IVD Directive Essential Requirements vs. IVDR GSPR: How to Transition Your Checklist

The shift from the In Vitro Diagnostic Directive (IVDD 98/79/EC) to the In Vitro Diagnostic Regulation (IVDR EU 2017/746) represents a fundamental overhaul of how technical files are structured. Under the legacy Directive, manufacturers relied on an Essential Requirements Checklist to demonstrate safety and performance. Under the IVDR, this has been completely replaced by the General Safety and Performance Requirements (GSPRs) found in Annex I. If you are updating a legacy device technical file or migrating a quality management system, you cannot simply copy and paste your old compliance arguments. The GSPRs require a much higher degree of clinical evidence, lifecycle risk tracking, and technical specificity.
IVD

Updated: 26th May 2026

Reviewed by: Eleanor Shackleton BSc

The Big Shift: Essential Requirements vs. GSPRs

While the core philosophy remains the same—proving your IVD is safe and performs as intended—the GSPRs expand drastically on what is required. The legacy IVD Directive split its Essential Requirements into two sections (General Requirements and Design/Manufacturing Requirements) across a relatively compact list.

The IVDR Annex I expands this into three distinct chapters spanning 20 comprehensive requirements, many containing highly detailed sub-clauses:

To successfully update your old checklist, you must perform a gap analysis across several core technical categories.

Key Gap Areas When Transitioning Your IVD Checklist

1. Continuous, Iterative Risk Management

Under the old Directive, risk assessment was often treated as a point-in-time exercise completed during design closure. The IVDR changes this completely.

In your updated checklist, your risk management arguments must prove that you operate a continuous, life-cycle process integrated directly with your Quality Management System (QMS). Risks must be reduced “as far as possible” without compromising the benefit-risk ratio, and you must account for predictable misuse throughout the entire expected lifespan of the IVD.

2. Elevated Performance Evaluation and Clinical Evidence

The old Essential Requirements accepted high-level performance data. Under the IVDR, your GSPR arguments must be backed by a formal Performance Evaluation Report (PER).

You must explicitly separate and provide objective evidence for:

  • Scientific Validity: The association of an analyte with a clinical condition.

  • Analytical Performance: The ability of the device to correctly detect or measure a specific analyte (sensitivity, specificity, accuracy, limits of detection).

  • Clinical Performance: The ability of the device to yield results that are correlated with a target clinical condition or a physiological/pathological state in the intended population.

3. Software and Cybersecurity (SaMD)

If your IVD incorporates software, or is a standalone Software as a Medical Device (SaMD), the legacy Directive gave very little guidance. The IVDR addresses this head-on in Chapter II.

Your updated checklist must include robust compliance verification for software life-cycle processes (validation, verification, and configuration management) alongside clear arguments for IT security, cybersecurity protections, and compatibility with mobile platforms or hardware environments.

4. Self-Testing and Near-Patient Testing Nuances

For manufacturers of home testing or point-of-care devices, the technical file burden has risen dramatically. The GSPRs dictate that your design verification must prove the device can be handled easily and safely by the intended lay user at every step.

If you are developing or selling self-testing products, read our specific [Home Testing Kits Regulations & IVDR Compliance Guide] for a deeper breakdown of layperson validation requirements.

5. Rigorous Labelling and IFU Requirements (Chapter III)

Chapter III of the GSPRs introduced highly prescriptive rules for information supplied with the device. Your updated checklist must cross-reference and verify:

  • The presence of the Unique Device Identification (UDI) carrier on the labelling.

  • Explicit declarations regarding whether the device is for professional use, near-patient testing, or self-testing.

  • Electronic Instructions for Use (eIFU) formatting standards and web availability.

Step-by-Step: How to Upgrade Your Technical Checklist

To update your legacy document into an audit-ready IVDR GSPR Checklist, follow this practical workflow:

  1. Map the GSPRs to Your Device: Review Annex I of EU 2017/746 and determine which requirements are “Applicable” or “Not Applicable” to your specific IVD. Every single “Not Applicable” designation must have a thoroughly documented justification.

  2. Perform a Documentation Gap Analysis: Look at your old Essential Requirements list. Where you referenced a single validation report previously, identify whether you now need a comprehensive Clinical Performance study or updated stability testing data.

  3. Align with Harmonised Standards: Reference state-of-the-art standards (such as EN ISO 14971 for risk management and EN ISO 13485 for quality systems) within your checklist columns to justify your compliance methods.

  4. Link Directly to Precise Evidence: Do not just write “Compliant.” Your checklist must specify exact document numbers, revisions, and section numbers within your technical file (e.g., See Performance Evaluation Report, Document PER-004, Revision B, Section 4.2).

  5. Track Transitional Milestones: Ensure your technical documentation updates align perfectly with the evolving regulatory landscape. Check our updated guide on [IVDR Transitional Provisions and Milestones] to make sure your compliance timelines are secure.

Need Expert Support with Your GSPR Transition?

Transitioning an entire legacy technical file from the old Directive to the rigorous standards of the IVDR can be an overwhelming administrative and technical burden. Missing sub-clauses in Annex I or failing to provide sufficient clinical performance data is one of the leading causes of Notified Body delays.

At Patient Guard, we act as your dedicated regulatory partner. Our specialists can conduct a comprehensive gap analysis of your legacy technical files, build your compliance roadmaps, and author audit-ready GSPR checklists that stand up to Notified Body scrutiny.

[Contact Patient Guard Today] to discuss how we can streamline your path to IVDR compliance.

Are you completely new to the European regulations? Read our comprehensive [IVDR for Beginners Guide] before diving into technical file structures.

FAQs

The primary purpose of ISO 13485 is to ensure patient safety and product quality. It does this by establishing a harmonised, risk-based Quality Management System (QMS) specifically tailored for medical device and IVD manufacturers, ensuring that devices remain safe, effective, and consistent throughout their entire lifecycle.

While the first three clauses of the standard cover scope, normative references, and terms/definitions, the actual actionable requirements for your daily operations sit entirely within Clauses 4 through 8. These clauses cover your general QMS framework, management responsibility, resource management, product realisation, and measurement/improvement

ISO 13485 is an international standard that closely aligns with global regulatory expectations, including the US market. While it is not a direct legal requirement by the FDA, the FDA’s Quality System Regulation (QSR) is heavily aligned with it. If you are targeting the US, your product realisation and design controls must be mapped effectively to cover the small but critical differences between the two frameworks.

Mandated under Clause 8, regular internal audits are a crucial regulatory defense mechanism. They ensure your team actively reviews, evaluates, and corrects your own internal quality procedures. This allows you to catch and fix compliance gaps through the CAPA process before an external registrar (like BSI) or a notified body discovers them during a formal certification audit.

Eleanor Shackleton,  BSc

Eleanor Shackleton, BSc

Reviewed by
Eleanor Shcackleton, BSc
Clinical & Regulatory Specialist 
10+ years in medical device regulatory affairs MDR/IVDR compliance.

Patient Guards Recent Posts

EU Authorised Representative Services for Medical Device & IVD Manufacturers

Selling medical devices or IVDs in Europe? If your company is based outside the EU, appointing an EU Authorised Representative (EC Rep) is a legal requirement under EU MDR 2017/745 and IVDR 2017/746. Patient Guard provides expert EU Authorised Representative services, EUDAMED support, regulatory guidance, and ongoing compliance management to help manufacturers access and maintain the European market with confidence.

Read More »

Patient Guards Related Services

Patient Guards Regulatory Tools

Check out Patient Guards Training Courses

Share this guide:

Most Popular

EU Authorised Representative Services for Medical Device & IVD Manufacturers

Selling medical devices or IVDs in Europe? If your company is based outside the EU, appointing an EU Authorised Representative (EC Rep) is a legal requirement under EU MDR 2017/745 and IVDR 2017/746. Patient Guard provides expert EU Authorised Representative services, EUDAMED support, regulatory guidance, and ongoing compliance management to help manufacturers access and maintain the European market with confidence.

Read More »
patient guard
Patient Guard

Sign up to our newsletter

Be the first to hear industry news and how Patient Guard can help you.

Get the latest updates on medical device regulation

Sign up to our newsletter and we’ll deliver news and insights straight to your inbox.
Patient Guard Regulatory Affairs and Quality Assurance

Get the Medical Device Technical Checklist

Thank you! The checklist is now ready to download.

checklist-tablet