EUDAMED Mandatory from May 2026: What You Need to Know

After years of “coming soon”, the EU has finally put a fixed date on reality: the first EUDAMED mandatory modules must be used from 28 May 2026.

In its November 2025 announcement, the European Commission confirmed that four of the six EUDAMED modules have now been declared fully functional and will become compulsory to use from that date, ending the long voluntary-use phase for much of the system. (Public Health)

EUDAMED, the EU MDR database, is the central digital backbone for MDR and IVDR. It is designed to pull together device information, economic operator data, certificates, vigilance and market surveillance into one shared platform under Articles 33–34 of the MDR and IVDR. (Public Health)

From May 2026, manufacturers that do not meet EUDAMED registration requirements will be very visible to regulators, Notified Bodies and (in many cases) the public. Relying on national “workaround” systems will no longer be enough.

In this guide, we unpack which EUDAMED mandatory modules are in scope, what data you actually need to upload, how the EUDAMED compliance timeline works, and how to prepare without turning your regulatory team into a permanent data-migration task force.

Need help preparing for EUDAMED compliance? Patient Guard provides full MDR and EUDAMED readiness support, from actor registration to UDI and vigilance integration. Speak to an expert today.

What EUDAMED is (and why it matters for MDR)

EUDAMED is the European Database on Medical Devices. It is the Commission’s central IT system for implementing the MDR and IVDR, and is explicitly required by Articles 33–34 of both Regulations. (Public Health)

In practical terms, EUDAMED is intended to:

  • Centralise device data that is currently scattered across different national systems
  • Improve transparency, by making key device and certificate information publicly accessible
  • Support market surveillance and vigilance, by giving Competent Authorities a common picture of what is on the market and how it is performing

The system is built as six modules:

  1. Actor Registration
  2. UDI/Devices
  3. Notified Bodies and Certificates
  4. Vigilance
  5. Clinical Investigations and Performance Studies
  6. Market Surveillance (Public Health)

Several modules have been live for voluntary use in the production environment for some time. The May 2026 date is the point at which four of them stop being “nice to have” and become compulsory for demonstrating MDR compliance in the EU.

A Commission-sponsored survey of economic operators (manufacturers, authorised representatives, importers and distributors) with data to 31 October 2024 found that only about 5% of participating manufacturers and authorised representatives had not yet registered in EUDAMED. In other words, most of the market has already taken the first step by completing EUDAMED actor registration. (Formiventos)

If you are still firmly in the “we’ll get to it later” camp, the clock is now very loud.

Which EUDAMED modules become mandatory in May 2026?

The Commission’s November 2025 decision and accompanying notice confirm that four EUDAMED mandatory modules will be compulsory from 28 May 2026: (Public Health)

  1. Actor Registration
  2. UDI and Devices
  3. Notified Bodies and Certificates
  4. Market Surveillance

The remaining two modules – Clinical Investigations / Performance Studies and Vigilance – will continue in voluntary use until the Commission issues a separate notice declaring them fully functional and mandatory. (Public Health)

Mandatory use of these four modules applies to all relevant economic operators under MDR:

  • Manufacturers (EU and non-EU)
  • Authorised Representatives
  • Importers
  • System and procedure pack producers

From an MDR-compliance perspective, this is where the rubber meets the road. The EUDAMED mandatory modules become the main route for:

  • Proving that your organisation exists and is correctly identified (Actor module)
  • Demonstrating that your devices and UDIs are properly registered (UDI/Devices module)
  • Linking your devices to valid MDR or IVDR certificates (Notified Bodies & Certificates module)
  • Feeding information into the EU’s Market Surveillance infrastructure (Market Surveillance module)

The EUDAMED implementation timeline: Key dates

To make sense of the EUDAMED implementation 2026 milestone, it helps to zoom out:

  • 2020–2024 – Gradual deployment of modules, starting with Actors and UDI/Devices. Use is voluntary but strongly encouraged; many Competent Authorities already rely on EUDAMED data alongside national systems. (Public Health)
  • 2022–2025 – The Commission runs a multi-year “Study supporting the monitoring of the availability of medical devices on the EU market”, including repeated surveys of economic operators and Notified Bodies to assess readiness, bottlenecks and risks to device availability. (Qarad)
  • 27 November 2025 – Commission Decision and news notice confirming that the first four modules are fully functional and will become mandatory to use from 28 May 2026. (Public Health)
  • 28 May 2026 – Mandatory use of the four core EUDAMED mandatory modules starts for relevant MDR/IVDR activities.
  • 2027–2028 (expected) – Clinical Investigations and Vigilance modules to follow once declared fully functional via separate notices; timelines will be confirmed in future Commission communications. (RegDesk)

The key point: for the first time, the EUDAMED compliance timeline is not hypothetical. Most manufacturers have roughly 18 months from now to get their data, systems and procedures aligned.

Module breakdown: What each mandatory component requires

Actor Registration

The Actor module is the gateway to everything else. Without it, you simply cannot operate in EUDAMED.

It covers:

  • Manufacturers (EU and non-EU)
  • Authorised Representatives
  • Importers
  • System / procedure pack producers

Each economic operator must register in the Actor module and obtain a Single Registration Number (SRN). This SRN uniquely identifies the actor throughout the EU MDR database and is used in Declarations of Conformity, certificates and technical documentation. (Health and Youth Care Inspectorate)

Non-EU manufacturers cannot simply wander in and register themselves. They must do so via their Authorised Representative, who submits the application and maintains the relationship with the national Competent Authority that validates the SRN.

Data you will need to have ready includes:

  • Legal entity details
  • Addresses and contact persons
  • Mandate letters for non-EU manufacturers and their ARs
  • Roles (manufacturer, AR, importer, system/pack producer)

Once your SRN is issued, you can begin device and certificate registration.

UDI and Device Registration

The UDI/Devices module is the beating heart of MDR traceability.

For each device family, manufacturers must upload:

  • Basic UDI-DI and UDI-DI
  • Device name and description
  • Intended purpose and risk class
  • Device nomenclature (EMDN)
  • MDR/IVDR status and applicable conformity route
  • Relevant certificate references

This is where UDI and device registration in EUDAMED becomes very real. Your UDI master data needs to be coherent, consistently structured and aligned with the MDR’s Part C of Annex VI on data elements, as well as the Commission’s UDI guidance and IMDRF principles. (Public Health)

If your organisation has historically treated UDI as “that thing we do for labels”, the mandatory use of this module will quickly expose gaps in governance, master data management and change control.

Notified Bodies and Certificates

The Notified Bodies & Certificates module is populated primarily by Notified Bodies, who must upload:

  • All MDR and IVDR certificates they issue
  • Device types and scopes
  • Validity, expiry, suspensions and withdrawals

Manufacturers are expected to:

  • Cross-check their devices against the certificate information visible in EUDAMED
  • Ensure that device registrations in the UDI/Devices module correctly reference the relevant certificates

From May 2026, disconnected or outdated certificate information in EUDAMED will be a clear warning sign for Competent Authorities and customers.

Market Surveillance

The Market Surveillance module is part of the EU’s effort to coordinate work between national authorities on enforcement, checks and follow-up.

While day-to-day interactions with this module are more likely for regulators than for individual manufacturers, your data still feeds into it via:

  • Device and actor registrations
  • Certificates
  • Vigilance and FSCA information routed through other channels

The key takeaway is that poor data quality in the three “front-line” EUDAMED mandatory modules will directly affect how your devices appear in the EU’s market-surveillance picture.

Who must register in EUDAMED (and when)

Under MDR, economic operator obligations clearly define who is expected to appear in EUDAMED:

  • Manufacturers (EU and non-EU)
  • Authorised Representatives
  • Importers
  • System and procedure pack producers (jazmp.si)

The typical flow looks like this:

  1. The economic operator gathers legal and contact data.
  2. They submit an actor registration request via EUDAMED.
  3. The relevant national Competent Authority reviews and validates the request.
  4. If approved, the operator receives an SRN and can begin registering devices and making use of other modules.

The Commission’s second survey of economic operators (data to 31 October 2024) provides some helpful context:

  • Only about 5% of manufacturers and authorised representatives in the sample were not yet registered in EUDAMED.
  • Around 69% of respondents had fewer than 250 employees, and about 12% were start-ups, showing that SMEs are already highly engaged with EUDAMED implementation. (Formiventos)

In other words, this is not just a “big-company problem”. Smaller firms are already moving, and late adopters will stand out.

Key EUDAMED registration requirements and data obligations

To be ready for the EUDAMED mandatory modules, you should assume you will need at least the following:

Actor data

  • Legal entity information
  • VAT / registration numbers where applicable
  • Contact persons and roles
  • Mandate details for non-EU manufacturers and ARs

UDI and device data

  • Basic UDI-DI and UDI-DI values
  • EMDN codes and risk classes
  • Intended purpose and indications
  • Links to certificates and clinical evidence

Certificate data

  • Notified Body identifiers
  • Certificate numbers, types and scopes
  • Validity, suspensions, withdrawals

PMS and vigilance data

  • Processes and tools for capturing serious incidents, trend reports and FSCAs
  • Data structures that match EUDAMED’s vigilance and surveillance expectations (even before those modules become mandatory)

From a technical perspective, EUDAMED supports structured, machine-readable formats, including XML for bulk uploads and system-to-system interfaces. Many organisations will need to align internal master data with the EUDAMED data dictionaries and schemas. (Public Health)

This is also the point where EUDAMED intersects with your ISO 13485 QMS, ISO 14971 risk management, and clinical and PMS documentation. If your technical files and QMS documents are fragmented or inconsistent, your EUDAMED data will be too.

How to prepare for EUDAMED implementation in 2026

Step 1: Run a data readiness assessment

Start with a sober inventory:

  • List all devices (and variants) you place on the EU market.
  • Map existing UDI data, certificates and technical documentation.
  • Compare that list with current national registrations and your Notified Body’s records.

Any gaps or discrepancies will become painful once you start using the EUDAMED mandatory modules, so better to find them now.

Step 2: Map your economic operators

Under MDR, you almost never operate alone. Map:

  • Manufacturers (including legal entities within your group)
  • Authorised Representatives
  • Importers for each Member State or region
  • System/procedure pack producers, if relevant

Confirm who already has an SRN and who still needs to complete EUDAMED actor registration. Make sure the contractual responsibilities for data entry and maintenance are explicitly documented.

Step 3: Embed EUDAMED into your QMS and PMS

Do not treat EUDAMED as a standalone IT project.

Instead, weave it into:

  • Document control – ensuring changes to intended purpose, indications or design are reflected in UDI and device entries
  • Change control – adding EUDAMED update checks to your change-control forms
  • PMS and vigilance – ensuring incidents, trend reports and FSCAs are captured in a way that supports structured reporting
  • Management review – including EUDAMED data completeness and accuracy as a recurring KPI

This is how you turn EUDAMED implementation 2026 from a data dump into a living part of your compliance system.

Step 4: Test uploads and integrations

Where possible, take advantage of:

  • Sandbox or test environments
  • Bulk-upload templates
  • Vendor tools that already support EUDAMED XML formats

Test with a subset of devices first. Make sure that:

  • UDI trees are correct
  • Certificates link to the right families
  • Actor details are consistent across entries (Public Health)

Step 5: Train your teams

EUDAMED is not just a “regulatory thing”. It touches:

  • Regulatory affairs
  • Quality
  • IT / master data
  • Supply-chain and distribution partners

Define who owns:

  • SRN management
  • Device and certificate data
  • PMS and vigilance uploads

Run short, focused training on how the EUDAMED mandatory modules work and what “good” looks like in terms of data quality.

Common EUDAMED challenges (and how to avoid them)

You are not the first team to wrestle with this system. The same problems keep appearing:

  • Duplicate or inconsistent actor records – caused by inconsistent naming or registration via multiple ARs.
  • Data mismatches – device lists that do not match certificates, or UDI data that does not match the IFU or labels.
  • Missing importer links – devices in EUDAMED with no clear relationship to the right economic operators.
  • Manual data bottlenecks – large portfolios entered by hand, leading to errors and staff burnout.

Practical ways to reduce the pain:

  • Maintain a single master data repository for devices, UDIs, certificates and economic operators.
  • Reconcile device and certificate lists with your Notified Bodies before you upload anything.
  • Build basic validation rules that mirror EUDAMED’s checks (mandatory fields, value ranges, code sets).

What happens if you’re not ready by May 2026?

The Commission has not suggested a dramatic “big red switch” on 29 May 2026, but the direction of travel is clear.

If you are not ready by the time the EUDAMED mandatory modules go live:

  • You may not be able to legally place new MDR/IVDR devices on the EU market, because device and actor registrations are part of your conformity obligations. (Emergo by UL)
  • Competent Authorities can flag non-registration as a finding, request corrective actions, or in serious cases restrict supply.
  • Notified Bodies may question your overall MDR readiness if EUDAMED requirements are clearly ignored.

The EO survey data makes one thing clear: the market is already moving. With only around 5% of surveyed manufacturers and authorised representatives not yet registered, and a strong representation of SMEs (69% with fewer than 250 staff), late adopters are now the exception, not the rule. (Formiventos)

The bigger picture: Transparency, traceability and trust

It is tempting to see EUDAMED as “just another database”. In reality, it is a key part of the MDR’s promise to patients and health systems:

  • Traceability – UDI data, economic operators and certificates stitched together in one system.
  • Transparency – public access to important device and certificate information.
  • Stronger post-market surveillance – shared vigilance and market-surveillance data allowing Member States to spot problems earlier and coordinate responses. (Public Health)

The move to make four EUDAMED mandatory modules operational from May 2026 is the tipping point where this vision becomes operational reality.

Contact Patient Guard to audit your EUDAMED readiness and align your MDR documentation before the May 2026 deadline. We help you connect the dots between SRNs, UDI data, certificates and your ISO 13485 QMS. Get in touch today.

Wrapping up

By 28 May 2026, four EUDAMED mandatory modules will no longer be optional. For MDR and IVDR manufacturers, this changes how compliance is demonstrated in practice:

  • Actor registration and SRNs become basic identity documents.
  • UDI and device registration in EUDAMED becomes the reference point for traceability.
  • Notified Bodies & Certificates provide a public, authoritative view of your certification status.
  • The Market Surveillance module turns this data into regulatory intelligence.

If you start now, you can use the EUDAMED compliance timeline to your advantage: clean up data, streamline processes, and avoid last-minute panic.

If you wait, you will be trying to retrofit data quality into a live regulatory system with a very unforgiving memory. Book a consultation with Patient Guard’s MDR team to build a complete EUDAMED compliance plan, from actor registration and UDI governance through to PMS and vigilance integration. Speak to an expert.

Contact Us

Frequently Asked Questions

The European Commission has confirmed that four modules of EUDAMED will be mandatory to use from 28 May 2026, based on a notice published on 27 November 2025 and the underlying implementing decision. (Public Health)

From 28 May 2026, the following four modules must be used:

    • Actor Registration
    • UDI and Devices
    • Notified Bodies and Certificates
    • Market Surveillance

The Clinical Investigations and Vigilance modules will become mandatory later, once declared fully functional by the Commission. (Public Health)

All relevant economic operators under MDR must register, including manufacturers (EU and non-EU), authorised representatives, importers, and system / procedure pack producers. Non-EU manufacturers register via their authorised representative. Once validated, each actor receives a Single Registration Number (SRN). (Health and Youth Care Inspectorate)

For each device family, manufacturers must upload Basic UDI-DI, UDI-DI, device description, risk class, intended purpose, EMDN codes and relevant certificate references, in line with MDR Annex VI and the Commission’s UDI guidance. (Public Health)

EUDAMED does not replace your QMS or technical documentation; it reflects them. Device, actor and certificate entries must be consistent with your ISO 13485 QMS, risk management under ISO 14971, clinical evaluation, and PMS documentation. Inconsistencies between EUDAMED data and your technical files are likely to trigger questions from Notified Bodies and Competent Authorities.

Yes. Patient Guard supports:

  • Actor registration and SRN strategy
  • UDI and device master-data clean-up
  • Alignment of EUDAMED records with your ISO 13485 QMS and MDR documentation
  • PMS and vigilance integration and readiness for future modules

Patient Guards Recent Posts

CE Marking vs UKCA: 2026 Guide for Manufacturers

January 18, 2026 No Comments

Post-Brexit, many medical device manufacturers are still navigating the split between CE marking and the UKCA mark — and the rules keep evolving. As the MHRA advances its “future regime” for medical devices, regulatory teams face the ongoing challenge of complying with both EU MDR obligations and the UK’s own UK MDR 2002 (as amended) framework.

Read More »

ISO 10993-1:2025 – What’s New in Biological Evaluation

January 12, 2026 No Comments

The newly revised ISO 10993-1:2025 has quietly done something big: it’s turned biological evaluation from a “tick-the-box biocompatibility test list” into a fully integrated risk narrative that regulators now expect to hold together scientifically, from chemistry through to clinical data.

Read More »

Patient Guards Related Services

Patient Guards Regulatory Tools

QA/RA Templates

Facebook
X
LinkedIn

Most Popular

CE Marking vs UKCA: 2026 Guide for Manufacturers

January 18, 2026

Post-Brexit, many medical device manufacturers are still navigating the split between CE marking and the UKCA mark — and the rules keep evolving. As the MHRA advances its “future regime” for medical devices, regulatory teams face the ongoing challenge of complying with both EU MDR obligations and the UK’s own UK MDR 2002 (as amended) framework.

Read More »

ISO 10993-1:2025 – What’s New in Biological Evaluation

January 12, 2026

The newly revised ISO 10993-1:2025 has quietly done something big: it’s turned biological evaluation from a “tick-the-box biocompatibility test list” into a fully integrated risk narrative that regulators now expect to hold together scientifically, from chemistry through to clinical data.

Read More »

UK Responsible Person (UKRP) Requirements & Compliance Guide

December 22, 2025

Since Brexit, appointing a UK Responsible Person (UKRP) has become a core requirement for most non-UK medical device manufacturers entering the Great Britain market. The role looks familiar (it resembles the EU Authorised Representative), but its obligations under the UK MDR 2002 (as amended) are distinct, legally binding, and far more visible to the MHRA.

Read More »
patient guard
Patient Guard

Sign up to our newsletter

Be the first to hear industry news and how Patient Guard can help you.

Speak to one of our regulatory experts

For help with the checklist or other aspects of your compliance journey, please reach out to us at Patient Guard and our experts would be happy to help.

UK Office

Get the Medical Device Technical Checklist

Thank you! The checklist is now ready to download.

Download Now

Speak to one of our medical device consultants

For help with the checklist or other aspects of your compliance journey, please reach out to us at Patient Guard and our experts would be happy to help.

UK Office

Do you need support with Medical Device or IVD compliance?

We can help you!