Selecting the Right Importer Under the EU MDR/IVDR

A Regulatory and Operational Evaluation Framework

 

Introduction

Under the EU MDR (Regulation (EU) 2017/745) and IVDR (Regulation (EU) 2017/746), the role of the importer has undergone a profound functional and regulatory transformation. Historically, importers operated primarily as logistical intermediaries, focusing on customs clearance, supply chain flow, and commercial distribution. Under the previous regulatory regime (the Medical Devices Directive and In Vitro Diagnostic Devices Directive), importer responsibilities remained largely implicit, loosely defined, and often delegated informally to distributors or authorised representatives. 

Today, however, the MDR/IVDR formally establish a distinct regulatory role for importers—one that assigns explicit, legally binding obligations concerning documentation verification, vigilance, post-market surveillance (PMS), traceability, and cooperation with Competent Authorities. As a result, an importer is no longer a peripheral actor in the supply chain but a core regulatory participant. Manufacturers who fail to select a competent importer risk significant regulatory exposure, including nonconformities, delays in market access, enforcement action, and potential suspension from the European market. 

This blog provides a comprehensive and academically rigorous methodology for selecting the right importer using the Best Economic Operators (BEO) weighted assessment model. It translates the complex legal requirements of the MDR/IVDR into a structured evaluation framework that manufacturers can apply to assess importer suitability, organisational maturity, and compliance fitness. The ultimate aim is to support manufacturers in selecting importers who not only meet legal obligations but who also contribute positively to the manufacturer’s overall regulatory resilience. 

1. The Importer’s Formal Role Under MDR/IVDR

The importer’s regulatory obligations derive from Article 13 of the MDR and IVDR. Unlike the distributor, whose duties relate primarily to verifying that the device is appropriately labelled and has been correctly handled post 

placement, the importer is responsible for verifying compliance before the product enters the EU market. This chronological positioning places the importer at a critical point of regulatory control.

The importer must verify that: 

  • The manufacturer has completed the relevant conformity assessment

  • The device bears CE marking

  • The EU Declaration of Conformity exists and is accessible

  • The manufacturer and Authorised Representative have met their obligations, the device is accompanied by required documentation

  • Labels and instructions for use are present in the necessary languages

  • Unique Device Identifiers (UDIs) are correctly assigned 

  • The device has been registered in EUDAMED (where applicable)

  • Correct storage and transport conditions are maintained

Importantly, the importer must not place the device on the market if it has reason to believe that the device is not compliant. The importer therefore serves as a regulatory checkpoint, guarding against the placement of nonconforming devices on the EU market. 

This positioning makes importer selection a substantive regulatory decision. Manufacturers who choose importers based solely on commercial interests risk overlooking the stringent regulatory capacity required to manage obligations under the MDR/IVDR.

2. The Legal and Regulatory Significance of Importer Selection

The importer is the first EU-based economic operator to handle the device after it enters the European customs territory. According to Article 13, they must ensure:

  • traceability

  • documentation verification

  • vigilance reporting

  • cooperation with Competent Authorities

  • and quality preservation during transport and storage.

Because the importer’s address must be affixed to the device packaging, the importer is a visible and traceable link for market authorities. Should a device be found noncompliant, Competent Authorities will naturally contact the importer as part of their enforcement process. 

If an importer has failed to verify documentation or identify inconsistencies— such as incorrect CE marking, missing Declarations of Conformity, or inadequate labelling—the manufacturer will share responsibility for placing a noncompliant device on the market. This dual exposure underscores the importance of selecting an importer whose regulatory capacity extends far beyond logistics.

3. Critical Requirements for Importer Selection 

The BEO framework identifies a series of Critical Requirements that are weighted more heavily than other criteria due to their regulatory significance. These must be satisfied for an importer to be considered reliable, competent, and safe from a regulatory perspective.

3.1 Technical Documentation Verification Processes

Technical documentation verification is arguably the most significant importer obligation. It requires that the importer verify: 

  • CE marking correctness

  • the presence of the EU Declaration of Conformity

  • the availability of technical documentation upon request

  • labelling accuracy and language conformity

  • UDI coherence, including basic UDI-DI and production identifiers

The importer must not treat this as a superficial activity; instead, it should demonstrate a structured process that includes documented checks, version control, access to technical files where appropriate, and a clearly defined escalation mechanism should discrepancies be discovered. 

An importer who lacks a systematic verification method should be considered unsuitable for MDR/IVDR operations.

3.2 Vigilance and PMS Reporting Competence

Importers must maintain systems for forwarding complaints, reporting suspected incidents, and supporting the manufacturer’s PMS processes. They are required to:

  • maintain a register of complaints and recalls

  • transmit complaints to the manufacturer and AR without delay

  • cooperate with Competent Authorities during incident investigations.

This demands procedural rigour. The importer must be able to demonstrate:

  • a defined vigilance SOP

  • trained personnel

  • internal timelines aligned with regulatory expectations

  • capability to manage FSCA notifications

  • mechanisms for tracking events and resolutions.

If an importer cannot respond quickly and competently to vigilance signals, the manufacturer’s compliance is undermined.

3.3 GDPR Compliance and Data Governance

Because vigilance often involves personal health data—including adverse event descriptions, patient identifiers, or clinician details—importers must adhere to EU GDPR requirements.

Manufacturers should expect importers to demonstrate:

  • GDPR training

  • documented privacy policies

  • appropriate IT controls

  • confidentiality agreements

  • secure data transfer mechanisms.

An importer improperly handling personal data exposes both itself and the manufacturer to regulatory penalties and reputational harm.

3.4 PRRC Appointment

While the MDR/IVDR mandate a PRRC for manufacturers and Authorised Representatives, importers often voluntarily appoint PRRCs to strengthen governance. A PRRC at the importer indicates procedural maturity, regulatory competence, and an elevated commitment to compliance. Manufacturers should therefore prioritise importers that maintain this role.

3.5 Regulatory Reputation and Enforcement History

An importer’s past behaviour often predicts future performance. Manufacturers should examine: 

  • any history of Competent Authority observations

  • involvement in RAPEX alerts

  • nonconformities identified during inspections

  • complaints from other manufacturers

  • evidence of system failures during previous vigilance or recall events

Reputation is a Critical Requirement because it is a direct indicator of the importer’s operational reliability and regulatory competence. A single unresolved incident may signal systemic weaknesses. 

4. Quality System Maturity: A Window into Organisational Discipline 

Beyond Critical Requirements, manufacturers must evaluate the importer’s quality management system (QMS). Although ISO 13485 certification is not required for importers, maturity in quality management reflects an importer’s ability to manage regulatory responsibilities reliably. 

4.1 Evidence-Based QMS Structure

Manufacturers should examine whether the importer maintains:

  • documented processes and procedures

  • QMS training programmes

  • change control processes

  • supplier evaluation (if the importer delegates storage or logistics)

  • internal audits

  • a structured CAPA system.

A mature importer will also have QMS owners, defined responsibilities, and adequate resources.

4.2 Supply Chain Control

An importer must demonstrate competency in supply chain control. This includes the ability to maintain device integrity during transport and storage. Manufacturers should examine:

  • environmental monitoring records

  • calibration logs for temperature-controlled storage

  • deviation reporting

  • contamination prevention practices.

An importer who mishandles storage attacks the very heart of device safety and performance, especially for sterile, temperature-sensitive, or fragile devices.

4.3 Competency Management

Importers must demonstrate that staff are adequately trained in:

  • MDR/IVDR obligations

  • vigilance reporting pathways

  • verification procedures

  • device-specific risk profiles

  • storage and transport requirements.

A sophisticated importer will maintain competency matrices and document periodic refresher training.

5. Operational Capability: The Importer as a Practical Regulatory Actor

In addition to their legal obligations, importers must demonstrate operational competence. Excellent importers exhibit:

  • reliable communication channels

  • timely response to requests

  • robust complaint handling

  • multilingual capacity

  • a culture of prompt escalation.

An importer incapable of responding within 48 hours to a Competent Authority request is a liability. Operational delays can trigger regulatory findings, accelerate enforcement action, and harm the manufacturer’s compliance record.

6. Applying the BEO Weighted Evaluation Model

The BEO model provides a structured, evidence-based method for evaluating importers. It assigns higher weight to the most important criteria (Critical Requirements), ensuring that importers cannot “compensate” for a lack of regulatory competence by performing well in lower-risk operational areas.

Under this model:

  • Critical Requirements each hold substantial weight (5–8%),

  • Quality system criteria carry medium weight (2–6%),

  • Operational and communication items hold lower weight (2–4%).

This ensures that importer selection is aligned with regulatory priorities, not commercial convenience. Because the model uses binary scoring (compliant or not), manufacturers can objectively compare multiple importers, defend decisions during audits, and maintain transparency in supplier evaluation.

7. The Importance of Continuous Monitoring

Importer selection is not a one-time activity. Under MDR/IVDR, the importer remains a regulatory actor throughout the lifecycle of the device.

Manufacturers must therefore monitor importer performance periodically, ideally annually, using:

  • review meetings

  • updated scoring assessments

  • vigilance trend analysis

  • regulatory change reviews

  • document audits.

Continuous monitoring helps manufacturers detect emerging risks early and adjust their supply chain strategies accordingly.

Conclusion

Selecting an importer under the MDR/IVDR is far more than a commercial exercise; it is a foundational regulatory decision. Importers are critical actors in the verification of compliance, the maintenance of device safety, and the execution of vigilance and PMS responsibilities. An importer that lacks regulatory maturity, operational competence, or quality system structure becomes a source of risk rather than a partner.

Manufacturers who adopt a structured, weighted, and evidence-based evaluation—such as the BEO model—can identify importers capable of fulfilling their obligations effectively and reliably. In an increasingly complex regulatory landscape, such an approach is not simply beneficial but essential for protecting patient safety, maintaining market access, and safeguarding long term compliance. 

Previous
Previous

Critical Requirements Under MDR/IVDR

Next
Next

How to Choose the Right Authorised Representative (AR) Under EU MDR/IVDR