The swissdamed Device Registration Module: How to gain access, register devices, and more
18 August 2025
Registration for Hybrid EUDAMED Workshops Now Open: 8 Oct 2025 (Rome) & 3 Dec 2025 (Brussels)
7 September 2025Below is an overview of the August 2025 news items that were not already individually reported. Please see our Regulatory Updates main page for those topics, e.g., Version 1 of the swissdamed UDI/Device module is now available for voluntary use.
European Commission
MDCG 2024-14 Rev.1, Master UDI-DI for Contact Lenses
MDCG 2024-14 was revised and is available: HERE
It was updated to add references to:
- The new Commission Delegated Regulation (EU) 2025/788, which extended the compliance deadline by one year. This gives companies until 9 November 2026 to comply with Master UDI-DI requirements.
- And to MDCG 2025-7 ‘Position Paper: Timelines of implementation of ‘Master UDI-DI’ to contact lenses and spectacle frames, spectacle lenses and ready-to-wear reading spectacles’.
Cybersecurity Draft Amending Regulation
Background
Medial devices with digital functionality typically require cybersecurity compliance, such as:
- Smart monitors, e.g., connected vital signs monitors
- Wearables, e.g., ECG patches, smart insulin pens
- Software as a Medical Device (SaMD), e.g., mobile diagnostic apps
- Connected diagnostic tools, e.g., digital pregnancy tests with app sync
- Networked lab instruments, e.g., analyzers linked to LIS or cloud platforms
Under the MDR/IVDR, cybersecurity is addressed under Annex I (General Safety and Performance Requirements), software lifecycle & risk management (e.g., IEC 62304). Manufacturers are not required to obtain a formal cybersecurity certificate; however, they must prove the device is secure against cyber threats. Manufacturers may choose to pursue EUCC formal certification through a cybersecurity certification body, which acts as a structured way to demonstrate compliance (similar in concept to confirming to European harmonized standards to show compliance to a certain requirement).
Overview of Draft Amending Regulation
The draft amendment to EU cybersecurity rules is available: HERE
It proposes changes such as in the below table:
| Proposed change | Impact of proposed change |
| Defines “product series” | Manufacturers can certify multiple similar digital products together. This is helpful if you sell variants of a connected device. |
| Defines “minor” vs. “major” changes | Small software updates = no re-certification needed. Big security changes = re-evaluation needed. |
| Requires English version of security documentation | If the device is certified under EUCC, the “security target” (device’s security description) must be published in English. |
| Clarifies when reassessment is triggered | Even if the product doesn’t change, a shift in cyber threats (e.g., new attack types) may require a review. |
| Updates technical guidance (“state-of-the-art”) | The cybersecurity expectations for evaluation will stay up to date (and may shift over time). |
| Simplifies certificate IDs | Removes certification body name and the month, for cleaner tracking. |
MDR Language Requirements Table Updated
The Commission’s MDR Language Requirements Matrix has been updated to Rev.3: HERE
The change is to reflect updates for Portugal. The changes include referencing the updated legislation (Decree-Law no. 29/2024, from Decree-Law no. 145/2009) and adding information on language requirements for software user interface in the last two columns.
Casus’ Language Requirements Tool has been updated accordingly.
| Revision 2 (March 2024) | Revision 3 (August 2025) |
|---|---|
| Legislation: Decreto-Lei n.º 145/2009, de 17 de junho | Legislation: Decreto-Lei n.º 29/2024, de 5 de abril |
| (Graphic) user interface (e.g. apps): no information provided | (Graphic) user interface (e.g. apps): Laypersons: Portuguese Professional Users: Portuguese. English may be accepted as an alternative, as long as certain conditions are met, as detailed here, namely: IFU must be made available in Portuguese, and must include the translations of the information presented in the GUI; There should be no evidence of incidents/complaints occurring as a result (causal relation) of the use of a GUI in a language other than the official language of the country of the user of the medical device in question. |
Team Notified Body (Team NB)
Survey on Certifications and Applications
Team NB published the results from its survey conducted in March 2025: HERE
Notable updates include:
- Application quality is still a major issue, with only 15 out of 50 NBs reporting that more than 50% of the submissions are complete at first review.
- The certification process is still lengthy. However, at least according to Notified Bodies, most of the certification time (~60%) is spent on the manufacturer’s side, e.g., waiting for document revisions and resolving NB comments.
- No Notified Bodies have yet issued a certificate under Article 17, for the reprocessing of single-use devices.
- The number of Annex XVI devices (non-medical products covered under the MDR) is still extremely small, with only 16 of the 50 Notified Bodies having issued XVI CE Certificates.
- Only 22 Certificates for Companion Diagnostic (CDx) devices have been issued (and only 52 applications lodged).
- Of the 28,489 MDR applications, 5,107 were for changes to already-issued MDR certificates.
New MDR Clinical Training 20 Nov 2025
The August 27th MDR clinical training was fully booked. Therefore, Team-NB has organized another ½ day training session for Thursday 20th November: HERE
The training is intended for individuals who already have experience creating Clinical Evaluation Reports and/or involvement in the CE submission process, e.g., members of the manufacturer’s clinical team. Therefore, it will focus more on real case examples, as opposed to providing an introduction to clinical requirements.
The training starts at 9am Central European Time, making attendance also feasible for companies located in Asia Pacific.
MedTech Europe
Call for “zero-for-zero“ Tariffs for Medical Devices
MedTech Europe raised concerns that 15% tariffs may apply to some EU medical technology exports following the July 31 US Executive Order: HERE
While the recent EU-US agreement helped avert the worst-case scenario of broad retaliatory tariffs, medical technologies were not specifically excluded. Therefore, MedTech Europe is calling for a dedicated, “zero-for-zero” tariff exemption, warning that transatlantic duties could harm patient access, stifle innovation, and burden healthcare systems.
Push for Smarter “Digital” Rules
MedTech Europe has published a position paper calling for “smart” digital simplification across EU health-related legislation: HERE
They argue that digital tools like EUDAMED or e-labeling can reduce burdens. However, in practice, they often just add new obligations without removing the old ones. So instead of streamlining compliance, digitalization is turning into a second layer of reporting, documentation, and oversight.
MedTech Europe is urging lawmakers to eliminate duplication and ensure digital systems replace existing processes, rather than adding to them.
Call for Coherent Implementation of the AI Act
On the first anniversary of the EU’s AI Act entering into force, MedTech Europe warns that the legislation still risks creating more overlap, than clarity: HERE
MedTech Europe argues that applying the AI Act in parallel with MDR and IVDR could trap manufacturers in duplicate frameworks and slow patient access to safe technologies.
They call for three fixes:
- Extend the AI Act application date to 2029 for medical technologies already covered under MDR/IVDR.
- Confirm MDR/IVDR Notified Bodies can handle AI conformity assessments with dedicated technology codes.
- Explicitly exempt clinical investigations and performance studies from AI Act obligations, so evidence generation is not stalled.
Without these changes, the industry fears the AI Act will add a second layer of regulation that complicates compliance, rather than supporting innovation.
UK MHRA
Digital Mental Health AE reporting
The UK MHRA published an update on adverse event (AE) reporting requirements for digital mental health technologies (DMHTs): HERE
The new guidance:
- Highlights that DMHTs pose unique risks such as software glitches, misleading content, privacy breaches, or unintended psychological harm, which are risks that traditional frameworks may miss.
- Provides concrete AE examples (e.g., failure to trigger a crisis alert, misinformation via chatbot, data breaches, or missing safety prompts), to help manufacturers spot and report serious events correctly.
- Supports MHRA’s broader post-marketing surveillance reforms effective June 2025, which aim to speed risk detection and better protect patients.
MORE Submissions User Reference Guide Updated
The MHRA updated the MORE Submissions User Reference Guide: HERE
The key updates are:
- Periodic Summary Report upload functionality has been restored via the MORE portal, bringing the reporting process back online for device manufacturers.
- The Serious Adverse Events section now includes additional guidance on Quarterly Safety Reports (QSRs), to help manufacturers better understand when and how to use QSRs under the updated surveillance framework.
Swiss MedTech
New Guidance on Economic Operator Inspections
Swiss MedTech has published to help industry prepare for Swissmedic inspections: HERE
It explains how Swiss-based manufacturers, authorised representatives, importers, and distributors should prepare for, undergo, and follow up on inspections. Highlights include:
- Inspections are now a core part of Swissmedic’s market surveillance and align with EU practice. They may be pre-announced or, in cases of risk, unannounced.
- Companies can expect a formal notification letter outlining the inspection team, topics, and logistical details.
- Swissmedic will also request documents in advance, such as product lists and QMS descriptions.
- Focus areas include PMS and vigilance.
- Firms must be able to show written evidence of processes for incident handling and surveillance activities.
- During inspections, non-conformities are common.
- Findings are formally documented and discussed in a closing meeting, after which companies must submit a CAPA plan
- Swissmedic reviews corrective measures case by case and may accept documentation, request further review, or conduct a follow-up inspection before closing the case.
