Clinical Data Agreements: Terms That Actually Protect Your File
I reviewed a clinical evaluation last month where equivalence rested entirely on two summary tables borrowed from a competitor’s device. No contract. No traceability to raw data. No access clause for audits. When the Notified Body asked for the underlying clinical data, the manufacturer had nothing. The equivalence claim collapsed.
In This Article
This situation repeats itself more often than it should. Manufacturers invest significant effort in demonstrating equivalence under MDR Article 61(5) and Annex XIV Part A, yet overlook the legal foundation that makes equivalence claims defensible: the clinical data agreement.
Without a solid agreement in place, you do not have equivalence. You have hope dressed as regulatory compliance.
Why Clinical Data Agreements Matter Under MDR
MDR Annex XIV Part A requires that when you claim equivalence, you must demonstrate access to the clinical data of the equivalent device. This is not a suggestion. It is a condition for using equivalence as a route to sufficient clinical evidence.
The regulation does not specify what form this access must take, but MDCG 2020-5 clarifies the expectation: you need documentation that proves you have legal rights to reference, analyze, and present clinical data from the equivalent device in your technical file.
A clinical data agreement is that documentation.
It establishes the terms under which the owner of the equivalent device grants you access to their clinical data. Without it, you cannot prove you meet the requirements of Annex XIV. Without it, your equivalence claim has no regulatory standing.
Access to clinical data is not assumed because devices are similar. It is a legal right that must be documented and enforceable. The absence of a proper agreement transforms your equivalence claim into a compliance gap.
What Goes Into a Clinical Data Agreement
Most manufacturers approach these agreements as simple permission letters. This reflects a misunderstanding of what the agreement must achieve.
The agreement is not just about permission. It is about traceability, auditability, and long-term access. It must hold up under Notified Body scrutiny, regulatory inspection, and potential post-market issues.
Here is what a defensible clinical data agreement must include.
Clear Identification of Both Devices
The agreement must explicitly identify your device and the equivalent device. This includes trade names, model numbers, classifications, and relevant certificates.
Without this precision, the agreement becomes ambiguous. If the equivalent device has multiple variants or configurations, the agreement must specify which variant’s data you can access. Vague identification creates problems when auditors ask which device’s data supports your file.
Scope of Data Covered
The agreement must define exactly what clinical data is covered. This includes clinical investigations, PMCF data, published literature, real-world evidence, and any post-market surveillance reports relevant to safety and performance.
I have seen agreements that grant access to “clinical study reports” but exclude PMCF data or post-market complaints. This creates gaps. If your equivalence claim relies on the equivalent device’s entire clinical dataset, the agreement must cover the entire dataset.
Partial access arrangements rarely satisfy regulatory expectations.
Right to Reference and Present Data
The agreement must explicitly grant you the right to reference the clinical data in your technical documentation and to present it to regulatory authorities and Notified Bodies.
This seems obvious, but agreements sometimes omit this clause. The result is that you can view the data but cannot formally use it in submissions. That defeats the purpose.
The language should be clear: you have the right to include the data in your clinical evaluation report, to submit it as part of your technical file, and to provide it during audits and assessments.
Agreements that allow “review” of data but do not explicitly permit its inclusion in regulatory submissions create a compliance gap. Notified Bodies will question whether you have legal standing to use the data.
Access Mechanism and Traceability
The agreement must describe how you will access the data. Will it be provided as complete study reports? Will you receive access to a data room? Will summaries be sufficient, or do you need patient-level data for certain analyses?
More importantly, the agreement must ensure traceability back to source data. If an auditor asks to verify a claim in your CER, you must be able to trace that claim back through your agreement to the underlying clinical evidence.
Without traceability, your equivalence argument becomes hearsay.
Duration of Access
Clinical data access cannot be temporary. Your obligation to maintain clinical evidence continues as long as your device is on the market. Therefore, the agreement must ensure ongoing access throughout the lifecycle of your device.
Agreements with fixed short-term durations create risk. If the agreement expires before your device leaves the market, you lose the foundation of your equivalence claim. Your technical file becomes non-compliant.
The agreement should either have a long duration or include automatic renewal provisions tied to the market presence of your device.
Provisions for Updates and New Data
Clinical data is not static. The equivalent device will generate new PMCF data, potentially face new safety signals, and accumulate additional post-market evidence.
Your agreement must address how you receive updates. If a serious safety issue emerges with the equivalent device, you need to know immediately. If new clinical data strengthens or weakens the equivalence argument, your CER must reflect that.
Agreements that cover only historical data at the time of signing fail to meet MDR expectations for ongoing clinical evidence management.
Confidentiality and Data Protection
Clinical data often includes proprietary information, patient data, and commercially sensitive details. The agreement must include confidentiality provisions that protect the data owner while allowing you to meet regulatory obligations.
This creates a tension. You need to share data with Notified Bodies and competent authorities, but the data owner wants to limit dissemination. The agreement must resolve this by explicitly permitting disclosure to regulatory bodies under appropriate safeguards.
Confidentiality clauses that prohibit sharing with auditors or regulators make the agreement unusable for regulatory purposes.
The agreement must balance confidentiality with regulatory transparency. If it restricts your ability to present data to Notified Bodies or competent authorities, it fails to support your equivalence claim.
Termination Provisions and Consequences
What happens if the agreement terminates? What if the equivalent device loses its CE mark or is withdrawn from the market?
The agreement must address these scenarios. Ideally, termination clauses should not affect your existing rights to data already received. If the equivalent device owner withdraws from the market, you still need access to historical clinical data to maintain your technical file.
Some agreements include termination clauses that invalidate all prior access upon termination. This creates immediate compliance problems for your device.
The termination provisions must protect your continued ability to reference historical data even if the relationship ends.
Audit Rights
Notified Bodies and competent authorities may need to audit the clinical data of the equivalent device to verify your equivalence claim. The agreement should address whether such audits are permitted and under what conditions.
If the agreement does not allow third-party audits, you may face situations where your Notified Body cannot verify the data supporting your claim. This creates doubt about the validity of your equivalence argument.
While the equivalent device owner may require advance notice, confidentiality agreements, and limited scope, outright prohibition of regulatory audits weakens your position.
When Clinical Data Agreements Are Not Enough
Even with a solid agreement, there are situations where it proves insufficient.
If the equivalent device is owned by a company with unstable finances, a history of regulatory non-compliance, or unclear ownership structures, the agreement’s value diminishes. If that company disappears or stops cooperating, your access evaporates regardless of contractual terms.
If the equivalent device faces serious regulatory issues such as recalls, field safety corrective actions, or certificate suspension, your reliance on that device’s data becomes a liability. The agreement does not protect you from the regulatory consequences of choosing the wrong equivalent device.
If the clinical data covered by the agreement turns out to be incomplete, outdated, or of poor quality, the agreement only proves you have access to insufficient evidence. It does not create clinical evidence where none exists.
The agreement is necessary but not sufficient. It must be paired with due diligence on the equivalent device’s regulatory standing, clinical evidence quality, and manufacturer reliability.
Manufacturers sign clinical data agreements without verifying the equivalent device’s current regulatory status, certificate validity, or post-market safety record. The agreement becomes worthless if the underlying device loses compliance.
Practical Considerations in Negotiating Agreements
Negotiating clinical data agreements is rarely straightforward. The equivalent device owner may see you as a competitor. They may be reluctant to share detailed data. They may impose burdensome restrictions that make the agreement impractical.
This is where regulatory necessity meets commercial reality.
From a regulatory perspective, you cannot compromise on traceability, auditability, or scope of access. These are non-negotiable if the agreement is to serve its purpose in your technical file.
From a commercial perspective, the equivalent device owner wants protection against misuse of their data, preservation of confidentiality, and limitation of their liability.
The negotiation must find a path that satisfies both sides. This often requires involving legal and regulatory experts who understand MDR requirements and can draft language that meets compliance needs without exposing the data owner to unacceptable risk.
In some cases, it proves impossible to reach an acceptable agreement. The equivalent device owner may refuse access, impose unworkable restrictions, or demand terms that undermine your regulatory standing.
When that happens, you must reconsider your equivalence strategy. An unworkable agreement is worse than no agreement because it creates false confidence in your compliance.
Documentation and Maintenance
Once you have a clinical data agreement, it must be properly documented and maintained within your technical file.
The agreement itself should be included in full in the clinical evaluation documentation. If confidentiality concerns prevent inclusion of the full agreement, you must at minimum include a summary that covers all essential terms.
Your clinical evaluation report must explicitly reference the agreement and explain how it supports your equivalence claim. The CER should identify what data is accessed under the agreement and how that data contributes to your clinical evidence.
You must also maintain evidence that the agreement remains in force. This includes tracking renewal dates, monitoring the status of the equivalent device’s certification, and documenting receipt of data updates as provided under the agreement.
If the equivalent device experiences regulatory issues, safety signals, or changes in performance, your documentation must show how you became aware of these developments and how they were factored into your ongoing clinical evaluation.
The agreement is not a static document filed and forgotten. It is part of your active clinical evidence management.
What Happens During Notified Body Assessment
When your Notified Body reviews your equivalence claim, they will examine the clinical data agreement closely.
They will check whether it covers all the data you reference in your CER. They will verify that it grants explicit rights to present data to regulatory authorities. They will assess whether the agreement ensures ongoing access throughout your device’s lifecycle.
They may request direct confirmation from the equivalent device owner that the agreement is valid and in force. They may ask to see evidence of how data has been provided under the agreement.
If they find gaps or ambiguities in the agreement, they will raise non-conformities. These can be difficult to resolve because renegotiating agreements takes time and depends on the cooperation of third parties outside your control.
This is why the agreement must be thorough from the start. Fixing deficiencies after Notified Body involvement is far harder than getting it right initially.
Final Considerations
Clinical data agreements are often treated as administrative formalities in the equivalence process. This is a mistake.
The agreement is the legal foundation that makes your equivalence claim defensible. Without a solid, comprehensive, and enforceable agreement, your entire equivalence strategy rests on unstable ground.
Take the time to draft agreements that cover all essential terms. Ensure they provide genuine access, traceability, and auditability. Verify that they allow you to meet regulatory obligations without compromise.
And remember that the agreement must be paired with ongoing vigilance about the equivalent device’s regulatory status and clinical performance. The best-drafted agreement cannot save an equivalence claim built on a device that loses compliance or generates safety concerns.
The effort you invest in a proper clinical data agreement is effort spent protecting your technical file, your market access, and ultimately your ability to keep your device on the market.
Peace,
Hatem
Clinical Evaluation Expert for Medical Devices
Follow me for more insights and practical advice.
Frequently Asked Questions
What is a Clinical Evaluation Report (CER)?
A CER is a mandatory document under MDR 2017/745 that demonstrates the safety and performance of a medical device through systematic analysis of clinical data. It must be updated throughout the device lifecycle based on PMCF findings.
How often should the CER be updated?
The CER should be updated whenever significant new clinical data becomes available, after PMCF activities, when there are changes to the device or intended purpose, and at minimum during annual reviews as part of post-market surveillance.
What causes CER rejection by Notified Bodies?
Common reasons include inadequate equivalence demonstration, insufficient clinical data for claims, poorly structured SOTA analysis, missing gap analysis, and lack of clear benefit-risk determination. Structure and logical flow are as important as the data itself.
Which MDCG guidance documents are most relevant for clinical evaluation?
Key documents include MDCG 2020-5 (Equivalence), MDCG 2020-6 (Sufficient Clinical Evidence), MDCG 2020-13 (CEAR Template), MDCG 2020-7 (PMCF Plan), and MDCG 2020-8 (PMCF Evaluation Report).
Need Expert Help with Your Clinical Evaluation?
Get personalized guidance on MDR compliance, CER writing, and Notified Body preparation.
✌
Peace, Hatem
Your Clinical Evaluation Partner
Follow me for more insights and practical advice.
– Regulation (EU) 2017/745 Article 61(5) and Annex XIV Part A
– MDCG 2020-5 Clinical Evaluation – Equivalence
Deepen Your Knowledge
Read Complete Guide to Clinical Evaluation under EU MDR for a comprehensive overview of clinical evaluation under EU MDR 2017/745.
