Contact Us
Book a Call

Regulatory Due Diligence

Assess regulatory, quality, and compliance risks across medical devices, software, and AI-enabled products during investment, acquisition, and partnership activities.

Services

icon

Regulatory due diligence assessments

icon

Technical documentation reviews

icon

MDR and IVDR compliance assessments

icon

FDA regulatory status reviews

icon

Quality management system assessments

icon

Software and AI compliance evaluations

icon

Regulatory risk identification

icon

Gap assessments and remediation support

Our Specialty

What Do We Offer?

Regulatory due diligence helps organisations evaluate the compliance status, regulatory risks, and operational maturity of medical devices, software products, and healthcare technologies before investment, acquisition, licensing, or partnership decisions are made.

MedQAIR supports investors, manufacturers, and organisations with structured regulatory due diligence activities across MDR, IVDR, FDA, and related international frameworks. This includes reviewing technical documentation, quality systems, regulatory submissions, software lifecycle processes, cybersecurity considerations, and post-market obligations.

Our approach focuses on identifying practical risks and compliance gaps that may affect product viability, regulatory timelines, market access, or ongoing operational responsibilities. The goal is to provide a clearer understanding of regulatory readiness and potential remediation needs before critical business decisions are finalised.

Read more

How We Support Due Diligence Activities

icon

Regulatory Compliance Reviews

Assessment of compliance status against MDR, IVDR, FDA, and applicable international regulatory frameworks.

icon

Technical Documentation Assessments

Review of technical files, software documentation, clinical evidence, and associated regulatory records.

icon

Regulatory Risk Identification

Assessment of quality management systems, lifecycle processes, and operational compliance structures.

icon sw ai assesment

Software & AI Assessments

Evaluation of software lifecycle activities, cybersecurity considerations, AI governance, and related compliance obligations.

icon

UDI and Registration Support

Identification of gaps, unresolved compliance issues, and potential regulatory or operational risks.

icon

Remediation & Follow-Up Support

Support with addressing identified gaps, remediation planning, and alignment activities following due diligence reviews.

eu

Relevant Resources - EU

MDR 2017/745 (EU Medical Device Regulation)

IVDR 2017/746 (EU In Vitro Diagnostic Medical Device Regulation)

AI Act 2024/1689 (EU Artificial Intelligence Act)

EHDS 2025/327 (European Health Data Space Regulation)

CRA 2024/2847 (Cyber Resilience Act)

MDCG 2019-11 – Qualification and Classification of Software

MDCG 2021-24 – Classification of Medical Device Software under MDR and IVDR

us

Relevant Resources - US

FDA Medical Devices

FDA Product Classification Database

FDA 510(k) Database

FDA De Novo Database

FDA PMA Database

FDA Digital Health Policy Navigator

FDA Artificial Intelligence-Enabled Medical Devices

other

Relevant Resources – Standards & International

ISO 13485 – Medical Devices Quality Management Systems

ISO 14971 – Medical Device Risk Management

IEC 62304 – Medical Device Software Lifecycle Processes

IEC 81001-5-1 – Health Software Security Activities

ISO/IEC 42001 – Artificial Intelligence Management Systems

IMDRF Software as a Medical Device (SaMD) Framework Documents

Health Canada Software as a Medical Device Guidance

Blog Hub

Latest Insights & Updates

Explore our blog posts on MDR, IVDR, and AI Act compliance to stay ahead of regulatory changes.

Automating Regulatory Compliance What the Future Holds

Automating Regulatory Compliance: The Future of Quality and Regulatory?

Summary Artificial intelligence is rapidly becoming part of the quality and regulatory landscape. From drafting procedures and technical documentation to auditing management systems and analysing post-market surveillance data, AI-powered tools are increasingly being used to support regulatory activities across the

June 22, 2026
prEN 18286 future of the EUs AI management system standard

prEN 18286, future of the EU’s AI management system standard

Summary The regulatory landscape for AI-enabled medical devices continues to evolve, and one of the latest developments attracting attention is prEN 18286, the proposed European standard intended to support Quality Management System (QMS) requirements under the EU AI Act. In

June 10, 2026
Meet the Team - Lauren Perez

Meet the Team: Lauren Perez

At MedQAIR, we know that strong regulatory and quality systems are built on both experience and continuous learning. As medical devices, software, and AI-enabled technologies become more complex, the industry needs professionals who can combine scientific thinking, attention to detail,

June 10, 2026
Cybersecurity Resilience Act (CRA, 20242847) and health software

Cybersecurity Resilience Act (CRA, 2024/2847) and Health Software

Summary Cybersecurity has become a central topic across the European digital regulatory landscape. While medical device manufacturers have already been navigating cybersecurity requirements under the MDR and IVDR, the introduction of the Cyber Resilience Act (CRA, Regulation (EU) 2024/2847) adds

June 2, 2026
AI Act Section A to B MDR & IVDR Impact

AI Act Section A to B: Minimal change or far-reaching consequences?

Summary The European Parliament’s proposal to move product-regulated AI systems from Section A to Section B of the AI Act may initially sound like a relatively small structural adjustment. In practice, however, the implications could become far more significant for

May 28, 2026
Article 5(5) Redesigned Sharing In-House Medical Software Across Hospitals

Article 5(5) Redesigned: Sharing In-House Medical Software Across Hospitals

Summary When the MDR and IVDR entered into force, Article 5(5) created a specific framework for medical devices developed and used within health institutions. The intention was relatively straightforward: allow hospitals and health institutions to develop in-house solutions for situations

May 19, 2026
Discover More Blogs

Frequently Asked Questions

Find answers to common questions about our services, compliance processes, and how we can assist your business.

Regulatory due diligence is the process of assessing the compliance status, regulatory risks, quality systems, and documentation maturity of medical devices or healthcare technologies before investment, acquisition, licensing, or partnership decisions.

Reviews may include technical documentation, device classification, quality management systems, software lifecycle processes, cybersecurity, clinical evidence, post-market activities, regulatory submissions, and ongoing compliance obligations.

Yes. MedQAIR supports due diligence activities for software medical devices, AI-enabled systems, digital health platforms, medical devices, and IVDs across MDR, IVDR, FDA, and related regulatory frameworks.

Regulatory gaps or unresolved compliance issues can significantly affect product timelines, market access, operational costs, and long-term business value. Due diligence helps organisations identify potential risks and remediation needs before major decisions are finalised.

(Existing FAQ from MedQAIR FAQ page — relevant to this service page)

Yes. MedQAIR supports regulatory submissions for the US (FDA), Canada (Health Canada), and other global markets. This includes preparing 510(k), De Novo, PMA, and Canadian licensing documentation, as well as aligning technical files for multi-market compliance.

Common findings include incomplete technical documentation, unclear device classification, unresolved nonconformities, inadequate clinical evidence, software lifecycle gaps, cybersecurity deficiencies, missing post-market documentation, and quality management system weaknesses. Identifying these issues early helps organisations understand potential remediation efforts and associated business risks.

A quality management system audit focuses on compliance with defined quality requirements and procedures. Regulatory due diligence takes a broader view by evaluating technical documentation, regulatory status, market access risks, software compliance, clinical evidence, cybersecurity considerations, and overall regulatory readiness in the context of business decisions.

Technical documentation provides evidence that a product has been developed, validated, and maintained in accordance with applicable regulatory requirements. Reviewing technical files helps identify documentation gaps, unsupported claims, missing evidence, or compliance risks that could affect market access, product valuation, or future regulatory activities.

Yes. AI-enabled products may be assessed for issues relating to governance structures, data management practices, software lifecycle controls, transparency requirements, cybersecurity considerations, and compliance with applicable AI-related regulations and standards. Early identification of these risks can support more informed investment and acquisition decisions.

Reviews typically assess software development procedures, change management activities, verification and validation records, traceability, maintenance processes, cybersecurity controls, and supporting documentation. The objective is to determine whether lifecycle activities support ongoing regulatory compliance and product maintenance obligations.

Following identification of gaps, organisations can prioritise remediation activities based on risk, business objectives, regulatory impact, and available resources. Remediation planning may include documentation updates, process improvements, additional testing, quality system enhancements, or regulatory strategy adjustments.

Yes. Regulatory due diligence can provide independent insight into the compliance status, regulatory maturity, and potential liabilities associated with products or organisations involved in licensing agreements, strategic partnerships, distribution arrangements, or technology transfers.

MedQAIR supports regulatory due diligence through compliance assessments, technical documentation reviews, quality management system evaluations, software and AI compliance assessments, cybersecurity reviews, regulatory gap analyses, and remediation planning. Our assessments help organisations understand regulatory readiness and potential compliance risks before critical business decisions are made.

View More

Book a Free 30 minute Consultation

Schedule a Meeting With Our Experts

Get a free consultation

Unlock Your Quick Guide to AI Act Compliance!

Explore AI-enabled SaMD requirements with our easy step-by-step guide.

Get Your Free eBook

Cookies help us improve your experience on our website. By using our site, you consent to the use of cookies as described in this policy.

Accept
Reject