Essential contractual elements for critical suppliers under MDR: A practical guide for manufacturers
In the context of the EU Medical Device Regulation (MDR 2017/745), manufacturers bear full responsibility for the safety and performance of medical devices placed on the market—even when critical processes are outsourced. Therefore, supplier agreements play a vital role in ensuring compliance throughout the supply chain.
Below you will find a summary of the essential contractual elements that must be addressed when working with critical suppliers, combining the regulatory requirements of MDR and the best practice recommendations of NBOG BPG 2010-
-
Scope and validity of the agreement
The agreement should explicitly define the scope of products or device categories covered.
The duration of the contract must be specified, along with provisions ensuring traceability and post-market obligations beyond the contract’s expiration.
Ref: NBOG BPG 2010-1, Appendix 2
-
Clear roles and responsibilities
The manufacturer remains ultimately responsible for compliance with MDR and cannot transfer this responsibility to any supplier.
Responsibilities regarding design, manufacturing, traceability, and change management must be clearly outlined.
A responsibility matrix is highly recommended for complex arrangements.
Ref: MDR Article 10(9), NBOG BPG 2010-1
-
Compliance with quality requirements
Suppliers must operate in accordance with MDR requirements, particularly those outlined in Annex I – General Safety and Performance Requirements.
References to harmonized standards or Common Specifications (CS) should be made where applicable.
Ref: MDR Annex I & Article 9
-
Risk management and change notifications
The agreement should require the supplier to conduct and document risk assessments related to the product or process.
Any changes to the product, process, certification status, or organization must be communicated in advance to the manufacturer.
Ref: NBOG BPG 2010-1, Appendix 2
-
Audit and access rights
The manufacturer, Notified Bodies, and Competent Authorities must have unrestricted access to supplier facilities and documentation.
Critical suppliers should be audited at least annually or have adequate evidence of compliance readily available.
General industry practice; detailed in NBOG guidance
-
Traceability and documentation
Agreements must ensure full traceability of raw materials, components, and final devices.
Record retention policies must be clearly defined, including who maintains the records, for how long, and in what language (typically at least 10 years after the last product has been placed on the market).
Ref: MDR Article 10(8), MDR Annex VI Part C
-
Certification and declarations of conformity
All relevant quality certificates (e.g., ISO 13485, CE certificates) must be listed in the agreement.
The supplier must notify the manufacturer promptly of any change in certification status.
Ref: MDR Article 10(9), NBOG BPG 2010-1
-
Complaint handling and recall procedures
The agreement should outline roles and procedures for handling customer complaints, CAPA (Corrective and Preventive Actions), and field safety corrective actions (FSCA).
In the event of product recalls or safety incidents, collaboration and information exchange obligations must be contractually defined.
Ref: MDR Articles 87–88; NBOG BPG 2010-1, Appendix 2
Guidance documents
- MDR 2017/745 Defines mandatory requirements for safety, traceability, and supplier responsibility
- NBOG BPG 2010-1 Offers best practice guidance
- ISO 13485:2016 Framework for quality management
- GHTF SG3/N17 Guidance on supplier controls (referenced
- MDCG 2021-23 Describes the role of distributors/importers and associated audit obligations
Properly constructed supplier agreements are not just contractual necessities—they are essential risk management tools. By integrating MDR legal requirements with internationally recognized best practices, manufacturers can strengthen their regulatory compliance and product quality, while minimizing business risk.