The short version: Nearly a decade after the US FDA UDI regulation published, UDI is largely implemented for US-distributed medical devices. But confusion and misinformation persist around UDI in the EU. US and EU requirements are similar because both trace back to the GHTF/IMDRF UDI guidance, yet important differences remain. The EU MDR UDI compliance deadlines have not moved despite the broader MDR delays, and the single most critical concept to get right is that UDI serves two complementary but distinct purposes: identifying devices in distribution and documenting device use in the patient record.
In the US, we are approaching the 10th anniversary of the publication of the US FDA UDI regulation (24 September 2013). The final, delayed class I device implementation deadline finally occurred last year. And though there are a few remaining issues (e.g., identification of non-sterile orthopedic implants and contact lenses), we have generally fully implemented UDI for US-distributed medical devices. Now, we are working on other activities to leverage UDI throughout the supply chain and to document UDI in patient records to support long-term safety and effectiveness.
However, after returning from the RAPS Euro Convergence conference in May, it became clear that there remains a lot of confusion and misinformation about UDI application in the EU. And though the US and EU UDI requirements are similar (as both are based on the GHTF/IMDRF UDI Guidance Documents), some important differences should also be considered. It is also important to note that, though the implementation of the MDR has been delayed (with the publication of the 2nd Amendment), the UDI timelines have not changed. That is, all MDR-compliant devices must be UDI compliant by the following deadlines – which, again, have not changed:
- implantable devices and class III devices from 26 May 2021 (Direct Mark by 2023)
- class IIa and class IIb devices from 26 May 2023 (Direct Mark by 2025) – THIS YEAR
- class I devices from 26 May 2025 (Direct Mark by 2027)
Watch this trap: The MDR transition timelines were extended by the 2nd Amendment, but the UDI carrier and database deadlines above were not changed. Treating the MDR delay as a UDI delay is one of the most common and costly misunderstandings we see.
UDI Serves Two Complementary — but Different — Purposes
From an implementation perspective, the most critical UDI implementation issue is understanding that UDI is intended to serve two complementary but different purposes. The first and easiest to understand is the identification of a device during distribution. This means that we need to assign and apply a unique UDI to various packaging configurations (packages, cases, cartons). This allows stakeholders to scan and use this information to identify and capture information about these devices as they move through the (potentially global) supply chain up to the point of patient use. This can be used to support traceability, recalls, import control, and anti-counterfeiting. This information can also be used to support emergency/disaster preparedness, identification of substitute devices, and the development of a national stockpile – all shortcomings that became painfully clear during our global response to COVID-19.
Because this first purpose depends on data flowing accurately across a complex, multi-vendor supply chain, it places real weight on supply-chain and third-party risk management – if a partner mislabels or mishandles UDI carriers, traceability breaks downstream.
The second purpose for UDI is the documentation of device use. This involves assigning and applying a unique UDI to the label of the individual device – or, often, even onto the device itself. This allows caregivers and patients to scan and capture information in a patient’s electronic health record (EHR) about the actual use of the device on or implanted into a patient. With this, providers and patients know which devices have been used on or in a patient – just as we know which medications patients take or have taken. Importantly, this also allows regulators, payors, caregivers, and patients to better understand the long-term safety and effectiveness of devices – and more quickly identify potential safety signals.
UDI is not a single label problem. It is a distribution-identification problem and a point-of-use documentation problem at the same time — and confusing the two is where most programs go wrong.
Change Management and Data Quality Are Where Programs Succeed or Fail
It is critical for device manufacturers to fully understand these dual purposes for UDI – and make appropriate decisions about UDI applications to support these various purposes. It is essential to institute the appropriate change management processes to appropriately identify changes that create the need for a new UDI, as well as changes to the data that are submitted to regulators’ UDI databases (e.g., GUDID, EUDAMED).
Those database submissions are only as trustworthy as the records behind them, which is why data integrity sits at the center of any durable UDI program – the attributes you submit to GUDID and EUDAMED must be accurate, complete, and kept current as devices change.
A Practical Way to Frame Your UDI Program
When we assess a manufacturer's UDI readiness, we look across four connected layers:
- Identify (distribution): Assign and apply UDIs to every packaging configuration so devices can be tracked through the global supply chain.
- Document (use): Apply UDIs to the device label or the device itself so use can be captured in the patient's EHR.
- Submit (data): Populate and maintain accurate attribute data in GUDID, EUDAMED, and other regulator databases.
- Govern (change): Run change-management processes that flag when a change requires a new UDI or a database update, and validate the systems that produce and submit that data.
How USDM Helps
At USDM, we have helped over 100 medical device manufacturers with their UDI challenges. We can assess the current state of your UDI operations and help define and execute a scalable plan with interim milestones to achieve your future UDI-ready state.
The following are some of our areas of UDI expertise:
- Global UDI Regulatory & Program Planning
- QMS Revisions
- Label, DM, IFUs, Packaging Reviews & Guidance
- Data Collection, Cleaning, MDM, Maintenance & Submissions
- UDI MDM / Submission Apps Implementation & Validation & Release Management
- New Regulation / New Agency Planning & Support
Validating the MDM and submission applications behind a UDI program follows the same risk-based principles we apply elsewhere – a modern computer software assurance (CSA) approach focuses testing effort where it reduces patient and data risk, and a disciplined validation lifecycle keeps those systems in a compliant state as they change.
FAQ: UDI Implementation in the US and EU
Did the EU MDR delay also push back the UDI deadlines?
No. While the MDR transition timelines were extended through the 2nd Amendment, the UDI compliance deadlines did not change. MDR-compliant devices must meet the UDI deadlines by device class: implantable and class III from 26 May 2021 (Direct Mark by 2023), class IIa and IIb from 26 May 2023 (Direct Mark by 2025), and class I from 26 May 2025 (Direct Mark by 2027).
What are the two purposes of UDI?
UDI serves two complementary but different purposes. The first is identifying a device during distribution by applying a unique UDI to packaging configurations so devices can be tracked through the supply chain to the point of use. The second is documenting device use by applying a UDI to the device label or the device itself so that use can be captured in the patient's electronic health record.
Why are US and EU UDI requirements similar but not identical?
Both the US and EU UDI requirements are based on the GHTF/IMDRF UDI Guidance Documents, so they share a common foundation. However, important differences remain – including the use of different regulator databases (GUDID in the US, EUDAMED in the EU) and distinct timelines and details – which is a frequent source of confusion.
What activities does a strong UDI program need beyond labeling?
Beyond applying carriers, a strong program needs accurate data submitted and maintained in regulator databases such as GUDID and EUDAMED, change-management processes that identify when a change requires a new UDI or a database update, and validated systems for master data management and submission.
Why does data integrity matter so much for UDI?
The information submitted to UDI databases supports traceability, recalls, import control, anti-counterfeiting, and long-term safety and effectiveness monitoring. If the underlying data is inaccurate, incomplete, or out of date, every downstream use of UDI is undermined – which is why data integrity is central to a durable UDI program.
Get Your UDI Program on a Scalable Path
Confused about how US and EU UDI requirements apply to your devices? Contact USDM to schedule a consultation, confirm you have the correct UDI information, and explore how we can help create a scalable plan to address your challenges.