5 Common Pitfalls When Approaching EUDAMED UDI Compliance

Medical device manufacturers are facing regulatory headwinds, particularly in the European Union. The EU is deploying a comprehensive database on medical devices (EUDAMED) which will introduce new UDI concepts such as the Basic UDI (BUDI) and include device registration data, notified bodies and certificates, clinical investigations, and market surveillance. Health authorities globally are enforcing new requirements across the product lifecycle of medical devices – from initial product submissions to post-market surveillance requirements. Device manufacturers who take a fragmented approach to these new regulations will struggle as additional health authorities impose tighter requirements and shorter deadlines.

The introduction of EUDAMED is an opportunity for medical device manufacturers to assess their long-term UDI strategy. Instead of approaching EUDAMED as GUDID 2.0, look beyond the EU to other major markets such as China, India, Japan, and Singapore that are introducing UDI requirements within the next 5 years.

Will your UDI strategy and solution scale as more health authorities roll out their own UDI requirements and databases? Here are five common pitfalls to avoid.

You plan to submit data directly to EUDAMED (and currently do so for GUDID)

Device manufacturers often approach UDI submissions in one of two ways:

• Submit Directly: Use spreadsheets or homegrown solutions to manually manage device data and upload it directly to the health authority database

• Submit via Submission Gateway: Submit device data to a vendor who validates the data then submits it to the health authority database

Historically, submitting directly to the health authority was a viable solution since there was one target database (GUDID). Depending on the number of SKUs and target markets at your company, this approach may be passable for meeting EUDAMED compliance, but how sustainable will this be as additional health authorities introduce their own databases?

Submission via a gateway is a more sustainable approach, so long as your gateway provider is staying up to date with the latest health authority requirements. Prepare and submit a single comprehensive set of UDI data to the submission gateway for validation and dissemination to multiple target health authority databases.

Your UDI data is managed separately from other enterprise master data

A majority of UDI data can be directly pulled or derived from R&D data sourced from a product lifecycle management (PLM) system or similar enterprise application, leaving Regulatory Affairs to review and finalize before submission.

However, companies often rely on Regulatory Affairs or specialized departments to author and manage UDI information separately from their product master data whether it is via offline forms or spreadsheets or using standalone UDI solutions which are not integrated to source systems containing product information. This not only increases the amount of manual effort on internal resources when performing a submission, but also creates compliance risks when discrepancies arise between source data and UDI submission data. The manual efforts and risks are only exacerbated as more health authorities roll out UDI requirements and databases.

Your UDI submission process isn’t coupled with other business processes

How tightly coupled your UDI submission process is with other new product development (NPD) or product sustainment processes is often correlated to how UDI data is managed in relation to your sources of product data.

Ideally, product design changes or updates to product master data used in UDI submissions will trigger an automatic impact assessment process for Regulatory Affairs to perform. If the product source data and change control process are managed in the same application, the UDI impact assessment can be made even easier. In practice, however, manufacturers will frequently rely on offline processes to alert Regulatory Affairs to perform a manual impact assessment, if at all.

You are not considering the broader UDI landscape when choosing a solution for EUDAMED

As part of preparing for EUDAMED, are you reviewing processes and solutions in place for GUDID today? What about assessing your proposed EUDAMED solution to determine if (and how) it can meet upcoming UDI requirements from other health authorities in the near future?

Because of the similarity and overlap of UDI data across health authorities, as your solution list for UDI compliance grows, so does the effort of managing highly similar sets of UDI data and the risk of failing to keep that data in sync. Integrating the various solutions and applications can help minimize the risks of a growing UDI solution list but increases the amount of technical debt to sustain the solutions.

What does a sustainable and scalable UDI solution look like? In order to scale, a UDI solution that can be extended via low-code or no-code to meet evolving health authority requirements is a must. Consider ease of integration with existing source systems and a submission gateway to minimize technical debt and improve the sustainability of the solution.

You are planning for the 2025 UDI compliance date

While the hard deadline for UDI and certificate compliance in EUDAMED is mid-2025, manufacturers should focus on the vigilance reporting and post-market surveillance (PMS) deadline in late 2023.

How do the vigilance reporting and PMS deadline impact BUDI/UDI deadline?

• Vigilance records must be reported in a timely manner under EUMDR.
• Vigilance records must be linked to the device(s) BUDI to complete the submission to EUDAMED.
• There is a lead time associated with uploading BUDI data and linking the BUDI to the appropriate certificate in EUDAMED which also requires involvement from Notified Bodies

Manufacturers should strive to get BUDI information consolidated and uploaded to EUDAMED well ahead of time in anticipation of vigilance reporting requirements under MDR.