MDR / IVDR – “Person Responsible for Regulatory Compliance” (PRRC)

Both the MDR and the IVDR require a “person responsible for regulatory compliance” (PRRC).

Some people also call them the “article 15 person” (after the corresponding articles in the two EU regulations) or the “qualified person”.

The terms “person responsible for compliance with regulatory requirements” (abbreviated to “person responsible”) and “qualified or competent person” are used in German.

The “person responsible for regulatory compliance” (PRRC) is similar to a safety officer, but they are not exactly the same.

Find out which tasks the PRRC performs, which responsibilities they have to take on and the expertise they have to have so that you can avoid penalties of up to EUR 30,000.

1. Regulatory requirements for the PRRC

a) MDR and IVDR

Motivation

For the authors of the Medical Device Regulation (MDR) it was important that there was a person responsible for regulatory compliance to, among other things, improve manufacturing and market surveillance and reporting systems. The preamble states:

It should be ensured that supervision and control of the manufacture of and the post-market surveillance and vigilance activities of medical devices are carried out within the manufacturer’s organisation by a person responsible for regulatory compliance who fulfils minimum conditions of qualification.

The person responsible for regulatory compliance is mandatory

This requirement for a “person responsible for regulatory compliance” is reiterated subsequently in article 15. The IVDR makes the same demand, using almost exactly the same wording, also in article 15. Both articles set out:

The EU has published Guidance on Article 15 of the Medical Device Regulation (MDR) and in vitro Diagnostic Device Regulation (IVDR) regarding a "person responsible for regulatory compliance”. A revision of this guidance is planned for 2020 (source).

Registration is required

Article 31 in conjunction with Annex VI, Part I, section 1 and 1.4 states that Manufacturers or, when applicable, authorised representatives, and, when applicable, importers must register the “name, address and contact details of the person or persons responsible for regulatory compliance referred to in Article 15” in EUDAMED.

N.B!

Please note: The requirement for a “person responsible for regulatory compliance” does not just affect manufacturers, it also affects importers and authorized representatives!

In the aforementioned guidance document, the EU emphasizes that the person responsible for regulatory compliance cannot also be the EU authorized representative.

The person responsible for regulatory compliance must be close to the manufacturer, i.e. for an EU manufacturer, they must be in the EU, for a non-EU manufacturer they must be outside the EU.

There are no transitional periods

The general opinion is that the PRRC requirement will have to be complied with from 5/25/2020. This also applies if the manufacturer places their device on the market during the transitional periods established in the directives (MDD, IVDD). NAKI has written about this.

There must be a person responsible for regulatory compliance (PRCC) according to article 15 of the MDR. However, registration in EUDAMED is unnecessary as long as EUDAMED is not available.

NAKI, UG1

In many countries, such as Germany, a safety officer is already required by law. He or she must be registered with the DIMDI.

b) National law and penalties

The Medical Device Implementing Act (MDG) applies in Germany from the time the MDR enters into force. It does not impose any additional requirements beyond those of the MDR with regard to the person responsible for regulatory compliance.

However, in §61(3), the MDG sets the value of the fine as (up to) €30,000.   This fine may be imposed on anybody or any organization who:

“a) contrary to article 15(1), does not have within its organization a qualified person responsible for regulatory compliance;

b) contrary to article 15(2), does not have a qualified person responsible for regulatory compliance permanently and continuously at their disposal;

c) contrary to article 15(6), does not have permanently and continuously at their disposal a qualified person responsible for regulatory compliance;”

MDG §61 (draft)

The MDG has dispensed with the role of safety officer, while the role of medical device adviser has been retained.

2. Tasks and responsibilities of the person responsible for regulatory compliance

a) Responsibilities

According to MDR and IVDR, the person responsible for regulatory compliance is responsible(!) for ensuring that:

  1. The conformity of medical devices is checked in accordance with the QM system (before delivery) (Article 10(9)).
  2. The technical documentation is kept up to date (Article 10(4) and (6)).
  3. Market surveillance is performed in compliance with the EU regulations (Article 10(10)).
  4. The reporting obligations according to the EU regulations are met (Article 10(13)).
  5. For “investigational devices”, the statement according to Annex XV, Chapter 2 is issued.

This list also lists the references to article 10 made by the EU in the Guidance on Article 15 of the Medical Device Regulation (MDR) and in vitro Diagnostic Device Regulation (IVDR) regarding a "person responsible for regulatory compliance”.

Neither the MDR nor the IVDR require that the person responsible for regulatory compliance has to perform these duties themselves. They are “only” responsible for their completion. However, the resulting responsibility must also lead to disciplinary powers.

b) Comparison with the role of safety officer

Article 30(4) of the MPG establishes the following with regard to safety officers:

The safety officer for medical devices shall collect and evaluate existing information concerning risks connected to medical devices and shall co-ordinate the necessary measures. He/she is responsible for the fulfillment of reporting obligations in so far as they concern risks related to medical devices.

The duties and responsibilities of a safety officer and a person responsible for regulatory compliance are therefore not identical:

Task / Responsibility

MDR / IVDR

MPG

Checking the conformity of medical devices

X

Technical documentation (including ensuring that it is up-to-date)

X

Market surveillance

X

X

Reports

X

X

Safety officer
!=
Person responsible for regulatory compliance

c) Liability of the person responsible for regulatory compliance

The person responsible for regulatory compliance is generally not personally liable in cases of ordinary negligence. In cases of gross negligence, the manufacturer may take recourse against its employee.

A limitation of liability or an exemption can be included in the person responsible for regulatory compliance’s employment contract.

In the case of gross negligence and intent, such an exclusion is not reasonable or possible. There is also a risk of criminal prosecution.

The person responsible for regulatory compliance must not be disadvantaged because of their obligations.

Further information!

Read our detailed article on employee liability here.

3. Expertise

a) Expertise requirements

The regulations require that the person responsible for regulatory compliance’s expertise is demonstrated in one of the two following ways:

  1. University degree or certificate of completion of a recognized course of study in law, medicine, pharmacy, engineering or another relevant scientific discipline, AND at least one year of professional experience in quality management or regulatory affairs. This professional experience must relate to medical devices.
  2. Four years of professional experience in quality management or regulatory affairs. This professional experience must relate to medical devices.

The EU regulations permit manufacturers of custom-made devices to demonstrate the requisite expertise with two years of professional experience only.

b) Requirements for proof

The degrees/study certificates must be clearly documented. With regard to professional experience, the manufacturers should be able to provide one or more of the following supporting documents:

  • Employment contract that confirms that the person is working in regulatory affairs or quality management and how long they have been doing so.
  • Organigram showing this role.
  • Training certificates in the fields of quality management, medical device law, market surveillance, risk management, reporting.
  • Records such as audit reports and document releases.
  • Registration of the person as the safety officer with DIMDI.

Please note that, in addition to the requirements of the MDR, ISO 13485 also has to be complied with, and that since the 2016 version it has focused even more of expertise.

c) Comparison with the expertise required from safety officers

The proof required from the safety officer differs from the proof required from the person responsible for regulatory compliance in the following ways:

  • Law is not one of the recognized university degrees.
  • Regardless of the subject studied, at least two years of professional experience is always required.
  • The professional experience refers to the more narrowly defined field of medical device law. Professional experience in quality management also counts when it comes to the EU regulations.

4. External qualified person?

Manufacturers must have a person responsible for regulatory compliance within their organization. The MDR, however, allows exceptions for micro and small enterprises. But in this case, they must have the person responsible for regulatory compliance “permanently and continuously at their disposal”. The EU makes clear in its “Guidance on Article 15 of the Medical Device Regulation (MDR) and in vitro Diagnostic Device Regulation (IVDR) regarding a "person responsible for regulatory compliance” that this access must be regulated by a contract.

Small and micro enterprises can use external persons. They are exempted from the obligation to employ a person responsible for regulatory compliance.

The EU defines what is considered a small or micro enterprise in Regulation 2003/361/EC. They are defined as enterprises that employ fewer than 50 employees and that have an annual turnover and/or annual balance sheet total of less than EUR 10 million.

5. Transitional periods

Since the MDR came into full effect, there has been some disagreement as to whether “a person responsible for regulatory compliance” as defined by MDR Article 15 has to be named for “legacy devices” as well.

MDCG Guidance Document 2021-25 was published on October 19. This guidance document interprets and specifies requirements for QM systems of manufacturers who only place “legacy devices” on the market. 

Definition: Legacy Device

Legacy devices should be understood as devices, which, in accordance with Article 120(3) of the MDR, are placed on the market after the MDR’s date of application (DoA) and until 26 May 2024 if certain conditions are fulfilled. Those devices can be:

  • devices which are class I devices under Directive 93/42/EEC (MDD), for which an EC declaration of conformity was drawn up prior to 26 May 2021 and for which the conformity assessment procedure under the MDR requires the involvement of a notified body;
  • devices covered by a valid EC certificate issued in accordance with Directive90/385/EEC (AIMDD) or the MDD prior to 26 May 2021

Source: MDCG 2021-25

a) Content of the document

As long as a manufacturer only places devices on the market according to transitional provision Art. 120(3), i.e., does not CE-mark devices according to the MDR, a person responsible for regulatory compliance as defined by Art. 15 is not required. 

Up to now, we and many others had interpreted this differently. This was because the obligations for post-market surveillance (PMS) and vigilance have had to be complied with by all manufacturers from May 26, 2021. The person responsible for regulatory compliance is responsible for guaranteeing effective PMS and vigilance processes. The MDCG 2021-25 guidance also considers this aspect, but comes to the conclusion that Article 15 still applies to manufacturers of legacy devices.

This in turn supports the interpretation that the person responsible for regulatory compliance is responsible for “supervision and control” and does not have to do everything themselves. (Because otherwise it would hard to defend the argument that manufacturers of legacy devices do not need a person responsible for regulatory compliance.)

Please note: All manufacturers must implement effective processes for post-market surveillance and vigilance in all cases. Only surveillance by the person responsible for regulatory compliance is still not yet mandatory for manufacturers of legacy devices.

b) Conclusion

Four and a half years after the publication of the MDR (and 5 months after DoA of May 26, 2021), we now have an interpretation in form of the MDCG 2021-25 guidance document. This is late, but at least there is now a consistent interpretation.

Unfortunately, the MDCG has failed to issue any statements on the IVDR. This is a pity – this was a great opportunity to easily create legal certainty. As the MDR and IVDR are very similar in their transitional regulations and with regard to the person responsible for regulatory compliance, we assume that MDCG 2021-25 will also apply for IVD manufacturers.

6. Summary

The requirements for the person responsible for regulatory compliance differ depending on the type and size of the economic actor and the role.

With the persons responsible for regulatory compliance, the MDR and IVDR have introduced a role whose responsibility and importance goes far beyond that of the safety officer.

Manufacturers would be well advised to fill these roles with qualified personnel as quickly as possible in order to:

  • Meet regulatory requirements.
  • Ensure the safety and conformity of their devices.
  • Avoid painful penalties.
Find out what Johner Institute can do for you
Starter-Kit_rot_dunkel

A quick overview: Our

Starter-Kit

Learn More Pfeil_weiß
blog_rot_dunkel

Always up to date: Our

Newsletter

Learn More Pfeil_grau
X

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.