Regulatory Open Forum

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

You say, "The MDCG guidance document on SSCP uses the 14971:2012 definition of when talking about residual risks and the IFU seems to exclude accepted risks which did not require control".

ISO 14971:2007, EN ISO 14971:2012, and EN ISO 14971:2019 have requirements about when to disclose residual risk, but not where to disclose it. MDR Annex I(23.4)(g) says where to disclose the residual risk.

The MDCG guidance document says that everything disclosed in MDR Annex I(23.4)(g) is also in the SSCP.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

You say, "The MDCG guidance document on SSCP uses the 14971:2012 definition of when talking about residual risks and the IFU seems to exclude accepted risks which did not require control".

ISO 14971:2007, EN ISO 14971:2012, and EN ISO 14971:2019 have requirements about when to disclose residual risk, but not where to disclose it. MDR Annex I(23.4)(g) says where to disclose the residual risk.

The MDCG guidance document says that everything disclosed in MDR Annex I(23.4)(g) is also in the SSCP.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.

Let me offer my opinion

A. Does anyone have any thoughts to what extent this 'treating' means?
There is no special meaning here. It is a synonym for consider. The intent is, "If there are no risk reductions, then consider that the residual risk is the same as the initial risk".

B. Does the MDR expect 'accepted risks treated as residual risks' to be disclosed to users?
Yes, because EU-MDR Annex I(4) requires, "Manufacturers shall inform users of any residual risks". The path to the residual risk (0 risk reductions, 1 risk reduction, … 137 risk reductions, …) is not relevant to informing users.

C. What was the thought behind this new wording in ISO 14971:2019?
The new wording doesn't affect the requirement, it doesn't add anything new. It is one of the clarifications discussed in Clause A.1.

You say, "The MDCG guidance document on SSCP uses the 14971:2012 definition of when talking about residual risks and the IFU seems to exclude accepted risks which did not require control".

ISO 14971:2007, EN ISO 14971:2012, and EN ISO 14971:2019 have requirements about when to disclose residual risk, but not where to disclose it. MDR Annex I(23.4)(g) says where to disclose the residual risk.

The MDCG guidance document says that everything disclosed in MDR Annex I(23.4)(g) is also in the SSCP.

I happen to have copies of ISO 14971 back to the 2000 edition when I became involved in the Joint Working Group that developed the standard. I also have meeting minutes and papers discussing the positions along with the comments and votes. It was interesting and fun to look back at the path traveled to get to the 2019 3^rd edition of ISO 14971.  Looking at our back and forth discussions was also interesting.  The requirement for disclosure has been in the standard since its inception, and has been discussed in the Rationale for all editions, beginning with Amendment 1 in 2003.

It is important to note that ISO 14971 is an international standard and is applies throughout the world, not just one country or region.   It is not developed just to meet one country or regions particular regulatory requirements, but is developed to meet best practices worldwide.  Different regions or countries may add their own requirements. The US FDA accepted ISO 14971:2019 as written with no additional requirements.

The definition of residual risk as it appears in the 2019, 3^rd edition:

3.17

residual risk

risk remaining after risk control (3.21) measures have been implemented

In ISO 14971:2019 no discussion of disclosure of residual risk appears in Clause 7.3 Residual risk evaluation or in 7.4 Benefit-risk analysis.  But, Clause 8 Evaluation of overall residual risk does state:  

If the overall residual risk is judged acceptable, the manufacturer shall inform users of significant residual risks and shall include the necessary information in the accompanying documentation in order to disclose those residual risks.

NOTE 1 The rationale for the disclosure of significant residual risks is given in A.2.8.
NOTE 2 See ISO/TR 24971[9] for guidance on the evaluation of overall residual risk and the disclosure of residual risks.

I recommend that you should look at the Rationale in Annex A which discusses why the particular requirement is in the standard.

ISO 14971:2019  Annex A Rationale for requirements  Clause A.2.8 Evaluation of overall residual risk

The manufacturer is responsible for providing users with relevant information on significant residual risks, so that they can make informed decisions on the use of the medical device. Thus, manufacturers are instructed to include pertinent information on residual risks in the accompanying documentation. However, it is the manufacturer's decision as to what and how much information should be provided. This requirement is consistent with the approach taken in many countries and regions.

ISO TR 24971:20XX [the upcoming version delayed by ISO due to the holiday] Annex D.3 Disclosure of residual risk, is now over a page long and that is too long to quote here.  It does state,  ISO 14971:2019 requires the manufacturer to inform users about significant residual risks. There are examples included, but significant is not defined. Annex H.5 in 24971 includes information on disclosing residual risk for IVD devices.

One of the issues with disclosing all residual risk is the "noise" it creates for the medical professional and patient in making the decision on the appropriateness of use of the device for the patient and their condition, in providing too much and possibly distracting, information.  The manufacturer is considered to be the expert on the intended use of their device and they have the most knowledge on what to disclose for the patient and the medical professional to make that decision.

The other pressure on the manufacturer to make a decision on what to release is product liability.  Product liability cases can be a bigger impact than the regulators due to the large awards made when the court decides the manufacturer made the wrong decision.  

• The EU-MDR's mandatory disclosure of residual risk is not a new requirement relative to the MDD, nor relative to EN ISO 14971:2012, nor (generally speaking*) to ISO 14971:2019 / EN ISO 14971:2019. Indeed, the MDD, the EU-MDR, ISO 14971:2007 / EN ISO 14971:2012 and ISO 14971:2019 / EN ISO 14971:2019 all mandate disclosure of residual risk (see additional details below).

• ISO 14971:2007 and EN ISO 14971:2012 (including its content deviations) permitted the manufacturer to decide which (if any) individual residual risks to disclose, but still demanded disclosure of remaining overall residual risk. In any such disclosures (whether for individual or overall residual risks), the manufacturer was nonetheless given the liberty to decide which particular information (i.e., what to communicate, to whom, the level of detail, the wording, and the means) to include in the mandatory disclosure.

• In ISO 14971:2019 and EN ISO 14971:2019, the prior 2007 / EN 2012 provision attending to disclosure of individual residual risk has been deleted entirely from the individual residual risk clause.

• Some have said that ISO 14971:2019 clause 8 (pertaining to overall residual risk) says, "If the overall residual risk is judged acceptable, the manufacturer shall decide which residual risks to disclose and what information is necessary to include in the accompanying documentation in order to disclose those residual risks". However, neither ISO 14971:2019 nor EN ISO 14971:2019 contain this provision; this is not an accurate statement of ISO 14971:2019 nor EN ISO 14971:2019 requirements for disclosure of residual risk.

• ISO 14971:2019 and EN ISO 14971:2019 don't permit the manufacturer to decide whether or not to disclose overall residual risk. Instead, ISO 14971:2019 and EN ISO 14971:2019 (as did their 2007 / EN 2012 predecessors) demand disclosure of overall residual risk, period.  Indeed, not disclosing overall residual risk is not an option given by ISO 14971.  *However, an interesting adjustment is that the 2019 wording now focuses on "significant" overall residual risk, while the 2007 / EN 2012 versions did not include the adjective "significant".

• ISO/TR 24971:2013 and the impending 2020 version both echo these residual risk disclosure principles.

• Mandatory disclosure of residual risk has always been a requirement under the MDD since the MDD's inception in 1993 and is maintained in the EU-MDR. Moreover, since mandatory disclosure of residual risk has also been a longstanding requirement of ISO 14971, we should be careful about assertions leaving the impression of a general misalignment on this topic between the EU-MDR and ISO 14971.

• The demands for disclosure of residual risk in the MDD and EU-MDR alike are general in nature and thus should be interpreted to require disclosure of individual and overall residual risks.