
EUDAMED: Four modules are now operational. Why this development is already changing the obligations of medical device manufacturers
Medical devices regulation
For several years, EUDAMED was viewed as a European project still under development. Delays in its rollout, successive regulatory changes, and numerous communications from the European Commission perpetuated the perception that it was an important platform... but one that was still largely theoretical.
This perception no longer reflects reality.
With four of its six modules now operational, EUDAMED has gradually become a fully functional regulatory environment. For many manufacturers, several essential processes already rely on this platform, whether it involves the registration of stakeholders, the identification of devices, the management of certificates, or cooperation among competent authorities.
This evolution goes far beyond a simple IT modernization.
It is gradually changing the way manufacturers organize their regulatory activities, structure their data, and ensure consistency between technical documentation, certificates, UDI identifiers, and the information published in EUDAMED.
In other words, EUDAMED is not merely becoming a European database. It is gradually establishing itself as the digital foundation of Regulation (EU) 2017/745 (MDR) and Regulation (EU) 2017/746 (IVDR).
Understanding this evolution has become essential, not only to meet current regulatory requirements but also to anticipate future obligations related to vigilance, clinical investigations, and the lifecycle management of medical devices.
Why the activation of four modules marks a major turning point
The announcement that several EUDAMED modules are now operational might seem like just another technical step in the rollout of the European database.
In reality, it marks a significant turning point.
Until now, many manufacturers still viewed EUDAMED as a project whose full implementation lay in the future. This perception was understandable as long as the platform was only partially available.
That is no longer the case.
The modules already in operation cover several fundamental processes in the regulatory lifecycle of a medical device. In particular, they enable:
- the identification of economic operators;
- the registration of medical devices;
- the management of certificates issued by notified bodies;
- information exchange between competent authorities in the context of market surveillance.
These features are no longer experimental. They constitute the first elements of a regulatory architecture designed to gradually centralize the key data used throughout the life cycle of a medical device.
The question, therefore, is no longer whether EUDAMED will be used.
The real question now is how this framework will gradually become the authoritative source of European regulatory information.
Which EUDAMED modules are currently operational?
EUDAMED is being rolled out gradually to ensure the smooth implementation of each functional area. The six modules required by the MDR and the IVDR were therefore not launched simultaneously.
To date, four modules are operational.
|
Module |
Main Purpose |
Main Users |
Status |
|
Actor Registration |
Assignment of the SRN and identification of economic operators |
Manufacturers, authorized representatives, importers |
Operational |
|
UDI / Device Registration |
Registration of Devices and Basic UDI-DI |
Manufacturers |
Operational |
|
Notified Bodies & Certificates |
MDR and IVDR Certificate Management |
Notified Bodies, Manufacturers |
Operational |
|
Market Surveillance |
Cooperation Among Competent Authorities |
Competent Authorities |
Operational |
|
Vigilance |
Reporting of Serious Incidents and Safety Corrective Actions |
Phased deployment |
In progress |
|
Clinical Investigations & Performance Studies |
Management of Clinical Investigations and Performance Studies |
Phased Rollout |
In progress |
At first glance, this structure might suggest that there are six independent modules.
This is probably the most common misinterpretation.
The six modules do not constitute six independent databases
EUDAMED’s architecture is not based on a set of autonomous modules.
It is based on a much more ambitious principle: that of regulatory data continuity.
Each module uses, enriches, or references information produced in other modules.
Thus:
- a manufacturer’s registration is a prerequisite for the assignment of its Single Registration Number (SRN);
- this SRN is used when registering devices;
- devices are themselves identified by their Basic UDI-DI;
- certificates issued by notified bodies are linked to these same identifiers;
- future vigilance data and market surveillance information will be based on this existing architecture.
These are therefore not six parallel processes.
It is a single ecosystem in which each piece of information reinforces the consistency of the others.
This logic explains why future developments in EUDAMED will have consequences that extend far beyond the Regulatory Affairs departments alone.
How Data Flows Through EUDAMED
Manufacturer’s regulatory organization
│
▼
Registration of the economic operator and assignment of the SRN
│
▼
Definition and Management of Reference Data
┌─────────┼─────────┐
▼ ▼ ▼
Basic UDI-DI Certificates Technical Documentation
└─────────┼─────────┘
▼
Regulatory Consistency Check
│
▼
Data Entry and updating in EUDAMED
│
▼
Use of Data in Relevant Modules
This diagram illustrates the data governance process: information must be defined, verified, and made consistent before it is entered into EUDAMED. The platform structures and links this data, but does not, on its own, guarantee its quality.
Why This Architecture Is Already Changing Manufacturers’ Day-to-Day Operations
The real innovation is not the launch of a fourth module.
What’s new is that several regulatory processes now use the same reference data.
An error in identifying a device is no longer limited to a single record.
It can have consequences for:
- the associated certificates;
- the information published in EUDAMED;
- market surveillance activities;
- in the future, vigilance data and clinical investigations.
This evolution is gradually bringing to light a concept that has received little attention in the regulatory literature: regulatory data governance.
For a long time, compliance relied primarily on managing standalone documents: technical documentation, certificates, quality procedures, or clinical dossiers.
With EUDAMED, the challenge is changing.
Compliance now also depends on the ongoing consistency between these documents and the digital data that represent them within the European platform.
This distinction is far from theoretical.
It is likely one of the most profound changes introduced by the MDR to manufacturers’ regulatory organization.
The Basic UDI-DI: the true backbone of EUDAMED
When they first encounter EUDAMED, many manufacturers naturally focus their attention on the platform’s various modules.
However, the true focal point is not a module.
It is the Basic UDI-DI.
The MDR defines it as the primary identifier for a group of devices that share the same intended use, risk class, and essential characteristics. Unlike the UDI-DI found on a product’s label, the Basic UDI-DI is never intended to identify an individual product unit.
Its function is entirely different.
It serves as a common reference across multiple sets of regulatory information.
Gradually, the following information is linked to a single Basic UDI-DI:
- device registration data;
- certificates issued by notified bodies;
- the Summary of Safety and Clinical Performance (SSCP);
- future vigilance data;
- future clinical investigations and performance studies;
- more broadly, all regulatory information describing a single family of devices.
In other words, the Basic UDI-DI is not merely an additional identifier.
It is gradually becoming the key to ensuring the consistency of regulatory data in EUDAMED.
This evolution explains why an error in defining a Basic UDI-DI can now have consequences far beyond the UDI module alone.
It can affect the consistency of certificates, regulatory documents, translations, or future vigilance reports.
The more new modules are added to EUDAMED, the more significant this interdependence will become.
EUDAMED does not merely centralize documents—it links data
For many years, regulatory compliance relied primarily on document management.
Technical documentation.
Clinical evaluation.
Certificates.
Post-market surveillance reports.
Each document had its own lifecycle.
The main challenge was to ensure that each version was approved, archived, and used in accordance with the quality system.
EUDAMED is gradually introducing a different approach.
The documents naturally continue to exist.
But they are now represented by structured data that must remain consistent with one another.
Consider the following example.
A change in the composition of a device family may result in:
- an update to the technical documentation;
- a revision of the certificate;
- a change to the Basic UDI-DI;
- a change to the information recorded in EUDAMED;
- an update to the SS(C)P;
- in the future, implications for vigilance data or PMS reports.
These actions are no longer independent of one another.
They become interconnected consequences of a single regulatory change.
The challenge is therefore no longer merely a matter of documentation.
It is now an organizational challenge.
Why EUDAMED Is Becoming a Key Issue for ISO 13485
This development has received relatively little attention so far.
Yet it will likely have a greater impact on manufacturers than the technical operation of EUDAMED itself.
At first glance, the platform appears to fall exclusively under the purview of Regulatory Affairs.
In practice, using it involves several fundamental requirements of ISO 13485.
Document control.
Control of records.
Definition of responsibilities.
Change management.
Traceability.
Validation of disseminated information.
In other words, EUDAMED is not a new, isolated process.
It cuts across several existing processes within the quality management system.
|
ISO 13485 Requirement |
Impact of EUDAMED |
|
Document Control |
Published data must remain consistent with approved documents. |
|
Responsibilities |
The roles of Quality, Regulatory Affairs, IT, and Translation must be clearly defined. |
|
Change Management |
Any regulatory changes must be reflected in EUDAMED according to a controlled process. |
|
Traceability |
The links between Basic UDI-DI, certificates, technical documentation, and published data must remain consistent. |
|
Records |
Creation, modification, and validation operations must be documented. |
From this perspective, EUDAMED is no longer merely a regulatory portal.
It becomes a cross-functional process within the quality management system.
From document management to regulatory data governance
This evolution reflects a much more profound change.
Historically, most quality systems were built around document control.
The goal was to ensure that every document was:
- approved;
- distributed;
- versioned;
- archived;
- revised when necessary.
This model remains fully valid.
But it is becoming insufficient.
With EUDAMED, compliance also depends on the ongoing consistency of data derived from multiple regulatory processes.
This approach falls more under the purview of data governance than document management alone. Regulatory data therefore becomes a controlled asset, just like the document from which it originates.
Manufacturers will gradually need to address new questions.
Who owns regulatory data?
What is its reference source?
What process triggers its update?
How can we verify that it remains consistent across EUDAMED, technical documentation, certificates, and other internal systems?
These questions go far beyond the operation of EUDAMED.
They concern the very organization of the regulatory function.
Maturity model: Where does your organization stand?
The phased rollout of EUDAMED is leading manufacturers to very different levels of maturity.
|
Level |
Characteristics |
|
Level 1 – Minimal Compliance |
EUDAMED is viewed as a one-time administrative requirement. |
|
Level 2 – Module-based management |
Each module is handled separately, with independent procedures. |
|
Level 3 – Regulatory Coordination |
Data is synchronized across key regulatory processes. |
|
Level 4 – Data Governance |
Responsibilities, reference frameworks, and consistency rules are clearly defined. |
|
Level 5 – Strategic Integration |
EUDAMED is integrated into the quality system and digital tools for managing the device lifecycle. |
Most manufacturers currently fall between Levels 2 and 3.
As the remaining modules come into effect, organizations will need to gradually transition toward true regulatory data governance.
This transition will likely not be mandated by a new provision in the MDR.
It will result naturally from the growing interconnection of the information managed in EUDAMED.
Mistakes Most Manufacturers Still Make When Dealing with EUDAMED
The gradual rollout of EUDAMED’s modules reveals an interesting reality.
The main difficulties faced by manufacturers generally do not stem from the platform itself.
They result from a misunderstanding of its role.
In many organizations, EUDAMED is still viewed as a portal where regulatory information simply needs to be submitted.
This view is gradually becoming outdated.
The platform does not replace existing regulatory processes. It connects them.
The errors observed today therefore relate more to organizational issues than to technology.
|
Common misconception |
Reality |
|
EUDAMED is an independent database. |
Published data is linked to the entire regulatory lifecycle of the device. |
|
Each module can be managed separately. |
The modules share common data, including the SRN and the Basic UDI-DI. |
|
EUDAMED falls solely under the purview of Regulatory Affairs. |
Quality, UDI teams, PMS managers, translation teams, and sometimes IT are also involved. |
|
Once the data is recorded, the work is complete. |
The information must remain consistent throughout the device’s entire lifecycle. |
|
EUDAMED replaces the technical documentation. |
EUDAMED does not replace any regulatory documents; it provides a structured representation of them. |
This last misconception deserves special attention.
The technical documentation remains the reference source demonstrating the device’s compliance.
EUDAMED merely reflects some of this information in a digital format designed to facilitate traceability, transparency, and communication among the various stakeholders.
Conformity therefore does not depend solely on the quality of the documents.
It also depends on the consistency of the data derived from them.
Case Study #1 – An SME Preparing Its First Full Registration in EUDAMED
An SME develops eight Class IIb medical devices.
Until now, regulatory data was primarily managed in Excel spreadsheets, while certificates, technical documentation, and UDI information were scattered across several internal files.
The introduction of EUDAMED has prompted the company to review its organizational structure.
An initial inventory quickly revealed several inconsistencies:
- different names for the same family of devices;
- multiple versions of the same Basic UDI-DI in different documents;
- poorly defined responsibilities between Quality and Regulatory Affairs;
- no specific procedure describing how to update published data.
Ultimately, the main task is not to populate EUDAMED.
It consists of defining a single source of truth for each piece of regulatory data and clarifying the associated responsibilities.
The EUDAMED project thus becomes a data governance project before it is an IT project.
Case Study #2 – An International Manufacturer Facing Lifecycle Management Challenges
A manufacturer markets several hundred medical devices in various countries.
The Quality, Regulatory Affairs, PMS, Vigilance and UDI teams already use separate applications.
When a significant change occurs within a device family, several actions must be coordinated:
- updating the technical documentation;
- revising the certificate;
- updating UDI data;
- revising the SS(C)P when applicable;
- updating the data published in EUDAMED.
The main risk is no longer a documentation issue.
It lies in the desynchronization of multiple systems containing information that should remain perfectly consistent.
In this context, EUDAMED acts as a catalyst.
It does not create the inconsistencies.
It makes them much more visible.
How to Prepare Your Organization Today
The gradual rollout of the remaining modules will not fundamentally change this approach.
Manufacturers can already prepare their organizations by following a few simple principles.
Governance
- Appoint a person responsible for EUDAMED data governance.
- Clearly define responsibilities among Quality, Regulatory Affairs, UDI, PMS, Pharmacovigilance, and IT.
Regulatory Data
- Identify the reference source for each piece of data published in EUDAMED.
- Verify consistency between Basic UDI-DI, certificates, registered devices, and technical documentation.
- Establish rules for updating regulatory data.
Quality System
- Integrate EUDAMED into existing procedures rather than creating a parallel process.
- Update procedures for document management, change management, and data validation.
- Schedule a periodic review of published data.
The goal is not merely to meet current requirements.
It is to have an organization capable of incorporating future modules without having to rebuild all processes.
Mini FAQ
Four modules are now operational. Do manufacturers already need to use EUDAMED?
Yes, for the relevant processes. With the launch of the modules related to economic operators, device registration, notified bodies and certificates, as well as market surveillance, EUDAMED is now an operational reality for a significant portion of regulatory activities.
Does EUDAMED replace the technical documentation?
No. Technical documentation remains the proof of compliance required by the MDR and the IVDR. EUDAMED compiles some of the data from this documentation to ensure its availability, traceability, and sharing among the various stakeholders.
Why has the Basic UDI-DI become so important?
Because it is gradually becoming the central hub for a wide range of regulatory data. Certificates, registered devices, SS(C)Ps, and several future EUDAMED modules rely on this identifier to ensure the consistency of information.
Does EUDAMED require changes to the ISO 13485 quality management system?
In many organizations, yes. Procedures for document control, change management, defining responsibilities, and data validation must now incorporate the activities carried out in EUDAMED.
What is the main strategic mistake manufacturers are making today?
Viewing EUDAMED as merely an IT project or a one-time registration exercise. In reality, the platform is gradually becoming the digital repository for regulatory data, which must remain consistent throughout the entire lifecycle of the devices.
Beyond the gradual rollout of new modules, EUDAMED reflects a broader transformation in European regulations.
For a long time, compliance relied primarily on document management.
Now, it also relies on managing the data that describes these documents and enables them to be linked together.
The launch of four modules thus marks an important milestone. It confirms that the platform is no longer a work in progress, but an operational regulatory environment designed to support the entire lifecycle of medical devices.
For manufacturers, the challenge is no longer simply to use EUDAMED.
It is to establish an organizational structure capable of ensuring, over the long term, consistency between regulatory data, technical documentation, certificates, UDI identifiers, and the quality management system.
It is precisely in this transition—from document control to regulatory data governance—that the future operational requirements of the MDR and the IVDR are taking shape.
Related Resources
- How long does an EUDAMED registration actually take?
- EUDAMED: Upcoming Obligations for Medical Device Manufacturers
- MDCG 2026-4: Why Manufacturers Are Becoming SS(C)P Managers in EUDAMED
- EU Guide: An Overview of EUDAMED and How to Register Your Company
We’re here to help
EUDAMED is no longer just a database. It is gradually becoming the digital foundation for regulatory compliance of medical devices. Anticipating this evolution today means building an organization capable of sustainably supporting the product lifecycle of tomorrow.
CSDmed supports manufacturers in structuring their regulatory data governance, adapting their quality management system, and supporting the operational implementation of EUDAMED.