Navigating EU & US MedTech rules: What experts want startups to know

Wara Samar
Written by Wara Samar

Regulatory compliance is no longer just a box-ticking exercise for MedTech companies; it is a strategic pillar that determines market access, clinical adoption, and patient safety. Yet, the space continues to shift rapidly. At MedTech Malta 2025, the panel “Navigating EU & US Regulations: Key Compliance Trends for MedTech” brought together experts from both sides of the Atlantic to unpack how organisations can stay resilient amid heightened regulatory expectations and global uncertainty.

Moderated by Amra Racic, Vice President, Global Government Strategy, Veeva Systems, the panel featured:

A shifting global regulatory environment

The session opened with an acknowledgement of a broader backdrop affecting manufacturers. In the United States, reduced staffing at the FDA and temporary government shutdowns have slowed submissions, a significant obstacle for companies ready to pursue clearance or approval. Yet, Racic underscored that despite disruption, the agency remains firmly committed to ensuring global patient access to safe, effective medical devices.

In Europe, the EU MDR transition continues to evolve, bringing reform after reform. The group noted that while the regulatory path has become more complex, the outcome is a healthcare system built on stronger safety, traceability, and quality expectations.

Against this environment, Racic posed a central question:

How can MedTech companies strategically balance external pressures while maintaining robust quality systems and accelerating development?

Amra Racic, Vice President, Global Government Strategy, Veeva Systems
Amra Racic, Vice President, Global Government Strategy, Veeva Systems

Decision-making and culture: The foundation of compliance

Lindsay highlighted speed and responsibility in early-stage teams as decisive success factors:

“Whether you’re a startup or a large corporate, you must meet the same regulations. The key is having people in position who make decisions — and make them fast. If no one decides, nothing moves.”

Edwin Lindsay, Principal Consultant & Managing Director, CS Life Sciences
Edwin Lindsay, Principal Consultant & Managing Director, CS Life Sciences

Savas expanded the point beyond technical readiness to cultural readiness:

“Companies need a culture that values quality and regulatory excellence early. If you position yourself defensively, you can’t win the game. Staying ahead means equipping yourself with up-to-date tools and expertise, not avoiding risk but handling it well.”

Oguz Savas, Head of Notified Body, Malta Conformity Assessment
Oguz Savas, Head of Notified Body, Malta Conformity Assessment

Proactive vs reactive: Navigating overwhelming guidance

Forteza described the constant influx of updates, guidance, and draft documents as one of the biggest challenges for the industry:

“There is overwhelming information, but being proactive means tracking what’s coming, even draft guidance, and mapping how it will apply. Then you can plan mitigation early instead of responding in panic later.”

Being proactive also requires better collaboration with regulatory partners. Savas noted that Malta Conformity Assessment has implemented short, structured 15-minute dialogue sessions with manufacturers to reduce misunderstandings and accelerate reviews, an example of efficiency not driven by reduced rigour, but smarter communication.

Ainoa Forteza, VP Regulatory Affairs MedTech, Alira Health
Ainoa Forteza, VP Regulatory Affairs MedTech, Alira Health

Cybersecurity: Urgency meets uncertainty

Cybersecurity is now a formal regulatory expectation, and the entire industry is playing catch-up. Espinosa stressed that the risk is tangible and immediate:

“Manufacturers simply don’t know what they don’t know. There have already been cases where patients died due to compromised devices. Awareness is still the biggest gap.”

Cyber risk is not just a technical topic; it’s a compliance requirement affecting submissions, market access, and ultimately patient safety.

Christian Espinosa, CEO, Blue Goat Cyber
Christian Espinosa, CEO, Blue Goat Cyber

AI: Potential meets over-optimism

AI naturally took centre stage when discussing future regulatory trends. The panel aligned on one message: AI is not a shortcut.

Lindsay described the internal push from leadership teams who assume AI will reduce cost and accelerate approval, without acknowledging the time, data, and controlled learning required for safe development. Espinosa added that the industry tends to fixate on success cases rather than failure modes, even though AI failure in high-risk applications can have devastating consequences.

Racic reinforced that AI, for now, is limited by the datasets behind it:

“You can’t benefit from AI if your data house is not in order, and currently we are using only a tiny fraction of the healthcare data available.”

Panellists on stage during MedTech Malta 2025
Panellists on stage during MedTech Malta 2025

Building quality into the product, not on top of it

A recurring theme was the importance of structure without overengineering. When asked whether digital tools or full EQMS platforms should be implemented early, the panel agreed that the right step is gradual:

Digital documentation helps prevent loss of information and accelerates compliance.

But startups should not be pushed prematurely into full QMS builds before they even have a product.

Lindsay summarised it clearly:

“Startups don’t need the whole QMS at the beginning. They need the pieces that support development. If you overwhelm them with paperwork before they have a device, you slow them down rather than preparing them.”

Espinosa added that knowledge precedes technology:

“If a startup doesn’t understand what to document or why, a QMS won’t help. They need to learn quality first; then the system serves as proof of it.”

Closing reflection

The panel closed on consensus: compliance can no longer be an afterthought. To succeed under both EU and US regulations, companies must build operational and cultural readiness early, not by scaling bureaucracy, but by scaling clarity, awareness, and discipline.

Whether navigating cybersecurity expectations, shifting US policies, MDR evolution, or the emerging regulatory landscape of AI-enabled devices, the companies best positioned to succeed are the ones who:

  • make decisive progress rather than waiting for certainty,
  • build structure without suffocating innovation,
  • and pursue compliance as a mindset, not a milestone.

Looking ahead: Join MedTech World 2026 events

For those interested in presenting their work, connecting with investors, or participating in discussions that influence the direction of global health technologies, MedTech World offers a range of opportunities in 2026 across its four flagship events. Companies, experts, and innovators can secure their place early and explore speaking, showcasing, and partnership options for the upcoming season.

MedTech World 2026 announcement