> two of them (HIPPA and FDA approvals) are American
I specified all three via comma to highlight that we had quite some history in compliance, in different jurisdictions.
HIPPA covers only medical devices, GDPR covers everything. FDA approval process is convoluted and expensive, especially for new types of devices, but it's still much easier than European MDR.
Also, I mentioned FDA because we didn't even try to get a proper compliance in the EU, because it's impossible for a startup without huge support.
No, the HIPAA Privacy Rule covers only medical information: see https://www.hhs.gov/hipaa/for-professionals/privacy/laws-reg.... Perhaps with your organisation, this was restricted to devices, but within a hospital environment there's a lot more covered by the HIPAA Privacy Rule than just medical devices. NB: the combined text of the applicable HIPAA rules (115 pages) are a lot longer than the entire text of the GDPR (88 pages, including recitals).
> The certificates shall be valid for the period they indicate, which shall not exceed five years. On application by the manufacturer, the validity of the certificate may be extended for further periods, each not exceeding five years, based on a re-assessment in accordance with the applicable conformity assessment procedures.
Other than that, it just seems like "do actual science to determine safety" and "if there's no 'intended medical purpose', also do actual science to demonstrate efficacy". The HMT Medizintechnik GmbH consultation feedback seems to say that a small company providing, say, basic sutures, is required to repeatedly prove the adequacy of those sutures, even though everybody knows that basically any sutures are adequate for those cases where sutures are adequate; but I don't think that's a correct reading of the law. (And this shouldn't affect a new device.) So I'm a bit confused. https://www.medtecheurope.org/wp-content/uploads/2025/03/250... clinical evaluation TOP 3 (on page 18) does not describe a problem with the text of MDR, but as a long-term mitigative measure they suggest:
> Possibly making this clearer in the text revision so Notified Bodies do not feel they must ask for PMCF clinical investigations as a default.
You never claimed that the text of the regulation was the issue; and I think I'm starting to see where the problem lies. While the rules are mostly sensible, they delegate to national bodies empowered to exercise discretion, and these bodies are (reportedly) erring on the side of excessive requirements. Was this the reason you gave up on EU certification without attempting it?
I specified all three via comma to highlight that we had quite some history in compliance, in different jurisdictions.
HIPPA covers only medical devices, GDPR covers everything. FDA approval process is convoluted and expensive, especially for new types of devices, but it's still much easier than European MDR.
Also, I mentioned FDA because we didn't even try to get a proper compliance in the EU, because it's impossible for a startup without huge support.