What Changed with IVDR
IVDR replaced IVDD and applies from 26 May 2022. The scope now covers instruments, reagents, kits, and software that guide clinical decisions. Unique Device Identification supports full traceability. Risk based classes A to D drive the conformity route.
Class A covers general lab equipment and specimen containers. Class B covers controls and non critical self testing devices. Class C covers tests for cancer, genetics, infectious disease, or critical screening. Class D covers high public health risk such as transmissible agents that are life threatening.
Evidence, Technical Files and Software Lifecycle
Teams need documented analytical performance, clinical performance, and scientific validity kept current. Performance Evaluation Report and Periodic Safety Update Report maintained and reviewed. Post Market Performance Follow Up plan in place and executed.
Software that qualifies as an IVD falls within scope of IEC 62304. Development planning, requirements analysis, architectural design, unit and integration testing, and maintenance all need traceable documentation across the product lifetime.
Threat and vulnerability assessment tied to patient safety and data integrity. Secure development, code review, and dependency hygiene. Penetration testing and patch plans with clear release notes. Post market signals integrated with incident response.
IVDR requires Unique Device Identification with registration in EUDAMED. For software based IVDs the UDI applies to each distinct version. Version management and release control become regulatory obligations, not just engineering best practice.
Post Market Performance Follow Up
Post market performance follow up is one of the areas where IVDR diverges most sharply from the older IVDD. Teams are expected to have a proactive plan in place, not just a reactive incident log. The PMPF plan needs to define data sources, collection intervals, evaluation criteria, and a clear path from signal to action.
For software based IVDs, practical data sources include field complaint logs, literature reviews, equivalent device surveillance, and operator feedback. Automated dashboards that aggregate post market signals and flag deviations against predefined thresholds make the ongoing review cycle more tractable. SequoiaAT designs these monitoring layers as part of the software platform from the start, not as a separate reporting task appended at the end of development.
Classification Challenges for Combination Products
One of the more vexed questions under IVDR is how to classify software that sits alongside, or is bundled with, a physical analyzer or reagent system. Where software is integral to the device and directly influences the diagnostic output, it typically inherits or shares the class of the overall device. Where software operates independently and meets the IVDR definition of an IVD in its own right, it is classified separately based on its own intended purpose and risk profile.
Teams building laboratory information systems, middleware, or algorithmic decision support tools for diagnostic laboratories frequently need to work through this question with their regulatory advisors before starting technical file preparation. Getting the classification wrong early in a project can lead to significant rework. SequoiaAT works with teams at the classification stage to make sure that the technical architecture and the regulatory pathway are aligned before substantial development investment is made.
Common Questions About IVDR Compliance
When did IVDR apply and what changed from IVDD?
IVDR became applicable on 26 May 2022, replacing the older IVDD directive. It carries significantly higher evidence requirements, introduces risk based classification from Class A to Class D, and extends scope to instruments, reagents, kits, and software that guide clinical decisions.
What does a team need for IVDR software evidence?
Teams need documented analytical performance, clinical performance, and scientific validity kept current, a maintained Performance Evaluation Report and Periodic Safety Update Report, and an executed Post Market Performance Follow Up plan.
What are the IVDR classification levels?
Class A covers general lab equipment and specimen containers. Class B covers controls and non critical self testing devices. Class C covers tests for cancer, genetics, infectious disease, or critical screening. Class D covers high public health risk such as transmissible agents that are life threatening.
How does SequoiaAT help IVD teams with IVDR?
SequoiaAT provides software design and validation aligned with ISO 13485 and IEC 62304, data and algorithm pipelines with audit trails and traceability, threat modeling, test harnesses and deployable hardening guides, dashboards for post market signals and performance trends, and technical file support and migration plans for legacy devices.
What is Post Market Performance Follow Up under IVDR?
PMPF requires a proactive plan, not just a reactive incident log. The plan needs to define data sources, collection intervals, evaluation criteria, and a clear path from signal to action. For software based IVDs, practical data sources include field complaint logs, literature reviews, equivalent device surveillance, and operator feedback.
Can SequoiaAT support IVDR audits and notified body assessments?
SequoiaAT supports technical file preparation and helps teams work through the engineering questions that arise during notified body assessments, producing the technical evidence that audits require.