EUDAMED

An introduction to EUDAMED under EU MDR

What is EUDAMED?

EUDAMED is an existing European database of medical device safety, originally established by Article 14a of the Medical Device Directive MDD 93/42/EC. Following the implementation of the Medical Device Regulation (MDR) 2017/745 (“the EU MDR”), EUDAMED is undergoing a comprehensive update.

In its previous form, EUDAMED was intended to be a central repository for information relating to market surveillance activities within each member state and was accessible only to Competent Authorities and the EU Commission, meaning that it was not accessible to the general public. A central theme running throughout the updated EUDAMED is increased transparency of data on medical device performance. For this reason, the MDR requires that the EUDAMED system be updated to be accessible to the public and to the medical device industry as a whole.

What does the EU MDR require for the new EUDAMED system?

The basis for the new form of the EUDAMED system is in Article 33 MDR. It requires that the Commission takes responsibility for establishing the system. Article 33’s first substantive provision is that the EUDAMED system should “…enable the public to be adequately informed about devices placed on the market…” underlining the central theme of data transparency that will guide construction of the new database.

Other major objectives for EUDAMED under the EU MDR include:

• Enable identification and traceability of medical devices on the market
• Store data about clinical investigations either currently under way or completed
• Collate information regarding serious incidents and Field Safety Corrective Actions (FSCAs)
• Act as a repository of information regarding analysis of trends of complaints and non-serious incidents relating to medical devices
• Having the capability to actively monitor information stored within the database to discern trends from the data
• Enable Competent Authorities to remain up to date with developments.

EUDAMED will function as a number of independent but linked electronic systems. These systems will include:

• Register of actors / economic operators (manufacturers and providers of associated functions)
• Unique Device Identification database and device registration
• List of Notified Bodies and their certificates
• Electronic system on Clinical Investigations
• Electronic systems on Vigilance and Post-Market Surveillance (PMS)
• Electronic system on market surveillance

When will EUDAMED go-live?

The MDR stated that EUDAMED’s original go-live date would be March 25, 2020; however, it’s implementation has been delayed and EUDAMED is not yet fully functional. Some modules are already available and can be used voluntarily including:

• The module on Actor registration (available since December 2020)
• The module on UDI/device registration (available since October 2021)
• The module on Notified Bodies and Certificates (available since October 2021) except for the procedure for scrutiny and clinical evaluation consultation procedure (CECP) functions.

The outstanding modules (Vigilance, Clinical Investigations and Market Surveillance) are currently being developed and will be made available when EUDAMED is fully functional. The mandatory use of EUDAMED will commence 6 months after the system (including all 6 modules) is declared fully functional following an independent audit and the publication of a Commission notice in the Official Journal of the European Union. At the end of a 6 months transitional period, EUDAMED will be mandatory for the Actor Registration, Market Surveillance, Vigilance, and Clinical Investigation modules. At the end of a 24 month transitional period, EUDAMED will become mandatory for the Device and Certificate Modules.

According to an update issued in December 2024, the latest date from the EC for EDUAMED’s expected full functionality is Q2 of 2027. Mandatory use of Actor Registration, UDI/Devices, Notified Bodies & Certificates modules is expected Q1 2026, with mandatory use of the Vigilance module from Q2 2026. These dates have previously been updated on multiple occasions, and may be subject to change.

How will EUDAMED function?

Article 33 requires that data can be entered into the system by Member States, Notified Bodies, economic operators (e.g. medical device manufacturers) and sponsors of clinical investigations. Data will be accessible to the same entities as well as to the general public. The EUDAMED system will have the capability to collate and process information and is required by Article 33 to ensure that the sections available to the public are user-friendly and easy to search.

How will EUDAMED handle personal data?

Following the enactment of the GDPR, data protection is a top priority in Europe. The EUDAMED system is no exception to GDPR’s set of requirements.

Article 33 states that EUDAMED will only contain personal data to the extent that it is absolutely necessary for the function of the electronic systems within the database. It requires that personal data is stored in a form which permits identification of data subjects for the shortest possible periods.

Any subject whose personal data is stored on EUDAMED may exercise their right of access to any data relating to them, and can have any inaccurate or incomplete data corrected and erased. Article 33 requires that any corrections or deletions shall be carried out as soon as possible, but no later than 60 days after a request is made by a data subject.

For the purposes of data protection, the Commission is considered to be the data controller of EUDAMED and its various electronic systems.