What is New in GSPR? New Changes & How to Comply with Them

EU MDR General Safety and Performance Requirements (GSPR) have recently been updated. The latest changes in EU MDR GSPR have introduced stricter expectations around cybersecurity, clinical evidence, environmental impact, and AI/ML devices. While core compliance areas, such as biocompatibility, labeling, and software reliability, continue to be of priority. In this blog, we will highlight what is new in GSPR.

What is GSPR?

The General Safety and Performance Requirements (GSPR) under the EU Medical Device Regulation (MDR) are the core set of essential principles that every medical device must meet before being placed in the European market. They ensure that devices are designed, manufactured, and used in a way that guarantees patient safety, clinical effectiveness, and regulatory compliance. GSPR focuses on areas, such as risk management, biocompatibility, chemical and environmental safety, usability, labeling, software reliability, and post-market surveillance. Thus, it acts as a comprehensive checklist for manufacturers to demonstrate conformity. Hence, it is the backbone of the technical documentation and clinical evaluation process. GSPR links each requirement to evidence that proves the device consistently performs as intended without compromising health or safety.

GSPR is the backbone of EU MDR compliance. It covers everything from design and manufacturing to labeling, clinical evidence, and post-market monitoring.

What does GSPR focus on?

Before divining into what is new in GSPR, let us understand what does GSPR focus on. The GSPR under the EU MDR focuses on ensuring that medical devices are safe, effective, and reliable throughout their lifecycle. They act as the essential principles manufacturers must demonstrate compliance with before placing a device in the EU market. We have discussed the focus areas of GSPR.

• Patient safety and risk management: Devices must be designed to minimize risks, with a clear risk-benefit analysis documented.
• Clinical performance and evidence: Devices must achieve their intended medical purpose, supported by robust clinical data and post-market surveillance.
• Biocompatibility and chemical safety: Materials must not pose biological or chemical risks, including toxicity, carcinogenicity, or endocrine disruption.
• Usability and human factors: Devices must be designed for safe use, reducing risks of user error and ensuring accessibility.
• Labelling and Information for Use (IFU): Clear, accurate, and multilingual instructions and labeling must be provided, including digital IFUs where applicable.
• Software and cybersecurity: Medical software must be reliable, secure, and protected against cyber threats, with updates planned across its lifecycle.
• Environmental and sustainability: Devices must consider safe disposal, recycling, and minimization of hazardous substances.
• Post-market surveillance and vigilance: Continuous monitoring of device performance and reporting of incidents to ensure ongoing compliance and safety.

Latest updates in EU MDR GSPR

Recently, EU MDR GSPR has undergone a significant recalibration of the framework since MDR came into force. The changes are designed to simplify compliance, reduce administrative burden, and align with evolving technologies like AI and digital health, while still safeguarding patient safety. Here are the major updates introduced:

• Simplification: SMEs no longer need a permanently and continuously available Person Responsible for Regulatory Compliance (PRRC). The PRRC can only be “available” when required.
• Clinical evidence flexibility: A broadened definition of clinical data to include published scientific literature has been introduced. More flexible conditions for demonstrating equivalence and contracts with equivalent device manufacturers are no longer required. Expanded use of non-clinical data (bench testing, computational modelling, in silico studies) has been encouraged.
• Well-established technology devices: Formal definition introduced for devices with simple, stable designs and long market history. These devices benefit from proportionate requirements and exemptions, reducing unnecessary burden.
• Environmental and sustainability considerations: Stronger requirements around hazardous substances, recycling, and eco-safety across the device lifecycle. Manufacturers must justify single-use designation.
• Digitalisation of compliance: EU declaration of conformity, label information, and IFUs can now be provided digitally. All submissions under MDR/IVDR must be electronic and technical documentation must be machine-readable with version control. Online sales require essential device information and IFUs to be digitally accessible.
• Cybersecurity and AI integration: Cybersecurity incidents must be reported via EUDAMED. MDR/IVDR has been aligned with the EU AI Act.
• Administrative burden reduction: Scope of Summary of Safety and Clinical Performance (SSCP) has been reduced. Separate notified body validation no longer required. Periodic Safety Update Reports (PSUR) frequency has been reduced. Class IIb/III every two years after the first year. On the other hand, Class IIa only “when necessary.” Timeline for vigilance reporting has been extended to 30 days for non-critical incidents.

What is new in GSPR? 4 new updates

We have highlighted what is new in GSPR.

1. Cybersecurity and software: New emphasis and focus have been placed on cybersecurity integration from design stage. Manufacturers must document threat assessments, secure development practices, and long-term update and patching plans. Security is no longer a post-market consideration. It must be embedded in the device lifecycle.
2. Clinical evidence: Notified bodies will demand stronger and direct clinical data. Reliance on “equivalent devices” will be considered insufficient. Requirements of new changes in GSPR are Clinical Evaluation Reports (CER) directly aligned with GSPR 1–9. Additionally, risk management files and post-market surveillance data supporting each claim will have to be provided. Notably, higher-risk devices will face more rigorous scrutiny.
3. Environmental impact: Sustainability considerations now influence compliance. Manufacturers must address hazardous substances, recycling and disposal processes, and long-term environmental safety of components. Eco-safety across the device lifecycle maybe evaluated.
4. AI/ML devices: Regulation of AI/ML devices is new in GSPR.AI-based medical devices will be under sharper regulatory focus. Requirements include proof of algorithm consistency and reliability, transparency in decision-making processes, validation against bias and safety risks post-deployment. Regulators will probe real-world AI behavior and adaptability.

How to ensure compliance with what is new in GSPR?

To ensure compliance with new changes in GSPR, manufacturers must embed cybersecurity, strengthen clinical evidence, address environmental impact, and validate AI/ML systems. Additionally, they should maintain robust documentation and cross-functional oversight.

1. Cybersecurity and software

• Integrate security from design stage: Document threat assessments, secure coding practices, and patch/update plans.
• Evidence required: Cybersecurity risk files, penetration test reports, and lifecycle update policies.
• Action: Establish a cybersecurity SOP.

2. Clinical evidence

• Direct clinical data is mandatory: Reliance on equivalent devices is no longer sufficient.
• Evidence required: Clinical Evaluation Reports (CER), risk management files, post-market surveillance (PMS) data.
• Action: Build a CER matrix linking each GSPR requirement to supporting data and update PMS plans regularly.

3. Environmental and sustainability

• Eco-safety under scrutiny: Hazardous substances, recycling, and disposal processes must be documented.
• Evidence required: Material declarations, lifecycle analysis, disposal instructions.
• Action: Conduct environmental risk assessments and align with EU directives.

4. AI/ML devices

• Algorithm transparency and reliability: Demonstrate how AI makes decisions and prove bias control.
• Evidence required: Validation reports, bias testing, real-world performance monitoring.
• Action: Implement an AI governance framework aligned with the EU AI Act.

Strategies for smooth compliance with latest updates in GSPR

• Build a live GSPR matrix: Map each requirement to technical file documents.
• Cross-functional collaboration: Involve design, clinical, regulatory, and quality teams early.
• Automate documentation: Use compliance software for mapping and gap analysis.
• Continuous updates: Revise documentation based on notified body feedback and evolving guidance.
• Audit readiness: Run mock audits to test documentation completeness and traceability.

Pharmadocx Consultants: Your trusted EU MDR GSPR consultant

In this blog, we have summarised what is new in GSPR. The new changes in GSPR mark a decisive shift towards a more holistic and future‑ready compliance framework. By embedding cybersecurity into device design, demanding stronger and more direct clinical evidence, introducing environmental sustainability obligations, and tightening oversight of AI/ML systems, the regulation ensures that medical devices are not only safe and effective but also resilient, transparent, and socially responsible. These changes elevate the role of manufacturers from simply meeting technical standards to actively safeguarding patients, protecting data, and minimizing ecological impact. Need help complying with the new changes in GSPR? Email at [email protected] or call/Whatsapp on 9996859227.