Selecting the Right Importer Under the EU MDR/IVDR
A Regulatory and Operational Evaluation Framework
Introduction
Under the EU MDR (Regulation (EU) 2017/745) and IVDR (Regulation (EU) 2017/746), the role of the importer has undergone a profound functional and regulatory transformation. Historically, importers operated primarily as logistical intermediaries, focusing on customs clearance, supply chain flow, and commercial distribution. Under the previous regulatory regime (the Medical Devices Directive and In Vitro Diagnostic Devices Directive), importer responsibilities remained largely implicit, loosely defined, and often delegated informally to distributors or authorised representatives.
Today, however, the MDR/IVDR formally establish a distinct regulatory role for importers—one that assigns explicit, legally binding obligations concerning documentation verification, vigilance, post-market surveillance (PMS), traceability, and cooperation with Competent Authorities. As a result, an importer is no longer a peripheral actor in the supply chain but a core regulatory participant. Manufacturers who fail to select a competent importer risk significant regulatory exposure, including nonconformities, delays in market access, enforcement action, and potential suspension from the European market.
This blog provides a comprehensive and academically rigorous methodology for selecting the right importer using the Best Economic Operators (BEO) weighted assessment model. It translates the complex legal requirements of the MDR/IVDR into a structured evaluation framework that manufacturers can apply to assess importer suitability, organisational maturity, and compliance fitness. The ultimate aim is to support manufacturers in selecting importers who not only meet legal obligations but who also contribute positively to the manufacturer’s overall regulatory resilience.
1. The Importer’s Formal Role Under MDR/IVDR
The importer’s regulatory obligations derive from Article 13 of the MDR and IVDR. Unlike the distributor, whose duties relate primarily to verifying that the device is appropriately labelled and has been correctly handled post
placement, the importer is responsible for verifying compliance before the product enters the EU market. This chronological positioning places the importer at a critical point of regulatory control.
The importer must verify that:
The manufacturer has completed the relevant conformity assessment
The device bears CE marking
The EU Declaration of Conformity exists and is accessible
The manufacturer and Authorised Representative have met their obligations, the device is accompanied by required documentation
Labels and instructions for use are present in the necessary languages
Unique Device Identifiers (UDIs) are correctly assigned
The device has been registered in EUDAMED (where applicable)
Correct storage and transport conditions are maintained
Importantly, the importer must not place the device on the market if it has reason to believe that the device is not compliant. The importer therefore serves as a regulatory checkpoint, guarding against the placement of nonconforming devices on the EU market.
This positioning makes importer selection a substantive regulatory decision. Manufacturers who choose importers based solely on commercial interests risk overlooking the stringent regulatory capacity required to manage obligations under the MDR/IVDR.
2. The Legal and Regulatory Significance of Importer Selection
The importer is the first EU-based economic operator to handle the device after it enters the European customs territory. According to Article 13, they must ensure:
traceability
documentation verification
vigilance reporting
cooperation with Competent Authorities
and quality preservation during transport and storage.
Because the importer’s address must be affixed to the device packaging, the importer is a visible and traceable link for market authorities. Should a device be found noncompliant, Competent Authorities will naturally contact the importer as part of their enforcement process.
If an importer has failed to verify documentation or identify inconsistencies— such as incorrect CE marking, missing Declarations of Conformity, or inadequate labelling—the manufacturer will share responsibility for placing a noncompliant device on the market. This dual exposure underscores the importance of selecting an importer whose regulatory capacity extends far beyond logistics.
3. Critical Requirements for Importer Selection
The BEO framework identifies a series of Critical Requirements that are weighted more heavily than other criteria due to their regulatory significance. These must be satisfied for an importer to be considered reliable, competent, and safe from a regulatory perspective.
3.1 Technical Documentation Verification Processes
Technical documentation verification is arguably the most significant importer obligation. It requires that the importer verify:
CE marking correctness
the presence of the EU Declaration of Conformity
the availability of technical documentation upon request
labelling accuracy and language conformity
UDI coherence, including basic UDI-DI and production identifiers
The importer must not treat this as a superficial activity; instead, it should demonstrate a structured process that includes documented checks, version control, access to technical files where appropriate, and a clearly defined escalation mechanism should discrepancies be discovered.
An importer who lacks a systematic verification method should be considered unsuitable for MDR/IVDR operations.
3.2 Vigilance and PMS Reporting Competence
Importers must maintain systems for forwarding complaints, reporting suspected incidents, and supporting the manufacturer’s PMS processes. They are required to:
maintain a register of complaints and recalls
transmit complaints to the manufacturer and AR without delay
cooperate with Competent Authorities during incident investigations.
This demands procedural rigour. The importer must be able to demonstrate:
a defined vigilance SOP
trained personnel
internal timelines aligned with regulatory expectations
capability to manage FSCA notifications
mechanisms for tracking events and resolutions.
If an importer cannot respond quickly and competently to vigilance signals, the manufacturer’s compliance is undermined.
3.3 GDPR Compliance and Data Governance
Because vigilance often involves personal health data—including adverse event descriptions, patient identifiers, or clinician details—importers must adhere to EU GDPR requirements.
Manufacturers should expect importers to demonstrate:
GDPR training
documented privacy policies
appropriate IT controls
confidentiality agreements
secure data transfer mechanisms.
An importer improperly handling personal data exposes both itself and the manufacturer to regulatory penalties and reputational harm.
3.4 PRRC Appointment
While the MDR/IVDR mandate a PRRC for manufacturers and Authorised Representatives, importers often voluntarily appoint PRRCs to strengthen governance. A PRRC at the importer indicates procedural maturity, regulatory competence, and an elevated commitment to compliance. Manufacturers should therefore prioritise importers that maintain this role.
3.5 Regulatory Reputation and Enforcement History
An importer’s past behaviour often predicts future performance. Manufacturers should examine:
any history of Competent Authority observations
involvement in RAPEX alerts
nonconformities identified during inspections
complaints from other manufacturers
evidence of system failures during previous vigilance or recall events
Reputation is a Critical Requirement because it is a direct indicator of the importer’s operational reliability and regulatory competence. A single unresolved incident may signal systemic weaknesses.
4. Quality System Maturity: A Window into Organisational Discipline
Beyond Critical Requirements, manufacturers must evaluate the importer’s quality management system (QMS). Although ISO 13485 certification is not required for importers, maturity in quality management reflects an importer’s ability to manage regulatory responsibilities reliably.
4.1 Evidence-Based QMS Structure
Manufacturers should examine whether the importer maintains:
documented processes and procedures
QMS training programmes
change control processes
supplier evaluation (if the importer delegates storage or logistics)
internal audits
a structured CAPA system.
A mature importer will also have QMS owners, defined responsibilities, and adequate resources.
4.2 Supply Chain Control
An importer must demonstrate competency in supply chain control. This includes the ability to maintain device integrity during transport and storage. Manufacturers should examine:
environmental monitoring records
calibration logs for temperature-controlled storage
deviation reporting
contamination prevention practices.
An importer who mishandles storage attacks the very heart of device safety and performance, especially for sterile, temperature-sensitive, or fragile devices.
4.3 Competency Management
Importers must demonstrate that staff are adequately trained in:
MDR/IVDR obligations
vigilance reporting pathways
verification procedures
device-specific risk profiles
storage and transport requirements.
A sophisticated importer will maintain competency matrices and document periodic refresher training.
5. Operational Capability: The Importer as a Practical Regulatory Actor
In addition to their legal obligations, importers must demonstrate operational competence. Excellent importers exhibit:
reliable communication channels
timely response to requests
robust complaint handling
multilingual capacity
a culture of prompt escalation.
An importer incapable of responding within 48 hours to a Competent Authority request is a liability. Operational delays can trigger regulatory findings, accelerate enforcement action, and harm the manufacturer’s compliance record.
6. Applying the BEO Weighted Evaluation Model
The BEO model provides a structured, evidence-based method for evaluating importers. It assigns higher weight to the most important criteria (Critical Requirements), ensuring that importers cannot “compensate” for a lack of regulatory competence by performing well in lower-risk operational areas.
Under this model:
Critical Requirements each hold substantial weight (5–8%),
Quality system criteria carry medium weight (2–6%),
Operational and communication items hold lower weight (2–4%).
This ensures that importer selection is aligned with regulatory priorities, not commercial convenience. Because the model uses binary scoring (compliant or not), manufacturers can objectively compare multiple importers, defend decisions during audits, and maintain transparency in supplier evaluation.
7. The Importance of Continuous Monitoring
Importer selection is not a one-time activity. Under MDR/IVDR, the importer remains a regulatory actor throughout the lifecycle of the device.
Manufacturers must therefore monitor importer performance periodically, ideally annually, using:
review meetings
updated scoring assessments
vigilance trend analysis
regulatory change reviews
document audits.
Continuous monitoring helps manufacturers detect emerging risks early and adjust their supply chain strategies accordingly.
Conclusion
Selecting an importer under the MDR/IVDR is far more than a commercial exercise; it is a foundational regulatory decision. Importers are critical actors in the verification of compliance, the maintenance of device safety, and the execution of vigilance and PMS responsibilities. An importer that lacks regulatory maturity, operational competence, or quality system structure becomes a source of risk rather than a partner.
Manufacturers who adopt a structured, weighted, and evidence-based evaluation—such as the BEO model—can identify importers capable of fulfilling their obligations effectively and reliably. In an increasingly complex regulatory landscape, such an approach is not simply beneficial but essential for protecting patient safety, maintaining market access, and safeguarding long term compliance.
