Is your technical file ready for Notified Body scrutiny?
Whether you’re preparing for an initial CE marking submission, an MDR transition, or a routine surveillance audit, the strength of your technical file will make or break the process.
In this in-depth guide, we’ll explore:
What MDR Annex II really requires
Common mistakes that delay approvals
How to link CER, PMS, and risk management data
Practical steps to get audit-ready
How Patient Guard can help manufacturers succeed
Understanding MDR Annex II Requirements
MDR Annex II outlines exactly what your technical documentation must include. It’s structured to provide a logical, evidence-backed case that your device meets all General Safety and Performance Requirements (GSPRs) in Annex I.
A compliant MDR technical file should contain:
1. Device Description and Specification
This section details your device’s intended purpose, classification, variants, and accessories. It should clearly define the device in a way that aligns with your Instructions for Use (IFU) and any promotional claims.
2. Information Supplied by the Manufacturer
Includes IFUs, labelling, and packaging artwork. These must be consistent with your device description and risk management documentation.
3. Design and Manufacturing Information
Covers all stages of product development and production, including raw material selection, manufacturing processes, and quality control measures.
4. General Safety and Performance Requirements (GSPRs)
A checklist mapping each GSPR to the corresponding evidence in your file. GSPRs should be fully addressed, with clear justifications or references to testing reports, risk assessments, or clinical evidence.
5. Benefit–Risk Analysis and Risk Management
Prepared according to ISO 14971, this section shows how risks are identified, evaluated, and controlled, and how benefits outweigh any residual risks.
6. Product Verification and Validation Data
Includes pre-clinical testing, performance testing, software validation (if applicable), and clinical evaluation evidence.
7. Post Market Surveillance Data
Post Market Surveillance Plan, Post Market Clinical Follow-up Plan, Post Market Surveillance Reports (Class I medical devices), Periodic Summary Update Reports (Class IIa, IIb and III medical devices), PMCF Reports.
💡 Pro Tip: Auditors prefer files that are easy to navigate and logically linked. If they have to hunt for evidence, they may raise non-conformities.
Common Pitfalls in Technical Documentation
Even well-established manufacturers can trip up during Notified Body reviews. The most frequent problems we see at Patient Guard include:
Fragmented documents – Risk files, CERs, PMS reports, and design documents stored separately with no clear referencing.
Outdated content – IFUs, risk assessments, and GSPRs not reflecting the current device configuration.
Incomplete GSPR checklists – Missing links to supporting evidence, or vague statements like “compliant” without proof.
Poor CER structure – Clinical Evaluation Reports that fail to link PMS findings or risk assessments.
Neglecting Annex III requirements – Post-Market Surveillance (PMS) and Post-Market Clinical Follow-up (PMCF) activities not feeding back into the technical documentation.
🔗 Related reading: Post-Market Surveillance Under MDR
Why Linking CER, PMS, and Risk Data is Essential
The MDR adopts a lifecycle approach to compliance. This means your technical file must be continuously updated as new data emerges—not just at initial submission.
1. CER Integration
Your Clinical Evaluation Report should reference risk analysis data, PMS findings, and any PMCF activities. This ensures clinical claims are backed by real-world evidence.
2. PMS Feedback Loops
Post-Market Surveillance is not an afterthought. PMS findings—complaints, trend analysis, vigilance reports—must trigger updates to risk management files and, when relevant, the CER.
3. Risk Management Updates
When new risks are identified (or existing risks change), your ISO 14971 risk management documents must be revised, and those changes should be traceable in the CER and PMS plans.
🔗 Related reading: ISO 14971 Medical Device Risk Management
Practical Steps to Prepare for a Notified Body Audit
A successful audit-ready technical file is not created overnight. Here’s a structured approach that works:
Step 1: Start with an MDR Annex II Checklist
Use a detailed checklist to ensure you’ve addressed every requirement. This prevents last-minute scrambling to find missing documents.
Step 2: Validate Links Between Documents
Ensure that references are consistent across the CER, GSPR checklist, PMS plans, and risk files. Mismatched document codes or dates raise red flags.
Step 3: Align PMS and PMCF
Your Post-Market Surveillance Plan and Post-Market Clinical Follow-up Plan should complement each other and reflect your device’s classification and risk profile.
Step 4: Review for Consistency
Check that every data point—device specifications, intended use, performance claims—is identical across all documents.
Step 5: Conduct a Pre-Audit Review
An independent technical file audit by a regulatory consultant can identify issues before your Notified Body does.
🔗 Related reading: Clinical Evaluation Report MDR Guide
Annex III: Don’t Forget Post-Market Requirements
MDR Annex III requires ongoing PMS, vigilance, and PMCF activities. Failing to integrate these into your technical documentation can result in major non-conformities.
Key Annex III deliverables include:
PMS Plan
PMS Reports (for Class I) or Periodic Safety Update Reports (PSUR) for higher classes
PMCF Plans and Evaluation Reports
Vigilance reporting records
These must all be traceable in your technical file and aligned with your CER and risk management records.
How Patient Guard Supports Manufacturers
At Patient Guard, we specialise in helping medical device manufacturers:
Build or review technical files from scratch
Align documentation with MDR Annexes II & III
Link CER, PMS, and risk data for audit readiness
Prepare for Notified Body and Competent Authority audits
Our services include gap analyses, document drafting, compliance roadmaps, and pre-audit readiness checks. Whether you’re a start-up preparing your first MDR submission or an established manufacturer transitioning from MDD to MDR, we ensure your technical documentation meets the highest standards.
🔗 Explore our Technical File Review Service
Final Thoughts
Your technical file is the core of your MDR compliance. It’s more than a regulatory requirement—it’s your evidence that the device you place on the market is safe, effective, and backed by solid data.
By structuring your file in line with MDR Annex II, keeping it updated with Annex III activities, and ensuring all documents are linked and consistent, you’ll be in a strong position for Notified Body review.
Patient Guard can help you achieve this with expert support, industry best practices, and a proven compliance process.
Frequently Asked Questions (FAQs)
A technical file under the EU MDR 2017/745 is a structured collection of documents that demonstrates your medical device meets all General Safety and Performance Requirements (GSPRs). It contains everything from device descriptions and risk management data to clinical evidence and post-market surveillance plans.
Without a compliant technical file, you cannot achieve or maintain CE marking, and your device cannot legally be sold in the EU. Notified Bodies use this documentation to assess both your product’s compliance and your ongoing regulatory performance.
Your technical file should be treated as a living document—updated whenever there are changes to your device, new clinical or safety data, or updates to applicable standards and regulations.
At a minimum, it should be reviewed and updated as part of your annual Post-Market Surveillance (PMS) activities, and whenever significant changes occur, such as:
Design or manufacturing modifications
New risks identified during PMS or vigilance activities
Changes to labelling, IFUs, or intended purpose
Updates to harmonised standards or guidance documents
The most frequent issues include:
Missing or incomplete General Safety and Performance Requirement (GSPR) evidence
Poorly linked documentation (CER, PMS, and risk files not cross-referenced)
Outdated or inconsistent information across documents
Insufficient clinical evidence to support safety and performance claims
Lack of traceability between test reports, risk controls, and clinical evaluation findings
By ensuring your technical file is complete, consistent, and regularly maintained, you greatly reduce the risk of non-conformities during Notified Body review.
