The PRRC Under EU MDR: A Complete Guide for SME Manufacturers

The EU Medical Device Regulation (MDR) has fundamentally reshaped the compliance landscape, establishing the critical role of the Person Responsible for Regulatory Compliance (PRRC) as a cornerstone of a manufacturer's quality management system. While larger organizations may appoint a PRRC from within their ranks, the MDR provides a crucial provision for small and medium-sized enterprises (SMEs) to outsource this function. This has led to the rise of "PRRC as a Service" providers. However, selecting an external PRRC is not a simple procurement task. Recent guidance from the Medical Device Coordination Group (MDCG) has provided significant clarification on the qualifications, availability, and responsibilities expected of this role. For a manufacturer, this raises the stakes for performing thorough due diligence. Effectively evaluating a third-party PRRC service is essential to ensure the chosen partner not only meets the letter of the law but also functions as an integrated and effective part of the manufacturer's compliance framework, safeguarding both patient safety and market access. ### Key Points * **Ultimate Responsibility Remains:** Outsourcing the PRRC function to an external provider does not transfer the manufacturer's ultimate legal liability for device compliance. The manufacturer is always the legally responsible entity. * **"Continuous and Permanent" Availability is Key:** The PRRC must be "continuously and permanently at the disposal" of the manufacturer. This contractual term requires deep scrutiny to ensure it translates to practical, timely access and support. * **Qualifications Are More Than a Checkbox:** Verification must go beyond formal qualifications outlined in MDR Article 15. The PRRC's practical experience must be directly relevant to the manufacturer's specific device class, technology, and risk profile. * **The Service Agreement is Critical:** A robust contract must clearly delineate the specific duties of the PRRC, the responsibilities retained by the manufacturer, and the operational processes for their interaction, including access to the QMS. * **Alignment with MDCG Guidance is Non-Negotiable:** A competent provider must be able to demonstrate how their services, internal procedures, and client agreements have been updated to reflect the latest MDCG guidance on the PRRC role. * **Documentation is Your Proof of Compliance:** Manufacturers must maintain objective evidence and documentation of the PRRC's ongoing involvement and fulfillment of their mandated tasks to withstand scrutiny from Notified Bodies. ## The Core Responsibilities of the PRRC Under Article 15 of the EU MDR, the PRRC is tasked with ensuring, in a verifiable manner, the following five key responsibilities are met. Understanding these duties is the first step in evaluating whether a service provider can adequately fulfill them. 1. **Device Conformity Checks:** The PRRC must ensure the conformity of the devices is appropriately checked against the quality management system under which they are manufactured before a device is released. This involves verifying that manufacturing processes, quality checks, and final release criteria have been met. 2. **Technical Documentation and Declaration of Conformity:** The PRRC is responsible for ensuring the technical documentation and the EU Declaration of Conformity are drawn up and kept up-to-date. This is a central and ongoing task that requires deep engagement with the device lifecycle. 3. **Post-Market Surveillance (PMS) Obligations:** The PRRC must ensure that the manufacturer's post-market surveillance obligations are complied with in accordance with their PMS system. This includes overseeing the collection and analysis of PMS data and the execution of the PMS plan. 4. **Vigilance and Reporting Obligations:** The PRRC must ensure that the reporting obligations for serious incidents and field safety corrective actions (vigilance reporting) are fulfilled as outlined in the MDR. 5. **Compliance for Investigational Devices:** For devices intended for clinical investigations, the PRRC must ensure that the required statement in Annex XV, Chapter II, of the MDR has been issued, confirming the device conforms to the general safety and performance requirements, barring the aspects covered by the investigation. ## A Step-by-Step Framework for Evaluating PRRC Service Providers Manufacturers should adopt a structured, evidence-based approach to vet potential PRRC service providers. This due diligence process should be documented and go far beyond a simple review of a provider's marketing materials. ### Step 1: Verifying Qualifications and Expertise The first step is to confirm the designated PRRC meets the stringent requirements of Article 15. #### **Assessing Formal Qualifications** The MDR provides two pathways for PRRC qualification: * A university degree (or equivalent) in law, medicine, pharmacy, engineering, or another relevant scientific discipline, **and** at least one year of professional experience in regulatory affairs or in quality management systems relating to medical devices. * Four years of professional experience in regulatory affairs or in quality management systems relating to medical devices. **Actionable Due Diligence:** * Request the curriculum vitae (CV) of the specific individual(s) who would be assigned as your PRRC. * Ask for copies of diplomas, degrees, or relevant professional certifications. * Verify that the claimed "professional experience" is directly related to medical device regulatory affairs or QMS, not general quality management in another industry. #### **Scrutinizing Relevant Practical Experience** Formal qualifications are the baseline. True value comes from experience relevant to your specific products. **Critical Questions to Ask:** * "What is your experience with our specific device classification (e.g., Class IIa, Class IIb, Class III) and device type (e.g., software as a medical device (SaMD), implantable devices, sterile devices)?" * "Can you provide anonymized examples or case studies of your work with devices that have a similar technology and intended use to our products?" * "How much experience does the designated PRRC have interacting with Notified Bodies during technical documentation reviews, QMS audits, or conformity assessments?" ### Step 2: Scrutinizing the Service Agreement and Availability The contract is the most critical document defining the relationship. It must be precise and unambiguous. #### **The "Continuously and Permanently at Your Disposal" Clause** This is arguably the most important and most scrutinized aspect of the outsourced PRRC arrangement. It must be contractually guaranteed and operationally feasible. **Critical Questions to Ask:** * "How does your service agreement define 'continuously and permanently at your disposal' in practical terms? Is it defined by specific service level agreements (SLAs) for response times?" * "What is the maximum number of clients a single designated PRRC is assigned to? How do you ensure their capacity is not over-extended?" * "What is the formal backup plan if our designated PRRC is unavailable due to illness, vacation, or resignation? Will a similarly qualified individual be immediately available?" * "Does the contract specify the expected communication channels and frequency of interaction (e.g., scheduled monthly meetings, ad-hoc availability)?" #### **Delineation of Responsibilities** A common failure point is a vague contract that doesn't clearly separate the provider's duties from the manufacturer's retained responsibilities. **Critical Questions to Ask:** * "Can you provide a detailed Responsibility Matrix that clearly outlines which tasks are performed by the PRRC, which are performed by our internal team, and which are collaborative?" * "How does the contract define the PRRC's role in signing the Declaration of Conformity? What is the process and what evidence must be reviewed beforehand?" * "How is the process for PRRC review and approval of technical documentation, PMS reports, and vigilance reports documented within the agreement?" ### Step 3: Assessing Alignment with MDCG Guidance A proactive and high-quality provider stays ahead of the regulatory curve. Their internal processes should reflect the latest official guidance from the MDCG. **Critical Questions to Ask:** * "What is your formal internal process for monitoring, reviewing, and implementing new MDCG guidance, particularly guidance related to the PRRC role?" * "Can you explain how your service agreements and operational procedures have been updated specifically in response to recent MDCG guidance on PRRC qualifications and responsibilities?" * "How will you proactively inform us of new or updated guidance that impacts our devices or QMS, and what support do you provide in interpreting and implementing these changes?" ### Step 4: Evaluating Operational Integration and Documentation The PRRC cannot operate in a vacuum. They must be deeply integrated into your QMS and their activities must be meticulously documented to serve as objective evidence for auditors. #### **Integration with Your Quality Management System (QMS)** The PRRC needs appropriate access and authority to fulfill their duties. **Critical Questions to Ask:** * "What is the proposed method for the PRRC to access our QMS (e.g., secure portal, direct access to eQMS)? How is data security and confidentiality managed?" * "How will the PRRC be integrated into our change control, CAPA, and risk management processes?" * "What is the defined workflow for the PRRC to review and provide input on key documents before they are finalized?" #### **Objective Evidence of Involvement** You must be able to prove to a Notified Body that your PRRC is actively and continuously engaged. **Critical Questions to Ask:** * "What specific records and documentation will you provide to us that demonstrate the PRRC's fulfillment of their mandated tasks (e.g., signed review forms, documented meeting minutes, activity reports)?" * "Can you provide a template of a monthly or quarterly PRRC activity report that we can incorporate into our QMS records?" * "How are the PRRC’s decisions and recommendations documented to create a clear and auditable trail?" ## Strategic Considerations for SMEs Beyond the formal evaluation, SMEs should consider the long-term strategic fit of a PRRC provider. * **Avoid the "Signature for Hire" Trap:** The PRRC role is not a passive, administrative function. A provider who frames their service as simply a "signature service" should be a major red flag. The PRRC must be an active participant in the compliance process. * **Facilitate, Don't Obstruct:** The manufacturer must commit to providing the PRRC with the necessary information, resources, and authority to perform their duties. Hindering access or ignoring recommendations defeats the purpose of the role and increases compliance risk. * **Build a True Partnership:** The relationship should be collaborative. The ideal PRRC provider acts as a strategic partner, offering insights and guidance that strengthen the manufacturer's overall compliance posture, rather than just pointing out deficiencies. ## Key EU/MDCG References When managing the PRRC role, manufacturers and their service providers should continuously refer to the foundational regulatory texts and associated guidance documents. * Regulation (EU) 2017/745 on medical devices (MDR), particularly Article 15, which formally establishes the PRRC role and its requirements. * MDCG Guidance documents related to the Person Responsible for Regulatory Compliance, which provide detailed interpretation on qualifications, responsibilities, and availability. * Relevant MDCG guidance on Post-Market Surveillance (PMS), Vigilance, and other related processes where the PRRC has direct oversight responsibilities. ## Finding and Comparing PRRC as a Service (EU MDR) Providers Selecting the right PRRC service provider is a critical compliance decision. Manufacturers should use the detailed framework and questions outlined in this article to create a formal evaluation scorecard. This allows for an objective, side-by-side comparison of potential partners based on their qualifications, contractual clarity, operational integration, and alignment with regulatory expectations. Look for providers who offer transparent service models, demonstrate deep expertise relevant to your devices, and prioritize building a true compliance partnership. To find qualified vetted providers [click here](https://cruxi.ai/regulatory-directories/prrc_service) and request quotes for free. *** This article is for general educational purposes only and is not legal, medical, or regulatory advice. For device-specific questions, sponsors should consult qualified experts and consider engaging FDA via the Q-Submission program. --- *This answer was AI-assisted and reviewed for accuracy by Lo H. Khamis.*