Book a Free Consultation
Speak to one of our regulatory and compliance experts to arrange an obligation-free call. Our experienced team is ready to help you get your medical device to market.
UK Office
Regulatory Affairs & Compliance Glossary
Navigating the complex landscape of UK and EU regulations requires a clear understanding of the industry’s specialized language. This comprehensive regulatory glossary provides clear definitions for essential acronyms and terms across the Medical Device (MDR), In Vitro Diagnostic (IVDR), Cosmetic, and PPE sectors. Whether you are preparing a technical file or staying compliant with the MHRA and EMA, use this resource as your go-to reference for regulatory clarity
Compliance Glossary
Author
This glossary is maintained and periodically reviewed by David to ensure all definitions align with the latest MDCG guidance and legislative updates.
His expertise spans across Quality Management Systems (ISO 13485), UKCA marking, and FDA submissions. David founded Patient Guard to provide clear, pragmatic, and accessible regulatory support to medical device companies, ensuring life-saving technologies reach the market safely and efficiently.
Glossary
Updated 7th May 2026
Medical Devices & MDR
CA — Competent AuthorityNational body responsible for enforcing regulations (e.g. MHRA).
CAB — Conformity Assessment BodyBody that performs calibration, testing, and certification.
CAPA — Corrective and Preventive ActionSystem to investigate and solve product/process non-conformities.
CAR — Corrective Action RequestFormal request to address a specific non-compliance.
CFS — Certificate of Free SaleEvidence that goods are normally sold in the exporting country.
CoC — Certificate of ConformityStatement that a product meets required standards.
DHF — Design History FileA compilation of records which describes the design history of a finished device.
DHR — Device History RecordA compilation of records containing the production history of a finished device.
DMR — Device Master RecordA compilation of records containing the procedures and specifications for a finished device.
DoC — Declaration of ConformityManufacturer's declaration that the product meets EU requirements.
EEA — European Economic AreaEU member states plus Iceland, Norway, and Liechtenstein.
eIFU — Electronic Instructions for UseInstructions provided in non-paper format.
EU — European UnionPolitical and economic union of 27 member states.
FSCA — Field Safety Corrective ActionAction taken to reduce risk of health deterioration in the field.
FSN — Field Safety NoticeA manual safety notice delivered to customers regarding an FSCA.
GSPR — General Safety and Performance RequirementsAnnex I requirements for device safety and performance under EU MDR.
IFU — Instructions for UseUser manual/instructions for safe device use.
IFUe — Electronic Instructions for UseInstructions provided in non-paper format (alternative abbreviation).
MEDDEV — Medical Device Guidance DocumentEuropean consensus guidance papers written prior to the MDR.
MIR — Manufacturer Incident ReportForm used to report adverse incidents to authorities.
NB — Notified BodyOrganization designated to assess product conformity.
NCA — National Competent AuthorityMember state's regulatory oversight body.
OBL — Own Brand LabellerCompany placing their brand on another's manufactured device.
OEM — Original Equipment ManufacturerThe actual producer of the device or component.
QMS — Quality Management SystemStructure for ensuring quality (e.g., ISO 13485).
REACH — Registration, Eval. & Auth. of ChemicalsEU regulation on chemical safety.
RoHS — Restr. of Hazardous SubstancesRestricts specific hazardous materials in electronics.
SOP — Standard Operating ProcedureStep-by-step instructions for routine operations.
SRN — Single Registration NumberUnique registration ID in EUDAMED for economic operators.
STED — Summary Technical DocumentationStandardized format for technical files.
SUD — Single-Use DeviceDevice intended for one use on one patient.
TD — Technical DocumentationComplete file proving device compliance.
UDI-DI — Unique Device Identifier – Device IdentifierStatic part of the UDI identifying the manufacturer and model.
UDI-PI — Unique Device Identifier – Production IdentifierDynamic part of the UDI identifying production specific variables like batch or lot.
UKRP — UK Responsible PersonLegal representative for non-UK manufacturers in Great Britain.
Clinical, Risk & Usability
AE — Adverse EventUntoward medical occurrence in a subject, user or other person during a clinical study.
B/R — Benefit-RiskAnalysis of potential gains vs potential risks.
CIP — Clinical Investigation PlanProtocol for a clinical study.
CRA — Clinical Research AssociateTrial monitor ensuring protocol adherence.
CRF / eCRF — (Electronic) Case Report FormData collection tool for trial participants.
CRO — Clinical Research OrganisationOutsourced clinical trial management and support service provider.
FMEA — Failure Modes & Effects AnalysisRisk tool to identify potential failure points.
GCP — Good Clinical PracticeInternational ethical and quality standard for trials.
GHTF — Global Harmonization Task ForceThe predecessor group to the IMDRF focused on global alignment.
HFE — Human Factors EngineeringDesigning for safe and intuitive human use.
IB — Investigator’s BrochureCompilation of clinical and non-clinical data for investigators.
ICF — Informed Consent FormDocumenting a participant's voluntary trial entry.
PICO — Population, Intervention, Comparator, OutcomeA structured framework used to formulate clinical literature search criteria.
PI — Principal InvestigatorPerson responsible for trial conduct at a site.
PSUR — Periodic Safety Update ReportScheduled safety summary for higher-risk devices.
RMF — Risk Management FileRepository for all risk assessment and planning records.
SAE — Serious Adverse EventAdverse event resulting in death, serious injury, or medical intervention.
SOTA — State of the ArtCurrently accepted high-standard technical/clinical practice in industry.
SSCP — Summary of Safety and Clinical PerformancePublic document intended for patients and users explaining clinical data.
SUSAR — Suspected Unexpected Serious Adv. ReactionUnexpected serious trial event.
UI / UX — User Interface / User ExperienceDesign and interaction points for the user.
URS — User Requirement SpecificationList of critical needs for a device or software.
Software & Cybersecurity
AI — Artificial IntelligenceSimulation of human intelligence workflows by computer networks.
AI / ML — Artificial Intelligence / Machine LearningSystems capable of performing intelligence-based tasks.
ALM — Application Lifecycle ManagementGovernance of software from inception to retirement.
CSV — Computer System ValidationProving a computerized system works as intended.
CVE — Common Vulnerabilities and ExposuresPublic list of cybersecurity flaws.
MFA — Multi-Factor AuthenticationSecurity process requiring multiple verification methods.
ML — Machine LearningSub-discipline of AI developing algorithmic pattern analysis networks.
PHI — Protected Health InformationSensitive patient data protected by law.
SaMD — Software as a Medical DeviceSoftware running stand-alone with medical intent without integration into hardware.
SBOM — Software Bill of MaterialsInventory of all software components.
SDLC — Software Development Life CycleThe process for building and testing software.
SOUP — Software of Unknown ProvenanceThird-party software lacking a documented SDLC.
VPN — Virtual Private NetworkEncrypted connection over a less secure network.
Sterilisation & Validation
BI — Biological IndicatorLiving test systems to verify sterilization effectiveness.
EO / ETO — Ethylene OxideChemical gas used for sterilization.
IQ/OQ/PQ — Validation StagesInstallation, Operational, and Performance Qualification.
SAL — Sterility Assurance LevelProbability of survival after sterilization.
VHP — Vaporised Hydrogen PeroxideLow-temp antimicrobial vapor for sterilization.
In Vitro Diagnostics (IVDs)
LDT — Laboratory Developed TestTest designed and used within a single laboratory.
PMPF — Post-Market Performance Follow-upContinuous collection of clinical performance and safety data for an IVD device after market placement.
RUO — Research Use OnlyProduct not intended for clinical diagnostic use.
FDA & International
510(k) — Premarket NotificationSubmission proving substantial equivalence in the US.
CFR — Code of Federal RegulationsThe US federal regulatory rules.
EUA — Emergency Use AuthorizationExpedited authorization mechanism used by the FDA during public health emergencies.
Form 483 — Inspectional ObservationsIssues observed during an FDA site inspection.
MDSAP — Medical Device Single Audit ProgramSingle audit program for multiple countries.
PMA — Premarket ApprovalFDA scientific and regulatory evaluation process for Class III devices.
TGA — Therapeutic Goods AdministrationThe Australian medical regulator.
Quality & Manufacturing
BOM — Bill of MaterialsComprehensive list of parts for manufacturing.
CMO — Contract Manufacturing OrganisationCompany that manufacturers products under contract.
ERP — Enterprise Resource PlanningSoftware for managing business processes.
GMP — Good Manufacturing PracticeQuality standards for consistent production.
KPI — Key Performance IndicatorQuantifiable measure of performance over time.
NC / NCR — Non-Conformance (Report)Documenting when a product doesn't meet requirements.
QA / QC — Quality Assurance / ControlFocus on process and product safety.
RCA — Root Cause AnalysisMethod for identifying the core cause of a problem.
Biocompatibility & Safety
CMR — Carcinogenic, Mutagenic or ReprotoxicSubstances hazardous to health.
Cosmetics
Environmental
ESG — Environmental, Social & GovernanceStandards for a company's operations regarding the planet and society.
WEEE — Waste Electrical & Electronic EquipmentDirective for the collection and recycling of electronics.
Frequently Asked Questions (FAQs)
What is the difference between EU MDR and IVDR?
The EU MDR (Medical Device Regulation 2017/745) applies to general medical devices, ranging from bandages to pacemakers.
The IVDR (In Vitro Diagnostic Regulation 2017/746) specifically governs devices used to test biological samples outside the human body, such as blood tests or COVID-19 kits. Both regulations focus on increasing safety and transparency across the product lifecycle.
Who needs a UK Responsible Person (UKRP)?
If a medical device manufacturer is based outside of the United Kingdom, they must appoint a UK Responsible Person (UKRP) to place their products on the Great Britain market. The UKRP acts as the primary liaison with the MHRA and ensures that the manufacturer has met all technical documentation and registration requirements.
What are the different Medical Device Classifications?
Devices are classified based on their intended use and inherent risk. Class I (low risk) includes items like stethoscopes; Class IIa and IIb (medium risk) include items like dental fillings or infusion pumps; and Class III (high risk) includes life-sustaining devices like heart valves. Higher classifications require more rigorous clinical data and Notified Body oversight.
What is a Person Responsible for Regulatory Compliance (PRRC)?
Under MDR and IVDR, manufacturers must have at least one PRRC within their organization. This individual is legally responsible for ensuring the company complies with manufacturing quality, technical documentation, and post-market surveillance obligations.
How often should a Clinical Evaluation Report (CER) be updated?
A CER is a living document. For high-risk or Class III devices, it typically must be updated annually. For lower-risk devices, it may be updated every 2 to 5 years, or whenever new Post-Market Surveillance (PMS) data significantly changes the benefit-risk profile of the device.
What is the role of a Notified Body (NB) in the EU?
A Notified Body is an independent third-party organization designated by an EU Member State to assess whether a product meets the essential requirements of the MDR or IVDR. They perform audits of the Quality Management System (QMS) and technical files before a CE certificate can be issued.
