Why an MDR-ready QMS is the operating system behind compliance

Understanding where MDR obligations sit within your Quality Management System (QMS) and how to control them.

If classification sets the direction, technical documentation provides the structure, and clinical evaluation keeps compliance alive, then the quality management system is the operating system that keeps everything running. Episode 4 of our MDR Made Simple webinar series focused on how to build an MDR-ready QMS that embeds regulatory requirements into everyday processes, rather than treating them as add-ons.

While ISO 13485 remains the backbone of medical device quality management, MDR introduces additional, explicit obligations that must be reflected in the QMS. These include requirements around Unique Device Identification (UDI), General Safety and Performance Requirements (GSPR), EUDAMED registration, and clear assignment of regulatory responsibilities.

A key topic was UDI implementation. Under MDR, organisations must define how UDI codes are issued, structured, maintained, and updated, including basic UDI-DI, UDI-DI, and UDI-PI. The QMS must clearly describe who is responsible, how changes are controlled, and how UDI information is implemented in labelling and direct marking within regulatory timelines.

The session also explored how GSPR compliance must be built into design controls. Procedures need to ensure applicable requirements are identified, appropriate standards or solutions are selected, and verification and validation activities demonstrate compliance. Crucially, responsibility and control must be clearly defined within the QMS.

Registration and data maintenance in EUDAMED, including Single Registration Number management, further reinforces the need for structured processes, ownership, and timely updates embedded into the quality system.

Common pitfalls highlighted during the session included PMS systems that collect data but do not analyse it, risk management files that are not updated, internal audits that ignore regulatory requirements, weak supplier controls, unclear PRRC roles, and misalignment between the QMS and regulatory strategy.

The key insight: MDR compliance cannot sit outside the QMS. An MDR-ready quality system integrates regulatory, clinical, and post-market requirements across the full device lifecycle and across all actors in the supply chain.

As an MDR-designated Notified Body, DNV supports manufacturers in aligning ISO 13485 systems with MDR expectations, helping ensure regulatory readiness, operational clarity, and sustainable compliance.

1/14/2026 2:53:00 AM