--- title: IP Strategy for MedTech Startups: Patents, Trade Secrets, FTO description: IP strategy for MedTech startups: patents, trade secrets, freedom to operate, and how technical file confidentiality interacts with EUDAMED transparency. authors: Tibor Zechmeister, Felix Lenhard category: MedTech Startup Strategy & PMF primary_keyword: IP strategy MedTech startup patents canonical_url: https://zechmeister-solutions.com/en/blog/ip-strategy-medtech-startups source: zechmeister-solutions.com license: All rights reserved. Content may be cited with attribution and a link to the canonical URL. --- # IP Strategy for MedTech Startups: Patents, Trade Secrets, FTO *By Tibor Zechmeister (EU MDR Expert, Notified Body Lead Auditor) and Felix Lenhard.* > **MedTech IP strategy sits at the intersection of patent law, trade secret protection, and regulatory disclosure. The technical file you submit to a Notified Body is confidential, but certain elements reach EUDAMED and the public. A sound IP strategy balances what to patent, what to keep as a trade secret, and what you must disclose by law — and it does all of this before you spend money on filings that may not protect what actually matters.** **By Tibor Zechmeister and Felix Lenhard.** ## TL;DR - Patents, trade secrets, and freedom to operate are three separate questions. Answer them in that order of importance for your specific product. - MedTech patents typically cover device architecture, methods of use (where permitted), and software-implemented features. Specific claim strategies are jurisdiction-dependent and need qualified patent counsel. - Trade secrets protect what patents cannot: training data, manufacturing know-how, process parameters, and algorithmic refinements. - The technical file you submit under Annex II is confidential between you and the Notified Body. Certain EUDAMED entries and the SSCP under Article 32 are public. - A freedom-to-operate search before committing engineering resources is cheaper than losing a product two years in. - This post is strategic guidance, not legal advice. Any specific patent law claim here is flagged as uncertain and must be confirmed with a qualified patent attorney in the relevant jurisdiction. ## Why this matters MedTech IP questions show up in three moments, and founders usually face them unprepared. The first is the due diligence round before a seed or Series A, when an investor asks for the patent strategy and the founder has either filed too early on the wrong thing or not at all. The second is when a competitor launches a similar product and the founder wonders whether there is a patent to enforce or a patent to worry about. The third is at acquisition, when the buyer discounts the valuation because the IP position is weaker than the pitch deck claimed. The root cause is almost always the same. Founders treat IP as a filing activity instead of a strategic choice. They spend money on patents without first deciding what they are protecting, from whom, and for how long. They ignore trade secrets because trade secrets do not make a slide. They skip freedom-to-operate work because it feels expensive, then discover too late that a competitor already owns the claim space. IP strategy in MedTech interacts with the regulatory path in ways that are not obvious until you have shipped a product. This post walks through the three decisions and the regulatory disclosure overlay. ## What MDR actually says (and what it does not) MDR is not an IP regulation, but it touches IP in three places. **Annex II — technical documentation confidentiality.** The technical documentation you prepare under Annex II and submit for conformity assessment is confidential between you and the Notified Body. Notified Bodies are bound by confidentiality obligations regarding the information they receive. Your device architecture, your software source code references, your manufacturing process detail, and your clinical evaluation report remain private to that relationship. This is the single most important IP fact about the regulatory process: your technical file is not published. **Article 33 and Implementing Regulation (EU) 2021/2078 — EUDAMED.** Certain information about devices and manufacturers is published in EUDAMED. This includes the manufacturer SRN, device identifiers (UDI-DI, Basic UDI-DI), device classification, intended purpose summary, and certificate information. A product description at the level published in EUDAMED does not generally disclose trade secrets, but it does publicly establish what you have on the market. **Article 32 — Summary of Safety and Clinical Performance (SSCP).** For Class III and implantable devices (with specific exceptions), the manufacturer must prepare an SSCP. The SSCP is validated by the Notified Body and made publicly available via EUDAMED. The SSCP contains device description, indications, clinical evidence summary, residual risks, and benefit-risk summary. This is a mandatory public disclosure of elements you may otherwise prefer to keep confidential. For Class III and implantables, your IP strategy must account for this. What MDR does not do: it does not require you to disclose algorithms, training data, source code, manufacturing know-how, or process parameters to the public. These can remain trade secrets even after CE marking. **A flag on patent law claims.** Everything that follows about patent eligibility, method claim enforceability, software patent scope, and jurisdiction-specific rules is strategic commentary based on common practice. Patent law varies substantially between the EPO, national offices, the USPTO, and other jurisdictions. Any specific claim strategy must be confirmed with a qualified patent attorney. [IP VERIFY: specific patentability claims] ## A worked example A startup building an AI-based retinal imaging device for early diabetic retinopathy detection is preparing a Series A. The CTO asks which IP strategy to pursue. **Option 1 — patent-heavy.** File broad patents on the algorithm, the device housing, the imaging method, and the clinical workflow. Cost: roughly €80,000 to €150,000 for a reasonable European and US filing portfolio over two years, plus maintenance. Risk: algorithms are hard to patent in Europe as such; method-of-treatment claims face restrictions; software-implemented inventions need careful drafting to meet patent-eligibility thresholds. [IP VERIFY: EPO software patentability standard] **Option 2 — trade-secret-heavy.** Keep the training dataset, the model weights, the training pipeline, and the data augmentation approach as trade secrets under proper confidentiality controls. File one or two narrow patents on the device housing and a specific hardware-software integration. Cost: roughly €20,000 to €40,000 for the narrow patents, plus internal investment in trade secret hygiene. Risk: trade secrets protect only against misappropriation, not against independent invention. **Option 3 — hybrid.** File narrow patents on the elements that are genuinely novel and enforceable, keep the training data and model refinements as trade secrets, and invest in freedom-to-operate work to make sure you are not about to infringe someone else's portfolio. For most MedTech startups, Option 3 is the right answer. Patents for what you can defend, trade secrets for what patents cannot capture, and freedom to operate so the product actually ships. The diabetic retinopathy startup chose Option 3. They filed one device patent and one software-integration patent. They implemented a trade secret programme covering the training dataset and the model pipeline. They commissioned a freedom-to-operate search that found two relevant patents and adjusted their architecture to avoid both. The Series A closed at the valuation they had modelled. ## The Subtract to Ship playbook **Step 1 — write the IP question before the IP filing.** Start with: what specific thing do we need to protect, from whom, and for how long? If you cannot answer that in three sentences, do not file anything yet. **Step 2 — run freedom to operate before major engineering commitments.** A basic FTO search costs a fraction of the engineering work it protects. Do it when you commit to an architecture, not after you have shipped. **Step 3 — decide patent vs trade secret per asset.** For each element of your technology, ask: is it visible in the product or the published literature? If yes, patenting may be the only way to protect it. Is it invisible and hard to reverse-engineer? Trade secret may be cheaper and longer-lasting. **Step 4 — build trade secret hygiene.** Trade secrets only exist if you treat them like secrets. Access controls, confidentiality agreements, exit procedures, and documentation that marks material as confidential are all preconditions for legal protection in most jurisdictions. **Step 5 — map what MDR will disclose.** For your device class, list everything that becomes public via EUDAMED entries, certificate publication, and (if applicable) the SSCP under Article 32. Make sure nothing in that list is a trade secret you also rely on for competitive advantage. If there is a conflict, resolve it before submission. **Step 6 — use the technical file confidentiality.** The technical file you submit under Annex II stays private. You can include detail there that you would never publish. Do not undermine that confidentiality by publishing the same detail in a white paper for marketing. **Step 7 — revisit the IP strategy at every funding round.** IP strategy ages poorly. What you protected at seed may be obsolete by Series A. Schedule a review with patent counsel at every major milestone. ## Reality Check - Can you name the three to five IP assets that matter most to your business, and describe how each is protected (patent, trade secret, or neither)? - Have you run a freedom-to-operate search in the jurisdictions where you plan to commercialise, or are you assuming you are clear? - Does your trade secret programme meet the legal requirements for trade secret protection in the relevant jurisdiction? - For each element of your technology, have you made an explicit choice between patenting and keeping it secret, or are you drifting? - If your device is Class III or implantable, does your SSCP draft under Article 32 accidentally disclose trade secrets? - Does your technical file contain confidential detail you would not publish elsewhere, and are you careful not to publish that detail in marketing materials? - Do you have a qualified patent attorney on retainer, and have you asked them to review your strategy in the last 12 months? - At your last funding round, did investors increase or decrease your valuation based on IP position? ## Frequently Asked Questions **Is the technical file I submit to my Notified Body public?** No. The technical documentation submitted under Annex II is confidential between you and the Notified Body. Certain summary information, the certificate status, and (for Class III and implantables) the SSCP under Article 32 become public via EUDAMED, but the underlying technical file does not. **Can I patent an AI algorithm for a medical device in Europe?** Software and algorithms have specific patentability rules at the EPO, which generally require a technical effect beyond pure information processing. AI-based medical devices often qualify because the algorithm produces a clinical output with a technical character, but drafting matters enormously. Speak to a patent attorney with AI and MedTech experience before filing. [IP VERIFY: EPO guidance on AI patentability] **What is the minimum viable IP strategy for a pre-seed MedTech startup?** A freedom-to-operate search on the architecture you are committing to, a confidentiality programme that protects early trade secrets, and one or two narrowly drafted priority patent filings on the elements you can defend. Broad portfolio building comes later. **Does the SSCP under Article 32 put my trade secrets at risk?** For Class III and implantable devices, the SSCP discloses device description, indications, clinical evidence summary, and benefit-risk information to the public. It does not require disclosure of algorithms, source code, or manufacturing know-how. Review your SSCP draft with IP and regulatory together to catch accidental trade secret disclosure. **How much should a MedTech startup budget for IP?** There is no universal answer. A useful heuristic: IP budget should be proportional to the defensibility it buys. Spending €100,000 on patents that do not protect the actual competitive moat is worse than spending €20,000 on the right patents plus freedom to operate. **Who owns IP created by a hospital collaborator during a clinical study?** This is set by the collaboration agreement. Without an agreement, default IP law in the relevant jurisdiction applies, often assigning rights to the researcher's institution. A clear foreground IP clause is essential for any startup-hospital collaboration. ## Related reading - [MedTech business model analysis](/blog/medtech-business-model-analysis) — how IP strategy interacts with your revenue model. - [MedTech startup valuation and regulatory milestones](/blog/medtech-startup-valuation-regulatory-milestones) — how investors weigh IP alongside regulatory progress. - [EUDAMED transparency and startup strategy](/blog/eudamed-transparency-startup-strategy) — what becomes public when you register. - [SSCP under MDR Article 32](/blog/sscp-mdr-article-32) — the mandatory public disclosure for Class III and implantables. - [Regulatory strategy supports business strategy](/blog/regulatory-strategy-supports-business-strategy) — the alignment principle behind every strategic decision in this series. ## Sources 1. Regulation (EU) 2017/745 on medical devices, consolidated text. Articles 32, 33. Annex II. 2. Commission Implementing Regulation (EU) 2021/2078 (26 November 2021) — Rules for the European database on medical devices (Eudamed). 3. European Patent Convention and EPO Guidelines for Examination — for patentability of software and AI inventions. [IP VERIFY: specific section references require patent counsel]. --- *This post is part of the [MedTech Startup Strategy & PMF](https://zechmeister-solutions.com/en/blog/category/startup-strategy) cluster in the [Subtract to Ship: MDR Blog](https://zechmeister-solutions.com/en/blog). For EU MDR certification consulting, see [zechmeister-solutions.com](https://zechmeister-solutions.com).*