Artifact GuideEU

EU Medical Device Regulation QMS and technical file

The EU MDR governs medical devices placed on the EU market, including qualification, classification, conformity assessment, technical documentation, clinical evidence, PMS, vigilance, UDI, and EUDAMED obligations.

Use this page to connect Article 10 QMS controls to the Annex II technical file, Annex III PMS file, clinical evidence, vigilance, UDI records, and notified-body review package.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
5

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

Under the EU MDR, the technical file is not a separate binder from the QMS. Article 10 requires manufacturers to maintain risk management, clinical evaluation, technical documentation, UDI and registration obligations, PMS, vigilance, corrective action, and a QMS that keeps series production and changes under control. Annex II and Annex III describe the records that make those controls reviewable.

Section 1

Connect Article 10 QMS duties to the file

Treat each QMS process as the owner of a technical-file evidence stream. Article 10 ties together design and manufacture, risk management, clinical evaluation and PMCF, technical documentation, UDI and registration, PMS, vigilance, CAPA, supplier control, change management, and communication with authorities and notified bodies.

For each device or device family, the QMS should say who creates the record, who approves it, where the controlled evidence lives, and which Annex II or Annex III section it supports. That makes the technical file a live output of design control, PMS, complaint handling, risk review, and release decisions rather than a document assembled only for certification.

  • Link design-control outputs to Annex II device description, intended purpose, variants, accessories, qualification rationale, classification rationale, manufacturing sites, specifications, labels, and instructions for use.
  • Link risk management, benefit-risk analysis, clinical evaluation, PMCF, verification, validation, software testing, biocompatibility, stability, sterilisation, and performance evidence to the Annex II conformity demonstration.
  • Link PMS planning, complaints, non-serious incidents, serious incidents, trend reporting, field safety corrective actions, PSUR inputs, and corrective actions to Annex III and the QMS procedures that keep those records current.
  • Keep UDI assignment, Basic UDI-DI, UDI lists, EUDAMED registration data, certificates, declarations, and notified-body correspondence under document control because they identify the device being reviewed.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Article 10 is the source for manufacturer duties covering risk management, clinical evaluation, technical documentation, UDI, PMS, vigilance, corrective action, and QMS elements.
Section 2

Build the Annex II and Annex III evidence map

Annex II expects technical documentation to be clear, organised, readily searchable, and unambiguous. A useful evidence map therefore starts with the exact device identity and version, then traces each claim to design, manufacturing, verification, validation, risk, clinical, PMS, UDI, and label records.

Annex III turns PMS into technical documentation. The PMS plan should show how the manufacturer collects and uses complaints, incident data, field safety corrective actions, trend data, literature, registers, user feedback, distributor and importer feedback, and publicly available information about similar devices.

  • Device identity: product name, intended purpose, intended users, patient population, indications, contraindications, variants, accessories, Basic UDI-DI, UDI list, product codes, and similar or previous generations.
  • Design and manufacture: design stages, manufacturing process validation, continuous monitoring, final testing, supplier and subcontractor sites, production controls, calibration records, and release evidence.
  • Safety and performance: applicable GSPRs, rationale for non-applicable GSPRs, standards or common specifications used, controlled documents proving conformity, benefit-risk analysis, and risk-management outputs.
  • Verification and validation: bench, engineering, laboratory, simulated-use, animal, software, biocompatibility, electrical safety, EMC, stability, sterilisation, packaging, measuring-function, connectivity, and performance records where applicable.
  • Clinical and PMS: clinical evaluation plan and report, updates, PMCF plan or justification, PMCF evaluation report, PMS plan, PSUR inputs, trend thresholds, complaint investigation methods, CAPA decisions, and effectiveness checks.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Annex II lists the technical documentation elements; Annex III lists PMS technical documentation, including PMS plan content and PMS report or PSUR outputs.
Recommended next step

Turn MDR QMS controls into reviewable evidence

Use this EU MDR page to map Article 10 QMS owners to Annex II and Annex III evidence, clinical and PMS updates, UDI records, vigilance records, and notified-body review files.

Research workflow
Open Research Copilot

Answer EU MDR scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through implementation

Review your scope, evidence model, controls, and next actions.

Explore next step
Section 3

Control changes before the file drifts

Article 10 requires manufacturers to take timely account of changes in device design or characteristics and changes in harmonised standards or common specifications used to declare conformity. Annex IX also expects QMS documentation to cover design and QMS change management and gives notified bodies a role in assessing substantial changes to the approved QMS or device range.

Change control should therefore start before implementation. The review should decide whether the change affects intended purpose, claims, design, risk controls, clinical evidence, software, materials, supplier controls, sterilisation, packaging, labels, IFU, UDI data, PMS thresholds, certificates, or the conformity assessment route.

  • Require a change impact form that references the affected controlled documents, Annex II/III sections, GSPRs, risk files, clinical evaluation, PMS plan, UDI records, labels, and certificates.
  • Route proposed substantial QMS or device-range changes to the notified-body owner before implementation where the approved QMS or certificate scope may be affected.
  • Update the technical file and QMS together: obsolete specifications, test plans, supplier files, risk controls, software validation evidence, clinical claims, PMS indicators, and UDI data should not remain active after the release decision.
  • Keep the decision trail: change request, impact assessment, approvals, notified-body correspondence, verification and validation evidence, updated declarations or certificates, release approval, and post-release monitoring trigger.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Article 10 and Annex IX ground QMS change control, timely consideration of design and standards changes, and notified-body review of substantial changes.
Section 4

Prepare for conformity assessment and notified-body review

For higher-risk conformity assessment routes, the notified body does not review a marketing summary. Annex IX describes QMS audits, representative technical-documentation sampling for class IIa and IIb devices, technical-documentation assessment for class III and certain class IIb devices, review of clinical evidence, and surveillance after certification.

The file should let a reviewer see that the QMS owns the evidence. That means roles, document control, supplier controls, design controls, PMS inputs, vigilance reports, CAPA, PMCF, clinical evaluation updates, and certificate conditions need to point back to the current device and its approved scope.

  • Before application: confirm the device classification, conformity assessment route, certificate scope, Basic UDI-DI, intended purpose, claims, clinical strategy, and whether the notified body is designated for the relevant device codes.
  • During review: be ready to provide the Annex II/III technical documentation, QMS documentation, clinical evaluation, PMCF plan, PMS plan, risk management file, supplier-control evidence, verification and validation evidence, and any requested additional tests or evidence.
  • After certification: keep surveillance-ready records for PMS findings, PMCF results, risk-management updates, vigilance cases, corrective actions, unannounced audit readiness, sampled technical documentation, and substantial-change decisions.
  • For evidence ownership: assign named process owners for each record family and require cross-references from QMS procedures to controlled technical-file locations.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Annex IX grounds QMS assessment, notified-body audit, technical documentation assessment, clinical evidence review, surveillance, and substantial-change handling.
European Commission - notified bodies for medical devices
Commission source for the role of notified bodies in conformity assessment where third-party intervention is required.
Section 5

Keep UDI, EUDAMED, PMS, and vigilance records aligned

UDI and EUDAMED data are part of the same evidence chain as the technical file. Article 10 requires manufacturers to comply with UDI and registration obligations, Annex II expects Basic UDI-DI or another clear identifier in technical documentation, and Annex III expects PMS methods that can trace devices for corrective action.

The practical control is reconciliation: the device identity in the technical documentation, EU declaration of conformity, certificate, label, IFU, UDI assignment record, EUDAMED entry, complaint file, vigilance report, and field safety corrective action should describe the same device version and scope.

  • Use the Basic UDI-DI and device identifiers as cross-file keys for design history, risk, clinical, PMS, vigilance, certificates, declarations, labels, IFU, and EUDAMED entries.
  • Record which UDI-PI type is used for production control and make sure incident and field safety corrective action reports can identify the affected device units.
  • Reconcile PMS and vigilance findings back into risk management, clinical evaluation, PMCF, CAPA, label or IFU changes, and notified-body communications.
  • Keep EUDAMED actor, UDI/device, certificate, vigilance, PMS, and market-surveillance module obligations owned by documented roles rather than by an informal regulatory inbox.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Grounds manufacturer UDI and registration obligations, UDI use in technical documentation, and PMS/vigilance links to the QMS.
EUDAMED portal
Commission portal source identifying EUDAMED modules for actor registration, UDI/device registration, certificates, vigilance, PMS, and market surveillance.
European Commission - UDI/device registration
Commission source for the requirement that manufacturers submit UDI/device information in EUDAMED for devices placed on the EU market.
MDCG 2022-7 - UDI system Q&A
MDCG guidance source for UDI assignment, Basic UDI-DI, UDI-PI reporting, and UDI use in serious incident and field safety corrective action reporting.
Primary sources

References and citations

EUDAMED portal
webgate.ec.europa.eu
Referenced sections
  • Commission portal source identifying EUDAMED modules for actor registration, UDI/device registration, certificates, vigilance, PMS, and market surveillance.
"EUDAMED is composed of six modules"
European Commission - UDI/device registration
health.ec.europa.eu
Referenced sections
  • Commission source for the requirement that manufacturers submit UDI/device information in EUDAMED for devices placed on the EU market.
"manufacturers submit in EUDAMED the UDI/Device information"
MDCG 2022-7 - UDI system Q&A
health.ec.europa.eu
Referenced sections
  • MDCG guidance source for UDI assignment, Basic UDI-DI, UDI-PI reporting, and UDI use in serious incident and field safety corrective action reporting.
"UDI shall be used for reporting serious incidents"
Regulation (EU) 2017/745 on medical devices
eur-lex.europa.eu
Referenced sections
  • Grounds manufacturer UDI and registration obligations, UDI use in technical documentation, and PMS/vigilance links to the QMS.
"keep up-to-date a list of all UDIs"
Related guides

Explore more topics

Custom-made medical devices under the EU MDR | EU MDR FAQ
Concise EU MDR FAQ on custom-made device definition, mass-produced exclusions, Annex XIII statements, documentation, conformity assessment, PMS, vigilance, and records to retain.
EU MDR Annex II and III Technical Documentation
Build an MDR technical documentation index for Annex II device files and Annex III post-market surveillance evidence, including GSPR, risk, clinical, PMS, UDI, and EUDAMED records.
EU MDR Annex VIII Classification Guide
Classify EU MDR medical devices under Annex VIII using intended purpose, duration, invasiveness, active device and software rules, and conformity assessment impact.
EU MDR Annex XVI products without a medical purpose
source-linked EU MDR guide for Annex XVI products: listed product groups, common specifications, clinical evidence, notified-body route, UDI, EUDAMED, PMS, and vigilance evidence before launch.
EU MDR Applicability Test
Test whether a product, accessory, software function, or Annex XVI product falls under the EU Medical Device Regulation, and record the evidence for the next classification step.
EU MDR change assessment workflow
Assess EU MDR device, design, software, intended purpose, QMS, clinical, PMS, UDI, classification, and notified-body impacts before releasing a medical device change.
EU MDR Checklist for Medical Device Compliance
Practical EU MDR checklist covering qualification, classification, conformity assessment, technical documentation, GSPR, clinical evidence, UDI, EUDAMED, PMS, vigilance, QMS, and legacy transition evidence.
EU MDR classification workflow
A concrete EU MDR classification workflow for intended purpose, device or accessory qualification, Annex VIII rule selection, Rule 11 software review, class outcome, and notified body impact.
EU MDR Clinical Evaluation Overview
EU MDR clinical evaluation overview covering Article 61, Annex XIV, clinical data sources, equivalence, PMCF, CER evidence, notified body review, GSPR, and benefit-risk support.
EU MDR Clinical Evaluation Report Template
A source-linked EU MDR clinical evaluation report template covering intended purpose, GSPR linkage, clinical data appraisal, equivalence limits, PMCF, conclusions, and reviewer signoff.
EU MDR clinical evidence guide
source-linked EU MDR guide to clinical evaluation, clinical investigations, equivalence, PMCF, GSPR support, technical documentation, and notified-body review.
EU MDR compliance obligations
EU MDR compliance guide for device qualification, classification, conformity assessment, QMS, technical documentation, UDI, EUDAMED, PMS, vigilance, and legacy transition controls.
EU MDR conformity route workflow
source-linked EU MDR workflow for classifying a device, choosing the conformity assessment route, preparing technical and QMS evidence, and reaching certificate, DoC, UDI, EUDAMED, and CE outputs.
EU MDR deadlines and compliance calendar
Grounded EU MDR calendar for application, legacy-device transition, UDI, EUDAMED, and recurring QMS, technical documentation, clinical, PMS, vigilance, certificate, and change reviews.
EU MDR Device Classification Guide
Classify an EU MDR medical device by intended purpose, Annex VIII duration, invasiveness, active-device and software rules, then document the conformity route impact.
EU MDR EUDAMED and UDI registration
source-linked MDR guide to Basic UDI-DI, UDI-DI, EUDAMED device registration, actor roles, labels, technical documentation, and UDI data governance.
EU MDR FAQ: qualification, evidence, UDI, and transition
Concise EU MDR FAQ covering device qualification, software classification, accessories, custom-made devices, clinical evidence, UDI, EUDAMED, notified bodies, significant changes, and legacy transition.
EU MDR Legacy Device Transition
source-linked EU MDR legacy device transition guide covering Regulation (EU) 2023/607 conditions, certificate validity, significant-change limits, surveillance, PMS, vigilance, QMS, and evidence records.
EU MDR notified body route selection
Choose an EU MDR conformity assessment route by device class, Article 52 option, notified body designation scope, QMS readiness, technical documentation, clinical evidence, and certificate evidence.
EU MDR penalties and enforcement risk
source-linked EU MDR penalties and enforcement-risk guide covering Article 113, Member State penalty rules, market restrictions, recalls, certificate consequences, and evidence.
EU MDR PMS and Vigilance Guide
EU MDR guide to post-market surveillance, PMCF updates, PMS reports, PSURs, serious incident reporting, FSCA/FSN handling, trend reporting, and evidence records.
EU MDR PMS and vigilance records
source-linked EU MDR guide to PMS plans, PMS reports, PSURs, PMCF updates, serious incident and FSCA reporting, trend reporting, and EUDAMED evidence handling.
EU MDR PMS Plan Template for Medical Devices
A source-linked EU MDR post-market surveillance plan template covering device scope, PMS data sources, PMCF linkage, vigilance, trend reporting, PMSR or PSUR outputs, roles, cadence, and evidence records.
EU MDR QMS requirements under Article 10
EU MDR QMS guide for Article 10 manufacturer controls covering regulatory strategy, design, risk, clinical evaluation, PMS, vigilance, UDI, suppliers, CAPA, and conformity records.
EU MDR qualification and borderline products
EU MDR qualification guide for medical purpose claims, accessories, software, Annex XVI products, and borderline routes to classification and conformity assessment.
EU MDR qualification workflow
A concrete EU MDR workflow for deciding whether a product is a medical device, accessory, Annex XVI product, IVD interface, medicinal-product interface, or non-MDR product before classification and conformity assessment.
EU MDR requirements checklist
Concrete EU MDR requirements for medical-device scope, classification, GSPR, conformity assessment, technical documentation, QMS, clinical evidence, UDI, EUDAMED, PMS, vigilance, and economic-operator records.
EU MDR Rule 11 software classification
Classify MDR medical device software under Rule 11 using intended purpose, diagnosis or therapy decision impact, physiological monitoring, conformity route, clinical evidence, and software-change records.
EU MDR significant changes FAQ: legacy-device transition and notified-body review
FAQ on MDR significant changes for legacy devices, including intended-purpose, design, software, material, sterilisation, clinical, QMS, notified-body, and evidence impacts.
EU MDR Transition Timelines: practical guide
EU Medical Device Regulation guide to Transition Timelines with scope decisions, owner actions, evidence records, source-linked citations, and practical next steps.
EU MDR UDI and EUDAMED registration guide
EU MDR guide to Basic UDI-DI, UDI-DI, UDI carriers, EUDAMED actor and device registration, change impacts, and evidence governance.
EU MDR vigilance reporting workflow
Concrete EU MDR vigilance workflow for incident intake, serious incident assessment, FSCA and FSN handling, trend reporting, EUDAMED caveats, CAPA, PMS, clinical evaluation updates, and records.
How should Basic UDI-DI and UDI-DI be assigned under the EU MDR? | EU MDR FAQ
EU MDR FAQ explaining what Basic UDI-DI and UDI-DI identify, how they connect to UDI carriers, EUDAMED records, change triggers, and retained evidence.
MDR vs AI Act for medical-device software
Compare MDR software qualification, classification, clinical evidence, QMS, PMS, UDI, EUDAMED, and notified-body evidence boundaries against cautiously scoped AI Act overlap.
MDR vs GPSR: medical-device boundary checks
Compare MDR medical-device scope with general product-safety fallback questions for borderline, non-medical, and Annex XVI products.
MDR vs IVDR: medical devices and IVDs compared
Compare EU MDR and IVDR scope, classification, conformity routes, technical documentation, clinical or performance evidence, UDI, EUDAMED, PMS, and vigilance.
MDR vs Product Liability Directive evidence comparison
Compare EU MDR market-access evidence with Product Liability Directive exposure without treating compliance records as a liability outcome.
What should an EU MDR PMCF plan and report cover? | EU MDR FAQ
Under the EU MDR, PMCF is part of PMS and clinical evaluation. See what the plan, activities, report, updates, and retained evidence should cover.
What should manufacturers do when an EU MDR classification changes? | EU MDR FAQ
Concise EU MDR FAQ on classification changes, intended purpose, software, notified-body route impact, certificates, technical documentation, and retained evidence.
When can clinical equivalence be used under the EU MDR?
EU MDR FAQ on clinical equivalence, including technical, biological, and clinical characteristics, access to equivalent-device data, class III and implantable-device limits, clinical evaluation, PMCF, and retained evidence.
When do software or products make medical purpose claims under the EU MDR? | EU MDR FAQ
EU MDR FAQ on medical purpose claims, intended purpose evidence, software qualification, Annex XVI contrasts, and records to keep.
When is a PSUR required under the EU MDR and what should it contain? | EU MDR FAQ
EU MDR FAQ on PSUR scope, content, update cadence, PMS and PMCF links, notified-body handling, EUDAMED submission, and evidence to retain.
When is an accessory regulated under the EU MDR? | EU MDR FAQ
EU MDR FAQ on when an article is a medical device accessory, how intended purpose affects classification, and what evidence to keep.
When is software regulated as SaMD under the EU MDR? | EU MDR FAQ
Concise EU MDR FAQ on software qualification, intended medical purpose, Rule 11 classification, modules, clinical evidence, change assessment, UDI, and EUDAMED.
Which devices need an SSCP under the EU MDR and what should it include? | EU MDR FAQ
EU MDR FAQ on when an SSCP is required, who prepares, validates, uploads, and updates it, and what evidence should support the summary.
Which EUDAMED modules matter under the EU MDR? | EU MDR FAQ
EU MDR FAQ mapping EUDAMED modules to actor registration, UDI/device data, certificates, clinical investigations, vigilance/PMS, market surveillance, and practical records.