EU Authorised Representative: A Guide for Non-EU Device Makers

For non-EU medical device manufacturers, placing a product on the European market requires appointing an EU Authorised Representative (AR). Under the Medical Device Regulation (EU) 2017/745 (MDR), this is not a mere administrative formality; it is a critical strategic decision. The MDR elevates the AR from a passive contact point to an active, legally liable partner in the compliance lifecycle. An AR is jointly and severally liable for defective devices, making the selection process a matter of significant regulatory and business risk. This guide provides a comprehensive framework for non-EU manufacturers to understand the full scope of an AR's responsibilities. It moves beyond the basic requirement of having an address in the Union to explore the critical regulatory functions, technical competencies, and contractual safeguards necessary for a successful partnership. For manufacturers of complex devices, such as Class IIb AI-driven diagnostic software, choosing an AR with the right expertise is paramount for navigating the European regulatory landscape and ensuring sustained market access. ### Key Points * **Shared Legal Liability:** Under MDR Article 11, the Authorised Representative is legally liable for defective devices on a joint and several basis with the manufacturer. This fundamentally changes the relationship to one of shared risk. * **Active Verification Duty:** The AR is not a passive agent. They must actively verify that the manufacturer has completed essential compliance steps, including drawing up the EU Declaration of Conformity and technical documentation. * **Critical Link to Authorities:** The AR serves as the primary contact point for EU Competent Authorities and is responsible for managing official communications, documentation requests, and cooperation on corrective actions. * **Vigilance and PMS Role:** The AR plays a crucial role in post-market surveillance (PMS) by receiving and forwarding complaints or reports from users and healthcare professionals to the manufacturer. * **The Mandate is Everything:** A detailed written mandate (contract) is required to define the precise tasks, responsibilities, communication protocols, and liability terms between the manufacturer and the AR. * **Technical Competence is Non-Negotiable:** For innovative devices like Software as a Medical Device (SaMD), the AR must possess the technical and regulatory expertise to understand the product, its risks, and its compliance requirements, including aspects of cybersecurity and data privacy (GDPR). * **Transition Planning is Essential:** Terminating an AR relationship requires a carefully managed process, often involving a tripartite agreement, to ensure uninterrupted market access and proper transfer of regulatory duties. ## The Evolving Role of the EU Authorised Representative The transition from the old Medical Devices Directive (MDD) to the MDR marked a significant shift in regulatory oversight, and the role of the AR is one of the areas with the most profound changes. Understanding these changes is the first step in selecting a qualified partner. ### From Mailbox to Co-Guardian of Compliance Under the MDD, the AR was often seen as a "mailbox" in Europe—a legal entity to list on documentation and receive official correspondence. The MDR has replaced this passive function with a set of active, legally binding responsibilities. The most critical change is the introduction of joint and several liability. This means that if a patient is harmed by a defective device, they can bring a claim against either the non-EU manufacturer or the EU-based AR. This shared risk incentivizes the AR to be deeply involved in verifying the manufacturer's compliance status, as their own business is on the line. ### Core Responsibilities Mandated by MDR Article 11 MDR Article 11 lays out the minimum tasks that must be included in the mandate between the manufacturer and the AR. A competent AR will have robust internal procedures (often as part of their own Quality Management System) to execute these duties effectively. Key responsibilities include: * **Verification of Documentation:** The AR must verify that the EU Declaration of Conformity and the necessary technical documentation have been properly drawn up by the manufacturer. They must also ensure that an appropriate conformity assessment procedure has been carried out. * **Documentation Availability:** The AR must keep a copy of the technical documentation, the Declaration of Conformity, and any relevant certificates issued by a Notified Body. This documentation must be readily available for inspection by Competent Authorities for at least 10 years (or 15 years for implantable devices) after the last device has been placed on the market. * **Cooperation with Authorities:** The AR must comply with any request from a Competent Authority, providing them with all information and documentation necessary to demonstrate a device's conformity. They must also provide device samples or grant access to the device upon request. * **Vigilance Communication:** The AR is responsible for forwarding any complaints and reports from healthcare professionals, patients, or users about suspected incidents to the manufacturer immediately. They must keep the manufacturer informed. * **Corrective Action Support:** The AR must cooperate with Competent Authorities on any preventive or corrective actions taken to eliminate or mitigate risks posed by devices. * **Duty to Terminate:** If the AR believes the manufacturer is acting contrary to its obligations under the MDR, the AR must terminate the mandate and inform the relevant Competent Authority and, if applicable, the Notified Body. ## A Framework for Evaluating and Selecting an EU AR Choosing an AR should be treated with the same diligence as selecting a critical supplier or a Notified Body. A thorough evaluation process is essential to find a partner who can protect your interests and support your commercial success. ### Beyond the Address: Assessing Technical Competence For manufacturers of innovative or high-risk devices, an AR’s technical and regulatory expertise is paramount. For a product like a **Class IIb AI-driven diagnostic software**, the assessment should focus on: * **Specific Device Expertise:** Does the AR have experience with SaMD? Do they understand the nuances of AI/ML validation, cybersecurity requirements under the MDR, and data privacy implications under the General Data Protection Regulation (GDPR)? * **Quality Management System (QMS):** A reputable AR will operate under a robust QMS, ideally certified to ISO 13485. Ask for evidence of their QMS and the procedures they have in place to fulfill their Article 11 responsibilities. * **Regulatory Intelligence:** The European regulatory landscape is constantly evolving with new guidance documents from the Medical Device Coordination Group (MDCG). A proactive AR will monitor these changes and advise their clients on potential impacts. * **Staff and Resources:** Does the AR have sufficient, qualified personnel to manage their client portfolio? A one-person operation may not have the bandwidth or depth of expertise to handle complex issues or regulatory inspections. ### The Mandate Agreement: Your Contractual Shield The written mandate is the legal foundation of the relationship. It should be a detailed, unambiguous document that goes beyond the minimum requirements of Article 11. Key provisions to include are: * **Scope:** Clearly list all devices, including their UDI-DIs, that are covered by the agreement. * **Communication Protocols:** Define specific timelines and methods for vigilance reporting, handling authority requests, and routine communication. For example, specify that the AR must notify the manufacturer of any authority request within 24 hours. * **Liability and Insurance:** While the MDR establishes joint liability, the contract should detail indemnification clauses and require the AR to maintain adequate liability insurance. * **Access to Documentation:** Clarify how the AR will access and maintain the technical documentation. Will they hold a copy, or will they be given secure remote access to the manufacturer's system? * **Confidentiality:** Include strong non-disclosure provisions to protect the manufacturer's intellectual property. * **Termination and Transition:** Clearly outline the process for terminating the agreement, including notice periods and the AR’s obligation to cooperate in transferring responsibilities and documentation to a new AR. ## Scenario: Navigating AR Termination and Transition A manufacturer may need to change its AR for various reasons—the AR is acquired, service levels decline, or costs become unmanageable. Because it is illegal to place a device on the EU market without a designated AR, this transition must be managed seamlessly to avoid business disruption. ### The Critical Steps for a Smooth Transition 1. **Review the Existing Mandate:** Understand the termination clauses, notice periods, and any obligations related to the transition process. 2. **Appoint a New AR:** Fully vet and sign a mandate with the new AR before terminating the existing one. The new mandate should specify the exact date it becomes effective. 3. **Execute a Tripartite Agreement:** The best practice is to have a three-way agreement between the manufacturer, the outgoing AR, and the incoming AR. This contract should clearly define the date of transfer and the responsibilities for transferring all necessary documentation. 4. **Update All Documentation and Labeling:** The manufacturer must update all relevant materials, including the Declaration of Conformity, labeling, packaging, and Instructions for Use (IFU), to reflect the name and address of the new AR. 5. **Update EUDAMED:** The manufacturer must update the device registration in the EUDAMED database to link the device to the new AR. Failing to manage this process correctly can result in products being held at customs or even withdrawn from the market. ## Finding and Comparing EU Authorised Representative Providers When searching for an AR, manufacturers should look for a partner that offers a blend of regulatory expertise, technical competence, and robust operational processes. Create a checklist or a formal Request for Proposal (RFP) to compare potential providers on key criteria: * **Experience and Reputation:** How long have they been in business? Can they provide references from clients with similar devices? * **QMS and Certifications:** Are they ISO 13485 certified? Ask to review their QMS procedures related to AR duties. * **Scope of Services:** Do they offer services beyond the basic AR mandate, such as regulatory intelligence or import support? For SaMD, do they also offer GDPR Representative services? * **Pricing Structure:** Is their pricing clear and transparent? Be wary of providers with very low fees, as they may not have the resources to fulfill their legal obligations properly. * **Communication and Support:** What level of support do they offer? Is there a dedicated point of contact? To find qualified vetted providers [click here](https://cruxi.ai/regulatory-directories/gdpr_art27_rep) and request quotes for free. ## Key Regulatory References Manufacturers should always refer to the official regulatory texts and guidance documents when defining their compliance strategy. While a good AR can provide guidance, the ultimate responsibility for compliance rests with the manufacturer. * **EU Medical Device Regulation (MDR) (EU) 2017/745:** Specifically Article 11, which outlines the role and responsibilities of the Authorised Representative. * **MDCG Guidance Documents:** The Medical Device Coordination Group publishes numerous guidances that clarify aspects of the MDR, some of which pertain to the AR's role. * **General Principles of Quality Management Systems:** While specific to the EU, the principles of a robust QMS are universal. For comparison, manufacturers can look at systems described in U.S. regulations like 21 CFR Part 820. * **Post-Market Surveillance Principles:** The core concepts of vigilance and post-market activities are common across major regulatory systems, and reviewing FDA guidance documents on these topics can provide a broader understanding of regulator expectations. *** This article is for general educational purposes only and is not legal, medical, or regulatory advice. For device-specific questions, sponsors should consult qualified experts and consider engaging FDA via the Q-Submission program. --- *This answer was AI-assisted and reviewed for accuracy by Lo H. Khamis.*