Blogs

ISO 10993: Standards for the biologic evaluation of medical devices

Dell Lundy

January 6, 2023

4 min read

The International Organization for Standardization (ISO) is the largest body in the world publishing standards. In fact, it is a conglomeration of standards bodies from over 160 countries working together to harmonize standards. As such, ISO 10993 is the international standard that is practically used globally for testing and determining the biocompatibility of medical devices. So it’s critical for medical device manufacturers to understand all 23 parts of ISO 10993 for the success of 510(k), pre-market authorization (PMA), and other device submission projects for regulatory authorities worldwide. As an example, the FDA has issued guidance on the Use of International Standard ISO 10993-1.

What is biocompatibility?

According to ISO 10993-1:2018, the current version of part 1 of the standard, biocompatibility is the ability of a medical device or material to perform with an appropriate host response in a specific application. Any device that comes into direct or indirect contact with the skin must be tested for biocompatibility. A medical device that makes indirect contact with the skin is one that encounters a liquid, gas, or another medium, that makes direct contact with the patient or user.

Categorizations for medical devices according to ISO 10993

When testing the biocompatibility of a device, it is broken down into two categories; one based on its type of contact with humans, and the other based on the duration of contact.

The categorizations for types of contact are:

Non-contacting medical devices: These are medical devices that do not make direct or indirect contact with patients. Examples include in-vitro diagnostics devices, blood collection tubes, and petri dishes.
Surface-contacting devices: Surface-contacting medical devices are ones that touch the skin, in-tact mucous membranes, and breached or compromised surfaces. Examples of these devices are catheters, contact lenses, and bronchoscopes.
Externally communicating devices: Externally communicating devices are those that are partially or wholly external and come into contact with bodily fluids. These devices are usually intended to deliver or draw fluids to or from the body and are attached to an external delivery or withdrawal system. Examples include dialyzers and dialysis tubing accessories, transfer and transfusion sets, and arthroscopes.
Implantable devices: Implantable devices are the riskiest type for medical devices because they are embedded within human tissue. Pacemakers, artificial larynxes, and heart valves are all implantable devices.

The categorizations for times of duration are:

Limited exposure – Medical devices whose cumulative sum of single, multiple, or repeated duration of contact is up to 24 hours.
Prolonged exposure – Medical devices whose cumulative sum of single, multiple, or repeated contact time is likely to exceed 24 hours but does not exceed 30 days.
Long-term exposure – Medical devices whose cumulative sum of single, multiple, or repeated contact time exceeds 30 days.

Determining biocompatibility

Medical devices are most commonly made of metals, plastics, and fabrics, which are composed of chemicals with varying properties. Manufacturers must gather physical and chemical information about the device, which is vital to its biological and material evaluation and characterization.

For devices with components that are made of or utilize novel chemicals or materials, or those known to cause adverse effects, ISO 10993 requires rigorous risk assessment and management according to the standards of ISO 14971. Furthermore, there are prescribed data endpoints that set the foundation for determining the biocompatibility of medical devices and their intended uses and components.

The main things manufacturers must consider when determining the biocompatibility of medical devices and their components are listed below:

Complete chemical characterization – ISO 10993 requires manufacturers to describe the chemical and material makeup of the medical device and its components, as well as the use of chemicals in the manufacturing of the device. Sometimes, a test of extractable and leachable chemicals is required to determine the safety of the medical device.
Toxicological assessment – Toxicological assessment serves to determine and mitigate the risk of medical devices when they come into contact with patients and users. There are four pillars of toxicology assessment: hazard identification, hazard characterization, exposure assessment, and risk characterization.
Biocompatibility testing – Biocompatibility testing is the process of testing the local and systemic effects of a medical device on the tissues it comes into contact with. Oftentimes a favorable toxicological assessment by a qualified individual, based on the facts of the thorough chemical characterization, can rule out the possibility of adverse effects and the need for biocompatibility testing.

ISO 10993 compliance

Biocompatibility assessment is a vital part of risk management according to ISO 14971. Ensuring compliance with risk management and biocompatibility assessment standards requires buy-in from all departments, from marketing and design to quality assurance and regulatory affairs.

It is vital that you begin considering ISO 10993-1:2018 in the early stages of product design. Part 1 of the standard will refer to additional parts, as listed in the following section. Completing your complete chemical characterization and toxicology assessment early in the process will help ensure the biocompatibility of your medical device during the design phase and expedite your device registration and time to market.

Also, it’s important to note that many regulatory authorities around the world have their own variation of ISO 10993. While these varying standards have the same foundation and are similar in many ways, you must understand their nuances if you plan to offer your medical device internationally.

ISO 10993 sections

ISO 10993 is made up of 23 different sections or parts, each of which is maintained and updated separately. Previews of the standard can be viewed on the ISO website, but full versions of the standard need to be purchased.

ISO 10993-1:2018 – Evaluation and testing within a risk management system
ISO 10993-2:2022 – Animal welfare requirements
ISO 10993-3:2014 – Tests for genotoxicity, carcinogenicity, and reproductive toxicity
ISO 10993-4:2017 – Selection of tests for interactions with blood
ISO 10993-5:2009 – Tests for in vitro cytotoxicity
ISO 10993-6:2016 – Tests for local effects after implantation
ISO 10993-7:2008 – Ethylene oxide sterilization residuals
ISO 10993-8: - Withdrawn (Selection of reference materials for biologic tests)
ISO 10993-9:2019 – Framework for identification and quantification of potential degradation products
ISO 10993-10:2021 – Tests for skin sensitization
ISO 10993-11:2017 – Tests for systemic toxicity
ISO 10993-12:2021 – Sample preparation and reference materials
ISO 10993-13:2010 – Identification and quantification of degradation products from polymeric medical devices
ISO 10993-14:2001 – Identification and quantification of degradation products from ceramics
ISO 10993-15:2019 – Identification and quantification of degradation products from metals and alloys
ISO 10993-16:2017 – Toxicokinetic study design for degradation products and leachables
ISO 10993-17:2002 – Establishment of allowable limits for leachable substances
ISO 10993-18:2020 – Chemical characterization of medical device materials within a risk management process
ISO 10993-19:2020 – Physico-chemical, morphological, and topographical characterization of materials
ISO 10993-20:2006 – Principles and methods for immunotoxicology testing of medical devices
ISO 10993-22:2017 – Guidance on nanomaterials
ISO 10993-23:2021 – Tests for irritation

How can we help?

Many manufacturers endure longer and more costly paths to market than necessary because they do not have systems and tools designed specifically for their regulatory teams. Furthermore, a lack of visibility and collaboration from departments that see regulatory teams traditionally as the “department of saying no” leaves ample room for human error in regulatory, quality management, and even marketing processes and activities. Read more about why we believe regulatory teams need to be considered revenue functions, not cost centers.

The resulting inefficiencies lead to problems such as marketing products with expired certificates, missing certificates, inaccurate and/or incomplete submissions, and even non-compliance with current regulatory requirements. Having a holistic RIM system is central to staying in compliance with standards, regulations, and guidance in the many markets around the world. Rimsys is the only RIM system of its kind built specifically for the medtech industry.

To learn how Rimsys can help your company get its regulatory ducks in a row, click here to schedule a demo.

‍

Share this post

Featured

Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams

Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.

Similar posts

How Smith & Nephew Repositioned Regulatory as a Strategic Commercial Partner

Caroline La

May 28, 2026

4 min read

Smith & Nephew is a global medical device manufacturerwith a broad portfolio spanning orthopedics, sports medicine, and woundmanagement, sold and registered across markets worldwide. Before Rimsys,regulatory data was scattered across spreadsheets, shared drives, anddisconnected systems.

When Smith & Nephew selected Rimsys, they deployed itenterprise-wide from day one. Executive reporting moved from manual fire drillsto real-time dashboards. Change impact assessments became faster and moreconsistent. The regulatory team made the shift from reactive compliancefunction to strategic partner to the business.

The Challenge

Regulatory data at Smith & Nephew lived in multiplespreadsheets, shared drives, SharePoint sites, emails, and disconnectedsystems. Without a centralized record, the team could not reliably trackregistration timelines, measure on-time submissions, assess change impacts, orunderstand the downstream impact of product changes across markets. Preparingexecutive reporting meant manually assembling data from multiple sources, aprocess that consumed time and introduced risk each time.

‍

The Solution

Smith & Nephew selected Rimsys for its configurable, notcustomized, platform: an intuitive user interface, centralized submissionmanagement, robust metrics, change assessment capabilities, and UDI supportwith machine-to-machine transmission. Rimsys’ interconnected modulearchitecture linked products, registrations, projects, change assessments, andUDI in a centralized location.

Rather than piloting in one business unit, Smith &Nephew deployed Rimsys across the entire regulatory organization from day one.The decision was deliberate: a partial deployment would have preserved thefragmentation. Enterprise-wide adoption established consistent metrics,standardized processes, and a single source of truth from the start.

‍

The Results

Executive and board reporting, previously built from manualdata pulls, now flows directly from Rimsys in real time. What had been adisruptive, recurring effort is now a routine view. Leadership has thevisibility to make faster, more confident decisions, and the regulatory team isno longer pulled into reporting fire drills.

Change management has also been transformed. Direct linkagebetween products, registrations, and projects means impact assessments arefaster and less dependent on individual knowledge. UDI operations havesimilarly improved: machine-to-machine transmission has reduced manual uploadsand centralized DI record visibility supports global UDI requirements.

The most significant shift is strategic. With centralizedregulatory intelligence and real-time data, Smith & Nephew’s regulatoryteam now actively supports commercial planning: informing budget cycles,guiding renewal and launch sequencing, and advising on regulatory pathways toaccelerate market entry. Regulatory is no longer a downstream compliancefunction. It is a business partner.

Smith & Nephew now runs four modules across its RIM operation:

Registrations— Centralized license tracking across 250 countries and 30+ business units
Change Assessments— Direct product-registration linkage for faster, consistent impact assessments
Executive Reports— Real-time dashboards replacing manual data pulls and board reporting fire drills
UDI— Machine-to-machine transmission reducing manual uploads across global markets

Take this to your team

If you’re evaluating how to modernize RIM operations at scale, the Smith & Nephew case study is a practical reference to share internally. It covers the full implementation story, module breakdown, and results data in a format built for stakeholder conversations.

Download the Case Study

How Philips Scaled Active Product Registrations More Than 20x

Caroline La

May 21, 2026

4 min read

Philips Healthcare operates one of the largest regulatory portfolios in global MedTech: products registered across 250 countries, with a footprint that grows with every acquisition. Before Rimsys, that complexity was managed through email and spreadsheets. Submission packages moved through inboxes with no audit trail, no performance data, and no reliable view of where products were authorized to ship.

Philips selected Rimsys in 2022 as the enterprise RIM platform to bring regulatory order to that complexity. Since go-live, active product registrations have scaled more than 20x, user adoption has doubled in the last six months, and the regulatory affairs function now operates from a single source of truth spanning the entire enterprise.

The Challenge

Without structured data, Philips could not measure regulatory performance, track license expiration across the portfolio, or identify where submission work was stalling. Every acquisition made it worse: incoming business units arrived with their own workflows and systems, absorbing more fragmentation rather than resolving it.

‍

The Solution

Philips evaluated multiple platforms against requirements built with both market-facing and business regulatory affairs teams. Rimsys won on two dimensions: an interface that made complex product and registration data immediately visible, and more enterprise-ready features than competing platforms at the right price point.

Philips went live with Rimsys Registrations and Submissions modules in July 2022. The team deployed platform experts for train-the-trainer sessions and launched regular drop-in sessions where users could ask questions and surface issues. Standing up a dedicated Regulatory Operations team focused exclusively on rest-of-world registration accelerated adoption further.

When an early business unit pushed back on workflow efficiency, Philips and Rimsys worked through it together. A hands-on process walkthrough identified exactly what needed to change, a resolution plan was shared, and that transparency and collaboration became the foundation for sustained user buy-in across the enterprise.

‍

The Results

Since go-live, Philips has scaled active product registrations more than 20x, with further growth already underway. What started as a single deployment now spans 30+ business units across 250 countries, with Rimsys serving as the single source of truth for regulatory data across the enterprise, including businesses acquired since implementation.

For the first time, Philips can measure its own regulatory performance. KPIs flow directly from the platform, giving leadership real-time visibility into registration health. When anomalies surface, they drive data correction and user training, closing gaps that previously went undetected until they affected revenue.

Now with Rimsys AI-assisted Submissions and Regulatory Intelligence now in use, Philips expects to accelerate further: reducing administrative burden so skilled regulatory professionals can focus on strategy.

Philips now runs four modules across its RIM operation:

Registrations— Centralized license tracking across 250 countries and 30+ business units
Submissions— AI-assisted submission workflows replacing email-based package management
Intelligence— Real-time KPI dashboards giving leadership visibility into registration health
Standards— Essential Principles and standards tracking aligned to global market requirements

‍

Take this to your team

If you’re evaluating how to modernize RIM operations at scale, the Philips Healthcare case study is a practical reference to share internally. It covers the full implementation story, module breakdown, and results data in a format built for stakeholder conversations.

Download the Case Study

What RAPS Euro Convergence 2026 Told Us About the Future of MedTech Regulation

Caroline La

May 12, 2026

4 min read

Last week, the MedTech regulatory community gathered in Lisbon for RAPS Euro Convergence 2026: nearly 100 sessions, hundreds of professionals, and one overriding theme: transformation.The European regulatory landscape is shifting faster than it has in two decades, and the pressure is on every RA team to keep pace.

We were there. And here is what we took away.

The Dominant Signal: Change Is Accelerating

For MedTech manufacturers, the immediate reality is demanding. MDR 2.0 is advancing. The EU AI Act is creating new compliance obligations for software-enabled devices. EUDAMED continues to mature. And teams are being asked to absorb all of this while still meeting existing registration and renewal deadlines.

The practical implication is clear: RA functions that rely on manual tracking, disconnected spreadsheets, and tribal knowledge are being outrun by the pace of change. Across the industry, teams are moving from talking about AI to actively experimenting with it, using it to handle the volume and complexity that manual processes simply cannot absorb. The teams emerging as strategic forces are the ones who have connected, real-time regulatory infrastructure and are putting AI to work within it.

AI Is No Longer Optional Thinking

The conversation at Euro Convergence made one thing clear: AI has moved from future-state to present-tense. Regulatory professionals were encouraged to embrace AI while maintainingaccountability for the outcome and challenging the algorithms.
‍

" Our role is to make sure that the AI does the right interpretations appropriate to our products, to our business."

— João Martins, Director of Regulatory Affairs at Abbott at RAPS Euro Convergence 2026 Opening Plenary
‍

That framing resonates deeply with how we have built AI into Rimsys. The goal was never to replace regulatory judgment; it is to amplify it. Rimsys AI is domain-specific, built on the regulatory data structures and logic that reflect real-world requirements, country-specific nuances, and product context. It proposes, analyzes, and alerts. Your team reviews, approves, and decides.

For teams that are ready to accelerate, Rimsys AI accelerates regulatory intelligence monitoring and submission authoring, removing the repetitive, detail-heavy work so skilled professionals can focus on strategy, market expansion, and the higher-order decisions that increasingly complex regulations demand.
‍

"As future regulators, we will need to be scientifically strong, comfortable with complexity, open to innovation, and also be able to work in increasingly complex environments."

— Rui Santos Ivo, President of Portugal's National Authority of Medicines and Health Products (INFARMED) and chair of the EMA management board, RAPS Euro Convergence 2026 Opening Plenary
‍

MDR 2.0: Reform With Guardrails

A panel of experts representing regulators, industry, and notified bodies gave their views on the proposed revision of the EU Medical Device Regulation at the conference. While their sentiments were largely supportive, notified body representatives urged the European Commission to maintain proactive surveillance of devices to protect patients.

The discussion acknowledged the complexity of balancing reform with patient safety. Simplification and innovation go hand in hand, though if it is overly complicated or overly simplified, it becomes difficult to innovate. Structured dialogues in MDR/IVDR will provide transparency and predictability for manufacturers, especially in early product development.

Regulatory Workflows Cannot Be an Afterthought

A recurring observation across sessions was that MDR 2.0, EUDAMED, and the EU AI Act are only as effective as the operational workflows behind them. Structured dialogues, risk-proportionate pathways, and submissions all require teams to move quickly with accurate, up-to-date product data. That is simply not possible when that data lives across email threads, spreadsheets, and disconnected systems.

The workflows that came up most in Lisbon (change control, renewals, new product introductions, and registration management) are exactly the areas where manual processes create the most risk. A missed renewal. A design change that triggers 40 country-level impact assessments with no system to coordinate them. A registration record that no one has updated since the last audit.

Rimsys keeps these workflows connected and proactive. Renewal expiration reminders fire before deadlines become a risk. Change control impact surveys are configurable to your SOPs, so teams can assign tasks and coordinate work across regions without relying on someone to manually track progress. New product introductions move faster because previous submission content can be reused across markets. Target market data, registration history, and approval status are already centralized, so teams are building on existing work rather than starting from scratcheach time.

The result is regulatory operations that reduce time to market by weeks to months, not add to it. Access information in seconds rather than hours. Regulatory release authorization in minutes rather than weeks. More than 90% reduction in regional regulatory reporting time. These are not projections. They are outcomes reported by Rimsys customers operating in exactly the kind of complex, multi-market environments that dominated the conversation in Lisbon.

The Regulatory Professional Is Evolving

Perhaps the most striking thread across sessions was the evolution of the RA function itself. Regulatory work was once seen mainly in terms of compliance procedures and submissions. Today, the profession is much broader than that.

This evolution is exactly the transition Rimsys is designed to support. When regulatory data is centralized, connected, and visible in real time, RA teams stop spending their days chasing down registration status and start contributing to commercial strategy: market expansion decisions, launch sequencing, change control planning, and executive-level risk communication.

The heart of regulatory operations is not a filing cabinet. It is a living, connected system that elevates the entire function.

What It All Points To

RAPS Euro Convergence 2026 made one thing clear: the organizations that will thrive are those who have invested in regulatory infrastructure that can absorb change without breaking. Rimsys is the platform built for exactly this moment: enterprise-grade, intuitive enough for global teams to actually use, and trusted by 6 of the top 12 global MedTech manufacturers worldwide.

Book a conversation with our team