections apply to avoid unnecessary compliance burden while ensuring you don’t miss applicable requirements.2. Standards and Technical Requirements
Standards provide the technical specifications and methodologies for demonstrating regulatory compliance. Your list must include quality management standards (ISO 13485), risk management standards (ISO 14971), software lifecycle standards (IEC 62304), usability engineering standards (ISO 62366), and clinical evaluation standards (ISO 14155) as applicable to your device type. For each standard, document the specific version and amendments you’re implementing, as regulatory authorities often reference specific versions. Include the publication date and last review date to ensure you’re working with current versions. Note any transition periods for new standard versions that may affect your compliance timeline.3. Guidance Documents and Interpretive Materials
The guidance documents section captures non-binding but influential regulatory guidance that clarifies how authorities interpret legal requirements. These documents often provide practical implementation advice and represent current regulatory thinking on complex topics. Key guidance documents include MDCG guidance for EU MDR implementation, FDA guidance documents for specific device types or regulatory pathways, ISO technical reports that supplement standards, and industry consensus documents that provide best practices. While not legally binding, following recognized guidance documents demonstrates good regulatory practice and reduces inspection risk.4. Maintenance and Review Process
Your regulatory requirements list must be a living document that reflects the current regulatory landscape. Establish a regular review cycle (typically annually or semi-annually) to identify new requirements, updated standards, or changed guidance documents. Assign responsibility for monitoring regulatory changes and updating the list accordingly. Document the last review date for each requirement to demonstrate currency and establish review triggers such as new product releases, market expansion, or significant regulatory announcements. This systematic approach ensures your compliance activities remain aligned with current requirements.Example
Scenario: You’re developing a software-based medical device for both EU and US markets. Your list includes EU MDR, FDA QSR, GDPR for data protection, ISO 13485 for quality management, IEC 62304 for software lifecycle, and relevant MDCG and FDA guidance documents. You review the list quarterly and update it whenever you receive regulatory alerts or plan market expansion.Complete List of Regulatory Requirements Document
List of Regulatory Requirements ID: LRR-2024-0011. Purpose
The purpose of this document is to provide a structured list of applicable regulations, ensuring that all necessary compliance obligations are met. By maintaining an up-to-date record of standards and legal requirements, this document helps facilitate regulatory adherence and supports the ongoing quality and safety of the medical device.2. Scope
This document applies to all medical devices managed by the organization.3. Regulations
| Regulation | Coverage (Full / Partial / None) | Description | Last Review |
|---|---|---|---|
| EU Medical Device Regulations 2017/745 | Full | Regulations required for CE marking of medical devices in the EU. | 2024-03-15 |
| (GDPR) General Data Protection Regulation | Full | Regulates the protection of natural persons with regard to the processing of personal data. | 2024-03-15 |
| (MPDG) German Medical Devices Law | Full | Law providing additional medical device requirements to medical products listed in Germany. | 2024-03-15 |
| FDA 21 CFR Part 820 | Full | Quality System Regulation for medical devices marketed in the United States. | 2024-03-15 |
| FDA 21 CFR Part 814 | Partial | Premarket approval requirements for Class III devices (applicable if pursuing PMA pathway). | 2024-03-15 |
| FDA 21 CFR Part 807 | Partial | Establishment registration and device listing requirements for US market. | 2024-03-15 |
| ISO 13485:2016 + AC:2018 + A11:2021 | Full | Quality management systems for medical devices. | 2024-03-15 |
| ISO 14971:2019 | Full | Application of risk management to medical devices. | 2024-03-15 |
| IEC 62304:2006 | Full | Medical device software lifecycle processes. | 2024-03-15 |
| ISO 62366-1:2015 + A1:2021 | Full | Medical devices - Application of usability engineering to medical devices. | 2024-03-15 |
| ISO 14155:2020 | Partial | Clinical investigation of medical devices for human subjects (if clinical studies required). | 2024-03-15 |
| ISO 15223-1:2016 | Full | Medical devices - Symbols to be used with medical device labels, labelling and information to be supplied. | 2024-03-15 |
| ISO/TR 24971:2020 | Full | Medical devices - Guidance on the application of ISO 14971. | 2024-03-15 |
| ISO 20417:2021 | Full | Medical devices - Information to be provided by the manufacturer. | 2024-03-15 |
4. Guidance Documents
| Regulation | Coverage (Full / Partial / None) | Description | Last Review |
|---|---|---|---|
| MDCG 2020-1 | Full | Guidance on clinical evaluation (MDR) / Performance evaluation (IVDR) of medical device software | 2024-03-15 |
| MDCG 2020-5 | Full | Guidance on Clinical Evaluation – Equivalence | 2024-03-15 |
| MDCG 2019-11 | Full | Guidance on Qualification and Classification of Software | 2024-03-15 |
| MDCG 2019-16 rev.1 | Full | Guidance on cybersecurity for medical devices | 2024-03-15 |
| MDCG 2020-7 | Full | Guidance on PMCF plan template | 2024-03-15 |
| MDCG 2020-8 | Full | Guidance on significant changes to the intended purpose | 2024-03-15 |
| MDCG 2020-13 | Full | Guidance on clinical evaluation of medical devices | 2024-03-15 |
| MDCG 2022-12 | Full | Guidance on harmonized administrative practices and alternative technical solutions until Eudamed is fully functional | 2024-03-15 |
| MDCG 2019-7 | Full | Guidance on Article 15 of the MDR and IVDR regarding a “person responsible for regulatory compliance” | 2024-03-15 |
| MDCG 2022-21 | Full | Guidance on Periodic Safety Update Reports (PSURs) according to Regulation (EU) 2017/745 | 2024-03-15 |
| MDCG 2018-1 rev.4 | Full | Guidance on basic UDI-DI and changes to UDI-DI | 2024-03-15 |
| FDA Software as Medical Device Guidance | Full | FDA guidance on software as a medical device (SaMD) regulatory framework | 2024-03-15 |
| FDA Cybersecurity Guidance | Full | Content of Premarket Submissions for Management of Cybersecurity in Medical Devices | 2024-03-15 |
| FDA Clinical Evaluation Guidance | Partial | Clinical evaluation guidance for specific device types (as applicable) | 2024-03-15 |
| FDA 510(k) Guidance | Partial | Guidance for 510(k) submissions (if pursuing 510(k) pathway) | 2024-03-15 |
| ISO/IEC 27001:2013 | Partial | Information security management systems (for cybersecurity compliance) | 2024-03-15 |
| NIST Cybersecurity Framework | Partial | Framework for improving critical infrastructure cybersecurity | 2024-03-15 |
Q&A
How often should I update the list of regulatory requirements?
How often should I update the list of regulatory requirements?
You should review and update the list at least annually, but also whenever you receive regulatory alerts, plan market expansion, release new products, or become aware of regulatory changes affecting your devices.
What's the difference between regulations and guidance documents?
What's the difference between regulations and guidance documents?
Regulations are legally binding requirements that you must comply with. Guidance documents are non-binding interpretations that clarify how regulatory authorities expect you to implement legal requirements, but following them demonstrates good regulatory practice.
How do I determine if a requirement applies fully or partially to my device?
How do I determine if a requirement applies fully or partially to my device?
Review the scope and applicability sections of each regulation or standard. Consider your device classification, intended use, target markets, and specific features. When in doubt, assume full applicability and seek regulatory consultation.
Should I include standards that are referenced in regulations?
Should I include standards that are referenced in regulations?
Yes, include all standards that are directly referenced in applicable regulations, as well as consensus standards that provide recognized methods for demonstrating compliance with regulatory requirements.
How do I stay informed about regulatory changes?
How do I stay informed about regulatory changes?
Subscribe to regulatory authority newsletters, join industry associations, monitor official journals and websites, and consider using regulatory intelligence services that track changes affecting medical devices.
What should I do if I discover a new applicable requirement?
What should I do if I discover a new applicable requirement?
Add it to your list immediately, assess the compliance gap, develop an implementation plan, and update your quality management system and technical documentation as needed to address the new requirement.