EU MDR explained: key changes, timeline updates, and practical steps

The EU medical device regulatory framework continues to evolve.

As EUDAMED modules roll out and MDR timelines shift, many manufacturers are finding that maintaining compliance now requires far more structure and oversight than it did just a few years ago. Understanding what the MDR actually expects today has become essential for staying competitive in the European market.

Across the industry, the challenge usually isn’t a lack of expertise. It’s keeping up with how the regulation is being applied in practice. Expectations around EU MDR technical documentation, audits, post-market surveillance, and registration have tightened, and notified bodies are applying the MDR much more consistently than they did during the early transition years.

In this post, we’ll walk through the latest MDR developments, what they mean in practice, and how ISO 13485 supports effective compliance. I’ll also share practical insights on building a QMS that not only meets regulatory expectations but also supports long-term business success.

If you’re navigating this transition and want a clearer view of how quality systems support MDR compliance, check out our QARA guide to medical device quality management systems.

Key takeaways

If you understand these principles, you’re already ahead of many organizations that still treat MDR as a one-time transition instead of an ongoing operational shift.

EU MDR updates today 

If you’ve searched “EU MDR updates today,” you’re not alone. It’s one of the most common questions regulatory and quality teams ask right now, and for good reason.

The EU Medical Device Regulation (MDR) 2017/745 replaced the former Medical Devices Directive (MDD) to strengthen patient safety, improve transparency, and enhance traceability across the European medical device market.

It was formally applied in May 2021, but the story didn’t end there. Since then, we’ve seen extended transition timelines, most recently under Regulation (EU) 2023/607, the phased rollout of EUDAMED modules, and ongoing discussions around targeted EU MDR amendments to address capacity constraints and regulatory complexity.

So where do things stand today?

• Extended transition deadlines remain in place for certain legacy devices, depending on risk class, as long as specific conditions are met. These include avoiding significant design changes and maintaining compliance with the MDD.

• EUDAMED modules are being implemented progressively. The first four modules are expected to become mandatory from May 28, 2026.

• Stricter expectations for clinical evaluation, post-market surveillance (PMS), and vigilance are now firmly established.

• Notified bodies are applying far greater scrutiny, which has raised expectations for technical documentation and audit readiness.

At its core, EU MDR is built around a few key pillars:

• Robust clinical evidence

• Comprehensive technical documentation

• Proactive post-market surveillance

• Strong traceability, including UDI

• A compliant and well-documented quality management system
  
  

This is where many organizations start to feel the pressure. MDR didn’t simply add more documentation. It raised expectations around risk management, lifecycle oversight, and the overall maturity of technical documentation.

EU MDR is no longer “new.” It’s now the operational reality for the European medical device market. Yet many companies are still working to fully align their documentation and processes with what the regulation expects in practice.

The companies adapting successfully tend to approach it differently. They don’t treat MDR as a one-time transition project. They focus on strengthening their QMS, improving documentation discipline, and building systems that can withstand both audits and regulatory changes.

Next, let’s take a closer look at the key changes MDR introduced and why they continue to affect manufacturers today.

EU MDR timelines and transition periods

If there’s one thing that has defined the MDR rollout over the past few years, it’s shifting timelines.

The regulation entered into force in 2017 and was originally set to apply in May 2020. That date was later pushed to May 2021 due to COVID-19.

Even after that, it quickly became clear that both manufacturers and notified bodies were struggling with the scale of the transition. Certificate backlogs, limited notified body capacity, and significantly increased documentation requirements created pressure across the entire system.

The 2023 deadline extension

In March 2023, the European Commission adopted Regulation (EU) 2023/607, extending the transition periods for certain legacy devices certified under the previous directives.

The updated timelines depend on the device risk class:

• Class III and certain Class IIb implantable devices: transition until the end of 2027

• Class IIb (non-implantable), Class IIa, and Class I sterile or measuring devices: transition until the end of 2028

• Class I devices that were previously self-certified but require notified body involvement under MDR may also benefit from transitional provisions until the end of 2028, provided specific conditions are met

However, the extension does not automatically apply to all devices within those classes.

Manufacturers must still meet several conditions, including:

• Holding a valid MDD or AIMDD certificate, where applicable

• Ensuring there are no significant changes to the device’s design or intended purpose

• Implementing an MDR-compliant quality management system

• Submitting a formal application to a notified body within the required deadlines

• Signing a written agreement with that notified body within the specified timeframe

In other words, the extension buys time, but only if companies are actively moving toward full MDR compliance.

EUDAMED transition

EUDAMED, the European database for medical devices, is also being introduced gradually. The system has been rolled out module by module, and while voluntary use has been encouraged, full mandatory use depends on confirmation that the entire system is fully functional.

Many manufacturers are already preparing for mandatory actor registration, UDI submissions, and vigilance reporting through EUDAMED to avoid last-minute disruptions.

Under Regulation (EU) 2024/1860, the first four modules will become mandatory from May 28, 2026.

These include:

• Actor registration

• UDI and device registration

• Notified bodies and certificates

• Market surveillance

Two additional modules, covering post-market surveillance and vigilance as well as clinical investigations and performance studies, are still under development and will become mandatory once they are finalized.

Recommended learning:

Practical EUDAMED guide for QA and RA teams.

Why these timelines still matter strategically

Some organizations see the extensions as breathing room. In practice, they function more like a countdown with stricter checkpoints along the way.

Notified body capacity is still limited. Technical documentation reviews are deeper and more detailed than they were under MDD. Expectations for clinical evaluation are higher, and post-market surveillance systems are examined much more closely during EU MDR audits.

The companies in the strongest position right now are not the ones waiting for 2027 or 2028. They are using the transition period to improve documentation quality, close gaps in risk management and clinical evidence, strengthen post-market surveillance processes, and align their QMS fully with MDR and ISO 13485.

Because when your certificate renewal or MDR conformity assessment arrives, the timeline rarely feels generous.

In the next section, we’ll look more closely at the key MDR changes that continue to shape compliance expectations and why they raise the bar for medical device manufacturers.

Key EU MDR changes you need to know 

Even though MDR is already in force, the regulatory framework is still evolving, and there are key EU MDR changes you need to keep in mind.

Over the past few years, the European Commission has introduced targeted amendments aimed at stabilizing the system. The goal has not been to rewrite the regulation, but to address the pressure points that became clear after full application in 2021.

Why revisions became necessary

By early 2023, two things had become difficult to ignore.

First, the notified body capacity was severely constrained. Second, thousands of legacy devices risked losing market access before manufacturers could complete their MDR certification.

Industry data showed that a large number of certificates issued under the previous directives were due to expire before companies could transition to MDR. Without intervention, this could have led to widespread device shortages across the European market.

This situation ultimately led to the 2023 amendment that extended the transition deadlines. But timeline extensions were only part of the response.

What the targeted revisions focus on

The adjustments adopted so far, along with ongoing policy discussions, generally focus on a few key areas.

Preventing device shortages

The extension of transition timelines was designed to ensure continuity of supply while manufacturers complete their MDR transition.

Removing the “sell-off” deadline

The previous sell-off provision limited how long legacy devices could remain on the market after certificate expiry. Removing this requirement reduced the risk of unnecessary product withdrawals.

Maintaining strong safety oversight

The European Commission has consistently emphasized that patient safety remains non-negotiable. The objective of these amendments is to improve how the system works in practice, not to dilute the regulatory requirements.

Exploring system simplification

Broader discussions about regulatory efficiency are also underway. For example, a proposed targeted amendment to the MDR and IVDR was released in December 2025, aiming to address regulatory complexity and administrative burden for both manufacturers and notified bodies.

What this means for manufacturers

Scilife Tip:

One message I often emphasize when discussing these amendments with teams is simple: the extensions buy time, but they don’t lower the bar.

Manufacturers still need to:

• Demonstrate a clear MDR transition plan

• Implement an MDR-compliant quality management system

• Upgrade technical documentation to MDR depth and structure

• Strengthen clinical evaluation and post-market surveillance systems

• Prepare for more rigorous notified body audits

The regulatory environment is becoming more stable, but expectations around compliance remain just as high.

How to comply with the EU MDR: Practical steps and tips

When teams ask me, “Where do we even start with MDR compliance?”, my answer is usually the same: stop thinking of it as a submission project and start thinking of it as a system.

Scilife Tip:

MDR compliance isn’t one document, one audit, or one notified body interaction. It’s the outcome of a mature quality management system that consistently produces the right evidence.

Here are some practical places to start.

1. Start with a structured MDR gap assessment

Before rewriting documents or redesigning processes, take a step back and assess where you actually stand.

A good MDR gap assessment typically looks at:

• Annex I (General Safety and Performance Requirements)

• Annex II and III (technical documentation and PMS documentation)

• Clinical evaluation expectations

• UDI and traceability requirements

Be honest in this step. Many organizations discover that while documentation exists, it doesn’t meet MDR expectations for depth, traceability, or cross-referencing.

It’s helpful to assess against the regulation itself rather than relying on what has worked in the past. Something that passed conformity assessment a few years ago may not necessarily meet expectations today. The MDR framework has matured, and notified bodies are applying the requirements more consistently.

2. Strengthen your technical documentation

If there is one area where MDR audits consistently go deep, it is technical documentation.
Under MDR, technical documentation needs to clearly demonstrate:

• Device description and specifications

• Design and manufacturing information

• GSPR compliance supported by traceable evidence

• Risk management aligned with ISO 14971

• Clinical evaluation

• PMS and PMCF planning

• Benefit–risk justification

A common issue I see is that the documents exist, but they don’t tell a coherent story.

Notified bodies expect clear alignment between risk management, clinical evidence, labeling, and post-market activities. If those pieces don’t connect, findings usually follow.

It helps to think of technical documentation as an interconnected system rather than a set of standalone reports.

3. Align your QMS with ISO 13485

ISO 13485 is not legally identical to MDR, but in practice, it forms the backbone of compliance.

A well-implemented QMS helps you:

• Control design and development

• Maintain document and record integrity

• Manage suppliers effectively

• Handle corrective and preventive actions

• Stay consistently prepared for audits

Many companies that struggle with MDR don’t have a fully embedded, process-driven QMS. When quality processes are reactive or impractical in daily work, compliance quickly becomes exhausting.

4. Prepare for deeper audits

An MDR audit is not simply an MDD audit with new branding. Reviews are longer, more detailed, and much more evidence-driven.

Preparation often includes:

• Running internal audits that simulate MDR depth

• Making sure cross-functional teams understand their responsibilities

• Verifying traceability from risk management to clinical evidence, labeling, and PMS

• Reviewing how post-market data and vigilance activities are handled

Audit readiness should be continuous, not something that starts a few weeks before a notified body visit.

5. Strengthen post-market surveillance

MDR places far greater emphasis on lifecycle oversight.

Manufacturers are expected to actively collect, analyze, and act on post-market data rather than simply producing periodic reports.

This includes:

• PMS plans

• Periodic Safety Update Reports (PSURs)

• Trend reporting

• PMCF 

Strong post-market surveillance is now a central pillar of MDR compliance.

6. Treat compliance as a long-term strategy

This may sound counterintuitive, but companies that approach MDR strategically often see operational benefits.

• Clearer documentation improves internal efficiency

• Better risk management reduces field issues

• Stronger supplier oversight minimizes disruption

• Robust clinical evidence strengthens market credibility

Scilife Tip:

MDR compliance done well builds resilience.

If your focus is only on passing the next audit, teams often feel like they are constantly catching up. But when the focus shifts to building systems that consistently produce compliant outputs, audits become confirmation that the system works.

Conclusion: turning EU MDR compliance into a competitive advantage

EU MDR isn’t just another regulatory hurdle. It represents a structural shift in how medical device companies operate.

With extended transition periods, targeted amendments, and the continued rollout of EUDAMED, the regulatory landscape is still evolving. But one thing is already clear. Expectations around documentation quality, clinical evidence, post-market surveillance, and QMS maturity are significantly higher than they were under the previous directives.

Across the industry, the companies that are adapting successfully tend to approach MDR differently. They aren’t scrambling right before audits. They’re building structured, ISO 13485–aligned systems that consistently produce compliant outputs.

They treat technical documentation as a living framework rather than a last-minute compilation exercise. Risk management and post-market surveillance are embedded in daily operations. And regulatory discipline becomes part of how the organization runs, not just something handled during certification cycles.

This is also where the right digital tools can make a real difference.

Platforms like Scilife help medical device manufacturers manage documentation, maintain traceability, and keep quality and regulatory processes aligned with ISO 13485 and EU MDR requirements. By connecting quality, regulatory, and operational workflows in a single system, teams gain clearer visibility across the product lifecycle and are better prepared for audits and regulatory updates.

EU MDR compliance will continue to evolve. The real question is whether your systems are built to keep up with it.

Find out how Scilife helps you move from reactive compliance to a more proactive quality strategy.