What Makes an Informed Consent Document Defensible Under MDR?
I reviewed a clinical investigation dossier last month where the informed consent form looked perfect. Detailed. Compliant. Signed by every participant. The Notified Body still issued a major deficiency. The problem was not what the document said. It was what the document revealed about the sponsor’s understanding of the actual risks.
In This Article
- Why Informed Consent Documents Fail Review
- What MDR Actually Requires
- Risk Communication That Survives Scrutiny
- The Forgotten Elements
- Language and Readability
- How Reviewers Assess the Consent Process
- When the Consent Document Reveals Bigger Problems
- What a Defensible Consent Document Looks Like
- Final Thought
Informed consent is not a form. It is a process that must demonstrate respect for participant autonomy, adequate risk communication, and alignment with the investigation’s actual design and hazards. Under MDR Article 62 and Annex XV, the consent document is evidence that this process was properly executed.
But when I review investigation files, I see the same pattern repeating. Teams treat the informed consent document as a template exercise. They adapt a previous version. They copy language from similar devices. They focus on legal compliance while missing the clinical and ethical substance.
Then the Notified Body reviewer reads it. And within minutes, they identify gaps that reveal deeper problems with the risk analysis, the clinical investigation plan, or the device classification itself.
Why Informed Consent Documents Fail Review
Most deficiencies in informed consent documents trace back to one fundamental issue: disconnection from the risk management file and the clinical investigation plan.
The document is written in isolation. The clinical affairs team drafts it without full access to the risk analysis. Or the legal team writes it focusing on liability protection rather than meaningful risk disclosure. The result is a consent form that sounds professional but does not accurately reflect what participants will experience or what could go wrong.
When a Notified Body reviewer compares the informed consent document to the device’s risk management file, they look for alignment. Do the risks described in the consent match the residual risks identified in ISO 14971 documentation? Are the probability and severity levels honestly communicated? Is the language about potential harms consistent with what the manufacturer knows from bench testing or preclinical work?
The informed consent document lists generic risks (infection, discomfort, device malfunction) without addressing the specific hazards identified in the device’s risk management file. The reviewer cannot verify that participants were informed about the actual known risks.
This is not about legal wording. It is about evidence of thinking. The consent document must show that the sponsor understands the device’s risk profile well enough to communicate it accurately to someone with no medical background.
What MDR Actually Requires
MDR Annex XV Chapter II Section 3.1 specifies the required elements of informed consent. These are not suggestions. They are minimum content requirements that every document must address.
The consent must include: the nature, objectives, benefits, risks, and inconveniences of the investigation; the rights and safeguards for participants; the measures to protect participant data; and the arrangements for treatment and compensation in case of injury.
But here is what trips up many sponsors: these requirements are not checkboxes. Each element must be substantiated by corresponding documentation in the investigation file. When you state that risks are minimized, your risk management file must show how. When you describe the benefit-risk ratio, your clinical evaluation must support that characterization. When you mention alternatives, those alternatives must be clinically relevant for the target population.
I have seen consent documents that technically address every required element but fail because the content is not defensible when cross-referenced with other sections of the dossier. The document says one thing. The risk analysis says another. That inconsistency becomes a major finding.
The informed consent document is not a standalone submission. It is a synthesis document that must reflect and align with your risk management file, clinical investigation plan, and clinical evaluation strategy. Reviewers verify this alignment explicitly.
Risk Communication That Survives Scrutiny
The section on risks is where most consent documents collapse under review. Not because the risks are missing, but because the communication is incomplete or misleading.
Here is what happens. The team lists the risks. Infection. Bleeding. Device migration. Allergic reaction. All accurate. All possible. But the document does not explain which risks are more likely, which are more serious, or which are specific to this device versus the standard of care.
A participant reading this list cannot form a meaningful understanding of what they are actually consenting to. And a Notified Body reviewer reading this list cannot verify that the consent process was adequate.
The MDR does not require probability percentages in the informed consent. But it does require that the information provided is sufficient for the participant to make an informed decision. That means the document must help the participant understand not just what could happen, but what is likely to happen and what the consequences would be.
When I draft or review these sections, I look for three things. First, are the device-specific risks clearly distinguished from general procedural risks? Second, is there enough context for the participant to assess whether these risks are acceptable to them personally? Third, does the language avoid both minimization and exaggeration?
The goal is not to scare participants. It is to respect their capacity to decide. That requires honest, contextualized information.
The Forgotten Elements
Beyond risks and benefits, there are elements of informed consent that teams routinely underspecify. These elements rarely generate discussion during internal reviews, but they become blocking deficiencies during Notified Body assessment.
One is the explanation of alternatives. MDR Annex XV requires that participants be informed of alternative procedures or treatments. Many consent documents address this with a single sentence: “Alternative treatments exist.” That is not sufficient. The document must describe what those alternatives are, at least in general terms, so the participant understands what they are choosing not to do by enrolling.
Another is the compensation and treatment provisions in case of injury. The consent must explain what happens if a participant is harmed during the investigation. Who pays for treatment? What kind of compensation is available? Under what conditions? These are not hypothetical questions. They affect participant safety and trial ethics. Yet I regularly see consent documents that provide only vague assurances.
Then there is data protection. GDPR intersects with MDR here, and the consent document must address both. Participants need to understand how their data will be used, who will have access, how long it will be retained, and what rights they have. This section often reads like copy-pasted legal text. It needs to be clear and specific to the investigation.
The consent document states that “alternative treatments are available” without describing what those alternatives are or how they compare to the investigational device. Participants cannot assess the relative value of enrolling without this context.
Language and Readability
MDR Annex XV Section 3.1 states that the informed consent must be written in clear, understandable language. In practice, this is harder than it sounds.
Medical device investigations involve technical concepts. The device itself may be complex. The procedure may be specialized. The endpoints may require clinical knowledge to interpret. But the consent document must communicate all of this to someone who may have no medical training.
The standard I use: if a participant cannot explain back to you what the device does, what the main risks are, and what participation involves, the document is not clear enough.
This does not mean dumbing down the content. It means structuring the information so that a non-expert can follow the logic. Use plain language. Define technical terms when they are necessary. Avoid acronyms unless you explain them. Break complex ideas into shorter sentences.
Some teams worry that simplifying the language will make the document less precise or less legally protective. That is a false trade-off. Clarity and precision are compatible. A well-written informed consent document protects both the participant and the sponsor better than one filled with legal jargon that no one actually understands.
How Reviewers Assess the Consent Process
Notified Body reviewers do not just read the informed consent document. They assess whether the consent process is likely to achieve its purpose: enabling participants to make autonomous, informed decisions.
That means they look at the document in context. Is the reading level appropriate for the target population? If the device is for elderly patients or patients with low health literacy, the language must reflect that. If the investigation is in multiple countries, are the translations accurate and culturally appropriate? If the device is used in a vulnerable population, are additional safeguards described?
They also check procedural details. Who obtains consent? Is there a cooling-off period between providing information and signing? Can participants ask questions and get answers before deciding? Are participants informed that they can withdraw at any time without penalty? These are process elements, but they must be documented in the consent form itself or in the clinical investigation plan.
I have seen investigations delayed because the consent form did not specify how much time participants would have to consider the information before signing. The content was good. The process was unclear. That was enough for a deficiency.
The informed consent document must describe not only what information is provided but also how the consent process will be conducted. Reviewers verify that the process respects participant autonomy and provides adequate time and support for decision-making.
When the Consent Document Reveals Bigger Problems
Sometimes a deficiency in the informed consent document is a symptom of a more fundamental issue in the investigation design.
For example, if the consent document cannot clearly describe the purpose of the investigation, that suggests the clinical investigation plan itself is poorly defined. If the document cannot explain the benefit-risk ratio in understandable terms, that suggests the clinical evaluation is weak. If the document lists risks that are not in the risk management file, that reveals a gap in hazard identification.
Notified Bodies know this. They use the informed consent document as a diagnostic tool. A confused or evasive consent form signals that the sponsor may not fully understand what they are investigating or why.
That is why I tell teams: write the informed consent document after the risk management and clinical evaluation are complete, not before. The document should synthesize that work, not substitute for it.
What a Defensible Consent Document Looks Like
A defensible informed consent document has three qualities. It is aligned with the rest of the investigation file. It communicates risks and benefits in terms a non-expert can understand. And it demonstrates respect for participant autonomy throughout.
When I review a strong consent document, I can trace every major statement back to a supporting document in the dossier. The risks described match the residual risks in the risk management file. The benefits claimed are supported by the clinical evaluation or preclinical data. The alternatives mentioned are clinically relevant. The compensation provisions are consistent with the insurance documentation.
The language is clear without being condescending. The structure is logical. The participant can follow the reasoning from “what is this device” to “what could happen to me” to “how do I decide.”
And the document shows awareness of the consent process as something more than signing a form. It explains how participants will receive information, who they can contact with questions, how they can withdraw, and what happens if they change their mind.
This level of quality does not come from using a better template. It comes from treating the informed consent document as a reflection of the entire investigation’s integrity.
When that integrity is present, the document writes itself. When it is absent, no amount of legal editing will fix it.
A high-quality informed consent document is not created in isolation. It is the natural output of a well-designed investigation with a coherent risk management strategy, a defensible clinical evaluation, and genuine respect for participant rights.
Final Thought
The informed consent document is one of the few parts of your submission that connects directly to the people who will use your device. It is not just regulatory paperwork. It is the ethical foundation of the investigation.
When it is done well, it protects participants. It demonstrates your competence as a sponsor. And it gives Notified Bodies confidence that your investigation deserves approval.
When it is done poorly, it delays everything. Because a weak informed consent document is not a fixable writing problem. It is evidence that something deeper in your investigation needs rethinking.
Get it right from the start. That means integrating the consent document into your investigation design, not treating it as a final-stage deliverable. It means writing for participants, not reviewers. And it means understanding that clarity and compliance are not opposites.
They are the same thing.
Peace,
Hatem
Clinical Evaluation Expert for Medical Devices
Follow me for more insights and practical advice.
Frequently Asked Questions
What is a Clinical Evaluation Report (CER)?
A CER is a mandatory document under MDR 2017/745 that demonstrates the safety and performance of a medical device through systematic analysis of clinical data. It must be updated throughout the device lifecycle based on PMCF findings.
How often should the CER be updated?
The CER should be updated whenever significant new clinical data becomes available, after PMCF activities, when there are changes to the device or intended purpose, and at minimum during annual reviews as part of post-market surveillance.
What causes CER rejection by Notified Bodies?
Common reasons include inadequate equivalence demonstration, insufficient clinical data for claims, poorly structured SOTA analysis, missing gap analysis, and lack of clear benefit-risk determination. Structure and logical flow are as important as the data itself.
Which MDCG guidance documents are most relevant for clinical evaluation?
Key documents include MDCG 2020-5 (Equivalence), MDCG 2020-6 (Sufficient Clinical Evidence), MDCG 2020-13 (CEAR Template), MDCG 2020-7 (PMCF Plan), and MDCG 2020-8 (PMCF Evaluation Report).
Need Expert Help with Your Clinical Evaluation?
Get personalized guidance on MDR compliance, CER writing, and Notified Body preparation.
✌
Peace, Hatem
Your Clinical Evaluation Partner
Follow me for more insights and practical advice.
– Regulation (EU) 2017/745 (MDR), Article 62 and Annex XV
– ISO 14155:2020 Clinical investigation of medical devices for human subjects
– MDCG 2019-9 Summary of Safety and Clinical Performance
