MDR certification is the most under-appreciated competitive moat in European MedTech. Most VCs treat regulatory work as a tax on progress. The founders who reframe it as defensible asset building — notified body queue position, clinical evidence that a competitor must independently reproduce, intended-purpose lock-in, and a technical file worth real money at exit — raise better rounds and exit at higher multiples.

By Tibor Zechmeister and Felix Lenhard.

TL;DR

  • MDR Article 52 and Annexes IX, X, XI define the conformity assessment procedures that competitors must each independently navigate — the queue itself is a moat.
  • A complete technical file under Annex II takes years of accumulated work that cannot be short-circuited with capital.
  • A Clinical Evaluation Report with its own clinical data under Annex XIV is a defensible asset; equivalence is a trap that disappears as the state of the art advances.
  • Intended-purpose lock-in means that a competitor entering your market later faces your CER, your evidence, your labelling, and a higher bar of state of the art.
  • Most VCs misread regulatory work as a cost centre; sophisticated MedTech investors read it as balance sheet value.
  • The right fundraising narrative positions each regulatory milestone as a step up in enterprise value, not a cash burn line item.

Why this matters

There is a reflex in the startup world, borrowed mostly from software, that regulation is something to minimise, outsource, or delay. In MedTech that reflex is wrong, and it is wrong in a way that costs founders money.

The same characteristics that make MDR painful to navigate — its length, its cost, its notified body queues, its clinical data requirements, its irreversibility — are precisely the characteristics that make it a moat. A moat is any feature of your business that makes it hard for a competitor to do what you have already done. MDR fits this definition almost perfectly. It is hard. It is expensive. It is time-consuming. It cannot be compressed by throwing money at the problem. And at the end of it, you have a CE-marked device on the market and your competitor does not.

That framing — regulation as defensible asset rather than regulatory tax — changes how you plan, how you spend, and how you pitch.

What MDR actually says

The moat exists because MDR is structurally slow, structurally rigorous, and structurally non-transferable between manufacturers. Three provisions drive this.

MDR Article 52 — conformity assessment procedures. Article 52 lays out, by device class, which conformity assessment route a manufacturer must follow. For Class IIa, IIb, and III devices, and for many Class I devices that are sterile, measuring, reusable surgical, or software under Rule 11, a notified body is in the critical path. Annex IX (full QMS plus technical documentation assessment), Annex X (type examination), and Annex XI (production quality assurance) set out the procedures themselves. These procedures have two features that matter for the moat argument: they require notified body time, which is structurally scarce, and they are manufacturer-specific — a competitor cannot inherit your assessment.

MDR Annex II — technical documentation. Annex II enumerates the contents of the technical file: device description, intended purpose, risk management file, design and manufacturing information, benefit-risk analysis, verification and validation results, clinical evaluation report, post-market surveillance plan, and more. Read as a list, this is a procurement specification. Read as a business asset, this is years of work that a competitor must reproduce in full before they can enter your market. There is no short path. You cannot buy a competitor's Annex II file and reuse it under your own CE mark; the file is specific to the manufacturer, the device, and the intended purpose.

MDR Annex XIV — clinical evaluation and PMCF. The clinical evaluation, implemented under EN ISO 14155:2020+A11:2024 for investigations, is the part of the moat that compounds with time. A startup that generates its own clinical data — rather than relying on equivalence to a predicate device — owns an evidence asset. That asset gets stronger with each PMCF update. A competitor arriving three years later faces a higher state-of-the-art bar and must generate their own clinical data to match, because your device is now part of the state of the art they are measured against.

None of these provisions were designed to create competitive moats. But that is their effect, and founders who see it can plan accordingly.

A worked example

Consider two hypothetical startups — A and B — building a Class IIb AI-based image analysis tool for the same clinical indication.

Startup A treats MDR as a tax. They delay the QMS build until the product is "ready." They rely on equivalence claims under MDCG 2020-5 to avoid generating their own clinical data. They pick the cheapest notified body they can find without checking its scope. They time their submission to match a board meeting rather than the NB's actual queue. They plan to raise a Series A on product traction and deal with certification later.

Startup B treats MDR as asset building. They begin QMS and clinical strategy work in month one. They commission a small prospective clinical investigation — expensive in the short run — to build their own evidence rather than relying on equivalence. They engage with a notified body nine months before they plan to submit, securing queue position. They build the technical file incrementally, with a document management discipline that means the file is audit-ready continuously, not retrofitted in panic before submission.

Two years in, both companies have roughly the same product quality. But the assets look very different.

Startup A has a product and hope. Startup B has: - a contracted notified body relationship with queue position secured - a technical file that a due-diligence buyer can audit in two weeks - a CER with original clinical data that a competitor cannot equivalent-claim their way past - an ISO 13485-certified QMS that an acquirer can absorb directly - an intended-purpose statement that is narrow enough to be defensible and broad enough to matter

The exit multiples for these two companies differ by factors, not percentages. The Series A pitch differs in narrative. The competitive position differs entirely, even when the software is comparable.

This is not a thought experiment. This is the observable difference between MedTech startups that raise strong follow-on rounds and those that do not.

The Subtract to Ship playbook

Positioning MDR as moat is not a marketing exercise. It is a set of decisions that start on day one.

1. Decide intended purpose deliberately and defensively. A narrow, specific intended purpose is easier to defend clinically, easier to CE mark, and creates lock-in. A competitor entering your market must either match your intended purpose — in which case they face your CER as the state of the art — or narrow theirs further, which shrinks their own market. Resist the pitch-deck pressure to broaden intended purpose; broaden it after certification, not before.

2. Generate your own clinical data where feasible. Equivalence under MDCG 2020-5 feels cheaper at the start. It is more expensive at the end. Your own clinical data is an asset on the balance sheet and a barrier to competitors. Plan a lean but real clinical investigation under EN ISO 14155:2020+A11:2024 where the device class and risk profile justify it. For lower-risk devices, structured real-world evidence and PMCF can play the same role over time.

3. Secure notified body queue position early. NB queues are a structural moat by accident. A startup that contracted with a notified body 12 months ago and has a defined review slot has a measurable advantage over a competitor who will contact a notified body for the first time next quarter. Treat the NB relationship as a strategic asset. Pay for it attentively. Do not shop on price alone.

4. Build the technical file as continuous balance sheet value, not as a submission deliverable. A technical file that exists in draft form until six weeks before NB submission is a cash-burn line item. A technical file that is audit-ready at all times — because the QMS under EN ISO 13485:2016+A11:2021 makes it so — is a due-diligence asset that you can show to any investor or acquirer on demand. The second version is worth materially more money.

5. Reframe the fundraising narrative. The wrong fundraising narrative: "we need €X million to burn through regulatory work before we can start commercialising." The right narrative: "each regulatory milestone — QMS certification, tech file readiness, CER completion, NB contract, stage 1 audit passed, CE mark — is a step up in enterprise value. Here is the value step we expect at each one." This reframing does not require dishonesty; it requires showing the investor the moat you are building.

6. Document the moat explicitly in your data room. When you fundraise or prepare for acquisition, the due-diligence pack should include an explicit moat narrative: queue position, clinical evidence owned, intended-purpose positioning, QMS certification status, technical file completeness. Sophisticated MedTech investors and acquirers will look for these. Unsophisticated ones will not — but the narrative still helps you price the round.

7. Protect the moat after certification. The moat decays if not maintained. Post-market surveillance, PMCF updates, significant-change evaluations, and state-of-the-art updates to the CER all keep the moat fresh. A neglected CER becomes a liability in three years. A continuously updated one keeps competitors at arm's length.

This is not a substitute for a good product. A moat around a bad product is still a bad product. But for founders who have a genuine clinical value proposition, MDR is the cheapest, most durable moat available in European MedTech — because your competitors are required to build the same one before they can take your market.

Reality Check

  1. Can you articulate, in two sentences, how your MDR work creates a competitive barrier your competitors will face?
  2. Is your intended purpose narrow enough to be defensible and specific enough to be provable?
  3. Do you own your clinical data, or are you relying on equivalence that will weaken as the state of the art advances?
  4. Have you secured notified body queue position, or are you still planning to start that conversation?
  5. Is your technical file audit-ready continuously, or do you assemble it before each review?
  6. Does your fundraising deck frame regulatory milestones as enterprise-value steps, or as cash-burn items?
  7. If an acquirer opened your data room tomorrow, would your MDR artefacts read as assets or as liabilities?
  8. Do you have a PMCF plan that keeps the moat fresh over the next three years, or will your CER decay into a liability?

If more than two of these are weak, the moat is not real yet — it is a potential moat you are building on a plan to build.

Frequently Asked Questions

Isn't framing regulation as a moat just cope for slow certification timelines? No. A moat is defined by its defensibility, not by how fun it was to build. The fact that MDR work is slow and expensive is exactly what makes it a moat — if it were fast and cheap, every competitor would have one.

Don't big incumbents have the same moat, only bigger? Yes, which is why startups should build narrow, specific, defensible intended purposes rather than trying to match incumbent scope. A narrow moat around a sharp beachhead is more valuable to a startup than a wide moat around nothing.

How do I explain this to a software-background VC? Use the analogy of regulated infrastructure. No software company can enter your market without first doing two years of clinical and regulatory work. The queue is the moat. The CER is the moat. The NB relationship is the moat.

Does equivalence destroy the moat argument? Partially. Equivalence claims under MDCG 2020-5 mean your early evidence can be leveraged from others. But equivalence cuts both ways — if you can claim equivalence to a predicate, a competitor can claim equivalence to you, and that's a weaker moat. Generating original clinical data is what makes the moat stick.

When does this moat argument fail? When the product does not solve a real clinical problem. Regulatory work around a weak product is dead weight, not moat. The moat compounds real value; it does not create value from nothing.

How do I value the moat for fundraising? Look at comparable acquisition multiples for MedTech companies at similar regulatory milestones. The step from "early development" to "CE mark held" is typically a 2-4x valuation step in MedTech, depending on indication and market size. That step is the moat value in concrete terms.

Sources

  1. Regulation (EU) 2017/745 on medical devices, consolidated text. Article 52 (conformity assessment procedures), Annex II (technical documentation), Annex IX, X, XI (conformity assessment routes), Annex XIV (clinical evaluation and PMCF).
  2. EN ISO 13485:2016+A11:2021, Medical devices — Quality management systems, referenced by MDR Article 10(9).
  3. EN ISO 14155:2020+A11:2024, Clinical investigation of medical devices for human subjects — Good clinical practice.
  4. MDCG 2020-5 (April 2020), Clinical evaluation — equivalence.