Quality | Security | Privacy | Regulatory
Full lifecycle compliance, with the platform to back it up.
We guide regulatory pathways and build your technical file.
We support PMS, vigilance reporting, and indication expansion.
Securely manage UDIs and economic operator documentation flows.
Everything you need to bring your device to market with confidence.
When developing digital healthcare solutions, regulations and standards can feel complex. A strong regulatory strategy helps identify the most efficient pathway while ensuring every requirement is met with clarity.
As healthcare data becomes more digital, real-time threats to digital health solutions increase. A robust cybersecurity and privacy framework protects data, supports compliance, and strengthens trust in daily usage.
Digital healthcare solutions rely on personal health data across development, testing, and use. We help organisations build clear procedures and documentation that meet security, privacy, and governance requirements.
Digital healthcare solutions, such as SaMD, SaIVD and High-Risk AI systems, evolve after launch with new features, model updates, and patches. We manage each change through regulatory, clinical and quality oversight.
Management systems support quality, AI and information security needs, including ISO 13485, MDSAP, ISO/IEC 42001, EN 18286, ISO/IEC 27001 and NEN 7510-1. We help implement them with practical procedures and records.
Bringing digital healthcare solutions to new markets adds regulators, classification rules, evidence expectations, and local representation duties. We help teams manage regional requirements with clear documentation.
Everything you need to stay compliant once your device is on the market.
Regulatory compliance extends beyond the manufacturer to importers, distributors, authorised representatives, repackers, and relabelers. We help define and document each operator’s duties across the full supply chain
If EUDAMED or GUDID registrations are difficult to manage, our secure, in-house MDIS solution helps you complete and maintain UDI registrations with structured data, traceability, and regulatory support and review.
Audits can cover internal processes, suppliers, due diligence, FDA mock readiness, MDR / IVDR quality systems, ISO 13485, ISO/IEC 27001, and NEN 7510-1. Our auditors execute audits and support external audit reviews.
Once a digital healthcare solution is on the market, post-market data may reveal valuable insights, including unexpected adverse events. We support assessment, documentation, and reporting to regulatory authorities.
We provide interim support for key roles, including DPO, PRRC, and quality, regulatory, and information security experts. This helps maintain oversight, continuity, and compliance where specialist capacity is needed.
Healthcare software deals depend on what diligence finds or misses. We assess regulatory exposure, classification, documentation, and post-market duties so risks are clear before acquisitions or investments close.
Our clients share their experiences of working with us, highlighting regulatory guidance, quality processes, and teamwork throughout the medical device lifecycle
We had the pleasure of working with MedQair to achieve two critical certifications for our business — ISO 27001, which we obtained in just six months, and subsequently ISO 13485. Their team proved to be extremely efficient, highly collaborative, and consistently dependable throughout the entire process.
MedQair’s structured approach and hands-on support made a complex journey feel smooth and achievable. We greatly value their partnership and would wholeheartedly recommend them to any company aiming for rigorous compliance and quality standards.
MedQAIR are an extremely knowledgable, and skillful company that is able to translate complex legislation into workable, practical procedures. They've helped us turn around a multi-year dragging process with another consultant into getting the ISO 13485 certificate in less than nine months (and now just waiting for the final approval on our CE-MDR class IIb certificate).
We have been working with Leon over a year and Ivo over six months and we could not be more happy with their work. Without MedQAIR this would never be possible.
Ivo and Leon provided indispensable guidance and support on formulating and evidencing our project teams management of the Security risks of our product in order to submit for FDA submission. Their subject knowledge, experience, diligence and all round service professionalism were excellent and very influential on our successful approval.
Their combination of talents and experience complement each other well providing broad, practical and objective advice and direction. They are flexible, responsive in their availability and delivery and transparent regarding budgets and invoicing. I am very much looking forward to working with them again.
Ivo and Leon from MedQAIR were a huge help in getting us ISO 27001 certified really quickly. They really know their stuff when it comes to medical devices, medical software, and (cyber)security.
Super professional but also easy to work with — they made the whole process very smooth. Would definitely recommend them if you're in the medical field and need help with certifications.
Working with everyone at MedQAIR is a delight. Their deep understanding of the regulatory landscape and unwavering support has helped us tremendously to elevate our whole QMS. Highly recommended!
Bilihome worked together with the team of MedQAIR on our cybersecurity. The team was highly competent, flexible, and really helped us and move forward with their knowledge.
We worked with Leon Doorn of MedQair on our ISO 27001 and NEN7510 certification in 2024. Leon was instrumental in developing our certification strategy and execution and presented as a true colleague in our team. Well done! We continue to work with MedQair for our ongoing regulatory and compliance efforts.
We had an amazing experience collaborating with Medqair on our ISO 13485 QMS audit and the Technical Documentation review for a Class IIa medical device. They joined at a later stage, when we were facing a regulatory bottleneck and looking for answers. They adapted quickly to an ongoing process and, frankly, saved the situation.
Explore our blog posts on MDR, IVDR, and AI Act compliance to stay ahead of regulatory changes.
Find answers to common questions about our services, compliance processes, and how we can assist your business.
As a first step, it is important to document what your product will be used for carefully (its ‘intended purpose’ or ‘intended use’ and ‘indications for use’), and what claims will be associated with the product. Based on that information, it is highly recommended to document a regulatory strategy, assess whether local legislation may apply to the product, and determine how the product is classified under such legislation (‘product qualification and classification’).
The landscape of digital legislative frameworks is becoming increasingly complex, and often more than one legislative instrument may apply. For example, in the European Union, a product may qualify as a medical device (SaMD, SaIVD, SAIeMD), and or artificial intelligence system (potentially being High-Risk), and be subjected to medical device legislation (MDR 2017/745 or IVDR 2017/746), artificial intelligence legislation (AI Act 2024/1689) and healthcare interoperability legislation (EHDS 2025/327).
The applicable legislation may be supported by various standards and guidance documents, which set out further requirements applicable to the product.
Having a thorough understanding of all these aspects is important prior to the start of the development of a product, to ensure that by the end of the development process, all regulatory requirements have been met.
The European Union is today our home market, where we maintain close contact with Notified Bodies, and especially those that are experienced in the field of SaMD’s and SaIVDs.
However, we do have significant expertise in other regulatory jurisdictions too, especially in the field of software as a medical device (SaMD, SaIVD). We have supported multiple types of FDA submissions throughout our individual careers, such as Pre-submissions, 510(k)’s, 510(k)’s subject to special controls, such as reader-studies (MRMC), De Novo applications, PMA submissions, and 513(g)’s.
We have also performed applications in other regulatory jurisdictions and supported the implementation of MDSAP-compliant management systems.
Digital healthcare solutions, and especially Artificial Intelligence-enabled medical devices (AI/ML-enabled medical devices) require extensive post-market surveillance activities. These technologies can have a direct, but more often an indirect impact on the health and safety of human beings. Implementation of robust post-market surveillance and post-market monitoring systems is crucial to detect abnormal behaviour, which may have several causes, such as but not limited to performance drift. Similarly, it is important to monitor the security of products after they have been released onto the market.
This applies not only to medical devices and in vitro medical devices, but also applies to Artificial Intelligence systems. Similarly, all other digital products are subject in Europe to the Cyber Resilience Act (2024/2847).
Other services we can support companies with are their EUDAMED registration process, continued Management System improvement processes (e.g., audits, due diligence activities, interim PRRC and DPO roles, etc).
Simply put, MDIS is a smart document sharing platform. It allows organizations to drastically reduce duplicate efforts in keeping interested parties informed on documentation relevant to their organization.
As an example, medical device distributors must, per MDR and IVDR article 14 receive and verify parts of the technical documentation, such as the accompanying information (i.e., the Instructions for Use). Individual alignment with each manufacturer, and obtaining the latest version of documentation with each manufacturer may be a time-consuming task. Instead of aligning with each individual distributor, the manufacturer simply uploads their documentation once and can share it with all their interested parties in a single action. Verification of the documentation is automatically logged within the system to support compliance.
The system tracks both at the Basic UDI and UDI-DI level, and further includes the option to generate automated exports for entering into EUDAMED, where manual entry into EUDAMED will no longer be required. In due time, we aim to integrate other databases such as Swissdamed, GUDID, UK databases, etc.
We offer Quality, Regulatory, and Information Security services to the full Economic Operator Chain as defined within legislation. In addition, our MDIS solution can be used by any Economic Operator too, as it is intended to connect Economic Operators to one another.
You can request a consultation with the MedQAIR team members by reaching out through our MedQAIR contact page or by emailing us via the contact information provided on the website.
A regulatory expert will follow up to understand the specific needs and propose next steps.
Book a Free 30-Minute Consultation
Cookies help us improve your experience on our website. By using our site, you consent to the use of cookies as described in this policy.
