Updated: 26th May 2026
Reviewed by: Eleanor Shackleton BSc
The Big Shift: Essential Requirements vs. GSPRs
While the core philosophy remains the same—proving your IVD is safe and performs as intended—the GSPRs expand drastically on what is required. The legacy IVD Directive split its Essential Requirements into two sections (General Requirements and Design/Manufacturing Requirements) across a relatively compact list.
The IVDR Annex I expands this into three distinct chapters spanning 20 comprehensive requirements, many containing highly detailed sub-clauses:
Chapter I: General Requirements (Risk management, life-cycle safety, and elimination of risks).
Chapter II: Requirements Regarding Performance, Design, and Manufacture (Chemical, physical, biological properties, sterilisation, software, and measuring capabilities).
Chapter III: Requirements Regarding Information Supplied with the Device (Labelling and Instructions for Use).
To successfully update your old checklist, you must perform a gap analysis across several core technical categories.
Looking for Current IVDR Requirements?
The IVD Directive (98/79/EC) has been replaced by the In Vitro Diagnostic Regulation (IVDR). For a complete guide to Regulation (EU) 2017/746, including classification, performance evaluation, technical documentation, CE marking and compliance requirements, explore our Complete EU IVDR Guide.
Key Gap Areas When Transitioning Your IVD Checklist
1. Continuous, Iterative Risk Management
Under the old Directive, risk assessment was often treated as a point-in-time exercise completed during design closure. The IVDR changes this completely.
In your updated checklist, your risk management arguments must prove that you operate a continuous, life-cycle process integrated directly with your Quality Management System (QMS). Risks must be reduced “as far as possible” without compromising the benefit-risk ratio, and you must account for predictable misuse throughout the entire expected lifespan of the IVD.
2. Elevated Performance Evaluation and Clinical Evidence
The old Essential Requirements accepted high-level performance data. Under the IVDR, your GSPR arguments must be backed by a formal Performance Evaluation Report (PER).
You must explicitly separate and provide objective evidence for:
Scientific Validity: The association of an analyte with a clinical condition.
Analytical Performance: The ability of the device to correctly detect or measure a specific analyte (sensitivity, specificity, accuracy, limits of detection).
Clinical Performance: The ability of the device to yield results that are correlated with a target clinical condition or a physiological/pathological state in the intended population.
3. Software and Cybersecurity (SaMD)
If your IVD incorporates software, or is a standalone Software as a Medical Device (SaMD), the legacy Directive gave very little guidance. The IVDR addresses this head-on in Chapter II.
Your updated checklist must include robust compliance verification for software life-cycle processes (validation, verification, and configuration management) alongside clear arguments for IT security, cybersecurity protections, and compatibility with mobile platforms or hardware environments.
4. Self-Testing and Near-Patient Testing Nuances
For manufacturers of home testing or point-of-care devices, the technical file burden has risen dramatically. The GSPRs dictate that your design verification must prove the device can be handled easily and safely by the intended lay user at every step.
If you are developing or selling self-testing products, read our specific [Home Testing Kits Regulations & IVDR Compliance Guide] for a deeper breakdown of layperson validation requirements.
5. Rigorous Labelling and IFU Requirements (Chapter III)
Chapter III of the GSPRs introduced highly prescriptive rules for information supplied with the device. Your updated checklist must cross-reference and verify:
The presence of the Unique Device Identification (UDI) carrier on the labelling.
Explicit declarations regarding whether the device is for professional use, near-patient testing, or self-testing.
Electronic Instructions for Use (eIFU) formatting standards and web availability.
Step-by-Step: How to Upgrade Your Technical Checklist
To update your legacy document into an audit-ready IVDR GSPR Checklist, follow this practical workflow:
Map the GSPRs to Your Device: Review Annex I of EU 2017/746 and determine which requirements are “Applicable” or “Not Applicable” to your specific IVD. Every single “Not Applicable” designation must have a thoroughly documented justification.
Perform a Documentation Gap Analysis: Look at your old Essential Requirements list. Where you referenced a single validation report previously, identify whether you now need a comprehensive Clinical Performance study or updated stability testing data.
Align with Harmonised Standards: Reference state-of-the-art standards (such as EN ISO 14971 for risk management and EN ISO 13485 for quality systems) within your checklist columns to justify your compliance methods.
Link Directly to Precise Evidence: Do not just write “Compliant.” Your checklist must specify exact document numbers, revisions, and section numbers within your technical file (e.g., See Performance Evaluation Report, Document PER-004, Revision B, Section 4.2).
Track Transitional Milestones: Ensure your technical documentation updates align perfectly with the evolving regulatory landscape. Check our updated guide on [IVDR Transitional Provisions and Milestones] to make sure your compliance timelines are secure.
Need Expert Support with Your GSPR Transition?
Transitioning an entire legacy technical file from the old Directive to the rigorous standards of the IVDR can be an overwhelming administrative and technical burden. Missing sub-clauses in Annex I or failing to provide sufficient clinical performance data is one of the leading causes of Notified Body delays.
At Patient Guard, we act as your dedicated regulatory partner. Our specialists can conduct a comprehensive gap analysis of your legacy technical files, build your compliance roadmaps, and author audit-ready GSPR checklists that stand up to Notified Body scrutiny.
[Contact Patient Guard Today] to discuss how we can streamline your path to IVDR compliance.
Are you completely new to the European regulations? Read our comprehensive [IVDR for Beginners Guide] before diving into technical file structures.
FAQs
The primary purpose of ISO 13485 is to ensure patient safety and product quality. It does this by establishing a harmonised, risk-based Quality Management System (QMS) specifically tailored for medical device and IVD manufacturers, ensuring that devices remain safe, effective, and consistent throughout their entire lifecycle.
While the first three clauses of the standard cover scope, normative references, and terms/definitions, the actual actionable requirements for your daily operations sit entirely within Clauses 4 through 8. These clauses cover your general QMS framework, management responsibility, resource management, product realisation, and measurement/improvement
ISO 13485 is an international standard that closely aligns with global regulatory expectations, including the US market. While it is not a direct legal requirement by the FDA, the FDA’s Quality System Regulation (QSR) is heavily aligned with it. If you are targeting the US, your product realisation and design controls must be mapped effectively to cover the small but critical differences between the two frameworks.
Mandated under Clause 8, regular internal audits are a crucial regulatory defense mechanism. They ensure your team actively reviews, evaluates, and corrects your own internal quality procedures. This allows you to catch and fix compliance gaps through the CAPA process before an external registrar (like BSI) or a notified body discovers them during a formal certification audit.
Eleanor Shackleton, BSc
Reviewed by
Eleanor Shcackleton, BSc
Clinical & Regulatory Specialist
10+ years in medical device regulatory affairs MDR/IVDR compliance.
Patient Guards Recent Posts

EU Authorised Representative Services for Medical Device & IVD Manufacturers
Selling medical devices or IVDs in Europe? If your company is based outside the EU, appointing an EU Authorised Representative (EC Rep) is a legal requirement under EU MDR 2017/745 and IVDR 2017/746. Patient Guard provides expert EU Authorised Representative services, EUDAMED support, regulatory guidance, and ongoing compliance management to help manufacturers access and maintain the European market with confidence.

Predetermined Change Control Plans (PCCPs): The Future of Agile Compliance for Medical Device Software
Learn how PCCPs help medical device software manufacturers manage updates, support AI systems, and enable agile compliance under evolving MDR and UKCA frameworks.

The AI Act Omnibus Explained: What the 2026 EU Rules Mean for Medical Device and IVD Manufacturers
Discover how the EU AI Act Omnibus affects AI medical devices and IVD manufacturers. Learn about the No Duplication principle, transparency rules, key 2026 and 2028 deadlines, and how MDR and IVDR compliance are converging with AI regulation.