---
title: In-House Testing vs. Accredited Labs: What MDR Requires
description: When in-house testing is acceptable under MDR and when an ISO/IEC 17025 accredited lab is effectively mandatory for startup evidence.
authors: Tibor Zechmeister, Felix Lenhard
category: Electrical Safety & Systems Engineering
primary_keyword: in-house testing vs accredited lab ISO 17025 MDR
canonical_url: https://zechmeister-solutions.com/en/blog/in-house-vs-accredited-labs-iso-17025
source: zechmeister-solutions.com
license: All rights reserved. Content may be cited with attribution and a link to the canonical URL.
---

# In-House Testing vs. Accredited Labs: What MDR Requires

*By Tibor Zechmeister (EU MDR Expert, Notified Body Lead Auditor) and Felix Lenhard.*

> **MDR does not mandate ISO/IEC 17025 accreditation for every test. It demands competent, documented, reproducible evidence. For electrical safety and EMC, accredited labs are effectively mandatory because the standards themselves assume accredited methods and notified bodies rarely accept alternatives. For mechanical, functional, and many bench tests, in-house testing is acceptable if your QMS proves the competence behind it.**

**By Tibor Zechmeister and Felix Lenhard.**

## TL;DR
- MDR Annex II §6.1 requires verification and validation evidence to support conformity — it does not name ISO/IEC 17025 as a requirement.
- ISO/IEC 17025 is the international standard for the competence of testing and calibration laboratories; accreditation is a marker of that competence, not a legal MDR obligation.
- Notified bodies accept in-house test evidence when the lab demonstrates equipment calibration, method validation, personnel competence, and traceable records under EN ISO 13485:2016+A11:2021.
- For EN 60601-1 electrical safety and EN 60601-1-2 EMC testing, accredited labs are effectively mandatory for startups because specialised equipment, chamber infrastructure, and uncertainty budgets are out of reach internally.
- Outsourcing the expensive tests while keeping bench, functional, and early development testing in-house is the budget-efficient path that still passes NB scrutiny.
- Build a test evidence strategy early; retrofitting competence proof after the fact is where most small manufacturers lose weeks during their first audit.

## Why this matters

The first time a founder opens an EN 60601-1 test lab quote and sees a five-figure number, the question is immediate: can we just do this ourselves? The honest answer depends on which test, which standard, and which notified body reviewer reads your file.

A recurring pattern in startup audits is a technical file stuffed with internally generated test reports, confidently labelled "pass", with no evidence of how the equipment was calibrated, how the method was validated, or how the technician was trained. These reports do not survive notified body review. The finding is not "you needed an accredited lab." The finding is "you have not demonstrated the competence behind this evidence." Those are different problems, and only one of them requires writing a large cheque.

This post draws a clean line between what MDR actually requires, where ISO/IEC 17025 accreditation sits in that picture, and where startups can safely keep testing in-house without compromising the file.

## What MDR actually says

MDR Annex II §6.1 requires the technical documentation to contain "the results and critical analyses of all verifications and validation tests and/or studies undertaken to demonstrate conformity of the device with the requirements" of the regulation, particularly the General Safety and Performance Requirements in Annex I.

Nowhere in the MDR text is ISO/IEC 17025 accreditation named as a requirement for manufacturers. ISO/IEC 17025 is an informational standard: it defines the general requirements for the competence of testing and calibration laboratories and is used by accreditation bodies to accredit labs. It is not a harmonised standard under MDR. A manufacturer cannot claim presumption of conformity by accrediting a lab.

What MDR does demand, through Annex I and through the QMS requirements of Article 10(9) implemented via EN ISO 13485:2016+A11:2021, is that test evidence be generated under controlled conditions by competent personnel, using validated methods and calibrated equipment, with traceable records. EN ISO 13485 clause 7.6 covers monitoring and measuring equipment control; clause 6.2 covers competence; clause 7.5.6 covers process validation for processes where the output cannot be verified by subsequent measurement.

For specific domains, the referenced standards raise the bar. EN 60601-1:2006+A1+A12+A2+A13:2024 for basic electrical safety and EN 60601-1-2:2015+A1:2021 for electromagnetic compatibility are cited under MDR Annex I §14 and §14.5. Neither standard demands that testing be performed by an accredited lab. But both assume infrastructure — high-voltage dielectric strength testers, ground bond testers, anechoic or semi-anechoic chambers, calibrated antennas, GTEM cells, traceable measurement uncertainty calculations — that is essentially unbuildable for a startup at meaningful cost. And notified body reviewers, in practice, treat non-accredited 60601 or EMC reports as a red flag that triggers deeper questioning almost every time.

Where MDR touches software verification (Annex I §17.2, implemented via EN 62304:2006+A1:2015), in-house testing is not only normal — it is the only option. No accredited lab is going to run your unit, integration, and system tests. The competence evidence in that case is your QMS, your software development plan, your traceability matrix, and your version-controlled test records.

## A worked example

Consider a Class IIa wearable ECG patch startup. The device has three test categories that need documented evidence:

1. **Electrical safety to EN 60601-1.** Dielectric strength, leakage currents, protection against mechanical hazards, thermal limits, battery safety. The required equipment costs deep into six figures, and the methods demand trained operators.
2. **EMC to EN 60601-1-2.** Radiated emissions, radiated immunity, ESD, conducted disturbance. Requires a semi-anechoic chamber. Unbuildable internally.
3. **Algorithm performance testing** (arrhythmia detection sensitivity and specificity against annotated reference databases). Pure software testing on validated datasets.
4. **Adhesion and wear testing** of the patch on human subjects under controlled protocol. Bench-plus-human-factors, no specialised chamber.

The rational strategy: tests 1 and 2 go to an accredited test lab. The startup is paying for equipment, expertise, and, critically, a report that the notified body will recognise without friction. Tests 3 and 4 stay in-house under the QMS. The algorithm performance testing is documented through a validated test protocol, version-controlled test data, and a test report signed by a qualified engineer; the wear testing is run under an internally approved protocol with trained personnel and calibrated instruments.

When this startup sits in their stage 2 audit, the auditor will look at each test report and ask the same question: *how do I know this evidence is reliable?* For the external reports, the answer is the accredited lab's name, their scope of accreditation, and the traceable certificate on the front page. For the internal reports, the answer is the QMS: the training records, the equipment calibration log, the method validation document, the approved protocol, the signed report. Both are valid answers. What is not a valid answer is silence.

## The Subtract to Ship playbook

The lean approach is not "test everything in-house to save money" and it is not "outsource everything to be safe." It is a deliberate segmentation based on three questions, asked per test:

**1. Is the test infrastructure feasible to build internally?**
For electrical safety and EMC, no — chamber and instrumentation costs make this irrational for any startup. Outsource. For bench mechanical testing, functional testing, algorithm testing, usability testing, and most biocompatibility sample preparation, yes — equipment is accessible or the tests are procedural.

**2. Does the notified body reviewer expect an accredited report for this test type?**
Electrical safety and EMC: yes, effectively always. Biocompatibility per EN ISO 10993-1:2025: usually, especially for cytotoxicity, sensitisation, and irritation, because the test methods assume GLP-like lab infrastructure. Sterilisation validation: typically outsourced to specialised labs. Software verification: no — never accredited. Mechanical bench tests: often accepted in-house with good QMS evidence.

**3. Can your QMS demonstrate competence for this test internally?**
If the answer is no, outsource regardless of infrastructure cost. A cheap in-house test that the NB rejects is infinitely more expensive than an expensive external test that passes on the first review.

Concrete rules for the startup stage:

- **Outsource to accredited labs:** EN 60601-1 basic safety, EN 60601-1-2 EMC, biocompatibility testing (EN ISO 10993-1:2025 battery), sterilisation validation if applicable, shelf-life accelerated aging if you lack the chamber, and any test where the method is proprietary to a lab.
- **Keep in-house with QMS competence proof:** software verification and validation, algorithm performance testing, usability formative studies, bench functional testing, mechanical durability tests with standard fixtures, cleaning and disinfection validation for reusable devices, and any test where you own the method.
- **Build the competence evidence before you run the test**, not after. That means: calibration certificates for all measurement equipment on file, a written test method approved under document control, a trained and qualified operator with training records, a pre-approved test protocol, a signed test report format, and traceability back to the design input being verified. If any of these are missing, the in-house path is not available to you regardless of cost savings.
- **For the outsourced tests, choose the lab deliberately.** An ISO/IEC 17025 accredited lab with a scope of accreditation that explicitly covers EN 60601-1 (current edition including A2:2021 where applicable) and EN 60601-1-2 is the default. Ask to see their scope document. A lab accredited for general electrical testing but not specifically for medical standards is not the same thing.
- **Plan the test sequence around design freeze.** The most expensive mistake is sending a device to the 60601 lab, failing, fixing, and resending. Pre-compliance testing in-house (leakage, dielectric, basic EMC scans) on engineering samples catches the obvious failures before the accredited lab burns your budget.

This strategy routinely takes 40-60% of total compliance test spending out of a startup budget versus the "outsource everything" reflex, without touching evidence quality.

## Reality Check

Use these questions honestly before your next design freeze:

1. For every test in your verification and validation plan, have you decided today whether it runs internally or externally, and written that decision down?
2. For every in-house test, can you produce the equipment calibration certificate, the method validation, the operator training record, and the signed protocol — right now, from your QMS, without searching?
3. For every external test, do you know the lab, their scope of accreditation, and the lead time to book them?
4. Have you budgeted the accredited-lab tests in your cash flow with a realistic buffer for one fail-and-retest cycle on electrical safety and EMC?
5. Do you have a pre-compliance testing plan to catch obvious failures before the accredited lab run?
6. Does your technical documentation structure already have placeholders for each test report, or will you be retrofitting the file after the tests come back?
7. If your notified body reviewer asked "how do I know this in-house test report is reliable", could you answer in one paragraph without improvising?

If you answered no to more than two, the testing strategy is not yet robust enough to survive NB review.

## Frequently Asked Questions

**Does MDR require ISO/IEC 17025 accredited labs for medical device testing?**
No. MDR does not name ISO/IEC 17025 as a requirement. It requires verification and validation evidence that demonstrates conformity, generated under controlled conditions with competent personnel. Accreditation is one way to prove competence externally. QMS-documented in-house testing is another, accepted way for many test types.

**Can I do EN 60601-1 testing in-house to save money?**
Technically nothing in the standard or MDR forbids it. Practically, the equipment cost, method complexity, and notified body expectation make this unrealistic for a startup. Budget the external test.

**What about EMC testing per EN 60601-1-2?**
Same answer, stronger. A semi-anechoic chamber and calibrated antenna set are not startup-buildable. Outsource to an accredited EMC lab.

**Will a notified body reject my in-house bench test reports?**
Only if they are undocumented. A bench test report backed by calibrated equipment, an approved method, a trained operator, and an approved protocol — all traceable in your QMS — is normally accepted.

**How do I choose an accredited test lab?**
Check that their scope of accreditation explicitly covers the standard and edition you need. Ask for the scope document. Ask for lead times, their pre-compliance service, their test protocol template, and references from other medical device clients. Price is the last filter, not the first.

**Is software testing ever done in an accredited lab?**
Almost never. Software verification and validation is performed in-house under EN 62304:2006+A1:2015 and the QMS. Your competence evidence is the SDLC, not an external report.

## Related reading
- [Electrical safety testing for medical devices](/blog/electrical-safety-testing-medical-devices) — practical overview of the test categories you will outsource.
- [How an IEC 60601-1 test lab actually works](/blog/iec-60601-1-test-lab-process) — what happens once you ship your device to an accredited lab.
- [Verification and validation evidence in the technical documentation](/blog/verification-validation-evidence-technical-documentation) — where test reports land in Annex II §6.1.
- [Pre-clinical testing documentation](/blog/pre-clinical-testing-documentation) — structuring the full bench-testing package.
- [Common IEC 60601-1 test failures](/blog/common-iec-60601-1-test-failures) — what to pre-check in-house before the accredited lab run.

## Sources
1. Regulation (EU) 2017/745 on medical devices, consolidated text. Annex II §6.1 (verification and validation evidence), Annex I §14 (electrical safety), §14.5 (EMC), §17.2 (software).
2. EN ISO 13485:2016+A11:2021, clauses 6.2 (competence), 7.5.6 (process validation), 7.6 (monitoring and measuring equipment control).
3. EN 60601-1:2006+A1+A12+A2+A13:2024, Medical electrical equipment — Part 1: General requirements for basic safety and essential performance.
4. EN 60601-1-2:2015+A1:2021, Medical electrical equipment — Part 1-2: Electromagnetic disturbances.
5. ISO/IEC 17025:2017, General requirements for the competence of testing and calibration laboratories (informational — not an MDR requirement).

---

*This post is part of the [Electrical Safety & Systems Engineering](https://zechmeister-solutions.com/en/blog/category/electrical-safety) cluster in the [Subtract to Ship: MDR Blog](https://zechmeister-solutions.com/en/blog). For EU MDR certification consulting, see [zechmeister-solutions.com](https://zechmeister-solutions.com).*