EU MDR & IVDR Insider
October 2025 Issue
A free publication from AKRA TEAM
This issue explores how manufacturers can turn risk management from a compliance exercise into a connected, evolving system. Learn from Andrew Gibson (AKRA TEAM), Greg Griffin (BSI), and Arie Henkin (Omniscient Neurotechnology) as they share practical strategies for integrating real-world data, strengthening documentation, and scaling proactive systems across product lifecycles.
👉🏻 Download the Full PDF Issue
UPDATE
Welcome to the October Issue of EU MDR & IVDR Insider
Update by Bassil Akra, PhD
INSIGHTS
Risk Management Integration: From Documentation to Practice
with Andrew Gibson, PhD, RAC
Reviewers Expect 7 Critical Elements Reviewers Expert in Your Risk Management File
with Greg Griffin, PhD, MRSE
Building Proactive Risk Systems That Scale with Growth
with Arie Henkin
Practical Tools & Next Steps
Your Risk Management Playbook
October in Review
With Bassil Akra, PhD — CEO, AKRA TEAM
From Pittsburgh to Rome: October’s Regulatory Reset
October opened with hope in Pittsburgh and closed with action in Rome. Between RAPS Convergence and the 4th Annual TEAM-PRRC Summit, the EU regulatory landscape shifted from conversation to execution.
RAPS Convergence: The Love Letter
October 7-8 brought the EU MDR Kick-Off session. Moderated by our team, the panel featured Sabina Hoekstra-van den Bosch (TĂśV SĂśD), Gert Bos (Qserve Group), Ehab Amen (GMED), JoĂŁo Martins (Abbott), and Erik Vollebregt (Axon Lawyers).
- Sabina captured the moment: “I have never seen this before — that so many things happen at the same time.” Her timeline traced a decade of change culminating in the upcoming legislative revision.
- Ehab reminded us: “Patience is not only the ability to wait; it’s how we behave while we are waiting.” João countered the doom narrative with data: improved conformity assessment timelines, new implementing acts, and centralization models protecting the notified body system.
- Gert called it what it was: “A love letter is about hope and dreams… we get the chance again to make it right and restore trust in the system.”
TEAM-PRRC Summit: The Work Continues
Rome’s 4th Annual Summit (October 24-25) brought together 100 participants. Alessandra Basilisco from the Italian Ministry of Health opened with clarity: “The PRRC is not a symbolic title but a living responsibility.” Her sentiment was echoed in the 23 other presentations and conversations over the two days.
Three signals emerged:
- Simplification is coming — prepare now for how revision affects your 2026 submissions
- EUDAMED transparency matters — document your workarounds
- PRRC roles are maturing — update contracts and liability frameworks
Bottom Line
October showed regulatory evolution in real time. Predictability, transparency, and patient-centricity are now operational requirements.
Apply these signals to your Q4 planning before year-end submissions hit.
— Bassil Akra
The Documents That Don't Talk to Each Other
Andrew Gibson opened the August 19 webinar with a challenge for the participants: how many of you have risk management files that actually connect to your post-market surveillance data?
The silence was telling.
Gibson, who leads AKRA TEAM's European consultancy team, sees this gap constantly during regulatory reviews.
"We're seeing a lot of issues during review about traceability from what you're communicating to the user, what you're intending the product for, back to your documentation, how that's being verified and validated," Gibson explained.
According to Gibson, the problem isn't that manufacturers lack risk files—it's that those files exist in isolation from the rest of their quality infrastructure.
Why Integration Breaks Down
Risk management files get created for submission, then sit untouched while real-world data piles up elsewhere.
Complaint databases track issues. Post-market surveillance captures trends. Clinical evaluations update safety profiles. But these information streams rarely feed back into risk file updates through defined processes.
Gibson recommends quarterly reviews as "a good cadence and you don't lose track of occurrences or trends." Annual updates? Too slow. Ad-hoc reviews? Teams forget.
What Actually Works
Cross-functional risk reviews catch hazards single departments miss. When design engineers, clinical specialists, regulatory leads, and manufacturing personnel review files together, they spot disconnects before regulators do.
This matters especially during personnel turnover, when institutional knowledge walks out the door.
"What you're communicating to the user, what you're intending the product for, back to your documentation, how that's being verified and validated — that's really the overall picture and narrative that needs to come together.”
— Andrew Gibson, AKRA TEAM
Integration isn't a nice-to-have. It's the whole point.
What 300 Risk Files a Year Teaches You
Greg Griffin reviews medical device submissions for BSI. After hundreds of technical files, patterns emerge.
"I've seen smart people with knowledge doing good risk management in practice,” Griffin said. “But then the documentation can be lacking. The gap between good process and good records sinks submissions."
According to Griffin, manufacturers demonstrate a strong understanding, but when documentation fails to capture this expertise, reviewers cannot verify the work. What teams know versus what files show creates delays during review.
The Harm vs. Hazard Confusion
Most risk files fail at problem definition. Engineers describe device malfunctions—incorrect readings, software glitches, he said. That's the hazardous situation.
Reviewers need the next step: what happens to the patient? If a device gives a doctor wrong information, the harm is inappropriate treatment. This distinction determines severity scoring.
A blood pressure monitor displaying incorrect readings is a hazardous situation. The harm is that the patient receives wrong medication dosages. Without separating hazards from harms, the entire risk assessment framework fails.
Where Evidence Disappears
"After you've come up with an idea of how to control a risk, it's really important to validate that idea was effective."
— Greg Griffin, BSI
Manufacturers cite standards compliance without demonstrating why controls work, he said. They reference requirements without showing how effectiveness was confirmed. The best files document systematic external research—literature reviews, competitor analysis, regulatory databases—then trace findings through technical documentation.
Critical Evidence Requirements
- Warning labels need human factors validation.
- Durability claims need testing beyond specs.
- Software safeguards need verification under failure conditions.
- Manufacturers cite standards compliance without showing why controls work.
Griffin looks for reasoning:
- Why this mitigation?
- How was effectiveness confirmed?
The best files document systematic external research—literature reviews, competitor analysis, regulatory databases—then trace findings through technical documentation.
Files that read like standalone stories pass faster.
According to Arie Henkin, Chief Clinical Officer at Omniscient Neurotechnology (o8t), startup medical device companies face a critical question: when should we start formal risk management?
Start Building Before You Think You Need To
Many startups delay formal risk management until regulatory submissions loom, creating unnecessary pressure and superficial analyses that miss critical hazards.
Henkin said, "The time when you do it, and especially when you start thinking through risk management and putting things on paper," represents one of the most critical decisions for growing companies.
Learn from Accumulated Wisdom
He recommends casting wide nets when researching comparable devices, similar functions, and related failure modes. FDA databases, literature, and recall announcements provide insights for hazard identification that internal teams might miss.
"We read books because they represent somebody's accumulated knowledge and experience over time,” said Henkin. “Risk management is the same way."
Deploy Multiple Analysis Methods
Don't limit yourself to single methodologies, he said. Try fault tree analysis, literature reviews, and failure mode analysis. Different approaches reveal different risk perspectives and build a comprehensive understanding.
Avoid Compliance Theater
Risk management worksheets serve as tools, not end goals. The thinking process matters more than document formatting.
"Really avoid what I would call compliance theater, the act of checking a checkbox for having a worksheet instead of actually going through the thinking process behind the exercise."
— Arie Henkin, Omniscient Neurotechnology (o8t)
Build Cross-Functional Integration Early
Establish regular touchpoints between risk management and other development workstreams from the beginning. Design changes should trigger risk reassessment. Clinical findings should feed back into evaluations.
Design for Post-Market Evolution
Plan for regular reviews tied to surveillance cycles. Establish clear update processes based on field experience. Consider how risk-benefit evaluations evolve as clinical evidence accumulates.
Your Risk Management Playbook
Risk assessment fundamentals (apply systematically)
- ISO 14971 - International standard framework
- Hazard vs. Harm - Distinguish situations from consequences
- Lifecycle Integration - Connect pre-market and post-market activities
Risk statement structure: Observed hazard leads to hazardous situation at [location/condition] during [use phase]: potential harm to [patient population] with [severity level] likelihood.
Verification requirements: Link control measures to objective verification methods, document effectiveness evidence, and confirm implementation before market release.
Root cause tools (use, don't worship)
5 Whys - Linear chains | Fishbone - Multiple factors interact | Bowtie - Focus where impact is biggest
Problem statement template: Observed issue on device/process at location on date: found via audits/routine complaint/field/PMS.
Effectiveness verification: Tie checks to changed mechanism, set objective criteria upfront, confirm recurrence before closing.
Next Steps
- Review risk file for post-market integration gaps
- Assess documentation against reviewer expectations
- Implement systematic literature review process
Meet the Subject Matter Experts
Andrew Gibson
AKRA TEAM Senior Managing Consultant
Greg Griffin
Bsi Technical Specialist
Arie Henkin
Omniscient Neurotechnology Chief Clinical Officer
About AKRA TEAM
We are a diverse team of high-level expert consultants dedicated to assisting stakeholders in all steps towards bringing medical devices, in-vitro diagnostics, and combination products to market.
Our experience and knowledge are applied to ensure timely product launches in full compliance with complex legal and regulatory requirements.
EU MDR & IVDR Insider
We hope you enjoyed this issue of EU MDR&IVDR Insider, a free publication from AKRA TEAM.
Each issue is packed with expert insight, actionable analysis, and resources from top industry leaders. It's your ultimate guide to staying ahead in regulatory excellence.
October 2025 - EU MDR & IVDR Insider
© 2025 AKRA TEAM GmbH
