Ask a question

Technical Documentation 6 answers

How to convert GTIN-13 to GTIN-14 for EUDAMED UDI-DI submission?

Anonymous · Published February 23, 2026 · 2 comments

EUDAMED appears to expect a GTIN-14 for UDI-DI, but most products have a GTIN-13 as default. Is it valid to add a leading zero to a GTIN-13 to create a GTIN-14 for EUDAMED? Should the check digit be recalculated after adding the zero?

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

Anonymous 4 months ago

Guidance documents from GS1 and the European Commission specify that a 14-digit GTIN is required for EUDAMED UDI-DI.

Reply to this comment

Anonymous 4 months ago

Recalculating the check digit may be necessary when modifying the GTIN format.

Reply to this comment

Discussion

6 Answers

Accepted answer available

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory · 4 months ago

The need for linguistic validation depends on how critical language is to your device's use and safety. If your device interface or labeling is essential for correct use, usability engineering and risk management processes often require validation that translations are understandable by intended users. MDR Article 10(11) states that information provided by the manufacturer, including labeling and possibly parts of the software interface, must be available in the official language(s) of the country where the device is placed on the market and must be clearly comprehensible.

If your device relies on language for its clinical function (for example, an AI that processes patient records), then linguistic validation is especially important. Even when not explicitly required, using certified translation agencies and, ideally, having translations reviewed by medically qualified native speakers is recommended.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory · 4 months ago

You can contract an external, independent institution such as a hospital, CRO, or specialized consulting company to sign off on the DiGA Evaluation Concept. The key requirement is that the institution must not be financially or otherwise dependent on the manufacturer. If the principal investigator of your study becomes a paid employee, even part-time, this could compromise their independence in the eyes of BfArM. Most companies play it safe by contracting with a hospital, CRO, or work group rather than an individual physician. There are also consulting firms who specialize in this, but they can be expensive.

It's common to formalize the relationship as a service supplier or external contractor. There are no clear-cut guidelines, but systematic data analysis and a statistical analysis plan are expected. Some organizations have the systematic data analysis done internally and then have the independent institution review and sign off.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory · 4 months ago

In practice, you can get your ISO 13485 certification from one notified body and your MDR certification from another, but there are some caveats. MDR notified bodies are listed in the NANDO database and, at present, these are all based in the EU. For ISO 13485, certification bodies should be appropriately accredited (for Germany, for example, by Dakks).

However, splitting certifications can lead to practical issues—such as differing interpretations of requirements and more complicated audits. Notified bodies often prefer to combine QMS (ISO 13485) and MDR audits, especially since MDR requires a full review of QMS and technical documentation. Technical documentation audits for standards like 62304 or 14971 are usually not offered as standalone certifications by notified bodies; these are typically reviewed as part of the MDR conformity assessment. Foreign ISO 13485 certifications may be accepted if the certification body is accredited, but MDR certification must come from an EU-designated notified body.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory · 4 months ago

The clinical development plan (CDP) required by MDR Annex XIV is meant to show how you plan to gather the necessary clinical evidence for your device. If your device does not require a clinical investigation (for example, if it is based on established technology with sufficient data), you should provide a rationale explaining why no CDP is needed.

For devices accumulating new clinical data or with expanded indications, the notified body expects to see a planned history of evidence collection, including possible post-market clinical follow-up (PMCF) studies. If you only collect performance and usability data, and no further clinical data is necessary, explain this in your Clinical Evaluation Plan. If you rely on post-market data, you should still outline how this data will be gathered and fed back into the clinical evaluation process.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory · 4 months ago

If your device is MDR-compliant, you should update your literature research and incident report as part of your first PSUR, even if the product isn't on the market and your CER currently says it will be updated every two years. Under MDR, the PSUR must be compiled annually, and PMS activities (including updating your clinical evaluation) should align with this cycle. Annex III and Article 83(3) of MDR require that your PMS system feeds updates into your CER.

For MDR devices, you cannot simply update the CER every two years if your PMS and PSUR are annual. For legacy MDD devices under transition, requirements are less strict, but MDR compliance will require you to update your literature and incident review at least annually for the PSUR. Updating the CER isn't something to avoid; it can reduce the risk of issues during audits.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory · 4 months ago

Yes, if you have a GTIN-13 and need a GTIN-14 for EUDAMED UDI-DI, you can usually add a leading zero to convert it to GTIN-14. However, after adding the zero, you must recalculate the check digit to ensure validity. Both GS1 guidance and the European Commission's EUDAMED UDI user guide specify that EUDAMED expects a 14-digit GTIN.

Use the new 14-digit number as your UDI-DI, but always double-check the recalculated check digit before submission. There are online tools and GS1 documentation available to help with this process.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.

Want to add your answer to this question?
Write an answer under your name by logging in or signing up, or post anonymously.

Keep reading

All questions

Are amendments to the Declaration of Conformity needed for non-significant UI changes shown in screenshots?

Anonymous · 1 comment

6 months ago

For legacy MDD devices, if a change is made to the user interface (UI) that is purely cosmetic (e.g., color of a separation line) and not related to presentation of medical data, the MDCG 2020-3 guida

Accepted 6 answers

Linguistic validation is required when language could impact the device's safety or performance, especially if the device will be used in countries wi

Technical Documentation

Medical Device Translation: 3 Steps For Medical Device Software

Updated over 1 year ago

Sven Piechottka

Is it sufficient to use literature data only for MDR clinical evaluation of SaMD, or is own clinical data required?

Anonymous · 3 comments

6 months ago

We are a software medical device manufacturer currently under risk class I MDD, but will be in risk class IIa under MDR. For the upcoming MDR certification, is it necessary to generate our own clinica

Accepted 2 answers

I recommend reviewing the MDCG 2020-1 guidance for Software Medical Devices. Clinical evaluation for software according to this guidance is based on t

Still have a question? Ask a question here publicly — for free.

Or talk to one of our consultants — first calls are free. Check out our services and prices.

Looking to automate your regulatory work? Check out our eQMS, Formwork. Built for lean, founder-led companies. There’s a free version too.