Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

Expert Insights: Are International Standards truly “International”?

  • Published: October 18, 2024
  • Category: Expert Insights

Share this post

Avatar photo
Daniel Mannion

Share this post

Understanding Regulators expectations for Medical Devices

International Standards are the sources of best practice for Medical Device manufacturers to help ensure their products are safe and secure. Despite them being “International” in the name, Medical Device regulators in each territory view standards differently and sometimes adopt different versions of the same standard which can lead to challenges in product certification. 

In this blog, learn from our Head of Quality and Regulatory Affairs, Daniel Mannion how different regulators view International Standards and how to prepare for market expansion.

What are International Standards?

International Standards are internationally agreed-upon guidelines and best practices that address a wide range of subjects, including but not limited to quality management, software development, risk management, and usability engineering. They have been developed by international organisations to promote consistency, compatibility and efficiency worldwide with each standard being developed through a rigorous consensus-based process.

The most prevalent of these organisations responsible for developing standards is the International Organisation for Standardisation more commonly known as ISO, but for electronics and software developers, there is the closely related International Electrotechnical Commission (IEC).

Popular ISO Standards

Some of the most popular international standards for Medical Devices include:

 

  • ISO 13485 – Quality Management System

  • ISO 14971 – Risk Management
  • ISO 62304 – Software Development Lifecycle
  • ISO 62366 – Usability Engineering

How do they affect medical device regulations?

How International Standards interact with Medical Device Regulations varies from country-to-country. The ideal is that one International Standard addresses the requirements of all or most territories for the topic it addresses, so a manufacturer can apply a single set of rules (for that topic) and be confident in complying with equivalent regulations in all territories.

Unfortunately, the ideal is rarely the case; for example, the most commonly used standard – ISO 13485 – has different versions with somewhat different content depending on whether you want to address the UK or EU markets and will only be recognised in the US market from 2026.

Harmonisation - The EU perspective

Under EU Medical Device law, International Standards are officially adopted by a process called “Harmonisation”. Three organisations (European European Committee for Standardisation – CEN, European European Committee for Electrotechnical Standardisation – CENELEC and European Telecommunications Standards Institute – ETSI) review, amend and recommend standards for “harmonisation” at the request of the European Commission (the EU government).

CEN, CENELEC and ETSI will typically take existing ISO or IEC standards and make amendments to their contents or (more commonly) add an Annex Z – a section of the standard that explains where the standard does and does not address the requirements of European law. Once this process is complete, the European Commission will publish a “decision” in the “Official Journal of the European Union” (OJEU).

Harmonisation of a standard does not make the standard obligatory, but it does mean that Notified Bodies and courts should recognise compliance with that standard as sufficient for compliance with EU law. In practice though, Notified Bodies will consider harmonised standards mandatory for certification.

Due to the expectation of the introduction of EU MDR and EU IVDR in the mid-2010s, CEN, CENELEC, ETSI and the European Commission were slow to update the list of standards harmonised to the EU MDD and EU IVDD. Since the introduction of EU MDR and EU IVDR, CEN has been working to amend existing standards applicable to EU MDR and EU IVDR under Commission Implementing Decision C(2021) 2406; however, this process has been slow with only 18 standards being harmonised to EU MDR compared to the 268 (including removals) harmonised to the EU MDD, including for example ISO 13485 only being harmonised in January of 2022.

There has been no public communication from the European Commission or CEN to notified bodies on how to proceed in the absence of harmonised standards and so notified bodies have applied the concept of the application of state-of-the-art standards in the form of the latest versions of standards previously harmonised to EU MDD and will expect application of these standards.

Designation - The UK Perspective

Medical Device Regulations in the UK live in the shadow of the UK’s withdrawal from the EU at the end of 2020. The UK’s current Medical Device Regulations are inseparable from the EU Medical Device Directive of 1993 – in fact, a large portion of the content is references directly to the EU Medical Device Directive.

This means that the structure and approach is similar to the EU. The British Standards Institute (BSI) will typically take existing ISO or IEC standards and make amendments to their contents or (more commonly) add an Annex – a section of the standard that explains where the standard does and does not address the requirements of British law; due to how recently the UK has left the EU, BSI is much less likely to amend or add annexes to standards.

Once this process is complete, a UK government agency (currently the Department of Health and Social Care) will add the standard to the list of Designated Standards.

In January 2021, the UK government accepted the same list of standards as was harmonised in the EU at the time as designated standards under UK MDR 2002 and this list has not been amended since. Due to the compounding issues of the harmonised standards list being outdated and BSI and the MHRA not updating the designated standards list, there are a number of outdated versions of standards present on the UK list. Similarly to the EU market, Approved Bodies in the UK have not been instructed publicly how to proceed and so have accepted the application of state-of-the-art standards in the form of the latest versions of currently designated.

Recognition - The US perspective

International Standards Expert Insights: Are International Standards truly “International”? International Standards

The use of consensus standards can increase predictability, streamline premarket review, provide clearer regulatory expectations, and facilitate market entry for safe and effective medical products.

International Standards Expert Insights: Are International Standards truly “International”? International Standards

In the US, the adoption of standards, creation of regulations and approval of products is all handled by a single entity – the US Food and Drug Administration (FDA), who work alongside a range of US standards agencies (e.g. AAMI, ANSI, ASTM) to adapt International Standards to US requirements and regulations.

The formal method of adopting standards in the US is to add them to the FDA database of “Recognized Consensus Standards”.

Transition Periods

Over time, new standards and new versions of existing standards are released; as part of each territory’s mechanisms for adopting a standard, they will also announce a timeline for adoption (e.g. how long manufacturers have to implement these new versions or new standards).

Transition is normally allowed at any time during the transition period; however, there’s a very prominent example of the recognition of ISO 13485 in the US, which is occurring through the unusual route of replacing their regulations with the text of ISO 13485. In the EU and UK, this is typically three years from the harmonisation/designation of the standard; however, as per the above, the harmonisation and designation processes have a backlog that has led to a breakdown in this mechanism.

Recent Experiences - ISO 27001:2022

A recent example is ISO/IEC 27001:2022 – an international standard for Information Security Management. Released in October 2022, the transition period was announced as 3 years; however, due to the logistics of certifying companies to ISO/IEC 27001, many companies have already been required by their Certification bodies to adopt this latest version of the standard.

In the US, the timelines for transition vary standard-to-standard, especially depending on how outdated previous standards are and how much difference there is, but they tend to work on a 2-3 year transition timeline.

International differences

So, where adopted by regulators, manufacturers should simply be able to implement the ISO or IEC version of a standard to fulfil their regulatory obligations? Unfortunately, it’s not so simple.

Each regulator will adopt a different version of the standard. In some cases, the versions will be identical, but in many cases, there will be differences in the content of the standard or a summary of the deviations between their regulations and the standard. This means you’ll need to review the level of alignment and applicability of each version of a standard to your product and market. Regulators will also have guidance documents, which sit alongside adopted standards to provide further context or requirements for their market.

Summary

When considering market expansion, manufacturers must keep in mind the regulatory nuances that come with each territory. Ensuring that the correct adopted standards are applied to your business / product can greatly speed up regulatory approvals with Notified Bodies and Regulators but the devil really is in the detail. 

So whilst ‘International’ in name, it’s rare that there is a global standard accepted by all regulators or notified bodies for medical devices, making developing and deploying medical devices internationally a challenge for Quality and Regulatory professionals worldwide.

How We Can Help

Keeping up with evolving standards and territory-specific regulatory questions can be overwhelming. At 8foldGovernance we continuously monitor developing standards, ensuring your company is always prepared for regulatory inquiries, no matter the market. Our team provides expert, impartial support to help you stay up to date and compliant, giving you peace of mind to focus on innovation.
Let us guide you through the complexities of compliance – contact us today to get started:

Get expert ISO compliance support today.

Ready to accelerate growth with streamlined ISO compliance? Book your free, no obligation discovery call with one of our compliance experts below.

Book a Call with our Expert Team

Other Articles​

Loading...
ROPA

FAQ: What is a Records of Processing Activity (RoPA)?

Read More →

November 24, 2025
Digital Mental Health

Expert Insights: Crisis Signposting in Digital Mental Health

Read More →

July 15, 2025

Navigating the UK’s Health Tech Landscape: Building Foundations for Global Success

Read More →

July 2, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept