MDD vs MDR — The 5 biggest differences you need to know

If your medical device was certified under the Medical Device Directive (93/42/EEC), you already know the hard work that went into building your Technical File: the testing, the documentation, and the Notified Body review.

But here's the reality: that work may not be enough anymore.

The EU Medical Device Regulation (2017/745) — known as MDR — is not simply an update to the MDD. It is a fundamental shift in how medical devices are regulated in Europe. Stricter clinical evidence requirements, mandatory post-market follow-up, a new database system, and significantly more detailed technical documentation have changed the rules for every device on the EU market.

The transition deadline has passed. Notified Bodies are overwhelmed. And companies that don't understand exactly what changed — and what they need to do about it — are facing delayed approvals, rejected submissions, and devices pulled from the market.

This article breaks down the five most important differences between MDD and MDR, so you know exactly where the gaps are, what they mean for your device, and what steps to take next.

1. Clinical Evidence Requirements — Much Higher Bar

Under the MDD, many manufacturers were able to demonstrate safety and performance through literature reviews alone — often relying on data from similar devices without direct access to that device's technical documentation. Equivalence claims were relatively straightforward, and a Clinical Evaluation Report (CER) was required but rarely scrutinized in depth.

Under MDR, the rules changed significantly.

The clinical evaluation process is now governed by Annex XIV, which requires a formal Clinical Evaluation Plan (CEP) before the evaluation begins, a systematic literature search with documented methodology, and a Clinical Evaluation Report that is regularly updated — annually for Class III and IIb devices, and every two to five years for lower-risk classes.

More importantly, the equivalence route has been dramatically restricted. To claim equivalence to another manufacturer's device, you now need contractual access to that device's technical documentation. For Class IIb and III devices, this is nearly impossible unless you own the predicate device yourself. This means many companies that previously relied on equivalence now need to generate their own clinical data.

The bottom line: if your CER was written under MDD standards, it almost certainly needs to be rebuilt — not just updated.

2. Post-Market Surveillance — From Reactive to Proactive

Under the MDD, post-market surveillance existed in principle, but in practice, it often amounted to little more than tracking complaints and adverse events. There was no mandatory reporting format, no fixed frequency, and minimal scrutiny from Notified Bodies.

MDR completely overhauled this.

Every manufacturer must now have a formal Post-Market Surveillance Plan (PMSP) that defines exactly how data will be collected. From these sources, at what frequency, and what thresholds will trigger action? The plan must cover literature monitoring, complaint data, registry data, social media signals, and field safety information.

On top of that, MDR introduced two new mandatory reporting documents. Class I devices require a Post-Market Surveillance Report (PMSR). Class IIa, IIb, and III devices require a Periodic Safety Update Report (PSUR) — submitted annually for Class III and IIb, and every two to five years for Class IIa.

And then there is Post-Market Clinical Follow-up (PMCF). For most Class IIa, IIb, and III devices, a PMCF Plan and PMCF Report are now mandatory. This means actively collecting clinical data after your device is on the market — through registries, surveys, literature monitoring, or dedicated clinical studies. If you cannot justify why PMCF does not apply to your device, you need a plan.

The bottom line: PMS is no longer a filing cabinet exercise. It is an ongoing, documented, and auditable process that feeds directly back into your clinical evaluation.

3. UDI and EUDAMED — A Completely New Infrastructure

The MDD had no equivalent to the Unique Device Identification (UDI) system and no centralized EU database for device registration. Manufacturers registered their devices at the national level, separately in each EU Member State where they sold.

MDR introduced EUDAMED — the European Database on Medical Devices — as the single EU-wide platform for all device-related information. And with it came the mandatory UDI system.

Every device now requires a Basic UDI-DI at the model level, a UDI-DI for each specific configuration, and a UDI-PI on the label for traceability at the production level. All of this must be registered in EUDAMED, along with manufacturer information, Notified Body certificates, clinical investigations, and vigilance data.

This has two major practical implications. First, all your device labels need to be updated to include the UDI carrier — either a barcode, QR code, or RFID tag — which means artwork changes, label reprints, and potentially a packaging redesign. Second, your internal systems need to be capable of generating, managing, and reporting UDI data consistently.

The bottom line: UDI and EUDAMED registration is not optional, and it is not a small administrative task. For companies with multiple device configurations, it can take weeks to complete correctly.

4. Technical Documentation — Significantly More Detailed

Under the MDD, Technical Files were structured around Annex II and III, but the specific content requirements left considerable room for interpretation. Notified Bodies varied in their expectations, and many Technical Files that passed review under the MDD would be considered incomplete today.

MDR's Annex II and III are far more prescriptive. The regulation specifies in detail what must be included in each section — from the device description and UDI information, to the complete GSPR matrix, manufacturing information, clinical data, and post-market documentation.

The General Safety and Performance Requirements (GSPRs) in Annex I replaced the MDD's Essential Requirements, and they are significantly more detailed. There are now specific requirements for software and cybersecurity (§17), nanomaterials (§10.4), substances of concern (§10.5), and usability engineering (§5), none of which were explicitly addressed in the MDD.

Additionally, the Technical Documentation is no longer a static deliverable. It must be kept up to date throughout the device lifecycle, incorporating findings from PMS, PMCF, and updated clinical evaluations.

The bottom line: you cannot simply relabel your MDD Technical File as MDR-compliant. A structured gap analysis against Annex II and III is essential before your Notified Body review.

5. Notified Body Oversight — Stricter, Slower, and More Demanding

Under the MDD, Notified Body designation and oversight varied considerably across EU Member States. Some NBs were known for faster, less rigorous reviews. This created inconsistency in how devices were assessed across Europe.

MDR introduced a joint assessment process for Notified Body designation, meaning all NBs must now meet a significantly higher standard to be authorized to review medical devices. As a result, several NBs that operated under MDD did not receive MDR designation, or received designation only for a limited scope.

For manufacturers, this has two consequences. First, if your MDD Notified Body does not have an MDR designation for your device type, you need to find a new one — and transfer your entire technical file. Second, even if your NB is MDR-designated, their review process is now more thorough, more document-intensive, and slower than it was under MDD.

Wait times for initial 510(k) reviews at major NBs have extended significantly since MDR came into full effect. Unannounced audits are now standard. And NBs are required to conduct clinical evaluation consultation procedures for certain high-risk devices, adding another layer of review.

The bottom line: plan for longer timelines, more rigorous scrutiny, and the possibility that you may need to switch Notified Bodies. Starting that conversation early is critical.

Where to Go From Here

Understanding the differences between MDD and MDR is the first step. The second step is knowing exactly where your current Technical Documentation stands against MDR requirements, and building a clear plan to close every gap before your Notified Body review.

Our MDD-to-MDR Gap Analysis tool documents all 19 critical gaps between the two frameworks, classifies each by severity, and provides your team with clear action steps and ownership fields to systematically close them.