Medtech governance in Europe is highly decentralised, with product certifications also being "outsourced" to private entities (i.e. Notified Bodies). This would be complicated enough if classic Notified Bodies didn't also bring their own enormous challenges to the table: lack of availability, lack of new tech competence, lack of transparency and communication.. Companies feel they have no control over their destiny.

So what's Scarlet doing differently as a Notified Body:
1️⃣ Focus on one subject matter (digital devices only) to ensure top and uptodate competence
2️⃣ Fit the conformity assessment process around the applicant and their timelines
3️⃣ Engage transparently and pragmatically about expectations in pre-sub Structured Dialogues
4️⃣ Scale resources flexibly with externals

and, my favourite,

5️⃣ Train their trusted consultants in an independent manner in order to increase the chance of high quality submissions and enable more effective reviews.

Which other NBs do this? None that I'm aware. But please share if you know any good practices you've experienced.

Therefore, I'm particularly enthusiastic to have been part of this special training session last Friday! Not only with a like-minded NB, but among a group of 18 like-minded regulatory experts ❤️

New times and new tech need a new approach - a mantra of Edge Compliance. I hope other and new NBs will take example.

Note: I'm not affiliated but believe the initiative deserves genuine praise and broadcasting.

Thank you Dan Levy and Sandy Wright at Scarlet - also for the photo credit. Stellar job!

Very exciting trend of femtech apps integrating with wearable data! How does this work for the regulated ones? I wanted to share this clever use of PCCP from Natural Cycles° from last year which impressed me.

What's PCCP?
Pre-determined Change Control Plan is a regulatory instrument devised by FDA - as a European is I'm most jealous of. It was designed to enable AI devices, which by design need to be able to evolve their accuracy in the field, getting smarter the more data they acquire. Traditionally, any change to the accuracy and performance of a device required a regulatory resubmission (still the case in EU) and up to 90 days of review wait.
With PCCP you can get pre-approval for a reasonable range of performance that you anticipate and accept.

What I found clever, is that Natural Cycles°, the pioneer of regulated fertility awareness, used PCCP not for AI changes but for variability of source data from different wearables.

While, as far as I'm aware, they currently integrate only with ŌURA and Apple Watch, this clears the way for them to swiftly add any more integrations to their conception/contraception suite as long as they fit their predefined specs (see table in pdf).

This is an example of how:
1️⃣ Regulatory instruments that are smart and abreast with the times enable even more innovation than what they primarily intended to,
2️⃣ Femtech is riding the wave of biomarkers ensuring most users can be served irrespective of which devices they choose - it's not just the iOS vs Android divide anymore!
3️⃣ Scientific research and clinical partnerships will see an incredible boost of opportunity from all this data, finally compensating for the lack of data that we know womens health has suffered until now!

What else could we use PCCP for? And until when can we have a similar toolkit in Europe under MDR? 🫠

NC's current integrations here

Link to full 510k summary here

What if the interaction with regulators was more personal?

This week, I was interviewed as part of the Therapeutic Goods Administration's research for improving health software regulation.

Since we registered a SaMD client in Australia, we were contacted to take part in a 1 hour call with ORIMA Research on the TGA's behalf. We had the chance to discuss our experience and to give suggestions on what would help other digital health companies enter the Australian market compliantly, for example:

🔍 how do companies find out whether they are regulated?
🔍 what is key for them to know in order to navigate the regs?
🔍 what's clear / unclear in the regs?
🔍 what could be attracting digital health companies to Australia?
🔍 what would put them off from doing it compliantly?

I would love to see the EU doing the same. But then, in practice, who? The European Commission? The national Competent Authorities? The Notified Bodies? Team-NB? MDCG? It gets complicated before even starting..

Yes, sometimes the EC issues calls for comments on certain regulations. The problem I have with this is a) the free-text format, which is an invite for whining and venting, and b) the lack of accountability, i.e. does anyone read it? what happens with it?

In contrast, I really appreciated:
🌟 The structured discussion format, still with some liberty to digress,
🌟 The face-to-face personal interaction, which encourages trust,
🌟 Knowing a report with clear actions will come out of it and disseminated.

Kudos to the TGA and lovely experience chatting to Jack Disher at ORIMA.
We look forward to the report!

Starting two new client projects this week, one on food supplements in France and one on in-vitro diagnostics in Germany, both in womens health!

Very few medtech consultants would feel comfortable touching other verticals (even from MDR to IVDR). But my career started like that when, honestly, I didn't have a choice! Now it's what I enjoy the most, and what I built my agency around.

The hard competences boil down to a few common traits, irrespective of sectors, regs and countries:
➡️ Regulatory definition / classification
➡️ Manufacturing requirements
➡️ Claims and label compliance
➡️ Responsible Person / Entity role
➡️ Notification / Submission procedures
➡️ Review interaction
➡️ Launch and Distribution
➡️ Post-market reporting

After all, it's all about health accountability, and humans have really one way of expecting it - the rest is often noise.

Personally, I find it super fun to come across these analogies, transfer learnings from one area to another and even anticipate cross-sector currents. Excited to get going!

An absolutely incredible time at Women's Health Week at the Barbican! The opportunity and momentum for femtech re undeniable.

It's no philanthropic initiative, it's a business sector with real problems be solved and real money to be made. Women, i.e. 51% of the population, control more than 80% of household health decisions, yet suffer ill-health for 19% more time than men - mostly during their working years.
Closing the gap could generate >$1trillion annual global GDP by 2040. It's no charity, it's business sense.

The innovation that is happening in this space fills us with awe, anticipation and gratitude. Will post more about some of the founders and products that we learnt about.

How long does it take from FDA submission to clearance?
Let's look at the recent data.

The 510k database can be exported and analysed. Format is not humanly readable but makes a fun ChatGPT exercise.

Here is the result of me playing with the database from devices cleared last months (Aug and Sep 2025).

❗ The normal distribution appears to peak around 90 days, the legal obligation for FDA to respond to submissions. Around 30% of submissions were cleared within that timeframe.
❗ Nice peak at 30 days - but don't be too wishful! These are expedited reviews, e.g. changes to existing 510ks or based on prior agreements or expected updates.
❗ Less exciting peak around 270 days, i.e. 9 months. Most submissions receive an Additional Information request, which gives manufacturers 180 days to respond and restarts the clock for FDA after that (further 90 days).

Lesson here?
If you're planning a 510k, a realistic estimate for clearance is nothing less than 6 months. This is what applied to 2/3s of the 400+ applications cleared most recently.

Good quality submissions and preliminary discussions with FDA on the fundamental topics can help prevent Additional Information requests and thus increase the chances of receiving clearance within 90 days.

Does your experience confirm this too?

I will dig more into this database in the coming posts with more insights.

After Republican and Democratic politicians could not agree to pass a bill funding government services, on 1st October the US federal government has shut down. Though not unusual (almost every administration had at least one, lasting from a couple of days to a top 35 days), they create immediate uncertainty for largely Congress-funded agencies such as the FDA.

FDA announced that, based on its contingency plan, it will limit its ops to “mission critical activities including responding to public health emergencies, supporting high-risk food and medical product recalls, and conducting essential surveillance of medical devices and other medical products”.

So in practice, until the end of the shutdown:

🔴 No new submissions accepted (510k, DeNovo) nor payments thereof,
🟡 Ongoing reviews will continue but may suffer delays beyond the mandatory timeframes and potential unresponsiveness,
🔴 Annual fees will not be processed (MDUFA user registration), though due in October for Fiscal Year 2026 - see my previous post on increased fees,
🟢 Medical device recalls and safety surveillance will continue,
🟡 Inspections largely on hold except if “for cause”.

Tough news if you are on the brink of submitting or awaiting a decision. But history tells us these don't last long, so be ready to move fast once the shutdown lifts.

Here the regulatory version of “IS IT CAKE??” 🍰 - if you know the show! Featuring the European Commission’s updated guidance on borderline products published this month.

As someone whose specialty is borderline products and who loves RA developments on the edge, I spent hours digesting its 24 examples of what is or isn’t a medical device - as opposed to drugs, cosmetics, IVD, personal protective equipment (PPE), biocides,..

Frankly, I found half of the examples straightforward, and the other half.. I either struggle to understand the reasoning, disagree or find it inconsistent. Here the main reasons:

INTENDED USE vs MODE OF ACTION, WHO WINS?
MDR defines and classifies medical devices based on the former, while this guidance mostly hedges on the latter. When conflicts arise, this guidance gives priority to the mode of action. There are two, in my opinion, conflicting examples with devices that claim prevention of disease: an STI prevention app and medical examination table covers (i.e. paper roll). The first is not MD, despite processing medical records, using algorithms to assess risk, alerting peers regarding their potential for infection - because “no action on data other than communication”. The second is MD, regardless of its make - because “acts as a mechanical barrier”.

ANYTHING BUT Class I, EVER..
The myth of Class I devices continues. Only one example from here comes out as Class I MD: a rescue bag for patient transport - because "aims to support and protect, [..] avoids worsening of health". Arguably, PPE and Product for Emergency Rescue regulations could be sufficient, so what does Class I MD status really add here? On the other hand, why couldn’t some other low risk examples be Class I (e.g. STI app above, medical calculator for recurrent math)?

It's a continuous learning process for all, and access to practical guidance of this type is very helpful for the health sector as a whole - actually something that FDA does way better (writing style and formal consistency in this manual is quite disappointing).

If we held a geeky RA pub quiz on these examples, how would RA professionals, national authorities and notified bodies score? That would be interesting.

Swiss Medtech events never disappoint!
Key learnings from attending yesterdays session in sunny Bern (inside a stunning casino!):

1️⃣ US tariffs and lower FDA capacity are discouraging EU/CH startups from going US-first, but there are clever best-practices to work around them.

2️⃣ EU's gap between numbers in MDR applications and certifications is widening in unsustainable ways due to a poor EU-wide governance model for medtech, and how this needs fixing ASAP.

3️⃣ Switzerland is working out creative legal basis to be an attractive alternative (e.g. to fast-track FDA medical devices and to modernise its regulatory framework faster than the EU can)

4️⃣ Emerging markets (e.g. Saudi Arabia) get devices to market 6 months faster than traditional markets, meaning their patients get better outcomes, HCPs get better education, and the healthcare system innovates exponentially faster.

Grateful to Bernhard Bichsel and Sandra Item from ISS AG, Integrated Scientific Services, Daniel Delfosse, Eva von Mühlenen, LL.M., from Sidley Austin LLP, Glenda C. Marsh from Johnson & Johnson MedTech for putting together such an inspiring and informative afternoon!

A short story on using AI for a QARA task and coming up with a framework for doing it faster (4h down to 1h) while keeping it under control.

Task at hand:
Client received its inspection report from the authority via the post in the national language and needed it digitalised and in English in order to action it.

1️⃣ Convert scanned pdf to electronic document
ChatGPT 👎 didn’t identify text in the scanned pdf.
Gemini and NotebookLM did it, but I was unconvinced by the accuracy 🧐 .
GoogleDrive did the job, uploaded the pdf and "Open as GoogleDoc". ✅

2️⃣ Translate electronic document
ChatGPT and Gemini kept hallucinating badly 😵‍💫 .
The "Translate document" function of GoogleDocs returned a poor literal translation 🥴 .
NotebookLM was accurate but skipped content 😥 .
Ended up doing section by section via Gemini's in-text "AI Refine" function with a very meticulous prompt and checking it manually in a side-by-side table 🥵 .

3️⃣ Format electronic document similar to the original
ChatGPT and NotebookLM didn’t work 🤕 .
Gemini could do some basic improvements via the in-text "AI Refine" function, but not via the GoogleDocs built-in "Ask Gemini" nor via the browser chat. Interesting how much these differ in capability.
In the end, the formatting fix was mostly manual 🤯 .

Conclusion:
After 4 miserable hours spent on the task with many failed attempts and much too manual input, I achieved a satisfactory document.
But, I still wanted to get to the bottom of this. There must be a better way??

So I restarted from scratch using a different approach, which I could summarise in a way that is inspired by the concept of the PDCA / Agile cycle we use in Quality:

⤵️ Plan: Ask AI for the right tools and prompts to achieve your goal. And importantly, "ask AI to ask you" questions or point out what is unclear in order to help you refine your requirements accurately.
▶️ Do: Approach it step by step. Run your refined prompt for your SUBtask in your selected tool. Quick review of the output, refine the prompt. Change tool if needed.
⏯️ Check: Get AI to verify its results and to help you check it manually by highlighting any discrepancies. For example, “juxtapose the original and translated content in a table section by section and note any discrepancies between the two version of the text”.
🔁 Act: Tell AI to correct the discrepancies, then re-run the verification step to update results.

Eventually, by doing it this way, I could achieve the same result in 1h and with increased confidence on the accuracy. Still not extremely fast, but considerably faster!

I am curious, how would others have approached this dull task?

While diving into a new cosmetics project, I saw this angle, then tilted my head and... "I couldn’t help but wonder": do people realise cosmetics carry real compliance duties despite no medical claims?

Cosmetics must show, at mininum:
▶️ Manufacturing quality: GMP (ISO 22716) + national rules (e.g., EU 1223/2009, FDA 21 CFR 700)
▶️ Safety & testing: microbial load, stability/shelf life, toxicological assessment
▶️ Accountability & traceability: labelling, INCIs disclosure, product registration (e.g., EU CPNP), adverse event reporting
▶️ Governance: a designated Responsible Person, inspection-ready procedures & technical documentation

In principle, not at all far from medical devices, just rightly lighter in scope and depth.

I’m seeing both directions lately: wellness products drifting into medical territory and claim downgrades to step out of it (especially post-MDR transition end). As medical regulations tighten, new categories - and opportunities - emerge at the edges. The fluid interface is such an exciting place to be ❤️‍🔥.

My view:
Health/body-affecting products should meet proportionate standardisation and accountability. I’d favour a distinct “health and wellness-tech” category with its own rules (as cosmetics have, as the FDA is exploring) over forcing medical device frameworks around them.

Do you agree? Do you also see a rise in review of claim strategy by health product manufacturers (whether upwards or downwards)?

WHOOP ’s current FDA row is properly binge-worthy. Material for the next Lincoln Lawyer season on Netflix?
But until then, some personal reflections on why it matters for digital health and wearables.

This season’s hottest episodes:
🎞️ Ep. 1 : WHOOP launches Blood Pressure Insights (BPI) as a Wellness feature but claiming medical grade insights.
🎞️ Ep. 2 : FDA’s surveillance picks it up and issues a Warning Letter (made public with exceptional urgency) arguing against the medical disclaimers given the “inherent association” of BP with the diagnosis of hypo/hypertension,
🎞️ Ep. 3 : WHOOP refuses to pull the feature and takes it public/political, meeting with RFK Jr and attacking FDA’s integrity on social media.

I get it, it’s tough to live on the line. Enjoying the aura of “medical-grade” without the burden is the dream of many, but it's getting harder. I’ve been there with multiple startups, and deeply empathise with some of the operational and financial challenges they faced in getting that balance right - often in absence of clear guidelines.

But now: guidance is there, WHOOP already has an FDA-cleared ECG feature (i.e. a QMS) and likely the budget... then why not route the BPI feature under their existing regulated org? Whether from the start or in response to the warning. How is taking up this massive fight a better strategy?

In smaller cases, it would ring a quality culture and integration issue. But in this one, it’s seems a fight on principle - while enjoying the extra PR of being the torch bearer for the freedom of wearables worldwide.

Meanwhile, Hilo by Aktiia quietly secures BP clearance with medical indication for its bracelet without the fuss. 👀

If you’re in the borderline medical space, this is a defining moment.
➡️ Disclaimers may be shorter-lived than ever, careful if you’re relying on those.
➡️ Not all companies are the WHOOP or SPACEX of the ton. Don’t assume this aggressive strategy would work for you, play smart yes, but sustainable. PR and legal repercussions can be devastating for fundability.
➡️ Hire QARA professionals who know how to navigate the redlines vs the negotiables of borderline products.

As Blythe Karow put it in her BEAUTIFUL long read on this story:

“The art lies in reading between the lines and addressing the specific compliance issues rather than fighting fundamental regulatory doctrine.”

Meanwhile, in real life: A friend told me "my sleep/stress score from my watch is looking weird... am I sick??". Familiar? Apparently, WHOOP had an internal policy in place during COVID that employees should stay home if their score was lower than a certain threshold - they either had the virus or could easily get it. If this is how we use these tools, what's so bad in providing assurance of quality and accuracy in the first place?

Only time will tell.. For now, pass the popcorn 🍿

Since August 2nd the EU AI Act is in force. But is it?
In practice: not much today, but the clock has started. If your device includes an AI component or uses AI to support decisions it’s time to take a closer look.

For high-risk systems, including many AI-based medical devices, there’s a 36-month transition to comply, i.e. phased implementation. However, some provisions apply earlier (e.g. banned uses of AI, codes of conduct).

Here’s what I see across medtech:
1. Confusion around scope and classification, e.g. AI as a tool for CSV or as part of the intended use?
2. Assumptions that MDR = AI Act compliance, thus reactive attitude to QMS updates upon NB feedback rather than in a proactive manner
3. Teams don't know how to resource it.

Good thing is that I also see a booming AI-related offering from QARA consultants and training providers which can help if you’re stuck on any of the above points. Cool examples (among many others):

• AI-first QARA frameworks and training e.g. Johner Institut GmbH https://lnkd.in/dBSuFfie,
• AI agents for compliance-checking and even FDA review outcome prediction such as Lexim AI or Acorn Compliance,
• GenAI embedded in eQMS tools such as Formwork from OpenRegulatory or Matrix One

What would help your team implementing the AI Act? Curious to hear your challenges and to help you with the right support.

Alert 🫰 Steep rise in FDA fees from this October:

+19% Annual establishment registration fee from $9,280 to $11,423 (this is the one you pay every year for keeping the right to place a device on the market)

+7% Application fees, e.g. 510k submission from $24,335 to $26,067 (this is the one-off fee for review of a product submission file)

Bad news for early stage medtech businesses and SMEs, in particular since no "small business discount" nor waivers apply on the establishment fee at first registration.

Note, small businesses may qualify for waiver on the establishment fee (2nd year on) and a reduced application fee (e.g. 510k for $6,517 instead of $26,067, new fees) under the SBD programme. Conditions are based on gross sales and justification of "financial hardship", rather than on company size. Worth looking into.

See latest MDUFA fees on the FDA website at this link.

How do you make yourself heard when you MUST raise the redflag over design quality, production compliance, clinical safety?

It's an incredibly difficult position to be in, whether you're acting from inside a company or as an external reviewer, stakes are high and office politics (if not even higher politics), budget concerns, along with own self-limiting beliefs, come into play giving you many reasons why you shouldn't follow your gut. Maybe I'm wrong, maybe it's all well. Or maybe it isn't?

I've been in this position before a couple of times as PRRC. It's dire, sleepless nights, conflict escalation. Escalate it to whom? If the technicians or QA's voice is not heard, and your voice as PRRC is not heard, then you hope external parties such as lawyers, consultants, CROs, reviewers will be more effective gate keepers, but then they aren't. They may overlook things or also have their own interests at play. Then who is left to protect the patient? Who is going to stand up and stop the chain of events before it's too late?

The story of Frances Oldham Kelsey, FDA medical reviewer in the 60s who refused to approve Thalidomide is a great example, and similarities can be seen in other preventable disasters such as Titan's OceanGate, Boeing's 737max MCAS software, or Chernobyl to name the most famous. All had a long chain of brave flag raisers in a culture that shut them down..

Culture is key and of utmost importance in medtech. Accountability, feedback and psychological safety create space for risks to be raised and taken seriously at any stage of a project. So called "Type 1 decisions" in business, i.e. non-reversable (launch or not launch?) need true raw information, not just the glossed version that the manager is willing to lend an ear to.

A culture that integrates Quality as their biggest asset and strategic partner will value anyone who raises issues, mistakes, inefficiencies, with a view of preventing not only harm but also resources and reputational risks.

I'm so deeply passionate about driving such cultural shifts and help teams innovate in the most progressive, forward-looking and responsible ways.

I am often asked: what is “quality”?

I find it funny how often this question comes up in my field and how much debate it sparks over and over again. I cannot think of many other professions that would routinely take you to re-discuss and reassess their own purpose and definition at such philosophical depths.

Each one of us has a different take on what “quality” or “good” means depending on what most matters to us or what is the object we are talking about. And that's what makes it so personal and ambiguous. Good quality furniture is sturdy and durable. A good quality smartphone should be fast and reliable. Yet good quality in the service industry may be tied to delivery and customer support.

What do all these have in common? Expectations and accountability.

As the end user you want to know that what you are getting - whatever that is - really meets your needs. You want to know that what you read about it is trustworthy and not only the result of creative marketing. You also want to know that if something goes wrong with it, the provider will have your back and will take responsibility for it.

So although “quality” may seem at first as a highly subjective attribute, it eventually boils down to something tangible and product-agnostic. Know your customers' needs, know what you're giving to them, act upon problems. This is effectively what quality standards are all about. A set of requirements for any industry (or in certain cases sector specific) that unifies what quality means for all and defines how to prove it unambiguously.

In the case of medical products quality is clearly paramount. The expectation for genuine health outcomes and for service accountability are closely tied to our own wellbeing, our safety, our privacy and security - or that of our loved ones. As much as we may try and inform ourselves to discern good quality products from bad quality products, there's a limit to what one individual's understanding can achieve. Products and companies alike can be incredibly diverse and complex, and to effectively scrutinise different therapeutic options one would need to be simultaneously an expert in medicine, science, technology, law, security, privacy, all in one. As consumers and as patients, this is an unfair burden. This is why the health industry is regulated and requirements are standardised. This is why there is a system and diverse teams of experts doing it on our behalf and in our interest, from pre-market approval to post-market surveillance. National health authorities safeguard users to ensure transparency and accountability.

As any complex system and human endeavour, the quality framework is not perfect, of course. Unfortunately, operating quality in a compliant way doesn't translate 100% in assurance of good practice or intentions, as some companies choose to treat it as a mere checkbox exercise. But even that, one could argue, is better than nothing. On the opposite end of the spectrum, companies with good practices can really struggle to align to the ever more complex standardised system. The complexity and resource investment can sometimes be overwhelming and off-putting for young startups, and this can hinder innovation and delivering value to users who need it.

To me, personally, quality means "good practice, consistently". Good as in responsible, safe, ethical, just, effective, efficient. Consistent as in habitual, auditable, reliable. My previous experience in science, process optimisation, sustainability and in Corporate Social Responsibility (CSR) have given me a broad perspective that for a long time I worried being too dispersive. Yet somehow it seems to have converged into this mission and passion for driving quality. The most satisfying feeling is to see a young startup through, from visualising its early quality ambition to reaching a mature governance structure in a value-aligned quality system. By supporting organisations understand what quality truly means to them and making it workable for them, we advance the value proposition of the whole sector. To me, it means making things better in this world, a step at a time.