Poland offers the optimal sourcing environment for European medical device buyers combining EU regulatory compliance (EU MDR 2017/745, ISO 13485:2016 at 91% adoption among export manufacturers), manufacturing cost advantages of 35-50% versus Germany and the Netherlands, nearshore logistics (1-3 day road freight to Western Europe), and a cultural and legal environment fully aligned with European procurement standards. This guide provides the structured procurement methodology used by experienced European distributors, hospital Group Purchasing Organisations (GPOs), and OEM companies to identify, qualify, contract, and manage Polish medical device suppliers—covering ISO 13485 verification procedures, EU MDR compliance assessment, Quality Agreement frameworks, supplier audit protocols, incoming inspection procedures, intellectual property safeguards, and ongoing supplier governance.
Quick Decision Framework: Polish sourcing is most appropriate when EU MDR compliance is non-negotiable, when proximity and communication are valued over pure unit cost minimisation, and when the procurement programme involves ongoing supply relationships rather than one-off purchases. The Polish medtech manufacturing ecosystem is most mature in surgical instruments, hospital furniture, rehabilitation equipment, wound care consumables, and dental products—buyers in these segments can expect the shortest qualification timelines and the most experienced QMS infrastructure. For Class III implantable devices and complex active IVDs, Polish capability exists but qualification should allow extended timelines for Notified Body involvement.
Selecting a Polish medical device manufacturer for supply requires a structured qualification process addressing regulatory compliance, technical capability, quality system maturity, financial stability, and commercial alignment. The qualification process should be completed before placement of any commercial orders, as retrospective compliance remediation is substantially more costly and time-consuming than initial due diligence.
The initial screening phase filters the broad universe of potential Polish suppliers to a qualified shortlist for detailed assessment. Screening criteria should be documented in your procurement quality procedure and applied consistently. Core regulatory criteria—verified at the initial contact stage before any commercial discussions—include current ISO 13485:2016 certification with scope statement covering the relevant device types and manufacturing activities (design, manufacture, sterilisation as applicable); CE Declaration of Conformity under EU MDR 2017/745 for the specific product(s) of interest, confirming device classification and applicable conformity assessment procedure; EUDAMED registration confirmation (search at eudamed.ec.europa.eu by manufacturer name or manufacturer SRN, the Single Registration Number assigned by EUDAMED); and Notified Body certificate number and body identity for Class IIa, IIb, and III devices (verifiable at NANDO database).
Technical capability screening evaluates whether the manufacturer's production processes, materials knowledge, testing infrastructure, and engineering capability are appropriate for your device specification. This assessment is conducted through questionnaire and review of documentation provided by the manufacturer, supplemented by on-site audit for shortlisted candidates. Key technical questions include production technology employed (CNC machining tolerances, cleanroom class and area, sterilisation method and validation status, electronics assembly IPC class); design and development capability (does the manufacturer have an in-house design function with documented design controls per ISO 13485 Section 7.3, or are they a pure contract manufacturer requiring customer-supplied designs?); sub-supplier management practices (what proportion of components are manufactured in-house vs. sourced from sub-suppliers, and are critical sub-suppliers on a qualified Approved Supplier List with periodic re-evaluation?); and post-market surveillance infrastructure (does the manufacturer operate a documented PMS system including complaint handling, vigilance reporting procedures, and periodic safety update capability meeting MDR Article 83-86 requirements?).
Regulatory Documentation Required:
Quality System Evidence Required:
The technical capability assessment, conducted via detailed questionnaire followed by on-site audit, evaluates the manufacturer's ability to consistently produce your specific device to the required specification, performance, and safety standards. The assessment scope should align with the device classification and the associated regulatory obligations. For Class I non-sterile, non-measuring devices (the most common hospital furniture and basic instrument category), the assessment focuses on dimensional and material conformance, quality control procedures, and packaging integrity. For Class IIa sterile single-use devices, the assessment expands to include sterilisation validation records (ISO 11135 for EtO, ISO 11137 for radiation), biocompatibility evaluation (ISO 10993 series), and shelf-life validation. For Class IIa/IIb active devices, the assessment additionally covers IEC 60601 test documentation, software development lifecycle records per IEC 62304, and usability engineering files per IEC 62366.
On-site facility audits for medical device suppliers should be conducted by personnel with specific ISO 13485 auditing competence (typically a lead auditor qualification from an IRCA-accredited or equivalent programme) and, for technically complex devices, supplemented by a subject matter expert in the relevant device technology. Polish manufacturers are generally experienced in hosting international buyer audits and will typically prepare audit schedules, document packs, and facility tours appropriate for EU buyer requirements. Audit duration ranges from one day for a focused review of a Class I supplier to three days for a comprehensive assessment of a Class IIb device manufacturer with multiple production lines, sterilisation, and software development activities.
| Warning Sign | Risk Implication | Recommended Action |
|---|---|---|
| ISO 13485 scope excludes design (design controlled by customer) | No design control for custom development; no MDR Technical File ownership | Clarify design ownership; ensure Technical File maintained by competent party |
| CE marking only under MDD 93/42/EEC (not MDR 2017/745) | Non-compliant for EU market after extended transition; RAPEX risk | Do not place device on EU market; require MDR compliance plan with timeline |
| No EUDAMED manufacturer registration | Non-compliance with MDR Article 30; potential market suspension | Require registration before onboarding; deadline enforcement mandatory |
| CAPA closure rate below 80% within committed timeframes | Systemic quality issues; likely recurring non-conformances | Require corrective action plan; re-audit before approval |
| Reluctance to provide sterilisation validation records | Unvalidated sterilisation; sterility assurance level (SAL 10⁻⁶) not confirmed | Do not place sterile devices on market without validation evidence |
| No post-market surveillance procedure | Non-compliance with MDR Article 83-86; PMS data unavailable for PSUR | Require documented PMS procedure before contract signature |
| ISO 13485 certificate expired or lapsing within 6 months | Quality system non-compliance imminent; recertification under way or delayed | Request recertification evidence; do not onboard without current certificate |
EU MDR 2017/745 verification for Polish medical device manufacturers requires a structured review of regulatory documentation that confirms the manufacturer's legal authority to place devices on the European market. This review forms part of the buyer's own regulatory obligations as an importer or distributor under MDR Articles 13 and 14, and must be completed and documented before first commercial shipment.
The Declaration of Conformity (DoC) is the manufacturer's legal statement that the device conforms to applicable EU MDR requirements, and the document from which all downstream regulatory activities (CE marking, Technical File compilation, EUDAMED registration) derive their authority. A compliant DoC under EU MDR 2017/745 must include the manufacturer's name, registered address, and SRN (Single Registration Number from EUDAMED); a statement that the Declaration is issued under sole responsibility of the manufacturer; device identification including name, model, catalogue number(s), and UDI-DI; device classification under EU MDR Annex VIII rules with stated rationale; reference to applicable conformity assessment procedure (Annex IX, X, or XI); a list of harmonised standards applied with citation to the Official Journal of the EU; for Class IIa/IIb/III devices, identification of the Notified Body (name and identification number) and the Notified Body certificate number; the name, function, and signature of the authorised signatory; and date of issue.
Buyers should verify DoC content against the current MDCG 2021-8 guidance on Declaration of Conformity format, cross-check the stated Notified Body certificate number against the NANDO database (confirming the NB is currently designated and the certificate has not been withdrawn or restricted), and confirm the device UDI-DI listed on the DoC is registered in EUDAMED. For Class I devices without Notified Body involvement, the DoC alone (with Technical File maintained by manufacturer) constitutes the compliance demonstration, making careful verification of the DoC content and underlying Technical File availability particularly important for buyers placing Class I devices on the EU market.
EUDAMED (the European Database on Medical Devices) is progressively becoming the central regulatory transparency tool for the EU medical device ecosystem. Current EUDAMED functionality (as of early 2026) includes manufacturer registration (Actor Registration module—mandatory for all EU manufacturers under MDR Article 30), UDI and device registration (UDI/Device Registration module), and Certificate module showing Notified Body certificates. Buyers should verify: (1) manufacturer EUDAMED registration—search by name or SRN at eudamed.ec.europa.eu, confirm the manufacturer's registered address and scope match the documents provided; (2) device registration—search by UDI-DI to confirm registration of the specific device(s) being procured; (3) certificate status—for Class IIa/IIb/III devices, verify Notified Body certificate is active, not suspended or withdrawn, and covers the device type being purchased.
| Compliance Element | Device Class | Verification Method | Frequency |
|---|---|---|---|
| ISO 13485:2016 certificate validity | All classes | IAF CertSearch; direct CB confirmation | Annual (or at certificate renewal) |
| EU MDR Declaration of Conformity | All classes | Document review against MDCG 2021-8 | At onboarding; on product change notification |
| EUDAMED manufacturer registration | All classes | eudamed.ec.europa.eu search by SRN | At onboarding; annual re-check |
| UDI-DI device registration in EUDAMED | All classes | eudamed.ec.europa.eu UDI search | At onboarding; on product label change |
| Notified Body certificate (active, scope) | Class IIa / IIb / III | NANDO database + NB certificate document | Annual; on NB change notification |
| Biocompatibility evaluation (ISO 10993) | Class IIa+ (patient contact) | Review biocompatibility evaluation report | At onboarding; on material change notification |
| Sterilisation validation (EtO/gamma) | Sterile Class IIa / IIb | Review VR/VE/ER per ISO 11135/11137 | At onboarding; on sterilisation facility change |
| IEC 60601-1 test certificate | Active electrical devices | Accredited test lab report; CB certificate | At onboarding; on hardware change notification |
Verification activities should be documented in supplier qualification file and re-triggered by any change notification from the manufacturer. Source: EU MDR 2017/745 Articles 13-14, Annex IX-XI; MDCG guidance documents.
Connect with ISO 13485-certified Polish medical device manufacturers matched to your procurement requirements.
Posiadasz certyfikat ISO 13485 i produkujesz wyroby medyczne z potwierdzonym eksportem? Dołącz do B2BPoland.
A Quality Agreement (QAA)—also known as a Quality Technical Agreement, Supply Quality Agreement, or Quality Assurance Agreement depending on industry convention—is a binding bilateral document that defines the quality management responsibilities of both the buying organisation and the Polish manufacturer throughout the supply relationship. Under ISO 13485:2016 Section 7.4.3, documented agreements addressing quality requirements are required when outsourcing activities that affect product conformity. EU MDR Article 10(9) further requires that manufacturers using contracted services ensure their ISO 13485 QMS extends to or covers those contracted activities.
A comprehensive QAA with a Polish medical device manufacturer should address the following twelve core areas, each of which should be specifically documented rather than addressed by general reference to standards or regulations. Scope and product definition establishes which specific devices (by name, model, catalogue number, and device classification) are covered by the agreement, which regulatory territories are included, and which manufacturing activities at the Polish manufacturer are addressed. Quality system responsibilities allocates specific ISO 13485 activities between manufacturer and buyer, identifying which party holds the Technical File, which party owns and updates the Risk Management File, which party is responsible for post-market surveillance data collection and PSUR preparation, and which party manages vigilance reporting to URPL (or the relevant competent authority). Document control defines procedures for Technical File updates, label and IFU changes, and product specification modifications—including mandatory notification timelines (typically 30 days prior notice for significant changes, 14 days for labelling changes), documentation format requirements, and version control responsibilities. Change control establishes the specific changes that require mandatory prior notification (materials, sub-suppliers, manufacturing process steps, sterilisation provider, software, production site) versus notification after implementation (non-significant administrative changes), and defines the buyer's approval rights before changes can be implemented.
| QAA Section | Manufacturer Responsibility | Buyer Responsibility | Key Timelines |
|---|---|---|---|
| Change Control | Notify buyer of all changes per agreed classification; implement only after buyer approval for significant changes | Review change notifications; approve or reject within agreed period; update Approved Supplier List | 30-day prior notice (significant); 14-day notification (minor) |
| Non-Conformance Handling | Segregate non-conforming product; notify buyer within 5 business days of confirmed NC; initiate root cause analysis | Review NC notifications; agree disposition; monitor CAPA effectiveness | 5 days NC notification; 30 days root cause; 60 days CAPA |
| CAPA Management | Investigate root cause per ISO 13485:2016 Section 8.5; implement corrective actions; verify effectiveness | Review CAPA reports; escalate repeat failures; annual CAPA trend review | 30 days investigation; 60 days implementation; 90 days effectiveness |
| Post-Market Surveillance | Collect and analyse PMS data; prepare PSUR or PMCF; report serious incidents to competent authority within MDR timelines | Provide complaint data to manufacturer; cooperate with PMS activities; receive PSUR copies | PSUR at least every 2 years (Class I/IIa); annually (IIb/III) |
| Audits | Permit buyer audits with reasonable notice; provide requested documentation; implement audit findings | Conduct annual or biennial audit; report findings; verify closure of non-conformities | Annual planned audit; unannounced rights on quality events |
| Batch Release | Issue Certificate of Conformance (CoC) per batch before despatch; retain batch records for MDR Article 10(8) minimum period | Review CoC at incoming inspection; reject non-compliant CoCs; retain receiving records | CoC with each delivery; records retained minimum 10 years |
| Recall / FSCA | Notify buyer immediately (within 24 hours) on confirmed recall or FSCA decision; provide affected lot identification | Execute field corrective action in destination market; notify competent authority if required; provide inventory data | 24-hour notification; competent authority notification per MDR timelines |
QAA structure reflects best practice for EU MDR supply chain management. Individual agreements should be adapted to specific device classification, supply arrangements, and risk profile. Timelines are typical; negotiate based on device complexity and risk. Source: ISO 13485:2016, EU MDR 2017/745 Articles 10, 13-14, 83-86; MDCG guidance.
Medical device supply contracts with Polish manufacturers should include provisions beyond standard commercial supply agreements to address the regulatory obligations specific to this sector. The Master Supply Agreement (MSA) or Frame Supply Contract should incorporate by reference the Quality Agreement, confirm that ISO 13485:2016 and EU MDR 2017/745 compliance obligations are legally binding terms of supply, and include specific remedy provisions for regulatory non-compliance events including certificate lapse, EUDAMED deregistration, or Notified Body certificate withdrawal. Payment terms for established supply programmes typically follow 30-60 day net payment from delivery and CoC receipt, with milestone payment structures for tooling, validation batches, and OEM setup projects (typically 30-40% on contract signature, 30-40% on validation completion, 20-30% on first commercial shipment). Warranty provisions should cover minimum shelf-life guarantees (particularly for sterile single-use devices and IVD reagents where shelf life is a regulatory parameter), non-conformance disposition procedures specifying return logistics and credit procedures, and intellectual property warranties confirming no third-party IP infringement in the device design or materials used.
Incoming inspection procedures for medical devices from Polish manufacturers form an integral part of the buyer's own ISO 13485:2016-compliant quality management system, satisfying the requirements of Section 7.4.3 (verification of purchased product) and Section 8.2.6 (monitoring and measurement of product). The inspection intensity should be calibrated to the device classification, the supplier's established quality performance, and the risk consequences of a non-conforming device reaching end use. A tiered incoming inspection programme based on supplier qualification status represents the standard industry approach.
Tier 1 inspection (full incoming inspection, applied to new suppliers or suppliers with open CAPAs) involves systematic sampling per ANSI/ASQ Z1.4 or equivalent, dimensional verification of key characteristics, visual inspection against written acceptance criteria, label and IFU compliance check, Certificate of Conformance (CoC) review against batch manufacturing records summary, and sterility certificate review for sterile devices. Tier 2 inspection (reduced inspection, applied to established suppliers with consistent quality performance over 12+ months) involves CoC review, label compliance check, sampling of key characteristics at reduced AQL levels, and visual inspection of representative sample. Tier 3 verification (documentation check only, applied to exemplary suppliers under programme exemption with annual requalification) involves CoC review, label compliance verification, and shipper integrity check, with periodic full inspections triggered by product family or calendar period.
Intellectual property protection for medical device development programmes with Polish manufacturers operates within the EU's harmonised IP legal framework, providing strong and enforceable protection for product designs, manufacturing processes, technical data, clinical evidence, and software developed in the course of supply relationships. The Polish legal framework governing IP in commercial relationships includes the Industrial Property Law (Prawo własności przemysłowej, Dz.U. 2001 nr 49 poz. 508, as amended), the Copyright and Related Rights Act (Ustawa o prawie autorskim, 1994), and the Act on Combating Unfair Competition (Ustawa o zwalczaniu nieuczciwej konkurencji, 1993)—all substantially harmonised with EU directives and providing remedies enforceable through Polish courts and EU IP offices.
Confidentiality Agreements (NDAs) should be executed before any disclosure of proprietary technical information, competitive intelligence, or clinical data to the Polish manufacturer or its employees. For medical device development programmes, NDAs should be bilateral (protecting manufacturer confidential information as well, to ensure genuine commitment from the partner), include all manufacturer employees involved in the programme by reference to their employment NDA obligations, specify a post-project confidentiality period of at least five years (appropriate given medical device development and product lifecycle timescales), and include specific provisions for the return or destruction of physical and electronic information at programme conclusion. IP Assignment Agreements in OEM development contracts should explicitly confirm that all work product created during the programme—including product designs, engineering drawings, manufacturing process development, software source code, test protocols, and validation data—constitutes work-for-hire assigned to the commissioning party upon payment of the associated development fee. Residual rights clauses (which some manufacturers seek to retain general manufacturing knowledge and process improvements) should be reviewed carefully to ensure they do not inadvertently grant rights in project-specific IP.
Before Programme Start:
During and After Programme:
Effective governance of established Polish medical device supply relationships requires structured processes for communication, performance monitoring, continuous improvement, and escalation that integrate the regulatory obligations of the Quality Agreement with the commercial management of the supply programme. A tiered governance structure appropriate for medical device supply encompasses three levels of engagement: operational (monthly), tactical (quarterly), and strategic (annual).
Operational governance at monthly level covers quality performance metrics review (complaint rates, CoC rejection rates, delivery on-time performance, open CAPA status), new non-conformance notifications, production planning and forecast alignment, and any immediate compliance or regulatory issues. Tactical quarterly reviews address Quality Agreement performance against agreed KPIs, supplier development activities (process improvement projects, certification upgrades, capacity investments), contract performance versus commercial targets, and regulatory updates relevant to the devices supplied. Annual strategic reviews coincide with the annual supplier audit, address supplier certification renewals and requalification, review the supply agreement and pricing for the coming period, assess the strategic development of the supply relationship (new products, expanded scope, partnership deepening), and benchmark the supplier's performance against market alternatives.
| Performance KPI | Target (Best Practice) | Trigger for Review | Escalation Action |
|---|---|---|---|
| Incoming CoC acceptance rate | ≥ 98.5% | < 97% | Immediate CAPA request; increased incoming inspection (Tier 1) |
| Delivery on-time performance (vs. agreed date) | ≥ 95% | < 90% | Root cause analysis; production planning review |
| CAPA closure on-time (within agreed 60 days) | ≥ 90% | < 80% | Unscheduled audit; corrective action plan required |
| Change notifications issued within agreed timelines | 100% | Any late notification | Quality Agreement compliance review; written warning |
| Post-market surveillance data provision (per QAA) | 100% on schedule | Any missed PSUR | Regulatory escalation; consider alternative supplier |
| Customer complaint rate attributed to supplier | < 0.5/10,000 units | > 1.0/10,000 units | CAPA with root cause to manufacturing process; re-audit |
KPI targets represent industry best practice for established Class I/IIa medical device supply relationships. Class IIb/III supply programmes may require more stringent targets and more frequent monitoring. Targets should be agreed in Quality Agreement and reviewed annually.
This procurement guide synthesises best practice from EU regulatory guidance (EU MDR 2017/745, MDCG guidance documents), ISO 13485:2016 requirements, and practical experience of European distributors and procurement managers sourcing medical devices from Polish manufacturers. The guide provides a framework rather than prescriptive procedures; organisations should adapt recommendations to their specific device categories, regulatory scope, and risk management practices. Procurement decisions for medical devices carry regulatory and patient safety obligations; qualified regulatory affairs professionals and legal counsel should be engaged for all significant sourcing programmes.
Disclaimer: This guide provides general procurement framework guidance for informational purposes only. It does not constitute regulatory, legal, or professional advice. Medical device procurement decisions carry significant regulatory, clinical, and commercial obligations under EU MDR 2017/745 and ISO 13485:2016. Buyers are solely responsible for their own regulatory compliance, including ISO 13485 QMS procedures, supplier qualification records, incoming inspection documentation, Quality Agreement execution, and competent authority obligations as importer or distributor. Legal instruments including Quality Agreements, supply contracts, and IP assignments should be reviewed by qualified legal counsel familiar with EU medical device law and Polish commercial law. B2BPoland.com accepts no liability for procurement decisions, regulatory violations, product non-conformances, patient safety incidents, or commercial losses arising from use of this guide.
Access pre-qualified suppliers or read the full market analysis for the Polish medtech sector.