Featured
Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams
Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.
The ultimate guide to the medical device single audit program (MDSAP)
This article is an excerpt from The ultimate guide to the medical device single audit program (MDSAP) ebook.
Table of contents
- What is MDSAP?
- History of MDSAP
- Who is responsible for the MDSAP?
- How does an MDSAP audit work?
- Audit sequence
- You got a nonconformity – now what?
- What does an MDSAP audit cost?
- Why choose the MDSAP certification process?
- Potential disadvantages of the MDSAP
- Ready to participate? – Here’s how to get started
- Completing a successful MDSAP audit
The Medical Device Single Audit Program (MDSAP) was designed and developed to allow a single audit of a medical device manufacturer to be applied to all country markets whose regulatory authorities are members of the program. The MDSAP provides efficient and thorough coverage of the standard requirements for medical device manufacturer quality management systems, and requirements for regulatory purposes (ISO 13485:2016). In addition, there are specific requirements of each medical device regulatory authority participating in the MDSAP that must be met:
- Conformity Assessment Procedures of the Australian Therapeutic Goods (Medical Devices) Regulations (TG(MD)R Sch3)
- Brazilian Good Manufacturing Practices (RDC ANVISA 16)
- Medical Device Regulations of Health Canada (ISO 13485:2003)
- Japan Ordinance on Standards for Manufacturing Control and Quality Control of Medical Devices and In Vitro Diagnostic Reagents (MHLW Ministerial Ordinance No 169)
- Quality System Regulation (21 CFR Part 820), and specific requirements of medical device regulatory authorities participating in the MDSAP program.
This means that a report from a single MDSAP audit of a medical device manufacturer would be accepted as a substitute for routine inspections by all the member Regulatory Authorities (RAs) across the world. There are currently five participating Regulatory Authorities (RA) representing the following countries: Australia, Brazil, Canada, Japan and the USA.
In April, 2021, the RAs released an “Audit Approach” document (MDSAP AU P0002.006) that combines the formerly separate MDSAP Audit Model and Process Companion documents into a single guidance document. It includes guidance for assessing the conformity of each process and includes an audit sequence, instructions for auditing each specific process, and identifies links that highlight the interactions between the processes.
In March 2012 the US FDA announced that they had approved a final pilot guidance document “Guidance for Industry, Third Parties and Food and Drug Administration Staff: Medical Device ISO 13485:2003 Voluntary Audit Report Submission Pilot Program.” This allowed the owner or operator of a medical device manufacturing facility to be removed from FDA’s routine inspection work plan for 1 year upon completing a ISO 13485:2003 audit. This guidance document went into effect in June 2012, and was intended as an interim measure while a single audit program was being developed.
This pilot program was not very successful and few companies signed up because they did not see any advantage in participating. The manufacturer had to pay for a third party to inspect their facilities, generate a report, and share the inspection results back to the FDA. Many companies were reluctant to contract “someone else” to perform their inspection when they could easily wait for the FDA to conduct an inspection for free.
During its inaugural meeting in Singapore in 2012, the International Medical Device Regulators Forum (IMDRF) appointed a working group to develop a set of documents for a harmonized third-party auditor system. Hence, the “Medical Device Single Audit Program” (MDSAP) was formed. The concept was similar to the FDA’s original idea of creating a third-party auditor to help reduce their workload of performing regulatory audits of medical device manufacturers’ quality management systems. This new approach would consist of a single audit that would review regulatory QMS compliance, conducted by a third-party, who would later be called an Auditing Organization (AO).
From January 2014 to December 2016, five countries participated in a Medical Device Single Audit Program Pilot. In June 2017, a report was generated summarizing the outcomes of prospective “proof- of-concept” criteria established to confirm the success of the program. The outcomes are documented in the final MDSAP Pilot Report and recommended that the program become fully active and open to any manufacturer who requested this type of audit.
The governing body of the MDSAP is the Regulatory Authority Council (RAC), which is composed of two senior managers (and a few other staff members) from each participating RA. They are responsible for executive planning, strategic priorities, setting policy, and making decisions on behalf of the MDSAP International Consortium. The RAC also reviews and approves documents, procedures, work instructions, and more. The mission of the MDSAP International Consortium is to jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers on a global scale.
Other international partners that are involved in the MDSAP include:
MDSAP Observers:
- European Union (EU)
- United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA)
- The World Health Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs) Program
MDSAP Affiliate Members:
- Argentina’s National Administration of Drugs, Foods and Medical Devices (ANMAT)
- Republic of Korea’s Ministry of Food and Drug Safety
- Singapore’s Health Sciences Authority (HSA)
The observers and affiliate members are not the same as the participating member RA’s. The observers simply observe and/or contribute to RAC activities. Affiliate members, on the other hand, are interested in engaging in the MDSAP program and are subject to certain rules. They are only given access to a certain level of information about the manufacturers, audit dates, and information in audit reports.
They are also invited to attend sessions that are open to members, observers, and affiliates only.
Audits can also be conducted by MDSAP participating RAs at any time and for various reasons including:
- "For Cause" due to information obtained by the regulatory authority
- as a follow up to findings from a previous audit
- to confirm the effective implementation of the MDSAP requirements
The purpose of audits conducted by the RAs is to ensure appropriate oversight of the AOs MDSAP auditing activities. The AOs are appointed by the RAs and a list of the currently approved AO’s is published on the FDA website. Most AOs offer a broad range of management system certification services, beyond just medical devices. Manufacturers should verify that prospective AOs are clearly trained and perform MDSAP audits of medical devices.
AOs have the final word as to whether a manufacturer has met the requirements for the MDSAP during the execution of the audit and generation of the associated reports summarizing the results. MSDAP RAC participating RAs have the final decision regarding all development, implementation, maintenance, and expansion activities associated with the program.
Although an unannounced visit by an AO is rare, it can happen in circumstances where high-grade nonconformities have been detected.
To continue reading this eBook including a detailed look at the MDSAP audit process and grading, pros and cons of the approach, and how to get started please register to download the full version.
The beginner's guide to the FDA 510(k)
This article is an excerpt from The beginner's guide to the 510(k) ebook.
Table of Contents
- Introduction
- 510(k) basics
- Contents of a Traditional 510(k)
- 510(k) submission and timelines
- Other 510(k) forms
Congratulations! You have successfully developed a new medical device. Now you need to take it to market. In the United States, this often means submitting a 510(k). A 510(k) is a structured package of information about your device and its performance and safety that you submit to the Food and Drug Administration (FDA) for “clearance” before you can sell your device in the U.S. In order to receive clearance from the FDA, your 510(k) will need to demonstrate that your medical device is substantially equivalent to another legally marketed device (called a predicate device). The substantial equivalence approval process is a simple equation that looks something like this:
The 510(k) is generally the most efficient route to market clearance in the U.S. because you show your device is safe and effective based on this substantial equivalence standard, instead of needing to present more extensive clinical trial data.
There are three types of 510(k): Traditional, Abbreviated, and Special. This eBook will begin with a general overview of the 510(k) process, including its purpose and benefits. Next, we will explore the Traditional 510(k) and the sections and components required in depth. Finally, we will look at the Special and Abbreviated 510(k).
FDA: background and device oversight
Before we explain what a 510(k) is let’s first talk generally about the FDA and device oversight. The FDA is the U.S. governmental agency responsible for overseeing medical devices, drugs, food, and tobacco products. When it comes to medical devices, the FDA’s mission is to “protect the public health by ensuring the safety, efficacy, and security of…medical devices.” At the same time, the FDA also has an interest in “advancing public health by helping to speed innovations.” In other words, the FDA’s goal is to make sure devices are safe and effective for public use, while also ensuring that devices have a quick and efficient path to market.
In order to achieve this balance of safety and efficiency, the FDA has three different levels of oversight depending on the risk level of the device: (1) exempt from premarket submission, (2) Premarket Notification, also known as 510(k), and (3) Premarket Approval (PMA).
When is a 510(k) required?
A 510(k) is required for medium risk devices that have a predicate on the market which can be used to demonstrate the safety and effectiveness of the new device. Meanwhile, a PMA is required for high-risk or novel devices which require a higher level of scrutiny to be confirmed safe and effective.
A 510(k) is not only required for new devices, but also for devices that have been modified in a way that could impact safety or effectiveness. This could include changes to the:
- Design
- Components
- Materials
- Chemical composition
- Energy source
- Manufacturing process
- Intended use
You must submit your 510(k) at least 90 days before marketing the device.
What Exactly is Substantial Equivalence?
Now that we know what a 510(k) is, let’s talk about the substantial equivalence standard. You’ll recall from the introduction that your 510(k) must show that the new (or modified) device is substantially equivalent to at least one other legally marketed device, called a predicate device. Substantial equivalence looks at the intended use and the technological characteristics of the two devices.
More specifically, you must show:
- that the new device has the same intended use as the predicate, and
- the differences between the two devices do not raise questions about the safety and effectiveness of the new device.
Now let’s take a closer look at intended use and technological characteristics.
Intended use
Intended use means the general purpose or function of the device. The FDA will look at your proposed labelling and your Indications of Use section of the 510(k) to determine the intended use of your device (this is covered in Chapter 2). Intended use includes:
Technological characteristics
Once the FDA has determined that a predicate device exists and that the new device and the predicate device have the same intended use, it will move on to compare the technological characteristics. Technological characteristics include:
- Materials
- Design
- Energy source
- Other device features
The two devices do not have to be identical, and in fact they almost never are. The key here is to demonstrate that any differences do not have a significant impact on safety or effectiveness. Here’s what to cover when you compare your device’s technological characteristics with that of the predicate device:
Overall description of the device design
- Engineering drawings or diagrams to explain the device and component parts.
- List of component parts and explanation of how each component contributes to the overall use and function of the device.
- Physical specifications: dimensions, weight, temperature, tolerances, etc.
Materials
- Detailed chemical formulation used in all materials of constructions (especially those that come into contact with a patient).
- Any additives, coatings, paint, or surface modifications.
- How materials have been processed and what state they’re in.
Energy Sources
- Use of batteries, electricity, etc.
Other technological features
- Software/hardware
- Features
- Density
- Porosity
- Degradation characteristics
- Nature of reagents
- Principle of the assay method
In deciding whether the differences in technological characteristics impact safety or effectiveness, the FDA will typically rely on descriptive information about the technological characteristics as well as non-clinical and clinical performance data.
Let’s look at an example: A manufacturer submits a 510(k) for a new type of contact lens. Both the new device and the predicate device are indicated for daily wear for the treatment of astigmatism. The predicate device is only available in a clear lens, but the new device comes in a line of colors, including purple tinted lenses.
Who is responsible for submitting a 510(k)?
The following four types of organizations may be responsible for submitting a 510(k):
Manufacturers
- End-of-line device manufacturers who will be placing a device on the U.S. market.
- Note: Does not apply to component part manufacturers unless components will be marketed independently.
Specification developers
- Companies that develop the specifications for a finished device which has been manufactured elsewhere
Repackers or relabelers
- Required to submit a 510(k) if they significantly alter the labeling or condition of the device, including modification of manuals, changing the intended use, deleting or adding warnings, contraindications, sterilization status.
- Note: This is rare. The manufacturer, not the repackager or labeler, is typically responsible for the 510(k) submission.
Importers
- Importers that introduce a new device to the U.S. market may need to submit a 510(k), if it hasn’t already been submitted by the manufacturer.
Now that we’ve covered the basics, let’s explore what actually goes into your 510(k).
A Traditional 510(k) should contain all the following components in the list below. In some cases, a particular section may not apply to your device. When that happens, it’s a good idea to include the section anyway and just state “This section does not apply” or “N/A” under that heading.
To continue reading this eBook including a detailed walk-through of all the Traditional 510(k) components, submission requirements and timelines, and an overview of the other 510(k) forms including the Abbreviated 510(k) and the Special 510(k), please register to download the full version
The ultimate guide to the China UDI system and database
This article is an excerpt from The ultimate guide to the China NMPA UDI system and database ebook.
Table of Contents
- Overview
- UDI basics and benefits
- UDI format requirements and issuing entities
- UDI database and submission requirements
- Implementation of UDI and the UDI database in China
The current Chinese medical device regulatory regime kicked-off in 2014 with the Regulation on Supervision and Administration of Medical Devices. This core set of registration requirements, modeled after the United States and European Union systems, established a set of device classifications (class I, II, and III) based on risk and procedures for obtaining market clearance for each type of device.
Medical devices in China are regulated by the National Medical Products Administration (NMPA). Class I devices, such as clinical laboratory equipment or non-invasive skin dressings, require only notification to the NMPA for marketing authorization, and that authorization does not expire. Class II and III devices such as implantable devices or devices with a measuring function require full registration and a formal review before market clearance can be obtained.
These initial regulations have been expanded since their introduction, adding accelerated pathways to market for certain products in certain regions, easing acceptance of clinical data from overseas, and more specific roles and responsibilities for local agents of international manufacturers. In addition, in 2019, the regulations added a provision that medical devices carry a unique device identification (UDI). China’s UDI requirements are similar to those in the US and European Union. They establish specific device ID and labeling requirements, as well as a central, state-administered database of devices.
This eBook walks through the basics of medical device UDIs, the specifics of China’s implementation, and how MedTech companies who market their devices in China can prepare for the full rollout of these regulations in the coming years.
A UDI is a unique alphanumeric code that is designed to identify medical devices sold in a particular country/region from manufacturing, through distribution, to use by a patient. Like other aspects of the medical device regulatory regime, the UDI system in China follows the approach taken by the United States FDA and European Commission, and is based on the guidance from the International Medical Device Regulators Forum (IMDRF). Generally, UDI systems are designed to improve patient safety and optimize care by:
- Increasing the traceability of medical devices, including field safety corrective actions
- Providing an unambiguous identification method for medical devices throughout distribution and use
- Making adverse event reports more accessible
- Reducing medical errors by providing detailed information related to the device
- Simplifying medical device documentation and making it more consistent
There are three components to the UDI system in China:
- UDI code: The actual UDI code can be assigned by one of three (3) issuing agencies and contains information about the product, it’s expiration date, and the manufacturing batch/lot it’s associated with.
- UDI labeling: Put simply, medical devices must carry the UDI code on them. The regulations stipulate how devices and their packaging must be labeled for compliance.
- UDI database: In addition to labeling, all device UDIs must be submitted to a central database that is administered by the NMPA.
The following sections explore each of these components in more detail.
The UDI code
The first element of the UDI system is the code itself. The UDI code is the alphanumeric identifier that is associated with a specific medical device. UDI codes have two (2) elements to them, the UDI device identifier (UDI-DI) or static portion, and the UDI production identifier (UDI-PI) or dynamic portion. You can see the two components in the UDI diagram below:
The UDI-DI contains information about the issuing entity—the organization that is authorized to assign UDI codes. In China, this can be one of three entities: GS1, an international barcode and electronic data interchange standards organization, and two domestic organizations: the Zhongguancun Industry & Information Research Institute (ZIIOT), and AliHealth. Additional details about the issuing agencies are covered in Chapter 2. In addition, the UDI-DI contains information about the manufacturer and the specific model or version of the device.
The UDI-PI contains information about the manufacturing and production of the device. This typically includes information about the lot or batch number in which the device was manufactured, the manufacturing date and expiration date for the device (if applicable), and the specific serial number for the device. Here you can see all of the components marked up using the same UDI example:
Note that each packaging permutation and level for a given device will need to be assigned its own UDI. So for example, let’s say that a company manufactures 5ml enteral (oral) syringes in two packaging options: 1 – packaged individually and 2 – packaged in a box of 5. Each packaging option would need its own UDI, despite the fact that the underlying product is the same.
Now looking at packaging levels, let’s assume that the manufacturer packages the single syringe offering into boxes of 6, and again into larger containers of 24. Each of those packaging options needs its own UDI as well.
Labeling
In addition to obtaining UDI code for each device as outlined in the previous section, medical device manufacturers are required to ensure that devices are appropriately labeled with the assigned UDI. This label is called the UDI Carrier. The UDI is represented in two forms on the UDI Carrier: a machine-readable form and a human-readable form.
The machine-readable form or automatic identification data capture (AIDC) is a barcode or some other technology that can be used to automatically capture UDI information. The NMPA regulations support 3 types of machine-readable formats: 1-dimensional barcode, 2-dimensional barcode, and radio-frequency identification (RFID).
The regulations note that “use of advanced automatic identification and data collection technologies is encouraged”—prompting manufacturers to use more modern 2D and RFID machine-readable carriers where possible. Note, however, that if a device uses RFID, the UDI Carrier must also include the UDI in barcode format.
The human-readable form or human-readable interpretation (HRI) is the numeric or alphanumeric code for the UDI that can be read and manually entered into systems.
The UDI Carrier should be included on the device and on all levels of packaging. The UDI Carrier must be clear and readable during the operation and use of devices. If there isn’t room on the device for both the human and machine-readable forms of the UDI, then manufacturers should prioritize the machine-readable form.
UDI database
The third component of the NMPA UDI system is the UDI database. This is a centralized database of UDI and product information, administered by the NMPA. Manufacturers are required to submit UDI information into the database within 60 days after a product is approved (for sale in China) and before it is commercialized. The database contains a more detailed product record than what is included in the UDI itself, and it is the responsibility of the manufacturer (and/or their in-country representative) to submit the information correctly, and ensure that it’s kept up to date.
Chapter 3 of this eBook goes into detail about the specific fields and data requirements for UDI database submissions.
To continue reading this eBook including information about UDI format requirements and issuing entities, implementation timelines, and affected device types, please register to download the full version.
How Smith & Nephew Repositioned Regulatory as a Strategic Commercial Partner
Smith & Nephew is a global medical device manufacturerwith a broad portfolio spanning orthopedics, sports medicine, and woundmanagement, sold and registered across markets worldwide. Before Rimsys,regulatory data was scattered across spreadsheets, shared drives, anddisconnected systems.
When Smith & Nephew selected Rimsys, they deployed itenterprise-wide from day one. Executive reporting moved from manual fire drillsto real-time dashboards. Change impact assessments became faster and moreconsistent. The regulatory team made the shift from reactive compliancefunction to strategic partner to the business.
The Challenge
Regulatory data at Smith & Nephew lived in multiplespreadsheets, shared drives, SharePoint sites, emails, and disconnectedsystems. Without a centralized record, the team could not reliably trackregistration timelines, measure on-time submissions, assess change impacts, orunderstand the downstream impact of product changes across markets. Preparingexecutive reporting meant manually assembling data from multiple sources, aprocess that consumed time and introduced risk each time.
The Solution
Smith & Nephew selected Rimsys for its configurable, notcustomized, platform: an intuitive user interface, centralized submissionmanagement, robust metrics, change assessment capabilities, and UDI supportwith machine-to-machine transmission. Rimsys’ interconnected modulearchitecture linked products, registrations, projects, change assessments, andUDI in a centralized location.
Rather than piloting in one business unit, Smith &Nephew deployed Rimsys across the entire regulatory organization from day one.The decision was deliberate: a partial deployment would have preserved thefragmentation. Enterprise-wide adoption established consistent metrics,standardized processes, and a single source of truth from the start.
The Results
Executive and board reporting, previously built from manualdata pulls, now flows directly from Rimsys in real time. What had been adisruptive, recurring effort is now a routine view. Leadership has thevisibility to make faster, more confident decisions, and the regulatory team isno longer pulled into reporting fire drills.
Change management has also been transformed. Direct linkagebetween products, registrations, and projects means impact assessments arefaster and less dependent on individual knowledge. UDI operations havesimilarly improved: machine-to-machine transmission has reduced manual uploadsand centralized DI record visibility supports global UDI requirements.
The most significant shift is strategic. With centralizedregulatory intelligence and real-time data, Smith & Nephew’s regulatoryteam now actively supports commercial planning: informing budget cycles,guiding renewal and launch sequencing, and advising on regulatory pathways toaccelerate market entry. Regulatory is no longer a downstream compliancefunction. It is a business partner.
Smith & Nephew now runs four modules across its RIM operation:
- Registrations— Centralized license tracking across 250 countries and 30+ business units
- Change Assessments— Direct product-registration linkage for faster, consistent impact assessments
- Executive Reports— Real-time dashboards replacing manual data pulls and board reporting fire drills
- UDI— Machine-to-machine transmission reducing manual uploads across global markets
Take this to your team
If you’re evaluating how to modernize RIM operations at scale, the Smith & Nephew case study is a practical reference to share internally. It covers the full implementation story, module breakdown, and results data in a format built for stakeholder conversations.
How Philips Scaled Active Product Registrations More Than 20x
Philips Healthcare operates one of the largest regulatory portfolios in global MedTech: products registered across 250 countries, with a footprint that grows with every acquisition. Before Rimsys, that complexity was managed through email and spreadsheets. Submission packages moved through inboxes with no audit trail, no performance data, and no reliable view of where products were authorized to ship.
Philips selected Rimsys in 2022 as the enterprise RIM platform to bring regulatory order to that complexity. Since go-live, active product registrations have scaled more than 20x, user adoption has doubled in the last six months, and the regulatory affairs function now operates from a single source of truth spanning the entire enterprise.
The Challenge
Without structured data, Philips could not measure regulatory performance, track license expiration across the portfolio, or identify where submission work was stalling. Every acquisition made it worse: incoming business units arrived with their own workflows and systems, absorbing more fragmentation rather than resolving it.
The Solution
Philips evaluated multiple platforms against requirements built with both market-facing and business regulatory affairs teams. Rimsys won on two dimensions: an interface that made complex product and registration data immediately visible, and more enterprise-ready features than competing platforms at the right price point.
Philips went live with Rimsys Registrations and Submissions modules in July 2022. The team deployed platform experts for train-the-trainer sessions and launched regular drop-in sessions where users could ask questions and surface issues. Standing up a dedicated Regulatory Operations team focused exclusively on rest-of-world registration accelerated adoption further.
When an early business unit pushed back on workflow efficiency, Philips and Rimsys worked through it together. A hands-on process walkthrough identified exactly what needed to change, a resolution plan was shared, and that transparency and collaboration became the foundation for sustained user buy-in across the enterprise.
The Results
Since go-live, Philips has scaled active product registrations more than 20x, with further growth already underway. What started as a single deployment now spans 30+ business units across 250 countries, with Rimsys serving as the single source of truth for regulatory data across the enterprise, including businesses acquired since implementation.
For the first time, Philips can measure its own regulatory performance. KPIs flow directly from the platform, giving leadership real-time visibility into registration health. When anomalies surface, they drive data correction and user training, closing gaps that previously went undetected until they affected revenue.
Now with Rimsys AI-assisted Submissions and Regulatory Intelligence now in use, Philips expects to accelerate further: reducing administrative burden so skilled regulatory professionals can focus on strategy.
Philips now runs four modules across its RIM operation:
- Registrations— Centralized license tracking across 250 countries and 30+ business units
- Submissions— AI-assisted submission workflows replacing email-based package management
- Intelligence— Real-time KPI dashboards giving leadership visibility into registration health
- Standards— Essential Principles and standards tracking aligned to global market requirements
Take this to your team
If you’re evaluating how to modernize RIM operations at scale, the Philips Healthcare case study is a practical reference to share internally. It covers the full implementation story, module breakdown, and results data in a format built for stakeholder conversations.
.avif)
What RAPS Euro Convergence 2026 Told Us About the Future of MedTech Regulation
Last week, the MedTech regulatory community gathered in Lisbon for RAPS Euro Convergence 2026: nearly 100 sessions, hundreds of professionals, and one overriding theme: transformation.The European regulatory landscape is shifting faster than it has in two decades, and the pressure is on every RA team to keep pace.
We were there. And here is what we took away.
The Dominant Signal: Change Is Accelerating
For MedTech manufacturers, the immediate reality is demanding. MDR 2.0 is advancing. The EU AI Act is creating new compliance obligations for software-enabled devices. EUDAMED continues to mature. And teams are being asked to absorb all of this while still meeting existing registration and renewal deadlines.
The practical implication is clear: RA functions that rely on manual tracking, disconnected spreadsheets, and tribal knowledge are being outrun by the pace of change. Across the industry, teams are moving from talking about AI to actively experimenting with it, using it to handle the volume and complexity that manual processes simply cannot absorb. The teams emerging as strategic forces are the ones who have connected, real-time regulatory infrastructure and are putting AI to work within it.
AI Is No Longer Optional Thinking
The conversation at Euro Convergence made one thing clear: AI has moved from future-state to present-tense. Regulatory professionals were encouraged to embrace AI while maintainingaccountability for the outcome and challenging the algorithms.
" Our role is to make sure that the AI does the right interpretations appropriate to our products, to our business."
— João Martins, Director of Regulatory Affairs at Abbott at RAPS Euro Convergence 2026 Opening Plenary
That framing resonates deeply with how we have built AI into Rimsys. The goal was never to replace regulatory judgment; it is to amplify it. Rimsys AI is domain-specific, built on the regulatory data structures and logic that reflect real-world requirements, country-specific nuances, and product context. It proposes, analyzes, and alerts. Your team reviews, approves, and decides.
For teams that are ready to accelerate, Rimsys AI accelerates regulatory intelligence monitoring and submission authoring, removing the repetitive, detail-heavy work so skilled professionals can focus on strategy, market expansion, and the higher-order decisions that increasingly complex regulations demand.
"As future regulators, we will need to be scientifically strong, comfortable with complexity, open to innovation, and also be able to work in increasingly complex environments."
— Rui Santos Ivo, President of Portugal's National Authority of Medicines and Health Products (INFARMED) and chair of the EMA management board, RAPS Euro Convergence 2026 Opening Plenary
MDR 2.0: Reform With Guardrails
A panel of experts representing regulators, industry, and notified bodies gave their views on the proposed revision of the EU Medical Device Regulation at the conference. While their sentiments were largely supportive, notified body representatives urged the European Commission to maintain proactive surveillance of devices to protect patients.
The discussion acknowledged the complexity of balancing reform with patient safety. Simplification and innovation go hand in hand, though if it is overly complicated or overly simplified, it becomes difficult to innovate. Structured dialogues in MDR/IVDR will provide transparency and predictability for manufacturers, especially in early product development.
Regulatory Workflows Cannot Be an Afterthought
A recurring observation across sessions was that MDR 2.0, EUDAMED, and the EU AI Act are only as effective as the operational workflows behind them. Structured dialogues, risk-proportionate pathways, and submissions all require teams to move quickly with accurate, up-to-date product data. That is simply not possible when that data lives across email threads, spreadsheets, and disconnected systems.
The workflows that came up most in Lisbon (change control, renewals, new product introductions, and registration management) are exactly the areas where manual processes create the most risk. A missed renewal. A design change that triggers 40 country-level impact assessments with no system to coordinate them. A registration record that no one has updated since the last audit.
Rimsys keeps these workflows connected and proactive. Renewal expiration reminders fire before deadlines become a risk. Change control impact surveys are configurable to your SOPs, so teams can assign tasks and coordinate work across regions without relying on someone to manually track progress. New product introductions move faster because previous submission content can be reused across markets. Target market data, registration history, and approval status are already centralized, so teams are building on existing work rather than starting from scratcheach time.
The result is regulatory operations that reduce time to market by weeks to months, not add to it. Access information in seconds rather than hours. Regulatory release authorization in minutes rather than weeks. More than 90% reduction in regional regulatory reporting time. These are not projections. They are outcomes reported by Rimsys customers operating in exactly the kind of complex, multi-market environments that dominated the conversation in Lisbon.
The Regulatory Professional Is Evolving
Perhaps the most striking thread across sessions was the evolution of the RA function itself. Regulatory work was once seen mainly in terms of compliance procedures and submissions. Today, the profession is much broader than that.
This evolution is exactly the transition Rimsys is designed to support. When regulatory data is centralized, connected, and visible in real time, RA teams stop spending their days chasing down registration status and start contributing to commercial strategy: market expansion decisions, launch sequencing, change control planning, and executive-level risk communication.
The heart of regulatory operations is not a filing cabinet. It is a living, connected system that elevates the entire function.
What It All Points To
RAPS Euro Convergence 2026 made one thing clear: the organizations that will thrive are those who have invested in regulatory infrastructure that can absorb change without breaking. Rimsys is the platform built for exactly this moment: enterprise-grade, intuitive enough for global teams to actually use, and trusted by 6 of the top 12 global MedTech manufacturers worldwide.
Rimsys Launches the Regulatory Execution Engine for MedTech
Spring 2026 embeds submission authoring, AI-powered regulatory monitoring, and configurable impact workflows inside a single RIM platform, the first step toward Rimsys' AI vision for global regulatory operations.
PITTSBURGH, PA, May 5, 2026 – Regulatory Information Management (RIM) software was built to store records. That foundation has served its purpose and reached its limit. Today, Rimsys announces the Spring 2026 release: a platform designed not to hold regulatory data, but to execute on it.
Submission volumes are growing. Markets are multiplying. Regulatory change is accelerating. Spring 2026 gives regulatory teams the tools to keep pace: embedded authoring, reusable submission content, configurable impact workflows, and AI-powered intelligence, all inside a single platform.
"Our vision for Rimsys is a platform that makes regulatory expertise go further, companies move faster, and products reach more markets than any team could accomplish alone. Spring 2026 is another meaningful step toward that vision. We are embedding the tools and intelligence that allow regulatory affairs professionals to operate at a different level, doing more strategic work, entering markets faster, and staying ahead of regulatory change rather than reacting to it. What we are building next makes this release the starting line." – James Gianoutsos, CEO
What Spring 2026 Delivers
A brand new website that provides in-depth information about the Rimsys offering and the benefits to MedTech manufacturers, including details on these new products:
Intelligence: AI-Powered Regulatory Monitoring
Rimsys Intelligence provides access to regulations, guidance documents, safety alerts, and legislation across more than 90 countries. AI triage and prioritization surface the updates most relevant to each customer's specific products and markets, eliminating hours of manual surveillance and putting the right information in front of the right people.
When a change requires action, teams can move directly from regulatory signal to impact assessment without a manual handoff. Intelligence represents Rimsys' first production deployment of context-aware AI operating across a customer's live regulatory data, a foundation that will expand significantly in future releases.
Advanced Submissions: A Unified Submission Execution Workflow
Advanced Submissions consolidates everything required to create, manage, and publish a regulatory submission into a single workflow inside Rimsys, eliminating the disconnected tools, manual reformatting, and version fragmentation that have defined submission work for too long. Three capabilities anchor it:
Rimsys Editor
The Rimsys Editor is the cornerstone of Advanced Submissions and the most significant capability in this release. It brings word-compatible authoring and editing natively inside Rimsys, fully compatible with Microsoft Word®, allowing regulatory teams to create, co-author, review, and publish submission content without leaving the platform for the first time.
The Editor supports real-time co-authoring, tracked changes and redlining, rich content including tables and images, document comparison, and PDF publishing with standardized headers, footers, and company branding applied automatically. AI-assisted authoring is available as a configurable option, enabling teams to summarize, refine, expand, and translate content within their workflow. Rimsys AI is human-in-the-loop by design.
Universal Submissions
Universal Submissions enables teams to build from a single universal template (an IMDRF Technical Document) with content automatically mapped into market-specific templates. One master structure, many markets, without rebuilding from scratch.
Reusable Submissions
Reusable Submissions takes a completed submission from one market and uses it as the starting point for a new one. The system automatically maps content into the target market's template, carrying applicable sections forward reducing the content creation time up to 90% and compressing the time required to enter each additional market.
Configurable Impact Surveys: Governed Change Assessment at Scale
Impact Surveys are now fully configurable. Templates can be defined for specific change event types, tied to countries or registrations, and triggered automatically from Rimsys Intelligence findings replacing ad hoc assessments with repeatable, governed workflows. This integration creates a direct line from change event to regulatory scope, with results tracked in a single audit-ready trail.
A Platform Built for What's Next
Spring 2026 establishes more than a set of new capabilities. It establishes the execution infrastructure, structured data model, and embedded AI foundation on which Rimsys' longer-term vision is being built.
That vision: a world where regulatory experts are amplified by intelligence, not constrained by information. Where the knowledge required to enter a new market, interpret a regulatory change, or scope a submission is instantly available to every member of the team. Where regulatory operations scale not by spreading experts thin, but by giving them tools that multiply their impact.
Spring is the first production step in that direction. Every submission authored inside the platform, every intelligence signal triaged by AI, and every impact assessment connected to structured regulatory data deepens the foundation. Future releases will build on it directly, expanding AI capabilities, automating more of the regulatory workflow, and ultimately enabling teams to do work that today requires external expertise to be done inside Rimsys.
Regulatory Execution as a Business Lever
Spring 2026 is built to move metrics that matter: reduced submission cycle time variance, improved approval predictability, lower marginal effort per market, and increased team capacity without proportional headcount growth. For executive leadership, earlier approvals translate directly into faster market access and accelerated revenue recognition.
Availability
Spring 2026 is now Generally Available. Existing customers on the Organizer product will retain access to their current experience.
To learn more about the Spring 2026 release and how Rimsys can accelerate your regulatory operations, visit rimsys.io or contact your Rimsys representative.
About Rimsys
Rimsys is the heart of regulatory operations for the medical device industry and the platform at the center of an AI-driven transformation in how regulated products reach global markets. A living, connected regulatory platform, Rimsys keeps regulatory intelligence, product data, approvals, and change management continuously connected, enabling organizations to expand into global markets with speed, precision, and confidence. Enterprise-ready yet intuitive to use, Rimsys is trusted by 6 of the top 12 global MedTech manufacturers to accelerate time to market and scale regulatory operations worldwide. To learn more, visit rimsys.io.
Media Contact
rimsys.io
The Real Cost of “We’ll Build It Ourselves”
If you are reading this from inside a large MedTech organization, you may be thinking: we have ten times the engineering staff. Why can’t we just build this ourselves?
We-Should-Just-Build-This-Ourse…
It is a fair question.
But software has a well-known paradox. Adding more people to a complex project does not make it go faster. It usually makes it go slower. More coordination. More handoffs. More meetings about meetings. More surface area for misalignment
A large IT organization is optimized for breadth — supporting dozens of systems, managing infrastructure, keeping the lights on across the enterprise
That is valuable work.
But it is fundamentally different from building and sustaining a deep vertical product over a decade.
The people on your team have day jobs. They run devices through regulatory pathways, manage quality systems, support manufacturing, and commercialize products globally
Building a regulated platform is not a side quest.
It is a second company
What the Numbers Actually Look Like
When people compare license fees to internal builds, they stop at the wrong baseline
The real comparison is:
Licensing a specialized platform
versus
Standing up and operating a regulated software company inside your enterprise
Product management.
UX research.
Engineering.
Regulatory SMEs.
Validation and QA.
Security operations.
Compliance programs.
24/7 support.
Infrastructure.
Multi-year modernization
AI makes some of that faster.
It does not make any of it optional
With a specialized vendor, that investment is amortized across an entire customer base.
With an internal build, the full long tail of ownership falls on you
And most of that spend ends up recreating the 80 percent that has already been solved — all because someone decided the remaining 20 percent justified building from scratch
The return on that 20 percent rarely survives honest scrutiny.
The Questions That Should Keep You Honest
It is easy to get excited about how fast something can be built.
The harder exercise is asking what happens in year three, year five, year eight
When your VP of Regulatory Affairs leaves, who maintains validation documentation?
When regulations change across jurisdictions simultaneously, who redesigns workflows and pushes a validated release before the deadline?
When an auditor asks for change control history and disaster recovery test results, who is accountable?
Internal initiatives often stumble not because engineers cannot prototype, but because sustaining them for a decade is brutally hard
Sponsors move on. Budgets change. Teams reorganize.
Regulatory systems do not get to pause.
They must remain inspection-ready through acquisitions, divestitures, and leadership turnover
Systems of record are commitments, not experiments
AI Changed the Tools, Not the Gravity
I am genuinely excited about what AI enables. It will reshape regulatory operations, reduce headcount growth, compress timelines, and raise expectations for every vendor in this space
What it has not done is repeal gravity.
Most of what AI replaces today is busy work. That is enormously valuable. But busy work was never the strategic bottleneck
The hard parts remain.
- Deciding submission strategy.
- Interpreting regulator feedback.
- Designing defensible workflows.
- Staying inspection-ready.
- Running global rollouts
Agents help teams move faster.
They do not decide what is safe, defensible, or durable
In MedTech, software is not just built.
It is designed, governed, operated, and defended
And gravity still applies.
Day Zero Is Easy. Day One Is Where It Gets Hard
There is something I keep coming back to in these conversations.
You can go from idea to prototype incredibly fast right now. That is the day-zero problem, and AI has essentially solved it. You can spit out working code, scaffold an integration, and stand up a proof of concept in a week
But the nuance around an actual business workflow — the day one and beyond activities — those are dramatically harder than day zero ever was
Software engineering done well is craftsmanship.
There is more to it than generating code and turning a prototype into something a regulated enterprise can depend on. It means thinking about edge cases, failure modes, upgrade paths, observability, and long-term operability. It means deleting as much as adding. Simplifying interfaces. Collapsing concepts down to what actually matters
Inside my own teams, I see impressive first versions all the time.
That is not the hard part anymore.
The hard part is everything that comes after
We-Should-Just-Build-This-Ourse…
Faster Engineering Just Pushes Work Somewhere Else
There is a tradeoff that rarely makes it into the first ROI spreadsheet.
AI compresses build cycles. In regulated companies, that speed shows up downstream. More releases mean more validation, more SOP updates, more training, more compliance review, and more audit prep
Engineering gets cheaper.
Governance becomes the constraint
There is also a subtler version of this problem.
Agents make it easy to generate output at scale. More workflows. More automation. More code.
But in regulated environments, every new service or automation path increases surface area. More things to secure. More things to validate. More things to explain to auditors
Speed without discipline creates complexity faster.
For CTOs, that is an architectural concern.
For Regulatory leaders, that is an inspection risk.
Are You Trying to Be a Software Company?
This is the part of these conversations that most often gets skipped.
A MedTech company is not a software shop. Most are largely outsourced IT organizations, and there is nothing wrong with that. The core business is devices, science, R&D, manufacturing quality, clinical programs, and global commercialization
When internal teams talk about building major regulatory platforms, the question is not whether they can spin up a prototype.
It is whether they want to operate a full-time software company inside their enterprise
Building software at scale is a people problem. It is not a technology problem. The constraint is coordination, judgment, institutional knowledge, and sustained focus over years
The people problem does not get fixed by agents and AI.
Regulatory platforms are deeply vertical. They encode jurisdiction-specific rules, regulator expectations, submission templates, QMS integrations, inspection trails, and post-market obligations
That knowledge is earned slowly.
It lives in product decisions, data models, operating procedures, and support playbooks.
AI will reshape how these platforms evolve.
It does not remove the learning curve that created them
