The Ultimate Guide to the EU MDR General Safety and Performance Requirements (GSPR)


With the European Medical Device Regulation (MDR) looming, medical device companies are focusing on ensuring compliance with the new regulations.  One of those key aspects of compliance is to ensure your devices conform to the General Safety and Performance Requirements (GSPR).  This guide provides you with some practical guidance on how to meet those requirements, as well as informs readers about our GSPR medical device software capabilities.


The EU MDR application is just coming fast. In fact, all applications under the new EU MDR must be made no later than May 26, 2021. Below is a high-level overview of key dates.





What’s the difference between Essential Requirements, General Safety and Performance Requirements (GSPR), and Essential Principles. In order to have a meaningful dialogue, let’s first discuss the three (3) main terms used in industry.

#1 Essential Requirements

The ‘Essential Requirements’ is the backbone for establishing conformity with the Medical Device Directive (MDD 93/42/EEC) and the Active Implantable Medical Device Directive (AIMDD 90/385/EEC).  Detailed within Annex I of the MDD and AIMDD, the ‘Essential Requirements’ laid out the requirements that devices must meet in order to state compliance to the directives. With the implementation of the new EU Medical Device Regulation (MDR 2017/745), the ‘Essential Requirements’ will become superseded by the new EU MDR General Safety and Performance Requirements (GSPRs).

#2 Essential Principles

The IMDRF laid out Essential Principles requirements in a document entitled Essential Principles of Safety and Performance of Medical Devices and IVD Medical Devices. From a high-level perspective, three basic tenets make up these ‘Essential Principles’:


  • A device must be designed to be safe and perform effectively throughout its lifecycle.
  • Device manufacturers must maintain all design characteristics.
  • Devices must be used in a way that is consistent with how it was designed.


Many countries use the term ‘Essential Principles’ when compiling the documentation required to determine compliance to the law.  For instance, the Australian Therapeutic Goods Administration (TGA) uses the term ‘Essential Principles Checklist’. Regardless of the term used, Essential Principles are of similar nature and overlap many of the Essential Requirements and new GSPRs.


#3 General Safety and Performance Requirements (GSPR)

As of May 26, 2021, medical device manufacturers must start to comply with Annex I – General Safety and Performance Requirements (GSPRs) of the new EU Medical Device Regulation (MDR 2017/745).  GSPRs are specific to the European MDR and IVDR. If you hear any other term (i.e. Essential Principles), it most likely means it is not referencing the European market.


EU Medical Device Regulation (MDR 2017/745) Annex I


Annex I of the EU MDR details the specific requirements of the General Safety and Performance Requirements (GSPR)


The new EU MDR GSPRs are broken down into three (3) chapters:


Chapter 1

General Requirements

Chapter 2

Requirements Regarding Design and Manufacture

Chapter 3

Requirements Regarding the Information Supplied with the Device


Chapter 1 – General Requirements


Both the EU MDR and the EU IVDR outline General Safety and Performance Requirements (GSPRs) in great detail for medical device designers and manufacturers. The general requirements for each overlap with each other and consist of the following:


  • Devices must perform in a way that aligns with the intended design.
  • They must not compromise the health or safety of a patient, user, or any other person associated with the device.
  • Risks must be reduced as much as possible, but not so much that they negatively affect the ratio of benefit to risk.
  • Device manufacturers must implement and maintain a thorough, well-documented, and evaluative risk management system that continues to be updated throughout the life cycle of a device.
  • Manufacturers and designers must include any necessary measures for protecting users in cases where risks cannot be completely eliminated.
  • Manufacturers must provide users with information about any potential risks that remain. This information must be clear, easy to understand, and considerate of the users’ technical knowledge level, use environment, and any applicable medical conditions.
  • Devices must withstand the stresses of normal use for the duration of their lifecycle.
  • Devices must be designed, manufactured, and packaged in a way that protects them from damage during transport and storage.
  • When it comes to risks and negative side effects that are known and foreseeable, designers and manufacturers must make every effort to minimize negative outcomes. They must also ensure that potential risks are acceptable when compared to the potential benefits of a device to its users.


Chapter 2 – Requirements Regarding Design and Manufacture


The GSPRs also provide key details regarding specific information about the design and manufacture of medical devices. As it relates to design inputs, the GSPRs provide highly-detailed requirements relating to a device’s:


  • Chemical, physical and biological properties
  • Potential for infection or microbial contamination
  • Use of substances that are considered to be a medicinal product or that the human body otherwise absorbs or disperses
  • Incorporation of biological materials
  • Interaction with its environment
  • Ability to diagnose or provide measurements
  • Radioactive properties
  • Systems that are electronically programmable
  • Capability for being active and connected to other devices
  • Capability for being active and implantable
  • Ability to withstand mechanical and thermal risks
  • Ability to safely supply energy or substances to the user or patient
  • Ability to be used by lay persons


Within each of these line items, the GSPRs outline key details to which designers and manufacturers must adhere where the requirements are applicable.


Chapter 3 – Requirements Regarding the Information Supplied with the Device


The final key area of governance within the GSPRs relates to specific information a manufacturer must supply with a device. The general requirements for this information states that, “Each device shall be accompanied by the information needed to identify the device and its manufacturer, and by any safety and performance information relevant to the user, or any other person, as appropriate.”  The requirements provide further detail as far as location-specific information such as the information that must be provided on:


  • The device label
  • The user instructions
  • The packaging of a device that is intended to maintain its sterile condition


EU Medical Device Regulation (MDR 2017/745) Annex II


In addition to the specific requirements identified within Annex I of the EU MDRAnnex II – Technical Documentation identifies additional requirements. Specifically, Section 4 – General Safety and Performance Requirements states:

“the documentation shall contain information for the demonstration of conformity with the general safety and performance requirements set out in Annex I that are applicable to the device taking into account its intended purpose, and shall include a justification, validation and verification of the solutions adopted to meet those requirements. The demonstration of conformity shall include:


(a) the general safety and performance requirements that apply to the device and an explanation as to why others do not apply;

(b) the method or methods used to demonstrate conformity with each applicable general safety and performance requirement;

(c) the harmonised standards, CS or other solutions applied; and

(d) the precise identity of the controlled documents offering evidence of conformity with each harmonised standard, CS or other method applied to demonstrate conformity with the general safety and performance requirements. The information referred to under this point shall incorporate a cross reference to the location of such evidence within the full technical documentation and, if applicable, the summary technical documentation.”

Let’s break this down into each part.


(a) the general safety and performance requirements that apply to the device and an explanation as to why others do not apply;


What needs to be documented for the requirements that apply or the requirements that do not apply?


Each and every GSPR should be assessed in its own right.


When a requirement applies, a simple statement may be made that this requirement applies to the device. In practice this is often achieved through the use of a checklist or table, with a column for applicability and a Yes/No answer against each requirement. When a requirement applies, you can move on to the other parts of demonstrating conformity regarding methods used and standards applied.


When a requirement is not applicable, a statement must be made to that effect, i.e. a ‘No’ in the applicability column. Additionally, it must be properly justified, even if it appears obvious to you. Such a justification may be something like ‘The device is not powered and is therefore not an active device. This requirement does not apply’. The justification should clearly state why the requirement has been deemed not to apply so that a third party can understand your reasoning.



(b) the method or methods used to demonstrate conformity with each applicable general safety and performance requirement;


What is meant by method or methods used?


This relates to the way you complied with that GSPR, historically it would be listed as a standard or other documentation reference that you have applied to demonstrate compliance, however the question of ‘method or methods used’ is new to the MDR and it is expected that a verbal description be provided such as:


i. Risk analysis weighed against clinical evaluation benefit
ii. Performance intended demonstrated by design requirements, verification and validation




(c) the harmonised standards, CS or other solutions applied;


What are harmonized standards, common specifications (CS), and other solutions?
Harmonized Standards

These are standards that have been specifically developed and assessed for compliance to a regulation or directive. They are published in the Official Journal of the European Union (sometimes just referred to as ‘the OJ’) and if you comply with these standards then there is a ‘presumption of conformity’ with that directive or regulation to which they have been harmonised. These harmonised standards can only be created by a recognised European Standard Organisation (such as CEN or CENELEC). When a standard is harmonized, an annex is added that describes how the standard conforms to the directive or regulation. When using harmonised standards you should make sure that you understand how the standard conforms so that you do not claim compliance when the standard either does not meet that requirement or only partially meets that requirement.

If a standard does not meet a certain requirement of the directive or regulation, or indeed only partially meets it, then you must employ additional mechanisms for compliance. If a harmonised standard meets part of a directive or regulation, then by complying with that standard you also fully meet the corresponding requirement(s) (At the time of this writing, there are no harmonised standards for the MDR and many are under current development). In this case, using an MDD harmonised standard and documenting a justification for doing so (i.e. how you believe the standard demonstrates compliance with the GSPRs), should provide sufficient evidence.

Common Specifications

Common Specifications are a new concept in the MDR. They allow the European Union to bring in additional requirements that must be met in order to claim compliance. You can think of Common Specifications as a ‘Super Standard’. The definition of a Common Specification is:

‘A set of technical and/or clinical requirements, other than a standard, that provides a means of complying with the legal obligations applicable to a device, process or system.’

Common Specifications can be introduced In areas where no harmonised standards exist, where they are insufficient, or where there is a public health threat that needs to be addressed. Devices that meet the requirements of a Common Specification are presumed to be in conformity with the General Safety and Performance Requirements of the MDR. Manufacturers must comply with the Common Specification unless they can justify that they have adopted solutions that ensure a level of safety and performance that is at least equivalent.

Other Solutions

Other solutions are simply alternative mechanisms (other than compliance to a Common Specification or a Harmonized Standard) that you use to demonstrate conformity with the GSPRs. These can be things such as other International Standards (that aren’t harmonized) and Manufacturers own documentation. The MDR specifies a hierarchy with respect to other solutions and what ranking they have in terms of superiority. The following diagram shows this:


(d) the precise identity of the controlled documents offering evidence of conformity with each harmonised standard, CS or other method applied to demonstrate conformity with the general safety and performance requirements. The information referred to under this point shall incorporate a cross-reference to the location of such evidence within the full technical documentation and, if applicable, the summary technical documentation.


What is the expectation for incorporating a cross-reference to the location of such evidence within the full technical documentation…?


This means that someone looking at the document should be able to identify exactly where in the technical documentation that the compliance evidence can be found. For example, this may refer to test reports and their exact location, or it could even reference locations within a large document (depending on the GSPR and your particular documentation. (i.e. if you have included usability risks as part of a larger risk assessment, you may need to say ‘See Technical File XXX, Section XX, Doc RMF001 rev 3 lines 65-78’). In other cases it could just mean the whole document reference, i.e. Have you done risk management? – then yes, it is RMF001 rev 3. What the specific reference actually is depends on how you have managed your technical documentation and how defined it is (i.e. separate reports or one big one). There should be no ambiguity as to where the document is located.


An example of a completed GSPR checklist could look something like this (applicable and nonapplicable examples are shown):

Proactive Monitoring & Maintenance


Specification developers and manufacturers must continually maintain their technical documentation to stay compliant. Part of this process is to ensure that they take into account the “generally acknowledged state of the art”


Proactive Monitoring

‘State of the art’

There is no formal definition of ‘state of the art’ within the EU MDR, although it is mentioned 12 times.


‘State of the art’ is an ongoing debate; however, it generally means that it embodies what is currently and generally accepted as good practice. The ‘state of the art’ does not necessarily imply the most technologically advanced solution.


This means that if a standard is updated that your medical device is compliant with, you must evaluate that update to ensure that it would meet the EU MDR ‘state of the art’ requirement. This is not a new requirement from the EU MDD but it is spelled out more clearly in the EU MDR.


The specification developer or manufacturer is ultimately responsible for determining if the updated standard applies or does not apply to their device(s). Either way, the justification should be documented within a gap analysis.

Monitoring for Changes

Of course, ‘state of the art’ only applies if you actually know if something changed. This is why you need to develop a process for monitoring the standards that compliance is claimed. Every single standard that is associated with your technical documentation must be actively monitored, reviewed, and reported on.




If you have product on the market and need a better way to monitor and maintain your General Safety and Performance Requirements (GSPR) or Essential Principles, Rimsys can help. Rimsys digitizes and automates GSPR and Essential Requirements so you can dynamically update and proactively monitor changing standards and evidence files.


When a standard or evidence file changes, you will automatically be notified and can update one GSPR or all of your GSPRs with a single click of a button. What used to take weeks of manual, error-prone, administrative tasks is now done in seconds within a fully validated, secure, maintenance free, cloud-based solution.





Maintaining your technical documentation is generally the hardest part of staying compliant. Robust processes must be established to ensure nothing slips through the cracks and non conformances are not identified during regulatory audits.

Gap Analysis

In addition to meeting the ‘state of the art’ requirements and the continuous proactive monitoring of standards, once a change has been detected that affects the technical documentation, a proper and thorough gap analysis must be completed.


The gap analysis between the old version and the new version, or an evaluation of a brand new standard must occur and be properly documented. The gap analysis should detail what is applicable and what is not applicable, with your supporting justification.
If something within the new or revised standard was considered to be applicable to your device, additional engineering testing, documentation, or justification may be needed to ensure compliance.


GSPR Updates

Once the gap analysis has been properly documented, specification developers and manufacturers must update their GSPRs.


These updates includes finding the withdrawn or superseded standard or evidence file throughout each row within your GSPR table, for every single device on the market. This could be one table or dozens of tables depending on the complexity of the products and your product mix.


This is an error-prone process as is it tedious, administrative, and extremely easy to miss an inappropriate referenced standard or evidence file.


Extreme diligence on the regulatory or engineering team must occur to ensure these critical updates to the GSPRs are not missed. The gap analysis must be properly referenced throughout and any justification for including or excluding a new standard or evidence file will be scrutinized by regulatory auditors.


Comparison Table


Download our eBook to get the this article in a PDF format, including the Comparison Table of the EU MDR Annex I GSPR vs. the EU MDD Annex I Essential Requirements.



James Gianoutsos

Founder & President
Rimsys Regulatory Management

James is a quality assurance and regulatory affairs professional who has a diverse background in the medical device, pharmaceutical and biologics industries. James’ professional experience includes the design, premarket approval, clinical trials, manufacturing, distribution and post-market surveillance of drug products and class I, II, and III devices. It also includes products in a variety of clinical applications including infant jaundice management, neonatal respiratory care, infant incubation, sleep therapy, management of respiratory insufficiency, surgical adhesive for internal use, surgical sealant for prevention of gastrointestinal leaks, and bone healing accelerants.

James has extensive experience in establishing and maintaining quality management systems in accordance with FDA, ISO, cGMP, MDD, CMDCAS requirements and standards and has helped develop and submit multiple regulatory filings including Premarket Approvals (PMA), 510(k)s, Design Dossiers, Technical Files and INDs.

James holds a Bachelor of Science in operations management as well as a Master of Business Administration (MBA) with a concentration in operations management and strategy from the University of Pittsburgh – Katz Graduate School of Business.

Rod Beuzeval

Meddev Solutions

Rod has worked in Pharmaceutical and Medical Device sectors for over 19 years and holds a degree in engineering. Rod has earnt Global Regulatory Affairs Certification from the Regulatory Affairs Professional Society.

His expertise lies in providing regulatory guidance to support new product development, worldwide registration and compliance activities. Rod is able to train large groups in the global regulatory requirements as well as QMS. He has years of hands-on experience of industry standards and regulation such as ISO 13485, ISO 14971, ISO 10993, IEC 60601-1, IEC 62304, IEC 62366, MDD 93/42/EEC, 21CFR, CMDCAS (MDSAP) amongst others.

He has registered devices in over 30 countries including EU, US, Canada, Japan, China, Russia, Kingdom of Saudi Arabia, South Korea and Latin America.

Prior to forming Meddev Solutions, he was a Client Manager for a leading European Notified Body, conducting assessments of QMS for 13485 certification. Rod is still actively engaged with Notified Bodies, performing audits on their behalf and providing technical expertise.

Rimsys is a world-leading provider of Regulatory Information Management (RIM) software designed specifically for the medical device industry. Rimsys offers a suite of cloud-based regulatory affairs software solutions to simplify and manage global product registrations, standards, essential principles requirements, UDI requirements, regulatory documents, changing regulations and more.