Medtech governance in Europe is highly decentralised, with product certifications also being "outsourced" to private entities (i.e. Notified Bodies). This would be complicated enough if classic Notified Bodies didn't also bring their own enormous challenges to the table: lack of availability, lack of new tech competence, lack of transparency and communication.. Companies feel they have no control over their destiny.

So what's Scarlet doing differently as a Notified Body:
1️⃣ Focus on one subject matter (digital devices only) to ensure top and uptodate competence
2️⃣ Fit the conformity assessment process around the applicant and their timelines
3️⃣ Engage transparently and pragmatically about expectations in pre-sub Structured Dialogues
4️⃣ Scale resources flexibly with externals

and, my favourite,

5️⃣ Train their trusted consultants in an independent manner in order to increase the chance of high quality submissions and enable more effective reviews.

Which other NBs do this? None that I'm aware. But please share if you know any good practices you've experienced.

Therefore, I'm particularly enthusiastic to have been part of this special training session last Friday! Not only with a like-minded NB, but among a group of 18 like-minded regulatory experts ❤️

New times and new tech need a new approach - a mantra of Edge Compliance. I hope other and new NBs will take example.

Note: I'm not affiliated but believe the initiative deserves genuine praise and broadcasting.

Thank you Dan Levy and Sandy Wright at Scarlet - also for the photo credit. Stellar job!

Starting two new client projects this week, one on food supplements in France and one on in-vitro diagnostics in Germany, both in womens health!

Very few medtech consultants would feel comfortable touching other verticals (even from MDR to IVDR). But my career started like that when, honestly, I didn't have a choice! Now it's what I enjoy the most, and what I built my agency around.

The hard competences boil down to a few common traits, irrespective of sectors, regs and countries:
➡️ Regulatory definition / classification
➡️ Manufacturing requirements
➡️ Claims and label compliance
➡️ Responsible Person / Entity role
➡️ Notification / Submission procedures
➡️ Review interaction
➡️ Launch and Distribution
➡️ Post-market reporting

After all, it's all about health accountability, and humans have really one way of expecting it - the rest is often noise.

Personally, I find it super fun to come across these analogies, transfer learnings from one area to another and even anticipate cross-sector currents. Excited to get going!

How long does it take from FDA submission to clearance?
Let's look at the recent data.

The 510k database can be exported and analysed. Format is not humanly readable but makes a fun ChatGPT exercise.

Here is the result of me playing with the database from devices cleared last months (Aug and Sep 2025).

❗ The normal distribution appears to peak around 90 days, the legal obligation for FDA to respond to submissions. Around 30% of submissions were cleared within that timeframe.
❗ Nice peak at 30 days - but don't be too wishful! These are expedited reviews, e.g. changes to existing 510ks or based on prior agreements or expected updates.
❗ Less exciting peak around 270 days, i.e. 9 months. Most submissions receive an Additional Information request, which gives manufacturers 180 days to respond and restarts the clock for FDA after that (further 90 days).

Lesson here?
If you're planning a 510k, a realistic estimate for clearance is nothing less than 6 months. This is what applied to 2/3s of the 400+ applications cleared most recently.

Good quality submissions and preliminary discussions with FDA on the fundamental topics can help prevent Additional Information requests and thus increase the chances of receiving clearance within 90 days.

Does your experience confirm this too?

I will dig more into this database in the coming posts with more insights.

After Republican and Democratic politicians could not agree to pass a bill funding government services, on 1st October the US federal government has shut down. Though not unusual (almost every administration had at least one, lasting from a couple of days to a top 35 days), they create immediate uncertainty for largely Congress-funded agencies such as the FDA.

FDA announced that, based on its contingency plan, it will limit its ops to “mission critical activities including responding to public health emergencies, supporting high-risk food and medical product recalls, and conducting essential surveillance of medical devices and other medical products”.

So in practice, until the end of the shutdown:

🔴 No new submissions accepted (510k, DeNovo) nor payments thereof,
🟡 Ongoing reviews will continue but may suffer delays beyond the mandatory timeframes and potential unresponsiveness,
🔴 Annual fees will not be processed (MDUFA user registration), though due in October for Fiscal Year 2026 - see my previous post on increased fees,
🟢 Medical device recalls and safety surveillance will continue,
🟡 Inspections largely on hold except if “for cause”.

Tough news if you are on the brink of submitting or awaiting a decision. But history tells us these don't last long, so be ready to move fast once the shutdown lifts.

Here the regulatory version of “IS IT CAKE??” 🍰 - if you know the show! Featuring the European Commission’s updated guidance on borderline products published this month.

As someone whose specialty is borderline products and who loves RA developments on the edge, I spent hours digesting its 24 examples of what is or isn’t a medical device - as opposed to drugs, cosmetics, IVD, personal protective equipment (PPE), biocides,..

Frankly, I found half of the examples straightforward, and the other half.. I either struggle to understand the reasoning, disagree or find it inconsistent. Here the main reasons:

INTENDED USE vs MODE OF ACTION, WHO WINS?
MDR defines and classifies medical devices based on the former, while this guidance mostly hedges on the latter. When conflicts arise, this guidance gives priority to the mode of action. There are two, in my opinion, conflicting examples with devices that claim prevention of disease: an STI prevention app and medical examination table covers (i.e. paper roll). The first is not MD, despite processing medical records, using algorithms to assess risk, alerting peers regarding their potential for infection - because “no action on data other than communication”. The second is MD, regardless of its make - because “acts as a mechanical barrier”.

ANYTHING BUT Class I, EVER..
The myth of Class I devices continues. Only one example from here comes out as Class I MD: a rescue bag for patient transport - because "aims to support and protect, [..] avoids worsening of health". Arguably, PPE and Product for Emergency Rescue regulations could be sufficient, so what does Class I MD status really add here? On the other hand, why couldn’t some other low risk examples be Class I (e.g. STI app above, medical calculator for recurrent math)?

It's a continuous learning process for all, and access to practical guidance of this type is very helpful for the health sector as a whole - actually something that FDA does way better (writing style and formal consistency in this manual is quite disappointing).

If we held a geeky RA pub quiz on these examples, how would RA professionals, national authorities and notified bodies score? That would be interesting.

Swiss Medtech events never disappoint!
Key learnings from attending yesterdays session in sunny Bern (inside a stunning casino!):

1️⃣ US tariffs and lower FDA capacity are discouraging EU/CH startups from going US-first, but there are clever best-practices to work around them.

2️⃣ EU's gap between numbers in MDR applications and certifications is widening in unsustainable ways due to a poor EU-wide governance model for medtech, and how this needs fixing ASAP.

3️⃣ Switzerland is working out creative legal basis to be an attractive alternative (e.g. to fast-track FDA medical devices and to modernise its regulatory framework faster than the EU can)

4️⃣ Emerging markets (e.g. Saudi Arabia) get devices to market 6 months faster than traditional markets, meaning their patients get better outcomes, HCPs get better education, and the healthcare system innovates exponentially faster.

Grateful to Bernhard Bichsel and Sandra Item from ISS AG, Integrated Scientific Services, Daniel Delfosse, Eva von Mühlenen, LL.M., from Sidley Austin LLP, Glenda C. Marsh from Johnson & Johnson MedTech for putting together such an inspiring and informative afternoon!

Since August 2nd the EU AI Act is in force. But is it?
In practice: not much today, but the clock has started. If your device includes an AI component or uses AI to support decisions it’s time to take a closer look.

For high-risk systems, including many AI-based medical devices, there’s a 36-month transition to comply, i.e. phased implementation. However, some provisions apply earlier (e.g. banned uses of AI, codes of conduct).

Here’s what I see across medtech:
1. Confusion around scope and classification, e.g. AI as a tool for CSV or as part of the intended use?
2. Assumptions that MDR = AI Act compliance, thus reactive attitude to QMS updates upon NB feedback rather than in a proactive manner
3. Teams don't know how to resource it.

Good thing is that I also see a booming AI-related offering from QARA consultants and training providers which can help if you’re stuck on any of the above points. Cool examples (among many others):

• AI-first QARA frameworks and training e.g. Johner Institut GmbH https://lnkd.in/dBSuFfie,
• AI agents for compliance-checking and even FDA review outcome prediction such as Lexim AI or Acorn Compliance,
• GenAI embedded in eQMS tools such as Formwork from OpenRegulatory or Matrix One

What would help your team implementing the AI Act? Curious to hear your challenges and to help you with the right support.

Alert 🫰 Steep rise in FDA fees from this October:

+19% Annual establishment registration fee from $9,280 to $11,423 (this is the one you pay every year for keeping the right to place a device on the market)

+7% Application fees, e.g. 510k submission from $24,335 to $26,067 (this is the one-off fee for review of a product submission file)

Bad news for early stage medtech businesses and SMEs, in particular since no "small business discount" nor waivers apply on the establishment fee at first registration.

Note, small businesses may qualify for waiver on the establishment fee (2nd year on) and a reduced application fee (e.g. 510k for $6,517 instead of $26,067, new fees) under the SBD programme. Conditions are based on gross sales and justification of "financial hardship", rather than on company size. Worth looking into.

See latest MDUFA fees on the FDA website at this link.

How do you make yourself heard when you MUST raise the redflag over design quality, production compliance, clinical safety?

It's an incredibly difficult position to be in, whether you're acting from inside a company or as an external reviewer, stakes are high and office politics (if not even higher politics), budget concerns, along with own self-limiting beliefs, come into play giving you many reasons why you shouldn't follow your gut. Maybe I'm wrong, maybe it's all well. Or maybe it isn't?

I've been in this position before a couple of times as PRRC. It's dire, sleepless nights, conflict escalation. Escalate it to whom? If the technicians or QA's voice is not heard, and your voice as PRRC is not heard, then you hope external parties such as lawyers, consultants, CROs, reviewers will be more effective gate keepers, but then they aren't. They may overlook things or also have their own interests at play. Then who is left to protect the patient? Who is going to stand up and stop the chain of events before it's too late?

The story of Frances Oldham Kelsey, FDA medical reviewer in the 60s who refused to approve Thalidomide is a great example, and similarities can be seen in other preventable disasters such as Titan's OceanGate, Boeing's 737max MCAS software, or Chernobyl to name the most famous. All had a long chain of brave flag raisers in a culture that shut them down..

Culture is key and of utmost importance in medtech. Accountability, feedback and psychological safety create space for risks to be raised and taken seriously at any stage of a project. So called "Type 1 decisions" in business, i.e. non-reversable (launch or not launch?) need true raw information, not just the glossed version that the manager is willing to lend an ear to.

A culture that integrates Quality as their biggest asset and strategic partner will value anyone who raises issues, mistakes, inefficiencies, with a view of preventing not only harm but also resources and reputational risks.

I'm so deeply passionate about driving such cultural shifts and help teams innovate in the most progressive, forward-looking and responsible ways.