Featured
Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams
Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.
The beginner's guide to the FDA De Novo classification process
This article is an excerpt from The beginner's guide to the FDA De Novo classification process ebook.
Contents
- Introduction
- Chapter 1: What is an FDA De Novo request?
- Chapter 2: Contents of a De Novo request
- Chapter 3: Submitting a De Novo request
- Appendix A: Acceptance review checklist
Congratulations, you have successfully developed a new medical device! Now you need to take it to market. Normally in the United States this would mean completing a 510(k) submission. However, the 510(k) relies on “substantial equivalence”—a comparison to a similar device already on the market (also called a predicate device) to assess the risk profile of the new device. What if your device is totally new, and there isn’t a similar device to compare it to? Enter the FDA De Novo process. The De Novo process provides a pathway to market for novel devices with a low to medium risk profile.
What does De Novo mean?
According to the Merriman-Webster dictionary, de novo is a Latin word meaning “as if for the first time; or anew.” Perfectly fitting that the FDA uses this term “De Novo” to describe market approval requests for new medical devices or technology where there is no comparable predicate device on the market.
The Food and Drug Administration Modernization Act of 1996 provided the FDA with the authority to create the De Novo Classification Process. It's a process that uses a risk-based strategy for a new, novel kind of medical device, in vitro diagnostic, or medical software solution whose type has previously not been identified and/or classified. It’s a process by which a novel medical device can be classified as a Class I or Class II device, instead of being automatically classified as Class III, which may not be appropriate. Before the implementation of the De Novo process in 1997, all the “not substantially equivalent” (NSE) products were required to be initially classified as a Class III device. But for a lot of devices, this risk class didn’t really make sense. The De Novo process provides a pathway for more accurate classifications of novel, lower-risk devices.
October, 2021, the FDA released a final guidance document "De Novo Classification Process (Evaluation of Automatic Class III Designation)" to provide guidance to the requester (also known as the manufacturer) and the FDA on the process for the submission and review of a De Novo Classification Request under section 513(f)(2) of the Federal Food, Drug, and Cosmetic Act (the FD&C Act). This process provides a pathway to an initial Class I or Class II risk classification for medical devices for which general controls or general and special controls, provide a reasonable assurance of safety and effectiveness, but for which there is no legally marketed predicate device. This guidance document replaced the "New Section 513(f)(2) – Evaluation of Automatic Class III Designation, Guidance for Industry and CDRH Staff" document, dated February 19, 1998.
Consistent with the final rule, the FDA updated the guidance documents below to provide recommendations for submitting De Novo requests, as well as criteria and procedures for accepting, withdrawing, reviewing, and making decisions on De Novo requests, effective January 3, 2022.
- User Fees and Refunds for De Novo Classification Requests
- FDA and Industry Actions on De Novo Classification Requests: Effect on FDA Review clock and Goals
- Acceptance Review for De Novo Classification Requests
The 510(k) and the De Novo processes are similar in that they are both pathways to market for medical devices with low to moderate risk, which is Class I and Class II. The biggest difference between the two is that the 510(k) heavily relies on the concept of "substantial equivalence" to an existing medical device. You must prove this to get the clearance of your 510(k) submission. In the De Novo process, there isn’t a product currently on the market that is “substantially equivalent” to yours, so it’s like starting with a clean slate. For more on the 510(k) process, see our Beginner’s Guide to the 510(k) ebook.
A result of the De Novo process to be aware of is that a successful submission will lead to a new predicate device type that someone else can reference to bring their product to market through the 510(k) process. You’ve done all the work, so now it’s available for anyone to use to provide "substantial equivalence".
De Novo history/timeline
Preparing a De Novo request
1. Do your research! Be sure to complete all the necessary research prior to your submission. You want to be sure that your device is not substantially equivalent to an existing device. Resources to review include:
- The Center for Devices and Radiological Health (CDRH)
- U.S. FDA Device Classification Database
- Device Classification Under Section 513(f)(2)(De Novo)
2. A De Novo request can be submitted with or without a preceding 510(k). There are two options for when you can submit a De Novo request:
Option A: After receiving a not substantially equivalent (NSE) determination (that is, no predicate, new intended use, or different technological characteristics that raise different questions of safety and effectiveness) in response to a 510(k) submission.
Option B: If you’ve determined, after extensive research, that there is no legally marketed device on which to base a determination of substantial equivalence.
3. Be sure all fees are paid to the FDA in advance of submitting a De Novo request. The FDA’s fiscal year begins in October and runs through the following September. Fees have increased each year since they were introduced, but the FDA’s percentage of reviews completed within the 150-day window has increased as well.
A business that is qualified and certified as a “small business” is eligible for a substantial reduction in most of the FDA user fees, including De Novo. The CDRH is responsible for the Small Business Program that determines whether a business is qualified.
Medical Device User Fee Amendments (MDUFA) guidance documents can provide more detailed information about all FDA user fees.
4. The initial request process serves only to determine if the De Novo request is administratively acceptable based upon the Acceptance Checklist. The initial acceptance is followed by substantive review which will determine the final risk classification of your device.
5. A Pre-Submission (Pre-Sub) is a formal written request for feedback from the FDA that is provided in formal written form, and then followed by a meeting. Although a Pre-Sub is not required prior to a De Novo request, it can be extremely helpful to receive early feedback, especially for devices that have not previously been reviewed under a 510(k). If you think you would like to submit a pre-sub first, there are suggested guidelines for submission you should consider:
- Describe your rationale for a Class I or Class II classification for your device.
- Provide the search results of FDA public databases and other resources used to determine that no legally marketed device and no classification for the same device type exists.
- Provide a list of regulations and/or product codes that may be relevant.
- Provide a rationale for why the subject device does not fit within and/or is different from any identified classification regulations, based on available information.
- Identify each health risk associated with the device and the reason for each risk.
- Briefly describe any ongoing and/or planned protocols/studies that need to be completed in order to collect the necessary data to establish the device’s risk profile.
- Provide information regarding the safety and effectiveness of the device. Cite the types of valid scientific evidence you anticipate providing in your De Novo request, including types of data/studies relating to the device’s safety and effectiveness.
- Briefly describe any ongoing and/or planned protocols/studies that need to be completed to collect the necessary safety and effectiveness data.
- Provide protocols for non-clinical and clinical studies (if applicable), including how they will address the risks you anticipate and targeted performance levels that will demonstrate that general controls or general and special controls are sufficient to provide reasonable assurance of safety and effectiveness.
- Share any proposed mitigation measure(s)/control(s) for each risk, based on the best available information at the time of the submission. Highlight which mitigations are general controls and which are special controls and provide details on each.
- Include any other risks that may be applicable, in addition to those identified in the Pre-Sub, given the indications for use for the device.
- If applicable, provide any controls that should be considered to provide a reasonable assurance of safety and effectiveness for the device.
- Provide any non-clinical study protocols that are sufficient to allow the collection of data from which conclusions about device safety and/or effectiveness can be drawn. These protocols should address whether the identified level of concern is the appropriate level of concern for the device software, and if any additional biocompatibility and/or sterility testing is required.
- If clinical data is needed, provide information to show that the proposed study design and selected control groups are appropriate?
6. The FDA will attempt to review the De Novo request submission within 15 calendar days of receipt of the request to make a determination that the submission is declined or accepted for review. If they are unable to complete the review within the 15 days, your submission will automatically move to “accepted for review” status. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/de-novo-classification-process-evaluation-automatic-class-iii-designation
7. There are times when the FDA will refund your application fee. They have created a guidance document “User Fees and Refunds for De Novo Classification Requests” for the purpose of identifying:
- the types of De Novo requests subject to user fees
- exceptions to user fees
- the actions that may result in refunds of user fees that have been paid
When is a De Novo request subject to a user fee?
When will the FDA refund a De Novo user fee?
What fee must be paid for a new device submission following a De Novo “decline” determination?
To continue reading this eBook including a detailed walk-through of all the Traditional 510(k) components, submission requirements and timelines, and an overview of the other 510(k) forms including the Abbreviated 510(k) and the Special 510(k), please register to download the full version.
The ultimate guide to the medical device single audit program (MDSAP)
This article is an excerpt from The ultimate guide to the medical device single audit program (MDSAP) ebook.
Table of contents
- What is MDSAP?
- History of MDSAP
- Who is responsible for the MDSAP?
- How does an MDSAP audit work?
- Audit sequence
- You got a nonconformity – now what?
- What does an MDSAP audit cost?
- Why choose the MDSAP certification process?
- Potential disadvantages of the MDSAP
- Ready to participate? – Here’s how to get started
- Completing a successful MDSAP audit
The Medical Device Single Audit Program (MDSAP) was designed and developed to allow a single audit of a medical device manufacturer to be applied to all country markets whose regulatory authorities are members of the program. The MDSAP provides efficient and thorough coverage of the standard requirements for medical device manufacturer quality management systems, and requirements for regulatory purposes (ISO 13485:2016). In addition, there are specific requirements of each medical device regulatory authority participating in the MDSAP that must be met:
- Conformity Assessment Procedures of the Australian Therapeutic Goods (Medical Devices) Regulations (TG(MD)R Sch3)
- Brazilian Good Manufacturing Practices (RDC ANVISA 16)
- Medical Device Regulations of Health Canada (ISO 13485:2003)
- Japan Ordinance on Standards for Manufacturing Control and Quality Control of Medical Devices and In Vitro Diagnostic Reagents (MHLW Ministerial Ordinance No 169)
- Quality System Regulation (21 CFR Part 820), and specific requirements of medical device regulatory authorities participating in the MDSAP program.
This means that a report from a single MDSAP audit of a medical device manufacturer would be accepted as a substitute for routine inspections by all the member Regulatory Authorities (RAs) across the world. There are currently five participating Regulatory Authorities (RA) representing the following countries: Australia, Brazil, Canada, Japan and the USA.
In April, 2021, the RAs released an “Audit Approach” document (MDSAP AU P0002.006) that combines the formerly separate MDSAP Audit Model and Process Companion documents into a single guidance document. It includes guidance for assessing the conformity of each process and includes an audit sequence, instructions for auditing each specific process, and identifies links that highlight the interactions between the processes.
In March 2012 the US FDA announced that they had approved a final pilot guidance document “Guidance for Industry, Third Parties and Food and Drug Administration Staff: Medical Device ISO 13485:2003 Voluntary Audit Report Submission Pilot Program.” This allowed the owner or operator of a medical device manufacturing facility to be removed from FDA’s routine inspection work plan for 1 year upon completing a ISO 13485:2003 audit. This guidance document went into effect in June 2012, and was intended as an interim measure while a single audit program was being developed.
This pilot program was not very successful and few companies signed up because they did not see any advantage in participating. The manufacturer had to pay for a third party to inspect their facilities, generate a report, and share the inspection results back to the FDA. Many companies were reluctant to contract “someone else” to perform their inspection when they could easily wait for the FDA to conduct an inspection for free.
During its inaugural meeting in Singapore in 2012, the International Medical Device Regulators Forum (IMDRF) appointed a working group to develop a set of documents for a harmonized third-party auditor system. Hence, the “Medical Device Single Audit Program” (MDSAP) was formed. The concept was similar to the FDA’s original idea of creating a third-party auditor to help reduce their workload of performing regulatory audits of medical device manufacturers’ quality management systems. This new approach would consist of a single audit that would review regulatory QMS compliance, conducted by a third-party, who would later be called an Auditing Organization (AO).
From January 2014 to December 2016, five countries participated in a Medical Device Single Audit Program Pilot. In June 2017, a report was generated summarizing the outcomes of prospective “proof- of-concept” criteria established to confirm the success of the program. The outcomes are documented in the final MDSAP Pilot Report and recommended that the program become fully active and open to any manufacturer who requested this type of audit.
The governing body of the MDSAP is the Regulatory Authority Council (RAC), which is composed of two senior managers (and a few other staff members) from each participating RA. They are responsible for executive planning, strategic priorities, setting policy, and making decisions on behalf of the MDSAP International Consortium. The RAC also reviews and approves documents, procedures, work instructions, and more. The mission of the MDSAP International Consortium is to jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers on a global scale.
Other international partners that are involved in the MDSAP include:
MDSAP Observers:
- European Union (EU)
- United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA)
- The World Health Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs) Program
MDSAP Affiliate Members:
- Argentina’s National Administration of Drugs, Foods and Medical Devices (ANMAT)
- Republic of Korea’s Ministry of Food and Drug Safety
- Singapore’s Health Sciences Authority (HSA)
The observers and affiliate members are not the same as the participating member RA’s. The observers simply observe and/or contribute to RAC activities. Affiliate members, on the other hand, are interested in engaging in the MDSAP program and are subject to certain rules. They are only given access to a certain level of information about the manufacturers, audit dates, and information in audit reports.
They are also invited to attend sessions that are open to members, observers, and affiliates only.
Audits can also be conducted by MDSAP participating RAs at any time and for various reasons including:
- "For Cause" due to information obtained by the regulatory authority
- as a follow up to findings from a previous audit
- to confirm the effective implementation of the MDSAP requirements
The purpose of audits conducted by the RAs is to ensure appropriate oversight of the AOs MDSAP auditing activities. The AOs are appointed by the RAs and a list of the currently approved AO’s is published on the FDA website. Most AOs offer a broad range of management system certification services, beyond just medical devices. Manufacturers should verify that prospective AOs are clearly trained and perform MDSAP audits of medical devices.
AOs have the final word as to whether a manufacturer has met the requirements for the MDSAP during the execution of the audit and generation of the associated reports summarizing the results. MSDAP RAC participating RAs have the final decision regarding all development, implementation, maintenance, and expansion activities associated with the program.
Although an unannounced visit by an AO is rare, it can happen in circumstances where high-grade nonconformities have been detected.
To continue reading this eBook including a detailed look at the MDSAP audit process and grading, pros and cons of the approach, and how to get started please register to download the full version.
The Future of MedTech Compliance: How AI Is Transforming Regulatory Affairs
MedTech regulatory affairs teams are facing a turning point. Regulations are expanding in number and complexity, resources are limited, and manual processes cannot keep up. At the same time, artificial intelligence (AI) has become a serious topic of discussion in regulatory circles. Leaders are beginning to ask: How can AI help us manage change, reduce risk, and accelerate compliance efforts?
The answer is clear: AI is no longer just a buzzword. When combined with effective regulatory information management (RIM), it can be a powerful enabler of efficiency, accuracy, and strategic decision-making.
Why AI is Trending in Regulatory Affairs
The Surge of Regulatory Data
Regulatory teams must now track requirements from multiple global markets. Each regulator frequently updates its regulations, guidances, templates, and recognized standards, which creates large volumes of data to organize and analyze. AI can scan and classify this information, highlight changes, and prepare it for structured use within RIM systems.
Doing More with Limited Resources
Most teams are expected to deliver more without additional staff. High turnover makes continuity difficult, and according to the 2024 RAPS Global Workforce Report, the number of professionals “open to work” has grown in North America and Europe. AI offers relief by taking on repetitive tasks such as document formatting or data entry, allowing experts to focus on higher-value work.
Global Complexity and Diverging Standards
No two markets are exactly alike. AI can help by flagging differences, surfacing potential risks, and recommending reusable content drawn from a company’s submission history. Faster, more accurate submissions directly improve time-to-market and compliance outcomes.
The RIM & AI Adoption Maturity Model
Not every organization is ready to fully embrace AI. Success depends on RIM maturity: how structured and centralized your regulatory processes and data are. The RIM & AI Adoption Maturity Model provides a roadmap from basic to optimized states.
- Levels 0–2: Early Stage
- Data is siloed and processes are ad hoc. AI provides value in isolated ways, such as cleansing records or scanning for regulatory changes.
- Level 3: Proactive
- A RIM system centralizes information. AI begins to surface reminders, deadlines, and global impact assessments.
- Level 4: Well Managed
- Processes are standardized across the lifecycle. AI generates insights, monitors KPIs, and supports reuse of regulatory content.
- Level 5: Optimized
- AI is fully embedded, delivering predictive analytics, continuous monitoring, and smarter decision-making.
Practical Applications of AI Today
Today, regulatory teams see the greatest opportunities in:
- Regulatory submissions: Automatically detecting changes in templates and suggesting updates.
- Document classification: Using natural language processing to tag and organize regulatory documents.
- Regulatory intelligence: Monitoring health authority updates and highlighting what matters most.
- Impact assessments: Linking changes (e.g., regulations/standards/design) directly to the affected products and registrations and evaluate the potential impact.
- Content reuse: Recommending approved content to accelerate submissions.
How to Start Your AI Journey in Regulatory Affairs
Adopting AI is not about jumping to the most advanced capabilities overnight. Instead, consider these steps:
- Assess your RIM maturity. Where does your organization sit on the 0–5 scale? What foundational gaps (data centralization, process standardization) need to be addressed first?
- Identify quick wins. Focus on repetitive, rules-based tasks where AI can add value without major disruption.
- Implement governance. Establish policies for safe, compliant AI use, particularly around data privacy and model training.
- Pilot in phases. Start small, validate results, and expand AI use as confidence and maturity grow.
- Keep people at the center. AI should enhance the expertise of regulatory professionals, not replace it.
Building a Smarter Future for MedTech Compliance
AI is becoming a trending topic in regulatory affairs not just because it’s new, but because it directly addresses the challenges teams face: rising complexity, limited resources, and scattered data.
For organizations that take this approach, the benefits are clear: lower compliance risk, faster execution, and stronger competitive positioning. AI does not replace regulatory professionals. Instead, it enables them to spend less time on manual tasks and more time on strategic contributions that improve patient access to life-changing technologies.
In other words, AI isn’t about futuristic transformation. It’s about helping regulatory teams step off the “data treadmill” and reclaim their time for what matters most: bringing safe, life-changing medical technologies to patients faster.
.avif)
Rimsys Becomes the Trusted Regulatory Partner for 6 of the Top 12 Global MedTech Manufacturers
“Adoption by half of the top global MedTech manufacturers is a powerful validation that we’re not just a solution, we’re setting the new gold standard for regulatory excellence.”
Pittsburgh, PA - August 7, 2025 - Rimsys, the leading Regulatory Information Management (RIM) software purpose-built for the MedTech industry, today announced a significant milestone: 6 of the world’s top 12 medical device manufacturers now rely on Rimsys to manage and streamline their global regulatory operations.
This milestone further solidifies Rimsys’ position as the trusted partner to the world’s most innovative and quality-focused MedTech companies.
Click here for the full list of the top 12 global MedTech companies.
“Today’s regulatory environment demands more than spreadsheets. Leading manufacturers recognize that regulatory operations are mission-critical, revenue-generating departments and need systems to match that level of importance,” said James Gianoutsos, Founder and CEO of Rimsys.
Rimsys’ unified, enterprise-grade RIM platform centralizes and automates critical regulatory processes—including market registrations, Unique Device Identification (UDI), essential principles/GSPR, and submissions management—reducing compliance risk and accelerating market access. Specifically tailored to the needs of medical device and diagnostics companies, Rimsys enables seamless collaboration across RA, QA, and commercial teams while delivering the audit-ready transparency global regulators demand.
“As more organizations embrace regulatory digital transformation, Rimsys is proud to lead the industry forward,” added Gianoutsos. “Adoption by half of the top global MedTech manufacturers is a powerful validation that we’re not just a solution, we’re setting the new gold standard for regulatory excellence.”
To learn more about the Rimsys, please visit www.rimsys.io.
About Rimsys
Rimsys is the leading provider of Regulatory Information Management (RIM) software purpose-built for MedTech manufacturers. The comprehensive platform digitizes and automates regulatory activities, helping MedTech regulatory affairs teams to efficiently achieve regulatory compliance and get products to market faster. Rimsys is designed around MedTech workflows and supports a full breadth of regulatory functions including registrations, submissions, UDI, EUDAMED compliance, essential principles, and standards management in a unified platform. Rimsys is trusted by half of the world’s top 12 MedTech companies to power their global regulatory operations. For more information, visit www.rimsys.io.
%2520(855%2520x%2520268%2520px).png)
Rimsys Announces Bulk UDI Submission and Rimsys Connect™ to Empower MedTech Regulatory Teams
New solutions deliver enterprise-grade data access and streamlined EUDAMED compliance, driving smarter, faster decisions across the business
Pittsburgh - April 29th, 2025 - Rimsys, the global leader in Regulatory Information Management (RIM) software for the MedTech industry, today announced two major enhancements to its platform: expanded Unique Device Identification (UDI) capabilities to support EUDAMED machine-to-machine (M2M) bulk transmission and Rimsys Connect™, a new enterprise Change Data Capture (CDC) solution that provides near real-time synchronization of Rimsys data with customers’ Business Intelligence (BI) solutions.
Together, these capabilities are designed to help MedTech organizations streamline compliance, reduce manual effort, and unlock the full strategic value of their regulatory data.
New UDI Capabilities Support EUDAMED Readiness
The UDI enhancements extend Rimsys’ industry-leading Universal UDI® framework, enabling MedTech teams to manage complex, global UDI programs in one unified RIM system. Key new capabilities include:
- Approving multiple records simultaneously via a simple, scalable workflow
- EU data governance support with all required attributes for EUDAMED transmission
- Bulk submission of records to both the GUDID and EUDAMED databases
These features allow teams to eliminate time-consuming, record-by-record processing, helping them meet the mandatory January 2026 EUDAMED compliance deadline with confidence.
“We’ve partnered closely with our customers to develop a UDI offering that meets increasing regulatory complexity and is easily scalable as new regulations come online,” said Adam Price, Director of Regulatory and Technical Programs at Rimsys. "We’re not only giving customers the ability to meet EUDAMED compliance but enabling them to manage their global UDI program in a single-sourced RIM solution for complete visibility.”
Introducing Rimsys Connect™: Enterprise Data Access, Redefined
Rimsys Connect™ offers enterprise customers a powerful new way to leverage regulatory data across the business. Built on a scalable, event-driven architecture, it provides secure, structured, near real-time streaming of Rimsys data into any modern data warehouse solution—such as Snowflake, Amazon S3, and Salesforce Bulk API 2.0.
“Rimsys Connect™ is not just a connector—it’s a strategic enabler,” said James Gianoutsos, Founder and CEO of Rimsys. “We’re giving regulatory affairs teams the ability to deliver insights that influence launches, accelerate tender responses, and align compliance with business impact. With Connect, RA teams become true strategic partners.”
By providing full access to customer data—registrations, UDI, projects, tasks, and custom attributes — Rimsys Connect™ supports a wide variety of enterprise use cases with customers’ own business intelligence solutions:
- Tracking on-time submission and decision KPIs
- Aligning registration timelines with product launch dates
- Conducting ROI analysis for renewals and market prioritization
- Accelerating tender readiness by combining RIM and PLM data
- Supporting post-market surveillance dashboards
While the initial release will focus on data access, Rimsys plans to expand Connect with curated BI templates and best practices to further accelerate enterprise customer time-to-value.
Solving the Data Fragmentation Problem for MedTech
Many regulatory affairs teams remain constrained by outdated tools, fragmented data sources, and increasing demands to deliver strategic insights to executive and commercial stakeholders. Rimsys Connect™ addresses these challenges by eliminating manual reporting workflows and enabling teams to analyze their regulatory data alongside financial, marketing, and quality systems.
“With Rimsys Connect™, regulatory teams can visualize and analyze their data in real time, assess launch readiness, and deliver more value to their organizations. This is how RA becomes a catalyst for better decisions—not just compliance,” said Gianoutsos.
Both Rimsys’ expanded UDI capabilities and Rimsys Connect™ will be available this summer. Those interested in learning more about these solutions and how they will enable greater automation, efficiency, and compliance can visit our booth at RAPS Euro Convergence May 13-15 in Brussels, Belgium, or sign up for Rimsys’ product update webinar on Thursday, May 22nd at 10 AM ET.
Read the press release here.
About Rimsys
Rimsys is improving global health by accelerating delivery and increasing availability of life-changing medical technologies. Rimsys Regulatory Information Management (RIM) software digitizes and automates regulatory activities, helping MedTech regulatory affairs teams to plan more effectively, execute more quickly, and confidently ensure global regulatory compliance. Rimsys is designed around MedTech workflows and supports a full breadth of regulatory activities including registrations, submissions, UDI, essential principles, and standards management in a unified platform. For more information, visit www.rimsys.io.
Contacts:
marketing@rimsys.io
.avif)
Rimsys Enters Strategic Alliance Relationship with KPMG
PITTSBURGH – March 11, 2025 -- Rimsys, the global leader of MedTech Regulatory Information Management (RIM) software, today announced that it has entered into a strategic alliance relationship with KPMG to advance digital transformation in the MedTech industry.
“KPMG’s deep experience in advisory and business transformation services and exceptional reputation make them a valuable alliance relationship for us,” said James Gianoutsos, Founder and CEO of Rimsys. “KPMG is on the cutting edge of industry trends and has a wide breadth of experience in helping companies innovate and scale. We are thrilled to work with them to help MedTech teams transform their regulatory management processes and leverage the benefits of automation and digitization as part of their broader transformation strategy.”
Founded for and by MedTech regulatory affairs professionals in 2017, Rimsys was created to bring efficiency to regulatory information management and fill an inhibitive technology gap in an underserved industry. Rimsys has since grown to support the world’s MedTech leaders backed by a staff that understands their complex workflows and a robust, secure technology infrastructure that allows customers to scale Rimsys software to support their changing regulatory needs and requirements.
“There is tremendous innovation happening in the MedTech industry, and we are excited to work with Rimsys to help clients transform how they manage regulatory information for getting new products to market and sustaining their existing product portfolios. It’s critical to approach these programs as a holistic business transformation across people, process, technology, data, and governance & controls,” said Dipan Karumsi, Principal, Consulting Sector Leader for Life Sciences at KPMG.
“Through our strategic alliance with KPMG, we can further expand our reach to large and enterprise MedTech companies and continue our exponential growth,” said James. “Combined with KPMG’s experience helping organizations mature their data collection and transformation processes to reach RIM readiness, we can enable the MedTech industry to innovate faster, strengthen compliance, and most importantly, improve the availability of life-changing medical technologies.”
See the full press release here.
FDA’s Final Rule on LDTs: What manufacturers need to know
In July 2024, the FDA's final rule in 21 CFR Part 809 on laboratory developed tests (LDTs) went into effect, amending its previous regulations to make it clear that IVDs, including those that are manufactured in laboratories, are classified as devices under the Federal Food, Drug, and Cosmetic Act. Our blog post provides an overview of LDTs, FDA’s final rule, the phase out policy schedule, and how LDT manufacturers can prepare themselves for compliance.
What are LDTs?
Simply put, LDTs are IVDs that are designed, manufactured, and utilized within a certified laboratory and are typically used for high-complexity testing.
Historically, FDA has used enforcement discretion only on LDTs, which means that most LDTs haven’t been subjected to specific regulatory requirements. However, the volume of and risks associated with LDTs have grown over the years. Some examples of modern LDTs include glucose tests, genetic tests for cancer and infectious diseases, and newborn screenings for early diagnostics. Without a regulatory framework in place, patients are at greater risk of receiving inaccurate test results, forgoing necessary or undergoing unnecessary treatment, and adhering to misleading or false product claims, possibly endangering patients and leading to higher healthcare costs.
FDA’s Final Rule on LDTs
Following the final rule that was issued, LDTs are now subject to the same regulatory requirements as other IVDs, including premarket reviews, quality system requirements, labeling requirements, adverse event reporting, and device listing and registration. To prevent disruptions in patient care, there is a four-year transition or phaseout period consisting of the following five stages:
- Stage 1 (May 6, 2025): LDT manufacturers will be expected to comply with FDA medical device reporting (MDR) requirements, correction and removal reporting requirements, and quality system (QS) requirements for complaint files.
- Stage 2 (May 6, 2026): LDT manufacturers will be required to comply with IVD registration and listing requirements, labeling requirements, and investigational use requirements.
- Stage 3 (May 6, 2027): LDT manufacturers will need to comply with all other QS requirements not covered in Stage 1.
- Stage 4 (November 6, 2027): Unless a premarket submission is received before the start of this stage, LDT manufacturers of high-risk products will need to comply with premarket review requirements for IVDs that may be classified into class III or that meet the requirements of section 351 of the Public Health Service Act.
- Stage 5 (May 6, 2028): LDT manufacturers of moderate and low –risk products will need to comply with premarket review requirements for IVDs unless a submission is received before the beginning of this stage.
Manufacturers of LDTs that don’t meet the requirements in each stage are deemed non-compliant to the regulations governing IVDs and may be subject to FDA 483 observations or warning letters, financial penalties, and even worse, involuntary removal of products from the market.
Note that some LDTs will be exempt from these requirements. Refer to the FDA’s website for more guidance.
Preparing for Compliance
Despite a four-year phaseout period, it’s crucial for LDT manufacturers to start assembling a compliance plan. Starting as early as May 2025, manufacturers will be required to comply with FDA Medical Device Reporting (MDR) requirements, correction and removal reporting requirements, and quality system requirements for complaint files.
It's good practice to conduct an internal regulatory assessment to ensure you have the resources, processes, and tools in place to successfully meet new requirements for LDT devices. It’s also essential to make sure your team is well-versed in these new requirements and the documentation and timelines involved. Including all relevant stakeholders early on, getting a comprehensive project plan in place, and meeting regularly to ensure all tasks are completed would be helpful during the phaseout period and beyond.
Regarding the LDT changes, the FDA has provided a Q&A sheet that you may find helpful.
If you're looking for guidance on FDA premarket submissions, see our Beginner’s Guides to the FDA 510(k), De Novo, and PMA processes.
How Regulatory Tools Can Help
FDA’s final rule on LDTs will add complexity to the regulatory information management of laboratory diagnostic tests. There are digital solutions that can help manufacturers stay current on updated regulations and manage the additional information and documentation needed because of these updates.
A regulatory intelligence database like Rimsys Intel can provide detailed global market entrance requirements, application timelines, fees, risk class specifications, and documentation needed for medical devices and IVDs so that manufacturers can start preparing their premarket strategies.
Regulatory Information Management (RIM) software like Rimsys can help boost efficiency, reduce compliance risk, and increase collaboration by centralizing regulatory information and automating time-consuming, manual processes. As a result, medical device manufacturers gain complete visibility into their submission management and selling status so that they can plan more effectively, avoid costly product delays, and execute faster.
Quick reference guide - global medical device UDI requirements and timelines
This article was last updated on February 10, 2025.
What is UDI?
UDI systems are intended to benefit healthcare providers, manufacturers, authorized health authorities, hospitals and institutions, and individual consumers by providing:
- Faster discovery of possible flawed medical device information by health authorities.
- Quicker access to recall information, and visibility into current inventory.
- A reduction in medical errors through consistently documented product expiration dates.
- Identification of any counterfeit products being used in healthcare facilities.
- Assurances that information regarding an implanted device is safely retained and traceable.
UDI timelines and deadlines vary by market, classification risk, and product and have been revised multiple times in some countries*. This article details the UDI deadlines for the countries which have announced specific programs (draft or implemented) and is current as of the date of this article.
*Note: these dates can change as participating countries adjust their plans. We do our best to update this as more information becomes available.
Quick Links to country-specific sections:
- Australia UDI
- Brazil UDI
- Canada UDI
- China UDI
- European Union UDI
- India UDI
- Japan UDI
- Saudi Arabia UDI
- Singapore UDI
- South Korea UDI
- Taiwan UDI
- United States UDI
- UDI databases by country
General UDI labeling requirements
There are two components to a medical device UDI: the UDI device identifier (UDI-DI) and the UDI production identifier (UDI-PI). The UDI is presented as a barcode label (human and machine readable) on device packaging or on the device itself and acts as the access key to all device UDI attributes.
UDI-DI: This is the static portion of the UDI which identifies the manufacturer along with the specific device version. The UDI-DI (device identifier), also known as the Global Trade Item Number (GTIN) is assigned by an approved organization, such as GS1, and contains:
- Company prefix
- Manufacturers internal product code
- Check character
The UDI-DI is the primary identifier to be used in looking up device attributes in country-specific databases and is assigned prior to placing a product on the market. Note that the device identifier is different for different packaging levels of the same device.
UDI-PI: This is the dynamic portion of the UDI which is assigned by the manufacturer and identifies one or more of the following:
- Manufacturer’s lot or batch number
- Serial number
- Manufacturing date
- Expiration date
- Other attributes as defined by country-specific regulations
The UDI-PI actual values do not appear in country-specific databases (with the exception of the EU vigilance database).
Australian UDIGuidelines
Reporting Database: AusUDID (pre-production)
The Australian government for medical devices, the TGA, has not launched any official regulations or timeline for mandatory UDI labeling. They do provide a wealth of information on their website that is worth reviewing. In the meantime, however, they are hoping for a Q1 2025 implementation. The AusUDID Pre-Production environment is available for sponsors and manufacturers of medical devices supplied in Australia. It is a test environment that allows testing of data submission, prior to submission to the AusUDID Production environment. Any sponsor or manufacturer with an active TBS account can access the database.
ANVISA UDI guidelines
Reporting database:TBD
RDC No. 591/2021 is the regulations guideline for the identification of medical devices regulated by ANVISA, implementing the Unique Identification of Medical Devices (UDI) system. In July 2024, ANVISA finalized amendment RDC No. 884/2024 which implemented various adjustments to RDC 591/2021. The biggest take-away regarding UDI is the extension of one year on the implementation deadlines.
Health Canada website
Reporting Database: N/A
Position paper on the current state of UDI implementation
Medtech Canada strongly supports the global initiative led by regulators under the guidance of the International Medical Devices Regulators Forum (IMDRF), which aims to standardize the identification of medical devices by requiring that certain medical devices carry an internationally recognized UDI. Currently, there is no process in place for UDI in Canada.
China (NMPA) website
Reporting Database: China National UDI Database
Announcement No 22 of 2023
On January 1, 2021, the NMPA implemented the UDI system for its first batch of medical devices, including 69 Class III devices. The following year, June 1, 2022, followed the implementation for the second batch of other Class III medical devices (including IVD reagents). Then in 2023, Order No. 22 announced the third batch of products to adopt the UDI system.
As of June 1, 2024, medical devices listed in the third batch implementation product catalog must have already had UDI implemented. According to the degree of risk and regulatory needs, some Class II medical devices in the third batch included high-demand single-use products, items selected for centralized procurement, and medical aesthetic products, totaling 103 types in 15 categories.
European Union UDI Information
Reporting Database: EUDAMED
Rimsys Updated EUDAMED Timeline Blog Post
The UDI & Devices module is expected to be declared fully functional by the end of Q2 2025 and mandatory for industry use on January 1, 2026. The EU continues to strongly recommend to the industry to establish its solution and to submit data on a voluntary basis.
Medical Devices Rules, 2017
Legal Metrology Act, 2009
Reporting Database: N/A
Rule 46 of Medical Device Rule 2017 was set to require UDI labeling by January 1, 2022. However, details on how the UDI needs to be implemented have not yet been released but India's labeling and traceability requirements must be met as per CDSCO regulations.
In addition to the Medical Device Rule 2017, the Legal Metrology Act, 2009 focuses on standardizing weights and measures and ensures that packaged commodities, including medical devices, are labeled with accurate and clear information.
Law to Ensure Quality, Efficacy and Safety of Pharmaceuticals, Medical Device, and Similar Products
Reporting Database: N/A
There are two regulatory authorities responsible for regulation of medical devices in Japan: The Ministry of Health, Labour and Welfare (MHLW) and the Pharmaceuticals and Medical Devices Agency (PMDA). The MHLW is responsible for the administrative actions such as guidance and approval, and judgment on whether or not a product is considered a medical device. The PMDA undertakes product review and post-market safety measures.
As of Dec 2022, bar code labeling based on international standards is required for immediate containers/wrappings/retail packages of medical devices. It is expected for barcodes to be displayed on every medical device in unit of use for patients. Japan was an early promoter of standardized barcodes and is still working towards harmonizing the requirements with global UDI expectations.
The Pharmaceuticals and Medical Devices Act (PMD Act) translates in Japanese meaning "Law to Ensure Quality, Efficacy and Safety of Pharmaceuticals, Medical Devices, and Similar Products," but is often shortened to Act on Pharmaceuticals and Medical Devices or just PMD Act.
Requirements for Unique Device Identification (UDI for Medical Devices)
Reporting Database: Saudi-DI
The SFDA requires compliance with the Unique Device Identification (UDI) regulations on all medical device companies in Saudi Arabia for all classifications. Medical device classifications include: devices, IVD, non-medical IVD, chemical for medical use, distillation device, general lab use, HCT/Ps product and radiation devices.
Guidance for UDI Implementation
Reporting Databases: Singapore Medical Device Register (SMDR) - For risk class B or higher, Class A Medical Device Database - Risk class A only
Singapore is now requiring compliance with UDI labeling and database registration. They will accept UDI labels for devices already marketed in the U.S. and the EU without any need for modification. However, if they are not marketed in either country, then they are required to implement via Singapore UDI regulations.
Companies are given an additional 6 months from the compliance date to deplete the respective medical devices that have been imported prior to the compliance date and exist in their current supply chain.
Note:
• UDIs will not be required for medical devices for clinical research, investigational testing or clinical trial and custom-made medical devices
• Medical devices authorized for supply via Special Access Routes (GN26, GN27, GN29) are required to comply with UDI requirement on a risk-calibrated approach
Act on In Vitro Diagnostic Medical Devices
Act on Medical Devices
Reporting Database: South Korean Integrated Medical Device Information System (IMDIS)
South Korea has already implemented UDI regulations by Article 20-23 of the Medical Device Act (No. 14330) and Article 54-2 of Enforcement Regulations of Medical Device Act (No. 1512).
Guidance document from Taiwan FDA
Reporting Database: TUDID
Taiwan has previously implemented UDI regulations, which include labeling and database reporting requirements.
FDA website for UDI
Reporting database: GUDID database
The United States has previously implemented UDI regulations, which includes labeling and database reporting requirements.
Each country has their own UDI database and varying requirements for the data stored in those databases. There is overlap in the data required among the various UDI databases, but each country also has unique data they require.
In addition, countries require that UDI-DI information be provided by “issuing entities.” Note that with the exception of China, all countries accept GS1, HIBCC, and ICCBA as issuing entities.
* Data attributes are approximations based on country UDI requirements and include mandatory, optional, mandatory if applicable, and country database auto generated elements.
** Expected to be similar to US GUDID requirements.
Keeping pace with UDI regulations
Keeping track of country-specific UDI requirements, implementation timelines, and affected devices can be a big challenge to RA teams—especially because the information is scattered across many sources and simply hard to find. In this guide, we have consolidated timeline information and device class requirements across multiple countries. While we make every effort to provide accurate and up to date information, it's always advised to check the government website for the country in question.
Additional UDI resources
Looking for more information? You can visit our EUDAMED resource center, where you will find videos and resources to help you plan for UDI requirements in Europe. In addition, you may enjoy our blog post that outlines our views on the recent EUDAMED timeline updates.
For a broader introduction to UDI, see our Rimsys UDI Overview blog post.
If you're looking for an automated, integrated solution to help you meet changing regulations and manage your global UDI program, request a custom Rimsys demo!
