Featured
Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams
Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.
Post-market surveillance for medical devices in the European Union
This article is an excerpt from Post-market surveillance for medical device in the European Union.
Table of Contents
- What is post-market surveillance?
- What classes of medical devices require post-market surveillance?
- Components of a successful post-market surveillance plan
- PMS data requirements
- Post-market surveillance system goals
- Required post-market surveillance reporting
- Embracing post-market surveillance as an integral part of your quality program
- Getting started with post-market surveillance
Post-market surveillance (PMS) is designed to monitor the performance of a marketed medical device by collecting and analyzing field use data. Article 10 of the EU MDR and IVDR requires all device manufacturers to have a post-market surveillance system in place. The main elements of the PMS are laid out in Article 83, and additional details for lower-risk and higher-risk devices are covered in articles 84 and85, respectively.
In general, a PMS system consists of both proactive activities and reactive, or vigilance, activities. While post-market surveillance and vigilance are sometimes used interchangeably, vigilance consists of separate activities that feed post-market surveillance programs.
Post-market surveillance systems are used to collect and analyze data not only about the manufacturer’s device but also about related competitors’ devices that are on the market. Data collected through PMS procedures is then used to identify trends that may lead to, among other things, quality improvements, updates to user training and instructions for use, and identification of manufacturing issues.
Note that “market surveillance” encompasses activities performed by a Competent Authority to verify MDR compliance, and should not be confused with the topic of this ebook,“post-market surveillance," which is performed by the manufacturer.
All medical devices marketed in the EU require some level of post-market surveillance, and all medical device manufacturers must implement a post-market surveillance system (PMS). The requirements of the PMS, however, vary and should be “proportionate to the risk class and appropriate for the type of device” (MDR Chapter VII). In particular, the type and frequency of reporting vary based on a device’s risk class.
A post-market surveillance plan (PMS) is an integral part of a manufacturer’s quality management system and provides a system for compiling and analyzing data that is relevant to product quality, performance, and safety throughout the entire lifetime of a device. The PMS should also provide methods for determining the need for and implementing any preventative and corrective actions. A PMS system should include and define:
Surveillance data sources
With the increased focus on proactive risk identification in the MDR, it is important to design post-market surveillance systems that actively acquire knowledge and detect potential risks. It is not sufficient to rely solely on spontaneous reporting by healthcare providers, patients, and other stakeholders.
In addition to information coming from Clinical Evaluation Reports and complaint and adverse event reporting, typical sources of surveillance data include:
• Social media networks: Because many of your stakeholders may be communicating on social media networks, it is important to employ social listening techniques and/or tools to identify issues and concerning trends as they develop.
• Industry and academic literature: Any studies, academic papers, and other literature that addresses similar devices or the specific use cases for which your device is designed should be evaluated. In particular, risk factors and adverse events identified with similar devices should be closely examined. It is also important to identify newer technologies that may affect the benefit-risk ratio and establish a new definition of “state of the art” for the device type.
• EUDAMED: While the European Database on Medical Devices (EUDAMED) is not yet fully functional, it is intended to provide a living picture of the lifecycle of all medical devices marketed in the EU. Manufacturers should take special care to consider information for similar devices made available through the EUDAMED system in the future.
• Registries: Patient, disease, and device registries can provide information that informs the clinical evaluation process which provides input into the post-market surveillance system.
Data analysis methodology
A well-defined data analysis methodology will accurately identify trends and lead to defendable decisions in the application of post-market experience. Once the necessary information has been identified and collected, and potentially cleaned of incomplete or otherwise unusable data, the data needs to be analyzed.
The goal is to identify meaningful trends, correlations, variations, and patterns that can lead to improvements in the safety and efficacy of the device. There are many data analysis tools available that can assist with:
• Regression analysis that will identify correlations between data (e.g. the device location/geography correlates to battery life).
• Data visualization that can be useful in spotting trends in the data.
• Predictive analytics, which can be particularly useful with large data sets, to identify future trends based on historical data.
• Data mining, which is also normally used with large datasets, to organize data and identify data groups for further analysis.
Benefit-risk indicators and thresholds
The MDR requires that medical device manufacturers not only demonstrate the clinical benefit of their device but also quantify the benefit-risk ratio. The benefit of a device must be shown to clearly outweigh the risk for it to gain market approval. Article 2 (24) of the MDR defines the benefit-risk determination as “the analysis of all assessments of benefit and risk of possible relevance for the use of the device for the intended purpose when used in accordance with the intended purpose given by the manufacturer.”
A PMS system should clearly define benefit-risk calculations and the data used to support them. Post-market surveillance activities are critical in order to re-evaluate and maintain the benefit-risk calculations and determinations of a device throughout its life. Information that is gained through a PMS system can lead to:
• Identification of new risk factors.
• Adjustments to risk frequency and/or severity values based on actual use data.
• Adjustments to established risk calculations based on new “state of the art” technologies becoming available.
• Adjustments to established benefit calculations based on actual use data.
While complaint handling and other feedback tracking are more often described as part of post-market vigilance systems, they play a role in the more proactive post-market surveillance processes as well. A PMS system should define ...
To continue reading this ebook, download the full version.
An overview of 21 CFR Part 820 - quality systems for medical device manufacturers
What is 21 CFR Part 820?
21 CFR 820 is the FDA federal regulation that pertains to quality systems for medical device manufacturers, and it is part of the agency’s set of Current Good Manufacturing Practices (CGMP) for industry. Also referred to as the FDA’s quality system regulation (QSR), the regulation defines design controls and quality processes at all stages of device development in order to ensure that all medical devices marketed in the United States are safe and effective.
21 CFR 820 consists of 15 subparts, which define quality system requirements for each stage and function within the medical device manufacturing process. We define each subpart below.
Federal regulations are organized as Title → Chapter → Subchapter → Part, which means that 21 CFR 820 is short-hand for:
21 CFR 820 vs ISO 13485
ISO 13485 is the de facto international quality system standard for medical device manufacturers, but this is not currently the standard in the United States. While Part 820 and ISO 13485 are structured differently, they have no conflicting requirements. Therefore, companies that are marketing medical devices in the U.S. and in other markets will need to comply with both ISO 13485 and the FDA’s QSR, as defined in 21 CFR 820.
However, the FDA is moving towards harmonizing these standards, and on February 23, 2022 issued a proposed rule to amend the QSR to align more closely with the international consensus standard for Quality Management Systems, primarily by incorporating reference to the ISO 13485 standard. The FDA has published FAQ’s about the proposed rule.
21 CFR Part 820 Requirements
Part 820: General Controls (subpart A)
The General Controls subpart contains three sections providing general information about the regulation, including the scope and applicability along with key definitions.
Scope
The regulation defines current good manufacturing practice (CGMP) requirements governing the methods, facilities, and controls used for the “design, manufacture, packaging, labeling, storage, installation, and servicing of all finished devices intended for human use." Specifically, this subpart defines:
- Applicability:
The requirements of this regulation are intended to ensure the safety and efficacy of all finished medical devices intended for human use that are manufactured in or imported into the United States. Manufacturers that are involved in some, but not all, manufacturing operations should comply with those requirements that are applicable to the functions they are performing.
Exceptions:
- This regulation does not apply to manufacturers of medical device components, but such manufacturers are encouraged to use this regulation as guidance.
- Class I medical devices are exempt from the Design Controls defined in this regulation, except for those listed in § 820.30(a)(2).
- Manufacturers of blood and blood components are not subject to this regulation but are subject to Biologics good manufacturing practices as defined in Subchapter F, Part 606 of the regulation.
Definitions
This section of the regulation contains definitions for a number of terms used throughout the document. The following are the major definitions related to quality records:
- Design history file (DHF): A compilation of records that describes the design history of a finished device.
- Design input: The physical and performance requirements of a device that are used as a basis for device design.
- Design output: The results of a design effort at each design phase and at the end of the total design effort. The finished design output is the basis for the device master record. The total finished design output consists of the device, its packaging and labeling, and the device master record.
- Device history record (DHR): A compilation of records containing the production history of a finished device.
- Device master record (DMR): A compilation of records containing the procedures and specifications for a finished device.
Quality System
The section of the regulation sets the basic requirement for a quality system by stating that “Each manufacturer shall establish and maintain a quality system that is appropriate for the specific medical device(s) designed or manufactured, and that meets the requirements of this part.”
The term “appropriate” is used throughout this regulation and can be open to interpretation. A manufacturer, however, should assume that all requirements are appropriate and applicable except in cases where non-implementation of the requirement can be shown to have no effect on the product's specified requirements or ability to carry out necessary corrective actions.
Quality system requirements (subpart B)
This section of the regulation defines the overall responsibilities and the resources required for the management of the quality system.
Management responsibilities
Executive management is responsible for establishing a quality policy and ensuring adequate resources to effectively maintain and manage the quality system. In addition, management is responsible for establishing a specific quality plan, consisting of relevant practices, resources, activities, and procedures.
Quality audit
Periodic audits of the quality system are required to be conducted by personnel not directly responsible for the activities being audited. The dates and results of each audit need to be documented, along with the results of the audit. It is expected that corrective actions and, when necessary, reaudits, be performed for any identified noncompliances.
Personnel
Manufacturers are responsible for assigning sufficient personnel with appropriate experience and training to perform all tasks required by the quality system plan.
Design controls (subpart C)
Manufacturers of all class II and class III medical devices, along with the specific class I devices listed in paragraph (a)(2) of this regulation, are required to establish design control procedures that ensure design requirements are met as specified.
Design controls shall define:
- Design and development planning - Plans that describe the design and development activities, and responsibilities for these activities and their implementation.
- Design input - Procedures that ensure design requirements are appropriate and address the intended use of the device.
- Design output - Procedures that document design output, including acceptance criteria, so that conformance to design input requirements can be adequately evaluated.
- Design review - Formal and documented reviews of the ensign results that include participation from representatives of all.
- Design verification - Procedures for verifying the device design that confirm that the design output meets the design input requirements.
- Design validation - Procedures for validating the device design, ensuring that devices conform to defined user needs and intended uses, and including testing of production units under actual or simulated conditions.
- Design transfer - Procedures to ensure that the device design is correctly translated into production specification.
- Design changes - Procedures for identifying, documenting, validating, and managing the verification and approval process of all design changes before they are implemented.
- Design history file - A design history file (DHF) is required for each type of device and should include or reference the records necessary to demonstrate that the design was developed in accordance with the approved design plan and device requirements.
Document controls (subpart D)
Medical device manufacturers are required to put in place document controls for all documents required in this regulation.
Document approval and distribution
One or more people must be assigned to review and approve documents prior to issuance. The approval must be documented, include a date and the signature of the approver, and be made available at all locations where applicable. Procedures must also be in place to ensure that obsolete documents are removed and/or prevented from being used.
Document changes
Similar to document approval procedures, changes to documents must be approved, reviewed, and documented. Records of all changes must be maintained.
Purchasing controls (subpart E)
To continue reading this Regulatory Brief, including a definition of the remaining subparts and a comparison of 21 CFR 820 to ISO 13485, please download the full brief.
.avif)
Rimsys Becomes the Trusted Regulatory Partner for 6 of the Top 12 Global MedTech Manufacturers
“Adoption by half of the top global MedTech manufacturers is a powerful validation that we’re not just a solution, we’re setting the new gold standard for regulatory excellence.”
Pittsburgh, PA - August 7, 2025 - Rimsys, the leading Regulatory Information Management (RIM) software purpose-built for the MedTech industry, today announced a significant milestone: 6 of the world’s top 12 medical device manufacturers now rely on Rimsys to manage and streamline their global regulatory operations.
This milestone further solidifies Rimsys’ position as the trusted partner to the world’s most innovative and quality-focused MedTech companies.
Click here for the full list of the top 12 global MedTech companies.
“Today’s regulatory environment demands more than spreadsheets. Leading manufacturers recognize that regulatory operations are mission-critical, revenue-generating departments and need systems to match that level of importance,” said James Gianoutsos, Founder and CEO of Rimsys.
Rimsys’ unified, enterprise-grade RIM platform centralizes and automates critical regulatory processes—including market registrations, Unique Device Identification (UDI), essential principles/GSPR, and submissions management—reducing compliance risk and accelerating market access. Specifically tailored to the needs of medical device and diagnostics companies, Rimsys enables seamless collaboration across RA, QA, and commercial teams while delivering the audit-ready transparency global regulators demand.
“As more organizations embrace regulatory digital transformation, Rimsys is proud to lead the industry forward,” added Gianoutsos. “Adoption by half of the top global MedTech manufacturers is a powerful validation that we’re not just a solution, we’re setting the new gold standard for regulatory excellence.”
To learn more about the Rimsys, please visit www.rimsys.io.
About Rimsys
Rimsys is the leading provider of Regulatory Information Management (RIM) software purpose-built for MedTech manufacturers. The comprehensive platform digitizes and automates regulatory activities, helping MedTech regulatory affairs teams to efficiently achieve regulatory compliance and get products to market faster. Rimsys is designed around MedTech workflows and supports a full breadth of regulatory functions including registrations, submissions, UDI, EUDAMED compliance, essential principles, and standards management in a unified platform. Rimsys is trusted by half of the world’s top 12 MedTech companies to power their global regulatory operations. For more information, visit www.rimsys.io.
%2520(855%2520x%2520268%2520px).png)
Rimsys Announces Bulk UDI Submission and Rimsys Connect™ to Empower MedTech Regulatory Teams
New solutions deliver enterprise-grade data access and streamlined EUDAMED compliance, driving smarter, faster decisions across the business
Pittsburgh - April 29th, 2025 - Rimsys, the global leader in Regulatory Information Management (RIM) software for the MedTech industry, today announced two major enhancements to its platform: expanded Unique Device Identification (UDI) capabilities to support EUDAMED machine-to-machine (M2M) bulk transmission and Rimsys Connect™, a new enterprise Change Data Capture (CDC) solution that provides near real-time synchronization of Rimsys data with customers’ Business Intelligence (BI) solutions.
Together, these capabilities are designed to help MedTech organizations streamline compliance, reduce manual effort, and unlock the full strategic value of their regulatory data.
New UDI Capabilities Support EUDAMED Readiness
The UDI enhancements extend Rimsys’ industry-leading Universal UDI® framework, enabling MedTech teams to manage complex, global UDI programs in one unified RIM system. Key new capabilities include:
- Approving multiple records simultaneously via a simple, scalable workflow
- EU data governance support with all required attributes for EUDAMED transmission
- Bulk submission of records to both the GUDID and EUDAMED databases
These features allow teams to eliminate time-consuming, record-by-record processing, helping them meet the mandatory January 2026 EUDAMED compliance deadline with confidence.
“We’ve partnered closely with our customers to develop a UDI offering that meets increasing regulatory complexity and is easily scalable as new regulations come online,” said Adam Price, Director of Regulatory and Technical Programs at Rimsys. "We’re not only giving customers the ability to meet EUDAMED compliance but enabling them to manage their global UDI program in a single-sourced RIM solution for complete visibility.”
Introducing Rimsys Connect™: Enterprise Data Access, Redefined
Rimsys Connect™ offers enterprise customers a powerful new way to leverage regulatory data across the business. Built on a scalable, event-driven architecture, it provides secure, structured, near real-time streaming of Rimsys data into any modern data warehouse solution—such as Snowflake, Amazon S3, and Salesforce Bulk API 2.0.
“Rimsys Connect™ is not just a connector—it’s a strategic enabler,” said James Gianoutsos, Founder and CEO of Rimsys. “We’re giving regulatory affairs teams the ability to deliver insights that influence launches, accelerate tender responses, and align compliance with business impact. With Connect, RA teams become true strategic partners.”
By providing full access to customer data—registrations, UDI, projects, tasks, and custom attributes — Rimsys Connect™ supports a wide variety of enterprise use cases with customers’ own business intelligence solutions:
- Tracking on-time submission and decision KPIs
- Aligning registration timelines with product launch dates
- Conducting ROI analysis for renewals and market prioritization
- Accelerating tender readiness by combining RIM and PLM data
- Supporting post-market surveillance dashboards
While the initial release will focus on data access, Rimsys plans to expand Connect with curated BI templates and best practices to further accelerate enterprise customer time-to-value.
Solving the Data Fragmentation Problem for MedTech
Many regulatory affairs teams remain constrained by outdated tools, fragmented data sources, and increasing demands to deliver strategic insights to executive and commercial stakeholders. Rimsys Connect™ addresses these challenges by eliminating manual reporting workflows and enabling teams to analyze their regulatory data alongside financial, marketing, and quality systems.
“With Rimsys Connect™, regulatory teams can visualize and analyze their data in real time, assess launch readiness, and deliver more value to their organizations. This is how RA becomes a catalyst for better decisions—not just compliance,” said Gianoutsos.
Both Rimsys’ expanded UDI capabilities and Rimsys Connect™ will be available this summer. Those interested in learning more about these solutions and how they will enable greater automation, efficiency, and compliance can visit our booth at RAPS Euro Convergence May 13-15 in Brussels, Belgium, or sign up for Rimsys’ product update webinar on Thursday, May 22nd at 10 AM ET.
Read the press release here.
About Rimsys
Rimsys is improving global health by accelerating delivery and increasing availability of life-changing medical technologies. Rimsys Regulatory Information Management (RIM) software digitizes and automates regulatory activities, helping MedTech regulatory affairs teams to plan more effectively, execute more quickly, and confidently ensure global regulatory compliance. Rimsys is designed around MedTech workflows and supports a full breadth of regulatory activities including registrations, submissions, UDI, essential principles, and standards management in a unified platform. For more information, visit www.rimsys.io.
Contacts:
marketing@rimsys.io
.avif)
Rimsys Enters Strategic Alliance Relationship with KPMG
PITTSBURGH – March 11, 2025 -- Rimsys, the global leader of MedTech Regulatory Information Management (RIM) software, today announced that it has entered into a strategic alliance relationship with KPMG to advance digital transformation in the MedTech industry.
“KPMG’s deep experience in advisory and business transformation services and exceptional reputation make them a valuable alliance relationship for us,” said James Gianoutsos, Founder and CEO of Rimsys. “KPMG is on the cutting edge of industry trends and has a wide breadth of experience in helping companies innovate and scale. We are thrilled to work with them to help MedTech teams transform their regulatory management processes and leverage the benefits of automation and digitization as part of their broader transformation strategy.”
Founded for and by MedTech regulatory affairs professionals in 2017, Rimsys was created to bring efficiency to regulatory information management and fill an inhibitive technology gap in an underserved industry. Rimsys has since grown to support the world’s MedTech leaders backed by a staff that understands their complex workflows and a robust, secure technology infrastructure that allows customers to scale Rimsys software to support their changing regulatory needs and requirements.
“There is tremendous innovation happening in the MedTech industry, and we are excited to work with Rimsys to help clients transform how they manage regulatory information for getting new products to market and sustaining their existing product portfolios. It’s critical to approach these programs as a holistic business transformation across people, process, technology, data, and governance & controls,” said Dipan Karumsi, Principal, Consulting Sector Leader for Life Sciences at KPMG.
“Through our strategic alliance with KPMG, we can further expand our reach to large and enterprise MedTech companies and continue our exponential growth,” said James. “Combined with KPMG’s experience helping organizations mature their data collection and transformation processes to reach RIM readiness, we can enable the MedTech industry to innovate faster, strengthen compliance, and most importantly, improve the availability of life-changing medical technologies.”
See the full press release here.
FDA’s Final Rule on LDTs: What manufacturers need to know
In July 2024, the FDA's final rule in 21 CFR Part 809 on laboratory developed tests (LDTs) went into effect, amending its previous regulations to make it clear that IVDs, including those that are manufactured in laboratories, are classified as devices under the Federal Food, Drug, and Cosmetic Act. Our blog post provides an overview of LDTs, FDA’s final rule, the phase out policy schedule, and how LDT manufacturers can prepare themselves for compliance.
What are LDTs?
Simply put, LDTs are IVDs that are designed, manufactured, and utilized within a certified laboratory and are typically used for high-complexity testing.
Historically, FDA has used enforcement discretion only on LDTs, which means that most LDTs haven’t been subjected to specific regulatory requirements. However, the volume of and risks associated with LDTs have grown over the years. Some examples of modern LDTs include glucose tests, genetic tests for cancer and infectious diseases, and newborn screenings for early diagnostics. Without a regulatory framework in place, patients are at greater risk of receiving inaccurate test results, forgoing necessary or undergoing unnecessary treatment, and adhering to misleading or false product claims, possibly endangering patients and leading to higher healthcare costs.
FDA’s Final Rule on LDTs
Following the final rule that was issued, LDTs are now subject to the same regulatory requirements as other IVDs, including premarket reviews, quality system requirements, labeling requirements, adverse event reporting, and device listing and registration. To prevent disruptions in patient care, there is a four-year transition or phaseout period consisting of the following five stages:
- Stage 1 (May 6, 2025): LDT manufacturers will be expected to comply with FDA medical device reporting (MDR) requirements, correction and removal reporting requirements, and quality system (QS) requirements for complaint files.
- Stage 2 (May 6, 2026): LDT manufacturers will be required to comply with IVD registration and listing requirements, labeling requirements, and investigational use requirements.
- Stage 3 (May 6, 2027): LDT manufacturers will need to comply with all other QS requirements not covered in Stage 1.
- Stage 4 (November 6, 2027): Unless a premarket submission is received before the start of this stage, LDT manufacturers of high-risk products will need to comply with premarket review requirements for IVDs that may be classified into class III or that meet the requirements of section 351 of the Public Health Service Act.
- Stage 5 (May 6, 2028): LDT manufacturers of moderate and low –risk products will need to comply with premarket review requirements for IVDs unless a submission is received before the beginning of this stage.
Manufacturers of LDTs that don’t meet the requirements in each stage are deemed non-compliant to the regulations governing IVDs and may be subject to FDA 483 observations or warning letters, financial penalties, and even worse, involuntary removal of products from the market.
Note that some LDTs will be exempt from these requirements. Refer to the FDA’s website for more guidance.
Preparing for Compliance
Despite a four-year phaseout period, it’s crucial for LDT manufacturers to start assembling a compliance plan. Starting as early as May 2025, manufacturers will be required to comply with FDA Medical Device Reporting (MDR) requirements, correction and removal reporting requirements, and quality system requirements for complaint files.
It's good practice to conduct an internal regulatory assessment to ensure you have the resources, processes, and tools in place to successfully meet new requirements for LDT devices. It’s also essential to make sure your team is well-versed in these new requirements and the documentation and timelines involved. Including all relevant stakeholders early on, getting a comprehensive project plan in place, and meeting regularly to ensure all tasks are completed would be helpful during the phaseout period and beyond.
Regarding the LDT changes, the FDA has provided a Q&A sheet that you may find helpful.
If you're looking for guidance on FDA premarket submissions, see our Beginner’s Guides to the FDA 510(k), De Novo, and PMA processes.
How Regulatory Tools Can Help
FDA’s final rule on LDTs will add complexity to the regulatory information management of laboratory diagnostic tests. There are digital solutions that can help manufacturers stay current on updated regulations and manage the additional information and documentation needed because of these updates.
A regulatory intelligence database like Rimsys Intel can provide detailed global market entrance requirements, application timelines, fees, risk class specifications, and documentation needed for medical devices and IVDs so that manufacturers can start preparing their premarket strategies.
Regulatory Information Management (RIM) software like Rimsys can help boost efficiency, reduce compliance risk, and increase collaboration by centralizing regulatory information and automating time-consuming, manual processes. As a result, medical device manufacturers gain complete visibility into their submission management and selling status so that they can plan more effectively, avoid costly product delays, and execute faster.
Quick reference guide - global medical device UDI requirements and timelines
This article was last updated on February 10, 2025.
What is UDI?
UDI systems are intended to benefit healthcare providers, manufacturers, authorized health authorities, hospitals and institutions, and individual consumers by providing:
- Faster discovery of possible flawed medical device information by health authorities.
- Quicker access to recall information, and visibility into current inventory.
- A reduction in medical errors through consistently documented product expiration dates.
- Identification of any counterfeit products being used in healthcare facilities.
- Assurances that information regarding an implanted device is safely retained and traceable.
UDI timelines and deadlines vary by market, classification risk, and product and have been revised multiple times in some countries*. This article details the UDI deadlines for the countries which have announced specific programs (draft or implemented) and is current as of the date of this article.
*Note: these dates can change as participating countries adjust their plans. We do our best to update this as more information becomes available.
Quick Links to country-specific sections:
- Australia UDI
- Brazil UDI
- Canada UDI
- China UDI
- European Union UDI
- India UDI
- Japan UDI
- Saudi Arabia UDI
- Singapore UDI
- South Korea UDI
- Taiwan UDI
- United States UDI
- UDI databases by country
General UDI labeling requirements
There are two components to a medical device UDI: the UDI device identifier (UDI-DI) and the UDI production identifier (UDI-PI). The UDI is presented as a barcode label (human and machine readable) on device packaging or on the device itself and acts as the access key to all device UDI attributes.
UDI-DI: This is the static portion of the UDI which identifies the manufacturer along with the specific device version. The UDI-DI (device identifier), also known as the Global Trade Item Number (GTIN) is assigned by an approved organization, such as GS1, and contains:
- Company prefix
- Manufacturers internal product code
- Check character
The UDI-DI is the primary identifier to be used in looking up device attributes in country-specific databases and is assigned prior to placing a product on the market. Note that the device identifier is different for different packaging levels of the same device.
UDI-PI: This is the dynamic portion of the UDI which is assigned by the manufacturer and identifies one or more of the following:
- Manufacturer’s lot or batch number
- Serial number
- Manufacturing date
- Expiration date
- Other attributes as defined by country-specific regulations
The UDI-PI actual values do not appear in country-specific databases (with the exception of the EU vigilance database).
Australian UDIGuidelines
Reporting Database: AusUDID (pre-production)
The Australian government for medical devices, the TGA, has not launched any official regulations or timeline for mandatory UDI labeling. They do provide a wealth of information on their website that is worth reviewing. In the meantime, however, they are hoping for a Q1 2025 implementation. The AusUDID Pre-Production environment is available for sponsors and manufacturers of medical devices supplied in Australia. It is a test environment that allows testing of data submission, prior to submission to the AusUDID Production environment. Any sponsor or manufacturer with an active TBS account can access the database.
ANVISA UDI guidelines
Reporting database:TBD
RDC No. 591/2021 is the regulations guideline for the identification of medical devices regulated by ANVISA, implementing the Unique Identification of Medical Devices (UDI) system. In July 2024, ANVISA finalized amendment RDC No. 884/2024 which implemented various adjustments to RDC 591/2021. The biggest take-away regarding UDI is the extension of one year on the implementation deadlines.
Health Canada website
Reporting Database: N/A
Position paper on the current state of UDI implementation
Medtech Canada strongly supports the global initiative led by regulators under the guidance of the International Medical Devices Regulators Forum (IMDRF), which aims to standardize the identification of medical devices by requiring that certain medical devices carry an internationally recognized UDI. Currently, there is no process in place for UDI in Canada.
China (NMPA) website
Reporting Database: China National UDI Database
Announcement No 22 of 2023
On January 1, 2021, the NMPA implemented the UDI system for its first batch of medical devices, including 69 Class III devices. The following year, June 1, 2022, followed the implementation for the second batch of other Class III medical devices (including IVD reagents). Then in 2023, Order No. 22 announced the third batch of products to adopt the UDI system.
As of June 1, 2024, medical devices listed in the third batch implementation product catalog must have already had UDI implemented. According to the degree of risk and regulatory needs, some Class II medical devices in the third batch included high-demand single-use products, items selected for centralized procurement, and medical aesthetic products, totaling 103 types in 15 categories.
European Union UDI Information
Reporting Database: EUDAMED
Rimsys Updated EUDAMED Timeline Blog Post
The UDI & Devices module is expected to be declared fully functional by the end of Q2 2025 and mandatory for industry use on January 1, 2026. The EU continues to strongly recommend to the industry to establish its solution and to submit data on a voluntary basis.
Medical Devices Rules, 2017
Legal Metrology Act, 2009
Reporting Database: N/A
Rule 46 of Medical Device Rule 2017 was set to require UDI labeling by January 1, 2022. However, details on how the UDI needs to be implemented have not yet been released but India's labeling and traceability requirements must be met as per CDSCO regulations.
In addition to the Medical Device Rule 2017, the Legal Metrology Act, 2009 focuses on standardizing weights and measures and ensures that packaged commodities, including medical devices, are labeled with accurate and clear information.
Law to Ensure Quality, Efficacy and Safety of Pharmaceuticals, Medical Device, and Similar Products
Reporting Database: N/A
There are two regulatory authorities responsible for regulation of medical devices in Japan: The Ministry of Health, Labour and Welfare (MHLW) and the Pharmaceuticals and Medical Devices Agency (PMDA). The MHLW is responsible for the administrative actions such as guidance and approval, and judgment on whether or not a product is considered a medical device. The PMDA undertakes product review and post-market safety measures.
As of Dec 2022, bar code labeling based on international standards is required for immediate containers/wrappings/retail packages of medical devices. It is expected for barcodes to be displayed on every medical device in unit of use for patients. Japan was an early promoter of standardized barcodes and is still working towards harmonizing the requirements with global UDI expectations.
The Pharmaceuticals and Medical Devices Act (PMD Act) translates in Japanese meaning "Law to Ensure Quality, Efficacy and Safety of Pharmaceuticals, Medical Devices, and Similar Products," but is often shortened to Act on Pharmaceuticals and Medical Devices or just PMD Act.
Requirements for Unique Device Identification (UDI for Medical Devices)
Reporting Database: Saudi-DI
The SFDA requires compliance with the Unique Device Identification (UDI) regulations on all medical device companies in Saudi Arabia for all classifications. Medical device classifications include: devices, IVD, non-medical IVD, chemical for medical use, distillation device, general lab use, HCT/Ps product and radiation devices.
Guidance for UDI Implementation
Reporting Databases: Singapore Medical Device Register (SMDR) - For risk class B or higher, Class A Medical Device Database - Risk class A only
Singapore is now requiring compliance with UDI labeling and database registration. They will accept UDI labels for devices already marketed in the U.S. and the EU without any need for modification. However, if they are not marketed in either country, then they are required to implement via Singapore UDI regulations.
Companies are given an additional 6 months from the compliance date to deplete the respective medical devices that have been imported prior to the compliance date and exist in their current supply chain.
Note:
• UDIs will not be required for medical devices for clinical research, investigational testing or clinical trial and custom-made medical devices
• Medical devices authorized for supply via Special Access Routes (GN26, GN27, GN29) are required to comply with UDI requirement on a risk-calibrated approach
Act on In Vitro Diagnostic Medical Devices
Act on Medical Devices
Reporting Database: South Korean Integrated Medical Device Information System (IMDIS)
South Korea has already implemented UDI regulations by Article 20-23 of the Medical Device Act (No. 14330) and Article 54-2 of Enforcement Regulations of Medical Device Act (No. 1512).
Guidance document from Taiwan FDA
Reporting Database: TUDID
Taiwan has previously implemented UDI regulations, which include labeling and database reporting requirements.
FDA website for UDI
Reporting database: GUDID database
The United States has previously implemented UDI regulations, which includes labeling and database reporting requirements.
Each country has their own UDI database and varying requirements for the data stored in those databases. There is overlap in the data required among the various UDI databases, but each country also has unique data they require.
In addition, countries require that UDI-DI information be provided by “issuing entities.” Note that with the exception of China, all countries accept GS1, HIBCC, and ICCBA as issuing entities.
* Data attributes are approximations based on country UDI requirements and include mandatory, optional, mandatory if applicable, and country database auto generated elements.
** Expected to be similar to US GUDID requirements.
Keeping pace with UDI regulations
Keeping track of country-specific UDI requirements, implementation timelines, and affected devices can be a big challenge to RA teams—especially because the information is scattered across many sources and simply hard to find. In this guide, we have consolidated timeline information and device class requirements across multiple countries. While we make every effort to provide accurate and up to date information, it's always advised to check the government website for the country in question.
Additional UDI resources
Looking for more information? You can visit our EUDAMED resource center, where you will find videos and resources to help you plan for UDI requirements in Europe. In addition, you may enjoy our blog post that outlines our views on the recent EUDAMED timeline updates.
For a broader introduction to UDI, see our Rimsys UDI Overview blog post.
If you're looking for an automated, integrated solution to help you meet changing regulations and manage your global UDI program, request a custom Rimsys demo!
%2520(1755%2520x%2520550%2520px)%2520(855%2520x%2520268%2520px).avif)
Why a RIM System is Critical to Successfully Support MedTech M&A Activities
There was significant M&A activity in the MedTech sector in 2024, and the industry is predicting another big year for mergers and acquisitions. As MedTech companies aim to expand their product lines, enter new markets, innovate faster, and remain competitive in a rapidly evolving space, mergers and acquisitions can be attractive and cost-efficient options. Additionally, some manufacturers are choosing to divest parts of their business to hone their focus, drive additional investment in other key areas, and optimize operations.
For the regulatory affairs professional, M&A activities can be anything but efficient. An influx of new products, registrations, and regulatory information to maintain can wreak havoc on RA teams who are already struggling to effectively manage and maintain compliance amid a seemingly constant state of regulatory change.
In an increasingly complex regulatory landscape, many MedTech teams are turning to RIM systems to help them centralize regulatory information across the business, automate time-consuming, manual processes, and strengthen global compliance. These benefits are even more palpable for companies undergoing mergers, acquisitions, and divestitures, giving them streamlined, fully visible regulatory information management that can scale with their evolving business needs and additional regulatory information to manage.
Case Study: Large, Publicly Traded Device Manufacturer Navigates Product Line Divestiture with Ease
A large, publicly traded manufacturer of products for pain management, digestive health, and IV therapy was in the process of divesting one of its product lines to another company. As a result, some of their regulatory employees were transitioned to the company that purchased its product line. The customer leveraged Rimsys’ unique Linked Accounts feature, which allows users to grant external stakeholders controlled access to Rimsys, to give those impacted access to the 100+ registrations associated with the divested products. As a result, the transitioned employees lost no access to their respective products and are able to manage, review, and approve those registrations as they normally would.
“Linked Accounts is a fantastic feature that I didn’t originally appreciate as much. Rimsys made it easy for us to identify the products impacted by the divestiture and provide access to those who need them. It has been a bright spot in the sea of headaches both teams are experiencing when trying to review and approve information in other systems.”
-Program Manager, Regulatory Information Management
When the transaction is complete, the customer will easily be able to export the list of registrations by product tag and archive the registrations in Rimsys for easy management and visibility. The transitioned employees will also still retain access to the information they need in Rimsys as they work to implement their own Rimsys solution to manage those registrations.
Navigating Business and Regulatory Changes with RIM Systems
As the MedTech industry prepares for additional mergers, acquisitions, and divestitures this year, getting a solid regulatory information foundation in place is critical for a successful transition and ongoing compliance. Yet, many MedTech RA teams are using manual processes and siloed systems to manage regulatory information.
One of Rimsys’ goals is to serve as a strategic partner to MedTech RA teams, helping them better understand their current RIM state and the steps they need to advance their processes. This includes the implementation of a RIM system such as Rimsys to centralize their regulatory information, enable easy collaboration with internal and external stakeholders, and automate time-consuming manual processes for strengthened global compliance.
See our Guide to MedTech RIM Maturity, which provides our RIM Maturity Model Framework, for ways to better assess your organization’s current RIM state and incrementally reach new milestones.
Rimsys has helped global MedTech leaders navigate business and regulatory change with unified RIM software that provides full visibility into their regulatory activities. If you’re looking to stay ahead of upcoming strategic activities or are simply looking for a better way to manage your information amid increasing complexity, contact us to learn how Rimsys can help you streamline and automate your processes for long-term success.
