Roles of Person Responsible for Regulatory Compliance (PRRC)

Person Responsible for Regulatory Compliance (PRRC) is a mandatory requirement under Article 15 of the EU Medical Device Regulation (MDR). It requires manufacturers and authorized representatives to appoint a qualified individual with expertise in regulatory affairs or quality management systems. The PRRC ensures that devices conform to MDR requirements before release. Additionally, they ensure technical documentation and declarations of conformity are properly maintained and post-market surveillance obligations are fulfilled. They must be directly available within the organization, with sufficient authority and independence to oversee compliance. Therefore, the PRRC ensures regulatory compliance, patient safety, audit readiness, and market access throughout the device lifecycle.

What is PRRC?

PRRC stands for Person Responsible for Regulatory Compliance. PRRC is a qualified regulatory expert who ensures device conformity, documentation integrity, post-market surveillance, and quality system compliance. The PRRC ensures that devices conform to MDR requirements. Additionally, they oversee technical documentation and declarations of conformity are properly maintained as well as post-market surveillance and clinical evaluation obligations are fulfilled. They have sufficient authority and independence to oversee compliance. Thus, they bridge regulatory requirements with operational execution.

• The PRRC is established under Article 15 of the EU MDR and IVDR
• Every manufacturer (and authorized representative for non-EU manufacturers) must have at least one PRRC within their organization.
• The requirement applies regardless of company size. Notably, micro and small enterprises may outsource the role through a permanent and continuous contract.

Qualifications of a PRRC

The regulation specifies two pathways to demonstrate “requisite expertise”:

• Formal qualification route: A university degree (or equivalent recognized by an EU Member State) in law, medicine, pharmacy, engineering, or another relevant scientific discipline. Plus at least one year of professional experience in regulatory affairs or quality management systems related to medical devices.
• Experience route: At least four years of professional experience in regulatory affairs or quality management systems for medical devices.

5 Key responsibilities of the person responsible for regulatory compliance (PRRC)

The primary roles of the person responsible for regulatory compliance (PRRC) are to ensure the devices are safe, EU MDR compliant, and supported by robust documentation. The PRRC has five core responsibilities defined in Article 15 of the EU MDR.

1. Verification of product conformity: The PRRC must ensure that devices are checked for conformity before being released to the market. This includes confirming compliance with General Safety and Performance Requirements and ensuring conformity assessment procedures are properly followed.
2. Technical documentation oversight: The PRRC is responsible for verifying that technical documentation and the EU Declaration of Conformity are correctly written, maintained, and kept up to date. This ensures that all essential design, risk management, and performance data are available for audits and inspections.
3. Post-market surveillance (PMS): The PRRC must confirm that PMS obligations are fulfilled. The focus should be on continuous monitoring of device performance and safety, trend reporting and vigilance activities (e.g., incident reporting), and updating risk-benefit assessments based on real-world data.
4. Quality management system (QMS) compliance: The PRRC ensures that the manufacturer’s QMS meets MDR requirements. This includes Corrective and Preventive Actions (CAPA), supplier controls, and ensuring processes are aligned with ISO 13485 and MDR expectations.
5. Clinical evaluation and investigation: The PRRC oversees that clinical evaluations and clinical investigations are conducted and documented according to MDR standards. They ensure that evidence supports device safety and performance claims and that updates are made when new data emerges.

Authority and accountability

• The person responsible for regulatory compliance must have sufficient authority and independence to effectively carry out these duties. The PRRC must have sufficient authority to influence compliance-critical decisions. Moreover, they should be able to raise compliance concerns without fear.
• They are personally accountable for ensuring compliance, which makes their role central to audit readiness and regulatory compliance.
• For authorized representatives, the PRRC ensures that obligations specific to non-EU manufacturers are met, including vigilance and PMS reporting.

Placement of the person responsible for regulatory compliance within the organisation

Organizational placement requirements

• Within the manufacturer’s organization: The PRRC must be directly available inside the manufacturer’s structure. They cannot be a distant consultant unless the company qualifies as a micro or small enterprise (fewer than 50 employees and ≤ €10M turnover), in which case outsourcing is allowed via a permanent and continuous contract.
• Authorized representatives: Non-EU manufacturers must appoint a PRRC within their EU-based Authorized Representative’s organization. This ensures EU regulators have a clear point of accountability inside the Union.

Typical placement in organizational structure

• Large enterprises: In case of large enterprises, the person responsible for regulatory compliance is often placed in regulatory affairs or quality assurance departments. The PRRC may report directly to the head of RA/QA, chief quality officer, or even executive management depending on company size.
• Medium enterprises: In case of medium enterprises, the PRRC is usually part of the RA/QA function but with dotted-line reporting to senior management.
• Small enterprises: Small enterprises may outsource the PRRC role. However, they are required to ensure continuous availability of the PRRC and integration into QMS processes.

Integration with QMS

• The PRRC must be embedded in the Quality Management System (QMS).
• Their responsibilities span design, technical documentation, PMS, vigilance, and clinical evaluation. Hence, they need visibility across functions.
• They often act as the compliance checkpoint before product release, submissions, or major QMS updates.

Notably, auditors will ask who the PRRC is, where they sit in the organisation chart, and how they exercise authority. If the PRRC is marginalized, regulators may view the company as non-compliant. Hence, a smart move is to elevate the PRRC close to leadership, thereby indicating that compliance is a board-level priority. Therefore, the PRRC must be structurally empowered, directly accessible, and integrated into the QMS. Their placement should ensure independence, authority, and visibility across all compliance-critical functions.

Implications for person responsible for regulatory compliance

Regulatory implications

• Mandatory requirement: Without a PRRC, a manufacturer or authorized representative is not compliant with EU MDR Article 15. This can block CE marking and market entry.
• Audit and inspection readiness: Auditors will specifically check for the PRRC’s appointment, qualifications, and authority. Absence or weak placement can trigger major nonconformities.
• Legal accountability: The PRRC is a named individual. Hence, regulators can hold them personally accountable for lapses in conformity, documentation, PMS, or vigilance.

Organizational implications

• Structural empowerment: The PRRC must be positioned with independence and authority. If they are marginalized, regulators may conclude the company lacks a compliance culture.
• Cross-functional visibility: As PRRC responsibilities span technical documentation, PMS, QMS, and clinical evaluation, they must be integrated across RA, QA, R&D, and post-market teams.
• Resourcing for SMEs: Small and micro enterprises may outsource the PRRC role. However, regulators expect continuous availability and integration into the QMS.

Operational implications

• Lifecycle oversight: The PRRC’s duties cover pre-market, market access, and post-market phases, thereby making them central to risk management and vigilance.
• Documentation integrity: Technical files, declarations of conformity, and PMS reports must be overseen by the PRRC, thereby ensuring traceability and accountability.
• Risk of findings: If PMS or vigilance obligations are not met, regulators may question whether the PRRC is effective, thereby leading to CAPAs, fines, or suspension of certificates.

Strategic implications

• Signal to regulators: A well-placed PRRC demonstrates that compliance is a board-level priority, thereby strengthening trust with notified bodies and competent authorities.
• Market access safeguard: The PRRC acts as a compliance gatekeeper, thereby preventing non-conforming devices from reaching the EU market.
• Global harmonization: As other jurisdictions (e.g., UK, Switzerland) consider similar roles, the PRRC framework may become a global compliance benchmark.

Therefore, the person responsible for regulatory compliance (PRRC) under EU MDR is a regulatory requirement as well as vital for organizational accountability and patient safety. By ensuring product conformity, maintaining technical documentation, overseeing post-market surveillance, and safeguarding QMS integrity, the PRRC provides a continuous compliance checkpoint across the device lifecycle. Need help understanding the EU MDR PRRC requirement? Email at [email protected] or call/Whatsapp on 9996859227 and we will be more than happy to help.