Essential Elements of a One-Page Regulatory and Compliance Strategy

Nobody writes a regulatory strategy that commits them to doing the bare minimum required by regulation to get a product to market and leave compliance activity to the last moment, but in practice this happens far too often. Unfortunately, a sad truth appears to be that when faced with competing pressures to bring a device to market, many innovators will focus on the technology and potential reimbursement without timely regard to compliance.


Demonstrating an appropriate understanding of your regulatory requirements in your early-stage business plan and pitch deck, will differentiate you from competitors, set an appropriate tone and increase your value proposition.


We think a regulatory and compliance strategy should set the tone for your stakeholders to take you seriously. We think it should show that you understand the regulatory and compliance challenges associated with your product and product families in your chosen markets and it should set out how you plan to address these. So, in short we recommend even a one-page strategy evidences:

  • an appropriate understanding of your chosen market pathways and regulatory considerations.
  • confirm your approach to regulation and compliance, and
  • includes a credible roadmap for execution.

 Where there is a potential for ambiguity as to whether the intended use of your products and claims fall within the remit of medical device regulations or not, we think it is important to show adequate and independent consideration to establish a defensible position, especially for well-being software. 

It is also important to be mindful of other compliance activities needed to satisfy potential customers not just of the regulatory activity required to place a product on the market. In the UK this includes compliance with additional NHS standards for patient safety, data privacy, and digital technology. It may include registration with the Care Quality Commission for treatments. Across most jurisdictions data privacy and quality management governance will be required.


Once these parameters are established, a strategy should include credible resourcing and if possible costed plan for execution. Timescales may be difficult to articulate in early stages, but a sensibly staged and prioritised roadmap for execution should be included.


We’ve set out an example of a one-page regulatory and compliance strategy statement for a software as a medical device manufacturer seeking to enter the UK and additional markets with an uncertified quality management system already in place, but feel free to reach out for any help with detailed regulatory and compliance strategy.

Example Regulation and Compliance Strategy Statement

Our regulatory and compliance strategy embodies our focus on patient safety and is designed to ensure compliance with market access requirements.

We will comply with all general safety and performance requirements for our chosen markets. 

We will achieve compliance by doing the right thing at the right time, ensuring our devices is safe and performant for its intended use. We will implement and certify our governance and processes against international standards for quality management, information and cyber security risk management, usability and safe use of artificial intelligence (ISO13485, ISO27001 & ISO42001). 

Our regulatory and compliance roadmap includes placing our device in the UK, United States and European markets. Our device is active, non-invasive software as a medical device with a defined medical purpose and intended use characteristic of clinical decision support.* We have identified predicate devices which will underpin our market access pathways.

We expect our device to be classified as a Class2a device under Rule xx* of the UK Medical Device Regulations and anticipate an external conformity assessment will be required to obtain UKCA marking in accordance with Annex II of MDR.

We expect to be able to enter the US market using a 510(k) pre-market approval pathway.

We expect our device to be classified as a class 2a device under Rule xx* of the EU Medical Device Regulations and anticipate an external conformity assessment will be required to obtain CE marking in accordance with Annex IX of the regulations.

By aligning with internationally recognised standards, we will provide consistent and harmonised assurance to system users and other stakeholders. Where local market requirements require additional compliance, we will also monitor and comply with these requirements. For the UK this includes compliance with the NHS data security protection toolkit, Caldicott data privacy provisions, Care Quality Commission CyberEssentials certification, NHS information Standard DCB129 for health IT manufacturers and the NHS digital technology assessment criteria. 

We have already implemented a quality management system aligned with the ISO13485 standard for medical device manufacturers.

Compliance with regulations underpins our commercial strategy. Our planned compliance activities are summarised in our regulatory roadmap for the next 18 months. Whilst we recognise the milestones for achieving compliance may be subject to change due to external factors including notified body availability and ease of trial recruitment, we are committed to actively maintain a responsible approach that seeks to reduce risks as far as possible to healthcare professionals and minimise potential patient safety risks.

Regulatory, compliance and quality management responsibilities have been clearly assigned to top management and the CEO, Board are ultimately responsible for the execution of this strategy. We have included x* full time equivalent posts within our organisation chart to support our regulatory and compliance activities./We intend to rely on external subject matters experts to support our regulatory activity and have partnered with ISO9001 and ISO27001 accredited regulatory consultants to execute our plan.

*amend as appropriate

Deviceology are here to help… 

Deviceology is here to help make your journey through regulatory and compliance challenges is as smooth as possible and solve the complexities of regulatory compliance. Contact us today at or