How the EU’s MDR Will Impact Your Supply Chain

By Carolyn LaWell

The forthcoming EU Medical Device Regulation will impact your supply chain, both in manufacturing and distribution. You must talk with your partners now to ensure that you possess the information you need from them—and they from you—to meet regulatory requirements, your timeline for CE Market Approval and critical considerations for audits.

To put the MDR supply chain changes into perspective, we asked Mike Wolf, Director of Solutions Delivery at Maetrics, to outline some talking points for you and your suppliers.

How will MDR impact the orthopaedic supply chain?

Wolf: MDR identifies distributors, importers and EU authorized representatives as Economic Operators, each with specific responsibilities regarding verification of compliance, cooperation in complaint handling and field safety corrective actions, and cooperating with manufacturers and Competent Authorities in device traceability. Manufacturers should review their agreements with distributors, importers and authorized representatives to ensure that the interactions with these Economic Operators are clearly defined and agreed upon.

As manufacturers begin the task of achieving the CE Mark for their devices against the MDR, they need to have more data as evidence in support of compliance to the General Safety and Performance Requirements (GSPR). Suppliers can expect to receive requests from their manufacturer partners for additional data, as the manufacturer must ensure that each applicable requirement in the GSPR is addressed in a complete, comprehensive way.

For example, suppliers of certain types of materials or components that contain CMRs (carcinogenic, mutagenic or toxic to reproduction) may need to cooperate with manufacturers to collect existing data, perform additional testing if required to demonstrate compliance with the 0.1% by weight limit and, if necessary, discuss with the manufacturer the possibilities for a material change or a rationale for continued use of the material.

As another quite different example, suppliers of software or components of electrical devices employing software may need to cooperate with manufacturers to demonstrate evidence of adequate IT security measures, including protection against unauthorized access necessary to run the software as intended.

Specifically, how might the regulations impact the device company and contract manufacturer/supplier relationship? And when might they feel the impact?

Wolf: It’s reasonable to expect that the type and extent of control exercised by manufacturers over suppliers and outsourced processes will tend toward more scrutiny rather than less. As noted above, manufacturers in many cases will require more data in order to demonstrate compliance with the GSPR. This may develop into a longer-term communication requirement with some manufacturers, rather than just a one-off request.

Manufacturers may propose changes in their Supplier Quality Agreements (or similar contractual arrangements) to account for the need for more technical data and more transparency throughout the supply chain that is inherent in MDR. Suppliers may start to feel the impact as 2018 progresses, and certainly in 2019 as most manufacturers’ MDR projects unfold with greater energy and urgency, since the 2020 compliance deadline approaches rapidly.

Also, MDR continues the requirement for Notified Bodies (NBs) to conduct unannounced audits of manufacturers, and to include critical suppliers in those audits. As MDR effectively applies greater scrutiny of the performance of NBs, it’s possible that the inclusion of critical suppliers in these audits will become more frequent and more challenging.

What conversations about MDR should device companies and supplier engage in today?

Wolf: Manufacturers should communicate with their supplier partners the fact that they are organizing their efforts that will culminate in achieving a CE certificate for the devices in which the suppliers play a part. Have preliminary conversations about the specific requirements in the GSPR and the Technical Information requirements in which the suppliers play a role, and what new or additional data or information may eventually be requested.

To the extent that it is not confidential, device manufacturers should consider sharing with supplier partners their schedule for MDR implementation, including key milestones and any presumptions of the need for supporting actions or information from suppliers.

It might be appropriate and necessary to have conversations about possible revisions to quality agreements or purchasing agreements and the implications of those revisions.

Is there any other advice you would provide?

Wolf: Be proactive. Suppliers and contract manufacturers would be well advised to study the GSPR and Technical Documentation requirements, in order to better understand the compliance challenge faced by the manufacturers and the role that suppliers might play. Suppliers may have subject matter experts within their organizations who could play a key role in generating useful data or rationales in cooperation with the manufacturer.

Don’t hide. Device manufacturers will need help from suppliers in achieving full compliance with the MDR in an efficient way. Being a trusted supplier partner during this challenging period will allow the bonds created by shared effort to lead to shared reward and a stronger long-term business relationship. There are also many consultancies now that offer the support that manufacturers and suppliers need in the MDR transition period, either to help plug a skills gap or just simply to make it happen for your organization within the deadline.

Mike Wolf, Director of Solutions Delivery at Maetrics, has more than 25 years of experience in management and consultation roles. He recently served as Regulatory Subject Matter Expert within a large-scale improvement project at a global orthopaedic device company, leading the legacy review and remediation of labeling, regulatory assessment and premarket product launch processes and records. He can be reached by email.