White paperThe Enterprise Framework for Compliant, Scalable AI
Download now
By Jay Crowley

Q&A: UDI Beyond Borders

Expert answers on managing Unique Device Identification (UDI) across global markets—covering GUDID and EUDAMED change notifications, what triggers a new device identifier, market-specific DIs, and easing the burden of multiple regulatory requirements.

Talk to USDM View all resources
Q&A: UDI Beyond Borders

Key Takeaways

  • Regulators don't prescribe how to notify customers of GUDID/EUDAMED data changes—use your website and the databases' description fields to communicate clearly.
  • A new device identifier (DI) is driven by whether a change creates—or appears to create—a genuinely different device, not by routine production differences captured in lot or date attributes.
  • Market-specific DIs are sometimes necessary, but the real challenge is creating equivalence between them so global traceability still works.
  • The most important first move toward multi-market compliance is understanding every requirement that applies to your devices, then closing gaps with robust internal processes.

The following questions come from the UDI Beyond Borders virtual conference.

Watch the video below to see a preview of the discussion.
Access the full-length on-demand webinar UDI Beyond Borders

Notifying Customers About Critical Data Changes in GUDID and EUDAMED

Are there best practices for sending notifications to customers about critical data changes in the GUDID/EUDAMED databases?

Currently, no specific recommendations are provided by regulators (FDA, European Commission) or customers. However, manufacturers use various communication tools to notify customers of changes in the Global Unique Device Identification Database (GUDID) and European Database on Medical Devices (EUDAMED). We recommend making this information available on your website and using the description fields in these databases to clarify the changes.

USDM POV: When regulators leave a process undefined, the manufacturers who fare best in an audit are the ones who define it for themselves—consistently, in writing, and traceably. A documented, repeatable notification practice for GUDID and EUDAMED changes is a small investment that pays off the first time a customer, distributor, or inspector asks how a data update was communicated. Treating that practice as part of your validated change posture keeps it defensible instead of ad hoc.

Value Adds for Global and International Markets

What is your perspective on value adds for global and international markets (for example, trade and medical device tracking) and their impact on global healthcare activities?

The intent of the early developmental work—for example, the Global Harmonization Task Force (GHTF)—on unique device identification (UDI) was specifically intended to achieve a globally harmonized approach to UDI. The GHTF guidance, for example, is intended to provide a high-level conceptual view of how a global UDI system should work. We expected that a globally harmonized and consistent approach to UDI would increase patient safety and help optimize patient care by facilitating:

  • Traceability of devices, especially for recalls and other field service corrective actions
  • Adequate identification of the device through its distribution and use
  • Identification of devices in adverse events
  • Reduction of medical errors
  • Documentation and longitudinal capture of data on medical devices
The promise of UDI was never about a barcode. It was about a globally harmonized system that lets a device be traced, recalled, and accounted for wherever it travels.

Each of those benefits depends on trustworthy, well-governed device records. When the underlying data is inconsistent across systems and markets, the value of UDI erodes quickly—which is why data integrity in life sciences is foundational to any cross-border UDI program, not an afterthought.

What Triggers a New UDI

What FDA guidance addresses evaluating design changes (including software) and what triggers a new UDI?

Changes requiring a new UDI are primarily related to two factors:

  1. The identification and differentiation of a specific device.
  2. The stakeholder's needs and ability to differentiate devices.

For example, manufacturers produce devices on different manufacturing lines, but this differentiation is typically reflected in a lot number. To the extent that changes to a device (for example, replacing a critical component) can be managed through other identifiers like lot number or manufacturing date, there is no need–and a manufacturer should not change the device identifier (DI). Conversely, if the change is, or appears to stakeholders to be, a different device, then a new DI should be assigned.

Deciding Whether a Change Triggers a New DI

  1. Identify the change — Document exactly what changed about the device, including software, and who is affected by it.
  2. Test for differentiation — Ask whether the change creates—or appears to stakeholders to create—a genuinely different device.
  3. Check existing identifiers — Determine whether the change can be tracked through lot number, manufacturing date, or other attributes already in use.
  4. Assign deliberately — Issue a new DI only when differentiation requires it; over-assigning fragments traceability, while under-assigning hides real differences.
  5. Record the rationale — Capture the decision and its justification so it stands up to later review.

Software changes deserve particular attention here, because not every code update produces a meaningfully different device. Right-sizing that evaluation is exactly the discipline a Computer Software Assurance (CSA) mindset brings—focusing effort on the changes that actually carry risk—while 21 CFR Part 11 governs the electronic records and signatures that document those decisions.

Assigning Device Identifiers to Specific Markets

Regarding US vs EU DI triggers, how does the panel feel about assigning DIs to specific markets?

DIs for a specific market is both reasonable and, in some cases, necessary. However, multiple DIs minimize our ability to leverage UDI for various global traceability and surveillance purposes. As such, the issue is not market-specific DIs, but our ability to create equivalence between these DIs. Manufacturers and regulators must include this functionality to maximize the utility of UDI.

Easing the Burden of Multiple Regulatory Requirements

What actions can a manufacturer take to help ease the burden of meeting multiple regulatory requirements?

The most crucial action is first to understand all the requirements and how they apply to your devices, then identify gaps and determine a path to remediation. You also need to decide whether you can or should produce market-specific versions. More importantly, robust internal processes must account for new requirements and changes to existing products or their attributes.

Sustaining those internal processes over time is where many manufacturers struggle—requirements shift, products evolve, and a once-compliant submission drifts out of alignment. A continuous approach like USDM Cloud Assurance keeps your UDI data and the systems that manage it in a validated, audit-ready state as requirements change, rather than scrambling to recover compliance after the fact.

FAQ: UDI Beyond Borders

How should we notify customers when GUDID or EUDAMED data changes?

There is no specific regulator-mandated method. Manufacturers commonly publish the change on their website and use the description fields within GUDID and EUDAMED to clarify what changed. The most defensible approach is to define a consistent, documented notification practice rather than handling each change ad hoc.

What change triggers a new device identifier (DI)?

A new DI is warranted when a change makes the device—or makes it appear to stakeholders to be—a genuinely different device. If the difference can be tracked through lot number, manufacturing date, or other existing identifiers, you should not change the DI.

Do software changes always require a new UDI?

No. Software changes are evaluated against the same two factors as any other change: whether they create a differentiated device and whether stakeholders need to distinguish it. A risk-based, Computer Software Assurance approach helps focus evaluation on the changes that genuinely affect device identity.

Is it acceptable to assign different DIs for different markets?

Yes—market-specific DIs are reasonable and sometimes necessary. The real challenge is creating equivalence between those DIs so global traceability and post-market surveillance still function. Manufacturers and regulators both have a role in building that equivalence.

What's the first step to managing multiple regulatory requirements at once?

Understand every requirement that applies to your devices, identify the gaps, and define a remediation path. From there, decide whether market-specific product versions are warranted and build robust internal processes that absorb new requirements and product changes over time.

Move From One-Time Compliance to Continuous Confidence

Managing UDI across borders isn't a single submission—it's an ongoing discipline that touches data integrity, change control, software assurance, and multi-market regulatory strategy. USDM helps medical device manufacturers build and sustain that discipline so your device identifiers stay accurate, your records stay audit-ready, and your global traceability holds up under scrutiny. Contact USDM to talk through your UDI and multi-market compliance strategy.

Ready to act on this?

Map the next practical step with USDM.

USDM can help translate the article topic into a defensible plan for your systems, teams, and regulatory context.

Talk to USDM Explore resources

Explore capabilities

Find the USDM practice area most relevant to this topic.

Regulatory RequirementsGovernance & RiskData & InfrastructureContinuous ComplianceAI Deployment & Workflow

Platform partners

See how USDM delivers outcomes on the platforms you use.

VeevaServiceNowAWSMicrosoftGoogle Cloud

Related resources

Keep exploring

Hand-picked blogs, case studies, and guides on the same topic.

Blog

Caution about FDA’s Most Recent UDI "Enforcement Discretion" Guidance

FDA’s UDI enforcement discretion guidance does not change the compliance date — and it excludes implants and life-supporting/life-sustaining devices. Learn which class I, unclassified, and not-classified device types must still be fully UDI compliant.

Read
Webinar

How to Comply with Saudi Arabia UDI Requirements

Watch this on-demand webinar to understand SFDA Unique Device Identification (UDI) requirements for medical devices and IVDs in Saudi Arabia, including SAUDI-D database submissions, labeling, and compliance deadlines by device class.

Read
Webinar

NetSuite for GxP, Regulated Use Cases

Watch this on-demand webinar to see how life sciences organizations use NetSuite for GxP-regulated processes — from item and material management to 21 CFR Part 11 e-records, audit trails, and e-signatures — and how USDM reduces the compliance burden.

Read
Blog

Remanufacturing of Medical Devices, New DIs, and Software Updates

FDA's draft guidance on Remanufacturing of Medical Devices redraws the line between remanufacturing, servicing, refurbishing, and repair - with major implications for UDI, new device identifiers (DIs), and software changes. Here's how to navigate the regulatory impact.

Read