A regulatory-credible advisory board is not a collection of logos on a deck. It is a small group of people with direct, demonstrable competence in the three hardest things a MedTech startup has to survive: Notified Body audits, payer conversations, and clinical evaluation. Done right, it adds real competency. Done wrong, it creates Article 7 exposure and wastes cash.

By Tibor Zechmeister and Felix Lenhard.

TL;DR

  • A regulatory-credible MedTech advisory board typically has three archetypes: a former Notified Body lead auditor (or equivalent), a payer/HTA expert, and a clinical KOL in the target indication.
  • Compensated advisors — whether paid in cash, equity, or both — must be disclosed wherever their views appear in commercial materials, or an Article 7 problem is one screenshot away.
  • EFPIA-style transparency norms, while voluntary for MedTech, are increasingly expected by serious investors and by Notified Bodies during audits of clinical evaluation independence.
  • Advisor agreements should cover scope, time commitment, compensation, confidentiality, IP assignment, publication review, conflict of interest disclosure, and termination. A loose email is not an agreement.
  • Advisors can be very valuable or actively harmful. The difference is how they are engaged, not who they are.

Why this matters (Hook)

Early last year a founder asked me to join her advisory board. The pitch: "We need someone with Notified Body credibility for our next funding round." I asked what she actually wanted me to do. Two hours a month, she said, and "maybe review the occasional document". I said no.

Not because the money or equity was wrong, but because what she described was a logo purchase. She did not want an advisor. She wanted a trust signal. And trust signals decay fast when the Notified Body reads a pitch deck that quotes an "advisor" who has never seen the technical documentation.

Real advisory boards are different. They meet quarterly, they read documents before meetings, they challenge intended purpose, they flag risks founders are too close to see, and they get paid for real work. And critically: when their views appear in any public communication about the device, they are disclosed — by name, by role, and by compensation structure.

MedTech does not yet have the hard transparency rules that pharma does under the EFPIA Disclosure Code. That is not a licence to hide relationships. It is a warning that the norms are catching up.

What MDR actually says (Surface)

There is no MDR article titled "advisory boards". The constraints come from three places.

Article 7 (Claims). Article 7 prohibits misleading communications about a device's intended purpose, safety and performance. A common Article 7 risk with advisors is the testimonial: "Dr X says our device is the best in class." If Dr X is compensated and the compensation is not disclosed, the statement misleads by omitting material context. If Dr X's statement ascribes functions to the device that are not in the intended purpose, the statement misleads on the merits. Both are Article 7 problems.

Article 10 (Manufacturer obligations). The manufacturer is responsible for the risk management process, the clinical evaluation conclusions, and the QMS. Advisors cannot make these decisions for the company — they can only inform them. If your clinical evaluation leans heavily on advisor opinion rather than appraised clinical data, your CER will be thin in the places a Notified Body looks hardest.

Article 61 and Annex XIV Part A. Clinical evaluation must be based on critical evaluation of relevant scientific literature and/or clinical data from clinical investigations of the device. Advisor opinion is not clinical data. It is at most context for interpretation, and any advisor whose own publications are cited in the CER creates a conflict of interest that the Notified Body will flag and expect addressed.

Beyond MDR, EN ISO 14155:2020+A11:2024 (clinical GCP) requires investigators and sponsors to disclose financial interests. EN ISO 13485 requires the manufacturer to ensure personnel performing work affecting product quality — including any advisor involved in design, risk or clinical activity — have documented competence.

The EFPIA Disclosure Code does not legally apply to medical devices in most jurisdictions, but it is widely used as a reference by serious investors and regulators as the "state of the art" for healthcare transparency. Adopting EFPIA-style disclosure voluntarily is a smart, low-cost defensive move.

A worked example (Test)

Consider a Class IIb SaMD startup raising a Series A, six months from Stage 2 audit, with a 50-patient clinical investigation running in three European centres. The CEO wants to build an advisory board to strengthen the pitch and shore up the regulatory strategy.

Bad version. She recruits five well-known names: a university hospital department head in the target indication, a digital health influencer with 80k LinkedIn followers, a former health ministry official, an angel investor, and a retired cardiologist who is a family friend. Each gets 0.1% equity. There is no written agreement. The website adds a "Scientific Advisory Board" section with photos. The next investor deck quotes the department head: "This could be the standard of care in five years."

What goes wrong. First, the department head is also the principal investigator on the ongoing clinical investigation. His quote in a fundraising deck — unreviewed, uncompensated-on-paper but equity-compensated in reality — is a serious independence problem for the CER and a potential Article 7 exposure. Second, the "influencer" has no regulatory competence and adds no expertise to the decisions the startup actually faces. Third, the absence of written agreements means IP created in advisor sessions has unclear ownership. Fourth, the family-friend cardiologist has not practised in eight years and cannot credibly advise on current clinical practice.

Better version. She recruits three people. Advisor A is a former Notified Body lead auditor now running her own consultancy — she can stress-test the technical documentation before the Stage 2 audit. Advisor B is a senior health economist from a major German sickness fund who understands DiGA reimbursement and can shape the PMCF plan to generate the evidence payers need. Advisor C is a practising specialist in the target indication, who is NOT the principal investigator on the ongoing trial and has no publications cited in the CER.

Each signs a written advisor agreement: 10 hours per month, monthly video call, quarterly full-day review, cash compensation plus small equity vest over 24 months. COIs are disclosed in writing. The website lists the advisors with roles, and any quote used in commercial materials includes a footnote: "Dr X is a paid advisor to [Company] and holds equity." The CER explicitly states that Advisor C is not a source of clinical data for the evaluation and that clinical data comes from the investigation plus appraised literature.

The second version costs more in cash but is robust to any audit question, any investor diligence, and any journalist screenshot.

The Subtract to Ship playbook (Ship)

1. Three archetypes, not five. For most MedTech startups, an advisory board of three people covers the hard problems: regulatory/NB, payer/HTA, clinical KOL. Add a fourth only if there is a specific gap — e.g. a software security specialist for a cybersecurity-heavy product, or a commercial-track advisor for a complex distribution challenge. Larger boards dilute accountability and become logo collections.

2. Written agreement, every time. The advisor agreement covers: scope of work, expected time commitment, compensation (cash and/or equity), confidentiality, IP assignment, COI disclosure, publication review rights, indemnification, and termination. A template costs a few hundred euros in legal fees and saves you from the expensive disputes.

3. Separate advisors from clinical investigators. A clinical investigator running a study on your device has sponsor-investigator obligations under EN ISO 14155 and cannot be treated as a general advisor. Their compensation, their publication rights, their COI — all governed by the clinical investigation agreement, not the advisor agreement. Mixing the two creates independence problems that will show up in your CER and on the NB's review comments.

4. Compensation discipline. Pay advisors for time (hourly or retainer), not outcomes. Outcome-linked compensation on regulatory milestones creates conflicts: an advisor paid on "CE mark achieved" has an incentive to minimise problems rather than flag them.

5. Disclose once, disclose well. Maintain a single public page listing advisors, roles, and compensation structure (cash / equity / both). Reference it from any commercial material where an advisor's view appears. This is the low-cost EFPIA-style move. It buys you enormous credibility with investors and regulators and costs almost nothing.

6. The Article 7 rule for advisor quotes. An advisor quote used in any commercial material must: (a) reference only functions and properties that are in the signed intended purpose, (b) include a disclosure of the compensation relationship, (c) be reviewed by whoever owns your claims register. If a quote cannot meet all three, it does not go out.

7. Use advisors to prepare for audits, not to replace work. The highest-leverage use of a senior regulatory advisor is a mock audit three months before your real one. The advisor reads the technical documentation cold, attacks it from an auditor's perspective, and gives you a written nonconformity list. This is real work. This is worth the money. Advisors who cannot or will not do this kind of work are not advisors — they are reputation rental.

8. Term limits. A two-year term with the option to renew is healthy. Advisors should rotate as the company's needs change — the advisor who helped you through Stage 2 may not be the right advisor for post-market surveillance scale-up.

Reality Check

  1. For each advisor, can you name in one sentence what specific problem they help you solve?
  2. Do you have written agreements with every advisor, including IP, COI, publication review and termination clauses?
  3. Is any of your current advisors also a clinical investigator on your study? If so, is the conflict documented and managed?
  4. When an advisor's view appears in a pitch deck, website or press release, is their compensation disclosed in the same place?
  5. Does your claims register treat advisor statements the same way as official company claims?
  6. Have you ever used an advisor for a mock audit? If not, why not?
  7. Are any advisors on the team primarily for the logo effect? Could you defend their presence to a skeptical Notified Body auditor?
  8. Do you have a single public page listing advisors with roles and compensation structure?

Frequently Asked Questions

Can advisors be paid only in equity? Legally, yes. Strategically, usually no. Pure-equity advisors often disengage once the equity is vested, and the absence of cash compensation makes "real work" harder to demand. A mix of small retainer plus equity works better for most startups.

Do I need to disclose advisor compensation on my website? MDR does not require it. EFPIA-style norms and investor expectations increasingly do. The cost of voluntary disclosure is near zero and the credibility benefit is substantial. Do it.

Can my advisor review our clinical evaluation report? Yes, and they should — that is exactly the kind of mock-audit work advisors add value through. Document the review, their comments, and your response in the CER file. Do not list the advisor as a co-author unless they meet ICMJE-style authorship criteria.

What if an advisor disagrees with a regulatory decision we have made? Document the disagreement and your rationale. Advisors are advisors, not decision-makers. Manufacturer obligations under Article 10 rest with the company. But a recurring pattern of advisor disagreement ignored is a signal to check yourself.

Can a Notified Body auditor be on my advisory board? Not one who is actively working for a Notified Body that might certify your device. Conflict of interest rules are strict. A former NB auditor who has left the body and observed appropriate cooling-off is typically fine.

How much should I pay a serious regulatory advisor? Market rates vary by geography and seniority. Expect hourly rates similar to senior consultants in the same market, retainers in the low thousands of euros per month for 10 hours, and small equity grants vesting over two years. Anything much lower is signalling either inexperience or low engagement.

Sources

  1. Regulation (EU) 2017/745 on medical devices, consolidated text. Article 7 (Claims), Article 10 (General obligations of manufacturers), Article 61 (Clinical evaluation), Annex XIV Part A.
  2. EN ISO 14155:2020+A11:2024 — Clinical investigation of medical devices for human subjects — Good clinical practice.
  3. EFPIA Disclosure Code (reference norm for healthcare transparency, voluntary for medical devices).