--- title: Soft Skills for Regulatory Affairs Professionals Under MDR description: The unwritten skill stack that makes an MDR regulatory affairs professional effective: NB diplomacy, internal pushback, executive translation, documentation clarity. authors: Tibor Zechmeister, Felix Lenhard category: Team Building, Operations & Scaling primary_keyword: soft skills regulatory affairs MDR canonical_url: https://zechmeister-solutions.com/en/blog/soft-skills-regulatory-affairs source: zechmeister-solutions.com license: All rights reserved. Content may be cited with attribution and a link to the canonical URL. --- # Soft Skills for Regulatory Affairs Professionals Under MDR *By Tibor Zechmeister (EU MDR Expert, Notified Body Lead Auditor) and Felix Lenhard.* > **The MDR tells you who can hold the Person Responsible for Regulatory Compliance role (Article 15), but it says nothing about how the job actually gets done. In practice, RA work under MDR is 40% technical competence and 60% communication, negotiation, and stakeholder management. The soft skills are not regulated — but they decide whether your certification project ships or stalls.** **By Tibor Zechmeister and Felix Lenhard.** ## TL;DR - MDR Article 15 defines formal qualification requirements for the PRRC but says nothing about soft skills. - The effective RA professional must translate between engineers, executives, clinicians, auditors, and notified body reviewers — five audiences with five vocabularies. - Clear technical writing is the highest-leverage soft skill in RA: a clean deviation report saves weeks; a muddled one triggers major nonconformities. - Notified body correspondence is diplomacy, not argument. Tone, precedent, and citation discipline matter as much as the underlying position. - Internal politics are unavoidable: RA is structurally the person who says "not yet," and doing that without becoming the blocker is a learned skill. - Executive translation — turning a 40-page gap assessment into a three-bullet decision — is what separates senior RA from mid-level RA. ## Why this matters Every regulatory affairs job description under MDR lists the same things: degree in life sciences or engineering, four years of relevant experience, knowledge of Regulation (EU) 2017/745, familiarity with EN ISO 13485:2016+A11:2021. These are the Article 15(6) PRRC criteria, more or less. None of them tell you why some RA professionals ship certifications on budget while others spend eighteen months in a loop of revisions and auditor questions. The difference is almost never technical knowledge. Both groups have read the MDR. Both groups have ISO 13485 open on a second monitor. The difference is how they communicate — with engineers who want to pivot the architecture mid-audit, with founders who do not want to hear about another six-month delay, with a notified body reviewer whose Monday morning email will either unlock a certificate or send a project back three quarters. This post maps the soft-skill stack that actually drives outcomes in MDR regulatory affairs. None of it is regulated. All of it is load-bearing. ## What MDR actually says (and does not say) MDR Article 15(1) requires manufacturers to have, within their organisation, at least one Person Responsible for Regulatory Compliance who has the requisite expertise in the field of medical devices. Article 15(6) sets out two pathways to that expertise: a diploma plus one year of professional experience in regulatory affairs or QMS relating to medical devices, or four years of such experience. Micro and small enterprises are not required to have a PRRC on staff but must have such a person permanently and continuously at their disposal (Article 15(2)). Annex IX and the QMS requirements in EN ISO 13485:2016+A11:2021 demand competence records, training plans, and evidence of ongoing professional development. The regulation presumes a literate, technically competent professional who can read standards, interpret guidance, and own regulatory correspondence. What none of these provisions address: - How to write a deviation report that will not attract a major nonconformity - How to disagree with a notified body reviewer without escalating the file - How to tell a CEO that the demo planned for the trade show cannot be shown without crossing into promotional material under Article 7 - How to get an overworked software lead to document architecture decisions before, not after, verification These are not compliance gaps. They are the job. The regulation assumes you can do them. The market does not. ## The unwritten skill stack Over fifty certifications across Zechmeister Strategic Solutions and forty-four startups coached through the Subtract to Ship methodology, the same six soft skills keep deciding outcomes. ### 1. Clear technical documentation writing The single highest-leverage skill. A clean CAPA record, a tight deviation rationale, a crisp classification justification — these save weeks of auditor back-and-forth. The opposite — hedged, passive-voice, five-page rationales that could mean three different things — is how single findings become clusters. What "clear" means in practice: - One fact per sentence - Active voice with explicit subjects ("The design team decided..." not "It was decided...") - Every claim cited to a source (MDR article, standard clause, test report, meeting minutes) - No unresolved ambiguity on the last line — the reader knows what decision was made and why This is a learnable skill. It is also, in most regulatory affairs teams, the skill with the widest variance. ### 2. Notified body correspondence diplomacy Notified body reviewers are people with queues. A typical queue holds forty to sixty active files. Every email you send either helps them process your file or gives them a reason to set it aside and open the next one. Diplomatic correspondence has three features. First, it answers the question that was asked before introducing anything else. Second, it cites — not argues — the position. Reviewers respond to "Annex VIII Rule 11, second indent, in combination with MDCG 2019-11 Rev.1 section 4.3" far better than to "we disagree." Third, it assumes good faith. Reviewers who feel they are being fought with become reviewers who find new questions. The common failure mode is treating NB correspondence like a negotiation in a business deal. It is not. It is a technical dialogue where both parties are constrained by the same regulation, and the reviewer has asymmetric power. ### 3. Internal pushback management RA is structurally the person who says "not yet." Not yet ready to ship. Not yet ready to claim that on the website. Not yet closed on the deviation. Doing this thirty times a quarter without becoming the team's villain is a specific skill. The technique that works: never block without offering a path. "We cannot ship this week because the risk management file is not updated to EN ISO 14971:2019+A11:2021; if we do the update Thursday morning, we can ship Monday" is a different conversation than "we cannot ship." The regulation is the same in both cases. The relationship is not. ### 4. Executive translation A CEO cannot read a forty-page gap assessment. A CEO can act on three bullets: what the gap is, what it costs to close, what happens if we do not. The translation is not dumbing down — it is selecting the load-bearing facts and dropping the rest. Felix has watched startup founders make the wrong call on classification, clinical strategy, and notified body selection not because the RA analysis was wrong but because the analysis was never cut down to something a non-specialist could decide on. The twenty-page document was technically correct. It was also operationally useless. ### 5. Cross-functional empathy The engineer who does not document architecture decisions is not lazy. The clinician who keeps rewriting the intended purpose is not undisciplined. Each of them has pressures the RA professional does not feel — release velocity, customer commitments, publication deadlines. The RA who can see those pressures and design compliance work around them gets documentation on time. The RA who cannot gets it late, or not at all. ### 6. Calibrated confidence Knowing what you know, knowing what you do not know, and saying both out loud. The RA professional who fakes certainty on a borderline classification question is one audit away from a credibility collapse. The RA professional who says "I am 80% confident this is Class IIa; here is the 20% case and here is what I would check before locking it in" builds the trust that keeps them at the table when decisions get made. ## A worked example A Class IIa SaMD startup was six weeks from a planned notified body submission. The software lead wanted to push a last-minute architectural change — moving inference from cloud to on-device — because it would improve latency for a key customer. The change would invalidate three verification tests, the cybersecurity threat model aligned to EN IEC 81001-5-1:2022, and two sections of the clinical evaluation report. Technical answer: no, we cannot do this in six weeks. What the effective RA professional actually did: 1. **Documentation writing.** Drafted a one-page impact assessment naming every affected artifact with clause references, not a wall of text. 2. **Internal pushback with a path.** Told the software lead: "If we delay submission by eight weeks, we can do this cleanly. If we ship on time, we do the current architecture and plan the on-device move as a post-market change under a documented change control per ISO 13485 clause 7.3.9." 3. **Executive translation.** Gave the founder three bullets: (a) eight-week delay for on-device now, (b) on-time submission and a managed change in Q3, (c) cost delta between them. 4. **NB-facing implication.** Prepared a short note to the reviewer flagging the planned post-market change so it would not arrive as a surprise later. The founder chose option (b). The submission shipped. The architectural change landed four months later through a controlled change. None of this required any technical competence that was not already in the room. All of it required soft skills. ## The Subtract to Ship playbook For founders and RA professionals building the soft-skill stack deliberately, six concrete moves. 1. **Write less, cite more.** Every week, take one document you produced and cut it by 30% without losing a fact. Force yourself to replace adjectives with citations. 2. **Run a weekly 30-minute notified body simulation.** Have a colleague ask the hardest question on an open file. Practise answering it in two sentences plus a citation. 3. **Keep a "path offered" log.** Every time you say no internally, record what path forward you offered. If the column is empty, you are building resentment, not compliance. 4. **Produce a three-bullet version of every major deliverable.** Before the full report goes to the CEO, the three-bullet version goes first. If you cannot write the three bullets, the report is not ready. 5. **Shadow an engineer for half a day per quarter.** You will learn more about why documentation slips than any training course will teach you. 6. **Flag uncertainty explicitly.** In every memo, have a dedicated "what I am not sure about" section. It builds trust faster than confident-sounding conclusions ever will. ## Reality Check 1. When did you last receive feedback from a notified body reviewer that your correspondence was easy to work with? 2. Can you point to a recent document you wrote where every technical claim traces to a source? 3. When you said no to an internal request this quarter, did you always offer a path forward? 4. Can you compress your current top priority into three bullets a non-RA executive could act on? 5. Do your engineers come to you early in design, or only when they need a signature? 6. When you are uncertain about a regulatory interpretation, does the team know you are uncertain? 7. How much of your week is spent writing versus reworking what you wrote? ## Frequently Asked Questions **Does MDR Article 15 require soft skills?** No. Article 15(6) defines formal qualifications — diploma and experience — but says nothing about communication, negotiation, or stakeholder management. These are implicit requirements of the role, not explicit legal ones. **Can I learn soft skills on the job, or do I need formal training?** Both. Formal training in technical writing and stakeholder management accelerates the curve, but pattern recognition only comes from running real files with real notified bodies. Budget for both. **How do I evaluate soft skills when hiring an RA professional?** Ask them to bring an anonymised example of a deviation report or CAPA they wrote. Ask them to walk you through a disagreement with a notified body and how it resolved. The answers tell you more than any CV. **Are soft skills more important at small startups or large manufacturers?** More visible at small startups, because one person plays every role. At large manufacturers, weak soft skills can hide in the org chart. At a startup, they cannot. **What is the single biggest soft-skill mistake junior RA professionals make?** Writing to defend themselves instead of to inform the reader. Defensive writing produces hedged, passive-voice documents that auditors distrust on sight. ## Related reading - [PRRC under MDR Article 15](/blog/prrc-mdr-article-15) — the formal qualification requirements the soft skills sit on top of - [Hiring regulatory affairs at a startup](/blog/hiring-regulatory-affairs-startup) — how to screen for the skills this post describes - [Building a QA/RA quality team at a startup](/blog/building-qa-ra-quality-team-startup) — where soft skills fit into the team structure - [Responding to MDR audit nonconformities](/blog/respond-to-mdr-audit-nonconformities) — the highest-stakes application of RA communication skills - [Hard skills for regulatory affairs](/blog/hard-skills-regulatory-affairs) — the technical competency stack that pairs with this one ## Sources 1. Regulation (EU) 2017/745 on medical devices, consolidated text. Article 15 (Person responsible for regulatory compliance). 2. EN ISO 13485:2016+A11:2021 — Medical devices — Quality management systems — Requirements for regulatory purposes. Clause 6.2 (Competence). 3. MDCG 2019-11 Rev.1 (October 2019, Rev.1 June 2025) — Guidance on qualification and classification of software under MDR. --- *This post is part of the [Team Building, Operations & Scaling](https://zechmeister-solutions.com/en/blog/category/team-operations) cluster in the [Subtract to Ship: MDR Blog](https://zechmeister-solutions.com/en/blog). For EU MDR certification consulting, see [zechmeister-solutions.com](https://zechmeister-solutions.com).*