Subscribe to our Blog

, Experts' Insights , Medical Device Regulations

Compliance with ISO 14971:2019 in the EU

Learn about the 2019 revision of the risk management ISO 14971 standard applicable to medical devices.

Compliance with ISO 14971:2019 in the EU

We interview Matija Rupnik who is the Regulatory Affairs Manager at ArrowFast. Matija tells us about the 2019 revision of the risk management ISO standard applicable to medical devices.

Today, we will be speaking about the ISO 14971 standard, especially the edition that was published in December 2019. But before we get into the new edition, can you tell us generally about the ISO 14971 standard?

ISO 14971 describes the application of risk management to medical devices. It covers the principles and a process for how manufacturers should be performing risk management of medical devices. Medical devices in this scope also includes software as a medical device and even in vitro diagnostic medical devices.

The process described in the standard aims to support manufacturers with identifying the hazards associated with the device,

  • with estimating and evaluating the associated risks,
  • with the control of these risks,
  • with monitoring the effectiveness of the applied controls.

ISO 14791 is intended to be applied to all phases of the life cycle of the medical device. While risk management is generally a part of a quality management system, it is most interesting that this standard does not require a manufacturer to have a quality management system in place.

So, this 2019 edition of the ISO 14971 standard is the third edition. Can you tell us what motivated the new revision?

The 2019 edition of the standard, as well as the technical report ISO/TR 24971:2020 providing guidelines, was published as a result of a vote taken by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2016.

Reasons for the update included:

So, there’s been more than a year since the release of the ISO 14971:2019 standard and it seems reasonable to assume medical device manufacturers are familiar with the changes to risk management that it brought. But, how does the actual standard align with the regulatory requirements as was originally intended?

Well, it fits quite nicely with the ISO 13485 requirements and it is already a recognized consensus standard by the FDA, together with the second edition, which will continue to be accepted till 25th December 2022. When it comes to the EU legislation, things are not so straightforward.

Oh! Tell us more ;)

So, it is usual that there is a three-year transition period following the publishing of a new revision of a standard. This was also expected for the third edition of ISO 14971. Instead, when the version of the standard for the European market was published (indicated by the EN prefix), EN ISO 14971:2019, the foreword stated that this standard shall be given the status of a national standard and any conflicting national standards shall be withdrawn before June 2020. Consequently, EN ISO 14971:2012, the second edition, was withdrawn in June 2020. This left many manufacturers in doubt about whether applying the harmonized 2012 edition of the standard as a presumption of conformity to the Essential Requirements of the EU Medical Device Directive (MDD) was still possible.

Fortunately, the European Commission published that although the status of the second edition was withdrawn, it still has the presumption of conformity in the meaning of regulation. So, conformance with the regulation requirements is still guaranteed by using the withdrawn version of the standard. The presumption of conformity is valid until a corresponding amendment is published in the Official Journal of the European Union.

So, for the medical devices being certified under the MDD, EN ISO 14971:2012 is still a valid harmonized standard.

We know that the EU Medical Device Regulation comes into full force on 26 May 2021. Will the second edition still be a valid harmonized standard after this date?

That’s a good question because from 26 May 2021 certification of medical devices under the MDD will no longer be possible. The expectation of the industry before the EN ISO 14971:2019 standard was published was that this edition will also be harmonized with the EU legislation, therefore replacing its previous edition when the EU MDR replaces the MDD. Unfortunately, this hasn’t happened yet. It is clear that the new EN ISO 14971:2019 standard will not be harmonized with the MDD, but the harmonization with the MDR/IVDR is currently still unclear.

The MDR, in Article 8, specifies that the harmonized standards published in the Official Journal of the European Union shall be presumed to be in conformity with the requirements of the MDR. This means that the option of presumption of conformity is still open, if the standards harmonized with MDR/IVDR are published in the Official Journal. In order for a standard to be harmonized under the MDR, a standardization request has to be agreed between the European Commission and the European Standards organizations, i.e. CEN and CENELEC. The first standardization request for MDR was rejected in June 2020, so a further delay is expected. According to the European Commission Implementing Decision M/565 from May 2020, the MDR/IVDR harmonized standards are to be expected at the latest on 27 May 2024, assuming there are no additional changes in the meantime.

What does this mean for medical device manufacturers?

Well, primarily the presumption of conformity to the General Safety and Performance Requirements (GSPR) of the MDR with the use of a harmonized standard is currently not an option. However, this does not mean that the new standard for Risk Management cannot be used. Following a standard is effectively optional. A manufacturer “only” needs to comply with the requirements of the legislation. Following standards is recommended because they provide nice systematic approaches to the areas they cover. So, ultimately manufacturers just need to show how they cover the requirements for the Risk Management aspects of the MDR in their internal procedures, and using the ISO 14971:2019 can be a great part of it. For me, a good reason to use the third edition is also that it is the latest standard and can therefore be treated as the state of the art, since the MDR generally expects manufacturers to use the state of the art. However, manufacturers should be sure to match to the specific MDR requirements.

Thank you, Matija. As usual, before we end, can you tell our readers how they can get more information about this 2019 revision of ISO 14971?

Of course. If readers want more information then, they can contact the ArrowFast team at and we will answer any of your ISO 14971 questions.


ArrowFast Team

ArrowFast Team

ArrowFast Team - A group of Medical Device Engineering Specialists

  • Mail Linkedin Twitter


Get the latest MedTech posts, news & a monthly newsletter delivered straight to your inbox.


Would you like to talk with our team about developing a new medical device or other MedTech related topics?