Key takeaways
- The EUDAMED deadline is forcing many manufacturers to repeat the same “spreadsheet sprint” they ran for the U.S. FDA’s GUDID — a linear approach that does not scale.
- UDI data must stay consistent not only across global UDI databases, but also with adverse event reports, recalls, registration and listing, importation records, and commercial systems.
- Sustainable UDI compliance requires three activities in concert: a holistic data superset, a Single Source of Truth, and robust cross-organization governance and change management.
- Done well, a UDI program becomes a foundation for market access, supply chain efficiency, patient safety, and real-world evidence — not just a submission checkbox.
The Day of Reckoning is Nigh | The Role of UDI and the Future of Data in the Medical Device Ecosystem
As the European Database on Medical Devices (EUDAMED) deadline approaches (for real this time), I watch many – and help some – companies continue to repeat their Unique Device Identification (UDI) sins of the past.
When we first started on our UDI journey circa 2013, many companies were shocked to realize they didn’t actually have the data needed in any system, or stored in a computable way, to meet the U.S. FDA’s GUDID requirements. So started the GUDID spreadsheet sprint — lots of people running around, looking at actual labels, packages, and paper files, trying to figure out the required data and then sticking it into a spreadsheet. Sometimes, the spreadsheet was uploaded by a third party, or simply manually cut and pasted into GUDID.
Those medical device manufacturers lucky enough to have some of the data in a system (e.g., a PLM) were able to temporarily augment that data and submit it “automatically” (machine-to-machine). Some of these system vendors supported this submission process, others developed their own HL7 SPL submission capabilities, and still others leveraged a host of third-party vendors.
Then, as we rolled into 2016, with GUDID submissions moving along and the EU’s EUDAMED staring us in the face — not to mention other regulators starting their UDI journeys — many companies realized they couldn’t sustain the current approach. They needed a more holistic and systemic way of creating and managing UDI data.
Some looked to expand the data models in the systems they used for GUDID. Others purchased new systems under the guise, to some extent, of solving the UDI data challenge. But then EUDAMED was delayed, and attention (and budget) shifted to other priorities. Many of the vendors that had supported GUDID data collection and submissions exited the business — primarily, I think, because solving this problem is really hard.
And so today, here we are: in the midst of the EUDAMED spreadsheet sprint. Or, maybe worse, pretending that we are making progress by storing the data in a destination-specific (e.g., EUDAMED) folder of a system. Much like a pdf of an IFU (an “eIFU”) is really no more useful than the paper IFU itself – creating destination-specific data in a system simply compounds the limitations of linear data collection (and maintenance).
The real problem isn’t submission — it’s maintenance. Filling a destination-specific folder for one regulator feels like progress, but it just multiplies the places where the same device data can drift apart. The cost shows up later, when a regulator asks why your recall notice doesn’t match your UDI record.
The challenge of UDI — along with other global, data-centric regulatory and commercial requirements — lies not just in managing data for initial submissions, but in maintaining that data consistently over time.
It’s not enough to ensure consistency across global UDI database submissions. That same data must also align with other regulatory and commercial submissions. Many have already experienced this firsthand — for example, receiving a letter from the U.S. FDA asking why the information in an adverse event report, recall notice, or R&L doesn’t match what was submitted to the GUDID. Increasingly, other regulators are — or soon will be — doing the same.
Emerging import control requirements will create new complexity. If the data used during importation doesn't match previously submitted UDI data, the device will likely be blocked from entering the market. This risk extends beyond regulatory issues: mismatches or inconsistencies can disrupt purchasing and fulfillment processes, delay (or cease) reimbursement, hinder traceability, and complicate recalls and participation in registries.
And we haven’t even touched on the implications for Real-World Data (RWD) or Post-Market Clinical Follow-up (PMCF). As an industry, we’ve focused heavily on getting new (or new versions of) devices to market — and have traditionally minimized the ongoing need to demonstrate that a device remains safe, effective, delivers on its intended use, and justifies its cost throughout its lifecycle. The new EU MDR and IVDR requires this ongoing justification.
We are very good at creating new UDI data for the same device across different geographies — and different answers to the same data question — through increasingly robust but siloed processes and systems.
Solving UDI Requires Three Activities in Concert
Solving this challenge requires the coordinated implementation of three interrelated activities:
The three pillars of sustainable UDI data
- A holistic data superset. Develop and implement a UDI (and related) data superset that covers all regulatory and commercial needs globally, rather than per-destination data sets.
- A Single Source of Truth. Extract individual data attributes from a Single Source of Truth (SSOT) to ensure consistency across systems and submissions.
- Cross-organization governance. Establish a highly robust, cross-organization data governance and change management process to maintain data integrity over time and across functions.
We are very good at creating new UDI data for the same device across different geographies – and different answers to a data question through (increasingly robust) siloed processes and systems (e.g., labeling, RIMS, PLM, ERP, CAPA, AE reporting, recalls). We need all three, in concert, to be successful in the long term.
Structured data, centralized governance and control, and automation can provide both greater visibility and consistency. Collaboration between all affected parts of the organization (e.g., engineering, regulatory, quality, labeling, marketing, supply chain) will provide not only consistent data but also a robust change control process that propagates reliably correct data to all users. Strong third-party risk management is part of that picture too, since much UDI data flows through vendors and contract partners that submit or transform it on your behalf.
From Spreadsheet Sprint to Sustainable Program
At USDM, we help medical device manufacturers navigate the complexity of UDI compliance by building sustainable, scalable solutions that go beyond “spreadsheet sprints.” Our experts partner with your teams to design and implement a holistic data model, create a Single Source of Truth, and establish robust governance and automation — ensuring your UDI data is accurate, consistent, and ready for any regulatory or commercial requirement worldwide. Where automation and AI enter the workflow, that same governance discipline extends through AI governance and compliance, so the systems generating and propagating data stay validated and trustworthy.
Treating UDI as living data rather than a one-time filing also changes how you think about validation. A validation lifecycle management mindset keeps the systems that hold your Single Source of Truth in a continuously controlled state, and pairing that with continuous compliance for your cloud platforms means the underlying infrastructure stays inspection-ready as your data evolves.
UDI has always been foundational. Linking a well-implemented UDI program to comprehensive, high-quality product data unlocks a wide range of possibilities — from regulatory compliance and market access to supply chain efficiency, patient safety, and real-world evidence. The same data foundation becomes the launchpad for the next wave of automation and the kind of work an agentic AI team can take on once your data is genuinely trustworthy.
The question is: Will you be ready for the next data challenge?
FAQ: UDI Compliance and Medical Device Data
Why isn’t a EUDAMED-specific data folder enough for UDI compliance?
Storing data in a destination-specific folder (for example, one built just for EUDAMED) compounds the limitations of linear, per-submission data collection. It looks like progress, but it multiplies the places the same device data lives and can drift apart, making consistency and ongoing maintenance harder rather than easier.
What happens if my UDI data doesn’t match my other regulatory submissions?
Inconsistencies can trigger questions from regulators — such as a U.S. FDA letter asking why an adverse event report, recall notice, or registration and listing record doesn’t match what was submitted to the GUDID. With emerging import controls, data that doesn’t match previously submitted UDI data can block a device from entering the market, and mismatches can also disrupt purchasing, fulfillment, reimbursement, traceability, recalls, and registry participation.
What are the three activities needed to solve UDI sustainably?
First, develop a holistic UDI and related data superset that covers all regulatory and commercial needs globally. Second, extract individual data attributes from a Single Source of Truth so every system and submission stays consistent. Third, establish robust, cross-organization data governance and change management to maintain data integrity over time and across functions. All three are needed in concert.
How does UDI relate to Real-World Data and Post-Market Clinical Follow-up?
The new EU MDR and IVDR require ongoing justification that a device remains safe, effective, delivers on its intended use, and justifies its cost across its lifecycle. High-quality, consistent UDI and product data is the foundation that makes Real-World Data (RWD) and Post-Market Clinical Follow-up (PMCF) feasible, rather than a fresh data scramble each time.
Who in the organization needs to be involved in UDI data governance?
UDI is cross-functional. Engineering, regulatory, quality, labeling, marketing, and supply chain all touch the same device data through systems like labeling, RIMS, PLM, ERP, CAPA, adverse event reporting, and recalls. Collaboration across these functions, supported by a robust change control process, is what propagates reliably correct data to every user.
Ready for the next data challenge? USDM helps medical device manufacturers move from spreadsheet sprints to a sustainable UDI data foundation. Contact USDM today to talk through your holistic data model, Single Source of Truth, and governance approach.