The phrase "self-certification" sounds like a regulatory dream. No Notified Body involvement. No audit fees. No queue times. Just prepare your documentation, declare conformity, and put your product on the market.

The reality is more nuanced. Self-certification under MDR is available only for a specific subset of devices, it carries significant legal responsibility, and it is not the regulatory shortcut that some founders imagine it to be. But for the devices that qualify, it is a legitimate and efficient path to market.

Who Can Self-Certify?

Under MDR, self-certification is available for Class I devices that are not placed on the market in sterile condition, do not have a measuring function, and are not reusable surgical instruments.

That is the scope. If your device is Class I without any of those special characteristics, you can CE mark it without a Notified Body reviewing your technical documentation or auditing your quality management system.

Examples of devices that may fall into this category: - Non-sterile wound dressings (simple bandages, gauze) - Certain non-measuring diagnostic accessories - Some non-invasive patient transport devices - Wheelchairs and hospital beds (non-active, non-measuring) - Some software classified as Class I (though most SaMD trends toward Class IIa or higher under MDR Rule 11)

The critical word is "may." Classification depends on the specific device and its intended purpose. Do not assume your device is Class I without going through the Annex VIII classification rules systematically.

What Self-Certification Actually Requires

Self-certification means the manufacturer takes full responsibility for declaring that the device meets all applicable MDR requirements. There is no external body validating your work before you go to market. This does not mean the requirements are lower. It means you must meet them on your own and be prepared to demonstrate compliance to a market surveillance authority at any time.

Here is what you still need to do:

1. Establish and Maintain a Quality Management System

MDR Article 10(9) requires every manufacturer. Regardless of device class. To have a QMS. Self-certification does not exempt you from this requirement. Your QMS must cover design and development, risk management, production, post-market surveillance, and all the other processes required by the regulation.

The difference from higher-class devices is that no Notified Body will audit your QMS as part of the conformity assessment. But market surveillance authorities can audit you at any time, and they will expect to find a functional QMS.

2. Prepare Complete Technical Documentation

Your technical documentation must comply with Annex II of MDR. This includes:

  • Device description and specification
  • Information to be supplied by the manufacturer (labeling, IFU)
  • Design and manufacturing information
  • General Safety and Performance Requirements (GSPR) checklist with evidence
  • Benefit-risk analysis and risk management
  • Product verification and validation
  • Clinical evaluation

The depth and breadth of the technical documentation should be proportionate to your device's risk level. But proportionate does not mean superficial. A Class I device still needs a proper clinical evaluation, proper risk management, and proper verification of its performance claims.

3. Conduct a Clinical Evaluation

Yes, even Class I devices need a clinical evaluation under MDR Article 61. For most Class I devices, this is a literature-based evaluation. A systematic review of published clinical data demonstrating that your device type is safe and performs as intended.

The clinical evaluation report for a Class I device does not need to be a 200-page document, but it must be methodologically sound, based on a systematic literature search, and clearly conclude that the benefit-risk ratio is acceptable.

4. Implement Risk Management

ISO 14971 applies regardless of device class. Your risk management file must demonstrate that you have identified hazards, estimated and evaluated risks, implemented risk control measures, and assessed the acceptability of residual risk.

5. Draw Up the EU Declaration of Conformity

The EU Declaration of Conformity (DoC) is your formal declaration that the device meets all applicable requirements. MDR Annex IV specifies the required content.

The DoC must include: - Manufacturer name and address - The statement that the DoC is issued under the sole responsibility of the manufacturer - Product identification (name, model, trade name) - Device classification and applicable classification rules - A statement that the device is in conformity with MDR - Reference to any harmonized standards used - If applicable, reference to Common Specifications used - Place and date of issue, name and function of the signatory - Signature

For self-certified devices, the DoC does not include a Notified Body identification number. Because no Notified Body was involved.

6. Register in EUDAMED

Before placing your device on the market, you must register as a manufacturer and register your device in EUDAMED. You must also obtain a Single Registration Number (SRN) and assign Unique Device Identifiers (UDI) to your devices.

7. Designate an Authorized Representative (If Needed)

If your company is established outside the EU, you must designate an authorized representative within the EU per MDR Article 11. This applies to all device classes, including self-certified Class I devices.

When you sign the EU Declaration of Conformity, you are making a legally binding statement. You are personally declaring. As the authorized representative of your company. That your device meets every applicable requirement of a European regulation.

If that statement is false. If your device does not actually meet the requirements. The consequences can be severe:

  • Market surveillance authorities can order you to recall the device
  • You can be required to take corrective action
  • You can face fines under national enforcement provisions
  • If a patient is harmed by a non-compliant device, you face civil and potentially criminal liability
  • Your company's reputation in the market is damaged

Tibor is blunt about this: "Self-certification is not 'self-regulation.' It is self-declaration under full legal accountability. When I see founders treat it as a lower bar, I correct them immediately. The regulatory requirements are the same whether a Notified Body checks your work or not. The difference is that with self-certification, nobody catches your mistakes before they reach the patient. The responsibility is entirely on you."

The Market Surveillance Reality

Just because no Notified Body reviews your documentation before market entry does not mean no one ever will. Market surveillance authorities in EU Member States actively monitor medical devices on the market. They can request to see your technical documentation, your QMS, your clinical evaluation, and your Declaration of Conformity at any time.

Market surveillance is not theoretical. It happens. Authorities conduct both routine surveillance and targeted investigations (triggered by complaints, incidents, or market signals). If they find that your documentation is insufficient or that your device does not meet MDR requirements, they have the power to order withdrawal from the market, recalls, and corrective actions.

For self-certified devices specifically, market surveillance is the primary oversight mechanism. Authorities know that no Notified Body has reviewed these devices, and some authorities specifically target self-certified devices in their surveillance programs.

Common Pitfalls in Self-Certification

Pitfall 1: Misclassification

The most dangerous pitfall. If your device is actually Class IIa (or higher) and you self-certify as Class I, you have placed a non-compliant device on the market. This is not a minor paperwork issue. It is a fundamental compliance failure.

MDR Rule 11 for software is the most common trap for startups. Software intended to provide information used to make diagnostic or therapeutic decisions is typically classified as at least Class IIa under Rule 11, not Class I. Many software startups initially believe their product is Class I and discover. Sometimes after they have already self-certified. That it is actually Class IIa or higher.

If you are in any doubt about your classification, get it validated by an expert or discuss it with a competent authority before self-certifying.

Pitfall 2: Insufficient Clinical Evaluation

"It is Class I, so we do not need much clinical evidence." Wrong. You need a clinical evaluation that is proportionate to your device but still methodologically sound. A one-paragraph statement that "this type of device has been used safely for decades" is not a clinical evaluation. A systematic literature search, a structured review of the evidence, and a documented benefit-risk conclusion is a clinical evaluation.

Pitfall 3: No QMS or a Paper QMS

Some founders self-certify without establishing a real QMS. They may have written some SOPs but never implemented them. They may have a quality manual that describes processes that do not actually exist. This is a compliance failure that will be exposed at the first market surveillance audit.

Pitfall 4: Missing Post-Market Surveillance

Self-certification does not exempt you from post-market obligations. You still need a post-market surveillance system, a post-market surveillance plan, and (for Class I) a post-market surveillance report per MDR Article 85. You still need a vigilance system for reporting serious incidents.

Pitfall 5: Treating Self-Certification as Permanent

Your device's classification is based on its current intended purpose and design. If you change the intended purpose, add a feature, or modify the design in a way that affects classification, your Class I status may no longer apply. Every change must be assessed for its impact on classification.

When Self-Certification Makes Strategic Sense

For qualifying devices, self-certification offers real advantages:

Speed: No Notified Body queue time. No waiting for audit scheduling. No review cycles. You can go from complete documentation to market in weeks rather than months.

Cost: No Notified Body fees, which saves EUR 20,000-50,000 or more. The savings come at initial certification and annually (no surveillance audit fees).

Control: You control the timeline entirely. No dependency on external organizations.

Simplicity: One fewer relationship to manage. One fewer stakeholder in your regulatory process.

These advantages are significant for startups. If your device genuinely qualifies for self-certification, it is a faster and cheaper path to market. But the advantages only hold if you do it properly. A self-certification that is challenged by market surveillance. Resulting in a recall, corrective action, or market withdrawal. Costs far more than a Notified Body assessment would have.

The Self-Certification Checklist

If you are self-certifying a Class I device under MDR, verify that you have:

  • [ ] Classified the device using all applicable Annex VIII rules, documented the rationale
  • [ ] Confirmed that no special characteristics (sterile, measuring, reprocessing) apply
  • [ ] Established and implemented a quality management system per Article 10(9)
  • [ ] Prepared complete technical documentation per Annex II
  • [ ] Completed a GSPR checklist covering all applicable Annex I requirements
  • [ ] Conducted a clinical evaluation per Article 61 with a documented CER
  • [ ] Completed risk management per ISO 14971
  • [ ] Verified and validated the device per your design and development process
  • [ ] Prepared labeling and instructions for use per Annex I Chapter III
  • [ ] Implemented UDI per Article 27
  • [ ] Established a post-market surveillance system per Article 83
  • [ ] Established a vigilance system per Articles 87-92
  • [ ] Registered as manufacturer in EUDAMED
  • [ ] Registered the device in EUDAMED
  • [ ] Drawn up the EU Declaration of Conformity per Annex IV
  • [ ] Affixed the CE mark per Article 20

Every item on this list must be completed before you place your device on the market. Miss one and your self-certification is non-compliant.

The Honest Assessment

Self-certification under MDR is a legitimate, efficient path for qualifying Class I devices. It is not a regulatory backdoor or a way to avoid scrutiny. The requirements are the same. The difference is that you bear sole responsibility for meeting them.

For startups with Class I devices, it can save significant time and money. For startups who think their device might be Class I but are not sure, the risk of getting it wrong is severe enough to justify investing in a proper classification assessment before committing to self-certification.

At the end of the day, self-certification is about trust. The trust that the regulatory system places in you, the manufacturer, to ensure that your device is safe and performs as intended. That trust comes with accountability. Honor it.