The European Commission (EC) introduced 2017/746, the In Vitro Diagnostic Regulation (IVDR) back in 2017, with a transition period of 5 years, entering into force on 26 May 2022 (with differences for certain articles). As the deadline loomed, it became apparent that the European Union (EU) risked a shortage of in vitro diagnostic medical devices (IVDs) because many companies were not ready to transition from the In Vitro Diagnostic Directive (98/79/EC) and Notified Bodies (NBs) were scarce and under-resourced for the sheer volume of applications necessary for market continuity.
With a large number of non-compliant IVDs on the market and time running out on the compliance clock, the EC issued a press release on January 22, 2024, indicating push back of compliance deadlines based on device risk:
“Under the current provisions, these rules would apply from 26 May 2025 for high risk IVDs or 26 May 2027 for lower risk IVDs. The additional time granted to companies depends on the type of device:
- high individual and public health risk devices such as HIV or hepatitis tests (class D) would have a transition period until December 2027;
- high individual and/or moderate public health risk devices such as cancer tests (class C), would have a transition period until December 2028;
- lower risk devices (class B such as pregnancy tests and class A sterile devices such as blood collection tubes), have a transition period until December 2029.”
This was codified in legislation with the passage of 2024/1860 on June 13, 2024 (published July 9, 2024). This new regulation is directed at ensuring continuity of IVD availability in addition to ensuring devices remain safe and effective. (See MDCG 2020-16 Rev. 2 for classification rules.)
One of the key amendments to 2017/745 is found in Article 2(3)(c), which inserts additional text into the IVDR, including Article 110 paragraph 3c(d): “no later than 26 May 2025, the manufacturer has put in place a quality management system in accordance with Article 10(8).” Some key questions to ask yourself:
- Does my current QMS comply with all the requirements of EN ISO 13485:2016? (If you market devices in the United States, keep in mind that the US FDA officially aligns with ISO 13485:2016 next February, less than a year away.)
- Is my IVD postmarket surveillance system established according to the requirements of 2017/746 and 2024/1860?
- Do I understand the specific requirements for each of my devices?
- New devices to be marketed under IVDR (my devices will need to comply with the requirements)
- Devices currently marketed under IVDR (my devices already comply with the requirements)
- Legacy devices currently marketed under IVDD (I may need to retool your Quality Management System (QMS), including my device’s Technical Documentation, to comply with 2017/746 and 2024/1860
- Have I implemented a quality plan to manage the transition?
If you have not yet completed the transition of your QMS to comply with both IVDR and EN ISO 13485:2016, and you produce high risk (class D) IVDs, you now have less than 3 months to complete the transition. Keep in mind that you also have less than 3 months to secure a Notified Body and submit your application for market clearance for your class D IVD devices.
Perhaps the greatest challenge in meeting the QMS requirement is to enhance your collection, analysis, and reporting of post-clearance data (“postmarket surveillance”). This includes requirements for a compliant vigilance system, trending of non-significant issues, and establishing and maintaining a performance evaluation program to verify your device’s ongoing scientific validity, analytical performance, and clinical performance. If you are only tracking complaints and reporting serious adverse events, your QMS will likely fall short of these requirements.
Concurrently with the need to comply with IVDR comes requirements to comply with privacy, cybersecurity, and artificial intelligence (AI) regulations if your device(s) include software and connectivity (e.g., provide a means for exporting patient data including test results to a Laboratory Information Management System, LIMS). While retooling your QMS and Technical Documentation for IVDR, don’t forget to consider impacts related to the General Data Protection Regulation (2016/679), the Cybersecurity Act (2019/881), the Cyber Resilience Act (2024/2847), and the AI Act (2024/1689).
With less than 3 months remaining to comply with the amended IVDR, MEDIcept’s experienced consultants stand ready to help accelerate your transition. We will assist with assessing your current QMS and Technical Documentation gaps, help establish a quality plan to ensure success and help guide you along the path to full compliance with the new IVD requirements.
Gregg Van Citters – Principal Software Quality Engineering Consultant