Notified Body

This topic is part of the SG Systems Global medical device lifecycle, vigilance & regulatory compliance glossary.

Updated December 2025 • EU MDR 2017/745, CE Marking, ISO 13485 Requirements, ISO 13485 Audit, Medical Device QMS, Design History File (DHF), Postmarket Surveillance, Medical Device Reporting (MDR), CAPA, QRM, QMS, V5 QMS, V5 MES

A Notified Body (NB) is an independent conformity-assessment organisation that an EU/EEA country designates (“notifies”) to assess medical devices and in vitro diagnostic devices for CE marking when third-party review is required.
If your device class, technology or claims trigger Notified Body involvement, you do not “self-declare your way” into the European market. Your NB becomes the gatekeeper that decides whether your quality system and technical evidence are strong enough to support certification.

The common misunderstanding is to treat a Notified Body like a paperwork vendor or a rubber-stamp auditor. In reality, a competent NB is a risk-based reviewer of your entire compliance story:
classification rationale, verification & validation, risk management, clinical evidence, labeling, postmarket planning, and the integrity of your QMS.
When something is missing, unclear, inconsistent, or untraceable, the NB will stop the clock—because their own designation, reputation and oversight depend on it.

“In the EU, your CE mark is not a marketing badge. It’s the end-product of a conformity assessment that your Notified Body is accountable for.”

1) What a Notified Body Actually Is

A Notified Body is a conformity assessment body designated by a Member State authority and listed in the EU’s public systems (notably NANDO) with a specific scope of designation.
That scope matters: NBs are not “approved for everything.” They are designated for defined device types, technologies, and assessment activities.

Practically, the NB’s job is to evaluate whether a manufacturer’s device(s) and supporting system meet the applicable regulatory requirements for conformity assessment and certification.
The manufacturer remains legally responsible for the device and for drawing up the EU Declaration of Conformity—but for many devices, the NB’s certificate is a required input to get there.

• Designated: The NB must meet strict organisational, competence, and impartiality requirements to be designated.
• Scoped: The NB’s designation scope determines what they can certify (device categories, technologies, codes).
• Accountable: NBs are monitored and can be suspended or have their designation restricted/withdrawn.

2) Why Notified Bodies Exist

The EU system is built on a simple premise: the higher the device risk and complexity, the less the system relies on manufacturer self-declaration.
For low-risk products, manufacturers can often self-certify. For higher-risk devices, regulators expect an independent third party to challenge the evidence before CE marking.

Notified Bodies exist to provide that independent conformity assessment at scale across the EU.
They are not the same as a national regulator, and they don’t replace market surveillance authorities—but they are the front-end filter that should prevent weak evidence packages from reaching patients.

If your business plan assumes “we’ll figure out the NB later,” you’re building on sand. NB selection and readiness are part of product strategy, not an administrative afterthought.

3) Notified Body vs Competent Authority vs Market Surveillance

Confusion here causes expensive mistakes. The roles are different:

• Notified Body: Performs conformity assessment and issues certificates within its designation scope.
• Competent Authority / Notifying Authority: National authority responsible for designating and overseeing Notified Bodies and conducting broader regulatory oversight in that country.
• Market Surveillance Authorities: Authorities that monitor devices on the market, investigate incidents, and can take enforcement actions.

Translation: your NB is not the “regulator,” but they are not “just an auditor” either.
They are a regulated, supervised assessment organisation, and their decisions have real market consequences.

4) When You Need a Notified Body

Notified Body involvement depends primarily on classification, claims, and specific risk drivers.
The broad pattern under EU frameworks:

• Many Class I devices: may be self-declared by the manufacturer (no NB) if they are not sterile, not measuring, and not reusable surgical instruments.
• Class I sterile / measuring / reusable surgical instruments: require NB involvement, but limited to the relevant aspects (sterility, metrology, or reprocessing/reuse).
• Class IIa / IIb / III devices: generally require NB involvement via defined conformity assessment routes.

The key point for planning: it’s not only “high-risk implants” that trigger NBs.
A deceptively simple device can still require NB review because of sterility claims, measuring functions, software roles, or other regulatory triggers.

If you are still arguing about your classification late in the project, you are already behind. Classification drives evidence requirements, clinical expectations, and the NB route—so it must be locked early and defended with a clear rationale.

5) What a Notified Body Actually Reviews

An NB review is not one document. It is a structured assessment across:

• QMS maturity: Whether your medical device QMS is implemented, controlled, and effective (not just written).
• Technical documentation: Design intent, GSPRs mapping, testing, V&V, software lifecycle, biocompatibility, electrical safety, sterilization, packaging, usability, etc.
• Risk management linkage: Whether your risk file is coherent and tied to controls, verification, labeling and residual risk acceptability.
• Clinical evidence: Clinical evaluation logic and data quality, including where clinical investigations are required and where equivalence arguments are weak.
• PMS readiness: Whether your postmarket surveillance plan and outputs tie back into CAPA and risk management.
• Vigilance interfaces: How complaint handling, trending, and reportability decisions integrate with your QMS and regulatory obligations.

A strong submission does not just “contain documents.” It shows traceable logic:
hazard → control → verification → labeling → postmarket monitoring. If your file can’t tell that story cleanly, NB review time explodes.

6) Conformity Assessment Routes (Why Annexes Matter)

EU conformity assessment is not a single path. Different device classes and situations lead to different assessment routes.
In practical terms, you will run into these families of approaches:

• QMS + technical documentation assessment: The NB audits the QMS and reviews the technical documentation (common for many device families).
• Type examination: The NB evaluates a representative device type and issues a type-examination decision/certificate.
• Product verification / product conformity: The NB performs verification activities focused on product conformity and sometimes sampling/testing strategies.

You do not pick these routes based on what feels easiest.
Your device classification and regulatory triggers drive the route, and your NB will enforce that alignment.

A recurring failure mode: teams focus on “passing the QMS audit” and under-invest in technical documentation structure, clinical evidence, and traceability.
Under modern EU expectations, a QMS certificate without a defensible technical file still leaves you stuck.

7) Scope, Codes and “Can This NB Certify Our Device?”

Notified Bodies are designated for specific scopes—often expressed via codes and device categories.
That scope determines what they are legally allowed to assess and certify.
It is completely possible (and common) for a reputable NB to be unable to take your project because:

• they are not designated for your device technology category,
• they lack competent resources (or capacity) for your product family,
• they are saturated with work in your segment, or
• they are strategically exiting certain device areas.

The business implication is blunt: NB selection is a technical decision.
If your procurement process treats NBs as interchangeable vendors, you will pick the wrong one and pay for it twice—once in delay, and again when you transfer.

8) The Real Lifecycle: Initial Certification, Surveillance, Recertification

Getting certified is not the end. It is the beginning of a regulated lifecycle with ongoing oversight.
Expect the relationship to include:

• Initial assessment: application, contract, file submission, QMS audit, technical documentation review, closure of nonconformities, certification decision.
• Surveillance audits: periodic audits to confirm the QMS remains effective and that postmarket obligations are being met.
• Change assessments: review of significant changes that could affect conformity (design changes, manufacturing site changes, supplier changes, software updates, labeling changes).
• Recertification: a deeper re-assessment at defined intervals, typically more demanding than surveillance.

If your organisation treats compliance as a “project” that ends at CE marking, you will slowly accumulate technical debt:
unclosed CAPAs, weak complaint trending, outdated risk files, and unmanaged change control. Eventually that debt becomes a major nonconformity—and then it becomes a certificate risk.

9) What Notified Body Audits Feel Like in Practice

A high-quality NB audit is not a checklist walk-through. It is an evidence interview.
Auditors will follow threads across systems and see whether the story holds:

• Does your DHF show controlled design inputs, outputs, review, verification, validation and design transfer?
• Are your document control and training records consistent with how work is actually done?
• Do your deviations, nonconformances and CAPA investigations show real root cause, not superficial containment?
• Can you show traceability from complaint trends to risk controls and preventive actions?

Expect auditors to test whether controls are real or performative. A QMS that exists as PDFs but not as behaviour will collapse under questioning.

Also expect modern audits to be increasingly hybrid (remote + on-site) and data-driven. If your records are scattered across disconnected tools and spreadsheets, you will spend the audit “hunting evidence” instead of demonstrating control.

10) The Fastest Ways to Fail (and How to Avoid Them)

Most NB delays are self-inflicted. The patterns repeat:

• Incomplete technical documentation: missing test rationale, missing acceptance criteria, missing linkage to risk controls.
• Weak clinical logic: claims not supported by the clinical evaluation strategy; reliance on “equivalence” without a defensible bridge.
• Risk management drift: risk file not updated when complaints, failures, or changes occur.
• Change control gaps: “minor” changes accumulating until they become an uncontrolled design evolution.
• Supplier blindness: outsourced processes treated as external problems instead of controlled parts of your QMS.
• Data integrity weakness: missing audit trails, uncontrolled spreadsheets, unclear approvals and versioning.

The fix is not “work harder.” The fix is to build a compliance system that is inherently traceable:
one authoritative data model for products, lots, documents, risks, changes, complaints and CAPAs. When that exists, NB questions become easy to answer quickly and consistently.

11) Choosing a Notified Body (Selection Criteria That Actually Matter)

You do not select an NB the way you select a cleaning vendor. The decision is strategic.
Criteria that actually matter:

• Designation scope fit: They must be designated for your device category and technology.
• Capacity and lead times: If they can’t schedule review windows that match your market plan, they are not a fit no matter how prestigious.
• Competence in your technical domain: Especially for software-heavy devices, implants, sterile devices, and novel technologies.
• Consistency and predictability: Clear expectations, stable interpretation, good communication and rationales.
• Geography and language: Practical factors for audits, interviews and document management.
• Transfer risk: Consider what happens if the NB exits a scope or experiences internal capacity shocks.

A disciplined selection process includes a structured pre-application dialogue, a scope verification against public designation listings, and a frank discussion of timelines and completeness expectations.

12) “Can the NB Tell Us How to Comply?” (Independence vs Guidance)

Notified Bodies must remain independent and avoid conflicts of interest. That means they cannot act as your consultant, write your documents, or design your compliance strategy.
But independence does not mean silence.

In practice, NBs can clarify regulatory expectations, explain their process, and engage in structured dialogues about how to apply for conformity assessment—as long as they do not cross the line into client-specific consulting.
The mature way to handle this is:

• use the NB for process clarity (what they will review, how they review, what “complete” means),
• use internal experts or external consultants for solution design (how your system meets requirements),
• document interactions to avoid “hidden consultancy” risk.

If your team is relying on the NB to “teach you compliance,” you are not ready for certification.
The NB is not your training department.

13) What Happens When Certificates Are at Risk

Certification is not permanent. Certificates can be restricted, suspended, or withdrawn if serious nonconformities are not addressed or if the conformity basis changes.
The most common triggers are:

• systemic QMS failures (ineffective CAPA, uncontrolled changes, poor supplier control),
• failure to meet postmarket obligations (trend blindness, inadequate PMS execution),
• significant changes implemented without NB review where required,
• loss of confidence in data integrity or traceability.

The operational reality: if your certificate status changes, your supply chain and revenue are immediately at risk.
That is why NB readiness must be baked into management review, not handled as a periodic scramble before audit week.

14) If Your Notified Body Exits or You Need to Transfer

NB changes happen—sometimes by your choice, sometimes not.
A body may cease certain conformity assessment activities, lose scope, or exit the market.

Transfer is not a paperwork swap. A new NB must be confident in the device conformity basis, the QMS effectiveness, and the completeness of technical documentation.
If your files are not clean and current, transfer becomes an unplanned recertification effort.

Practical mitigation:

• Maintain a “transfer-ready” technical file: current, traceable, and internally audited.
• Keep change control disciplined; don’t accumulate undocumented evolution.
• Preserve evidence packages for key decisions: clinical rationale, risk acceptability, PMS conclusions.

If you wait until a transfer crisis to clean your documentation, you will miss your market windows.

15) EUDAMED, Transparency, and Why Certificate Data Is Becoming More Visible

The EU is pushing toward greater transparency around certificates and the conformity status of devices.
Notified Bodies are expected to register certificate information (issuance, amendments, suspensions, withdrawals, refusals) in EUDAMED’s Notified Bodies & Certificates module, with public access to relevant information.

This matters because “certificate opacity” used to hide weak operational discipline.
As transparency increases, the market will have fewer places to hide behind vague status statements.
Your internal release and supply decisions need to be tied to objective certificate status and scope.

The best operational posture is to treat certificate and NB interactions as a managed lifecycle dataset—not as emails in someone’s inbox.

16) What Notified Body Means for V5

In real audits, the difference between “manageable” and “painful” is not how smart your team is.
It’s whether your evidence is connected, searchable, and provably controlled.

On the V5 platform, Notified Body readiness becomes a systems outcome instead of a hero effort:

• V5 QMS: manages audits, nonconformances, CAPA, change control, document control and training with controlled workflows, audit trails and approvals—so NB questions can be answered with records, not opinions.
• V5 MES: links manufacturing evidence (parameters, lots, deviations, in-process failures) to the product and QMS, supporting technical documentation and postmarket investigations.
• Traceability across the lifecycle: ties design decisions, risk controls, verification evidence and postmarket signals into one chain, reducing the “where is the proof?” cycle that slows NB reviews.
• Audit efficiency: reduces the time wasted assembling evidence packs and increases the time spent demonstrating control and improvement.

Net effect: when your Notified Body asks the hard questions—about risk drift, complaint trends, change history, supplier controls, or data integrity—your answers live in the system, not in someone’s memory.

FAQ

Q1. Is a Notified Body the same as a regulator?
No. A Notified Body is an independent conformity assessment organisation designated and overseen by authorities, but it is not a national regulator. Regulators conduct designation oversight and market surveillance; the NB performs conformity assessment and certification within its designated scope.

Q2. Do Class I medical devices need a Notified Body?
Often no, but not always. Many Class I devices can be self-declared. However, if a Class I device is placed on the market in sterile condition, has a measuring function, or is a reusable surgical instrument, Notified Body involvement is required and limited to the relevant aspects.

Q3. What is the biggest reason Notified Body reviews take so long?
Incompleteness and weak traceability. If claims, risks, tests, and clinical rationale are not linked clearly—or if the technical documentation is missing critical justifications—review cycles multiply and timelines stretch.

Q4. Can a Notified Body help us build our technical file?
Not in the way many teams hope. NBs can explain their process and clarify expectations, but they must remain independent and cannot act as your consultant or create client-specific compliance solutions. You should build the file internally (or with independent consultants) and present it for assessment.

Q5. How do we choose the right Notified Body?
Start with scope fit and capacity. Confirm the NB is designated for your device type and technology, then evaluate lead times, technical competence in your domain, consistency of process, and transfer risk. Treat NB selection as a strategic regulatory decision, not a procurement formality.

Related Reading
• EU & Market Access: EU MDR 2017/745 | CE Marking | Labeling Medical Devices
• Quality & Risk: Medical Device QMS | ISO 13485 Requirements | ISO 13485 Audit | CAPA | Quality Risk Management (QRM)
• Lifecycle & Vigilance: Postmarket Surveillance | Medical Device Reporting (MDR) | Customer Complaint Handling
• Systems: V5 QMS | V5 MES | V5 Connect API