OPENREGULATORY
Sign in Get started
Blog September 26, 2025 · 4 mins read

The MDR Is Fundamentally Broken - Our Feedback To The EU

Dr. Oliver Eidel
Dr. Oliver Eidel
OpenRegulatory
The EU recently asked for feedback on the MDR. Here's what we submitted:

While many people here have shared thoughtful feedback, we think that the elephant in the room is being overlooked: The MDR is fundamentally broken, and the EU is failing in its role in nearly every aspect.

We (OpenRegulatory) are a consultancy and eQMS software provider, focusing mainly on startups; arguably, there might be no other company in the EU which has been as exposed as we have to the struggles of Healthcare startups trying to comply with the MDR while entering the market.

I'd like to start by sharing a few data points:

  • For startups which typically bring one device to market at first (QMS + Techdoc audit), notified body costs have gone up from around EUR 20k under MDD to anywhere between EUR 50k - 120k under MDR. This is a 2-6x increase in costs! And this doesn't even cover the fact that more startups need audits, due to the up-classification of what was formerly MDD class I software (now MDR class IIa).
  • There is a gigantic difference in notified body costs - as outlined above, EUR 50k - 120k for an initial MDR QMS + Techdoc assessment.
  • The incentives of notified bodies are completely misaligned as they are for-profit businesses. They optimize for sales and making money, not for having great software experts and ensuring safety.
  • There is huge variance in notified body assessments: Some notified bodies emphasize cybersecurity above everything else; others have their own interpretations of what "clinical data" means in a clinical evaluation. We even know of a notified body who allowed more than 3 MDR submission attempts due to not wanting to lose the company as a (paying) client!
  • Software auditors, both at notified bodies and competent authorities, usually don't have real-world software expertise. They might have software experience "on paper" by e.g. having worked on COBOL system 40 years ago, but we've never encountered an auditor who has written production-grade software code within the last year. This must however be a requirement for anyone auditing software systems.
  • Every local competent authority has come up with their own MDR class I software classification interpretation. This has led to what we call "class I tourism" where companies choose the country (or German state) with the most favorable class I interpretation.
  • The MDR was aimed, among other things, to implement lessons from the PIP scandal; however, we are convinced that none of the changes in the MDR would prevent a similar scandal in the future. Manufacturers are simply suffering under (much) more bureaucracy now, while it still seems plausible that a manufacturer (with bad intentions) could build harmful medical devices.
  • The MDCG documents are, in most cases, too vague to be helpful, and they appear to be written by someone who is barely capable of handing Microsoft Word, sometimes with glaring formatting errors. To our knowledge, there is only very limited software expertise within the MDCG (one MDCG member told us that they MDCG treats software "as something they're scared of").
  • EUDAMED, the European database on medical devices, is still not done, with an estimated EUR 48M spent, and no end in sight. The head count seems bloated (50+ people) for building what essentially boils down to a SQL database with a size of 10GB or less. This makes the EU appear like a completely dysfunctional organisation, incapable of shipping production-grade software. Furthermore, a prominent team member has left the team, registered the domain eudamed(dot)com, and now sells proprietary EUDAMED submission software through a Bulgarian company. Outside observers would think that EU team members can do whatever they want, for their own profit.

For each of these points, the EU knee-jerk reaction might be "well, we just need to change the regulations and regulate it better!". Our conclusion is the opposite: More regulation is clearly not the answer, as the MDR has shown.

Radical deregulation is needed.
Dr. Oliver Eidel / OpenRegulatory
Dr. Oliver Eidel

Dr. Oliver Eidel

I’m a medical doctor, software engineer and regulatory dude. I’m also the founder of OpenRegulatory.

Through OpenRegulatory, I’ve helped 100+ companies with their medical device compliance. While it’s also my job that we stay profitable, I try to dedicate a lot of my time towards writing free content like our articles and templates. Maybe that will make consulting unnecessary some day? :)

If you’re still lost and have further questions, reach out any time!
More about me

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.

Keep reading

All articles
Getting Started

MDD Class I: Here's What You Have to Do Before May 2021

Updated over 1 year ago

Dr. Oliver Eidel

A

Which Notified Body Should We Choose?

Anonymous
almost 2 years ago
Which Notified Body should we choose?
Accepted 1 answer

DQS, BerlinCert, or maybe one of the lesser-known ones in Eastern Europe, in that order. Avoid BSI and Tüv Süd. Subjective opinion. Long Answer Discl

A

As a MDR Class I Manufacturer, Should We Move to Hamburg or Munich?

Anonymous
about 2 years ago
We want to bring MDR class I software as a medical device to market. We’ve talked to other founders and checked out the list of MDR class I devices on this website and it seems that MDR class I softwa
Accepted 1 answer

Yes, probably. Long Answer Some quick background information first! (By the way, if you're interested in a summary of MDR class I in general, check

Congratulations! You read this far.

Get notified when we post something new. Sign up for our free newsletter — no spam, only regulatory rants. Unsubscribe anytime.

No spam, only regulatory rants. Unsubscribe anytime.