Need Help With Your Regulatory Situation?

Are you developing MDR class I/II software as a medical device?

We may be able to help you.


We are Sven, Sören and Oliver. We help companies (mostly startups) solve regulatory problems.

Here are some of the companies we've worked with:

ISO 13485 Audit Passed

Oliver was brought in to help Ada Health in certifying their Quality Management System based on ISO 13485. They successfully passed the audit by a Notified Body in June 2020.

MDD Class I Device Shipped

Exakt Health set its goal to ship its innovative, physiotherapy-at-home app before the MDD deadline in May 2021. We helped Philip, their CEO, achieve this goal and bring their app to market as a medical device - before the deadline.

MDD Class IIb Device Certified

Vara was Sven's and Oliver's past startup which developed a machine learning - based software for breast cancer screening. Together with the team, we passed the ISO 13485 audit and got the product certified as class IIb medical device under MDD.

Is this for me?

Are you a Healthcare company developing software which will probably be a class I, IIa or IIb medical device under MDR? Then: Yes, this is for you.

Also, if you've already had some problematic experiences with consultants and are looking for someone with simple and pragmatic answers who "speaks the language of your developers", then: Yes, this is definitely for you.

However: If you're developing a hardware medical device, this is probably not for you. We don't know much about hardware.

What's the work to be done?

Put simply, your work can be separated into two work packages: Company-wide work which you only need to do once for your entire company, and product-specific work which you need to do for each of your products.


ISO 13485: Quality Management System

You need to set up a Quality Management System which implements all requirements from the standard. This means documenting your processes and proving that you're actually using them.

GDPR: Data Privacy

You need to document all your data processing activities and ensure that you're GDPR-compliant. You also need a data privacy officer.


IEC 62304: Software Development

You need to document your software, tests and libraries.

ISO 14971: Risk Management

You need to do a risk analysis of your product - describing what could go wrong when patients use it.

IEC 62366: Usability Evaluation

You need to do a user test on your final product.

Clinical Evaluation

You need to assess clinical data for whether it supports the benefits and risks of your product.

How long does it take?

It depends on your company complexity. In the best case - a 3-person startup with one nearly finished product - you could get everything done in 4-8 weeks, depending on whether you have a person dealing with regulatory stuff (see further below).

In the worst case - a company with 50+ people and existing products on the market - it can take anywhere from one month to six months.

How much does it cost?

We either make you a fixed-price offer or bill by the hour. Personally, we prefer fixed-price offers as it aligns us the right way: Getting stuff done in a short amount of time. That being said, sometimes we can't make fixed-price offers because we're not able to accurately assess the scope of the project.

Full transparency: Our fixed-price offers are in the range of 15k€ to 50k€. Our hourly rate is 220€. For early-stage, bootstrapped startups we offer a reduced hourly rate of 160€.

Our typical startup customer takes 3 months to become compliant, at an average cost of around 30.000€.

How do we get started?

Our regulatory consulting is much more pragmatic and efficient than our competitors. Why? We've automated the boring parts.

You'll get access to our online videos. You watch our videos and create first drafts of your documents. Afterwards, we review those drafts, get together and see what's missing. We also answer your questions any time they come up.

To keep tabs on whether the project is on track, we invite you to our project management tool and give you an up-to-date overview of what work remains to be done and whether your timeline is still viable.

Anything else?

Yes. And this is possibly the most important part.

You need an internal regulatory person. That doesn't mean that this person works on regulatory stuff full-time, but that it's her full-time responsibility to ensure that your company is compliant.

Why can't we do this? It's simply not possible as an external person. Someone in your company must ensure that, every day, your processes are compliant and that new features are documented properly. Someone needs to communicate with your notified body and auditor. That someone must be an internal person.

We're not saying that your internal regulatory person needs to have prior experience. On the contrary! You simply need someone who's interested in regulation and who will take up the responsibility of learning about it and ensuring your company's compliance.

All successful startups we've ever seen had an internal regulatory person.


Contact us - initial calls are always free.