EU MDR Summary of Safety and Clinical Performance (SSCP): What Manufacturers Need to Know

What Is the SSCP and Who Must Prepare One

The Summary of Safety and Clinical Performance (SSCP) is a mandatory public document required by Article 32 of EU Regulation 2017/745 (EU MDR) for Class III medical devices and implantable devices. The SSCP represents a significant transparency requirement that has no direct equivalent in the legacy MDD framework — it is an EU MDR-specific obligation that requires manufacturers to make clinical performance and safety data publicly accessible.

The requirement applies to: all Class III medical devices, and all implantable devices, regardless of class. Class IIb non-implantable devices are not required to prepare an SSCP, although some notified bodies have interpreted certain custom device categories differently. If your device is Class III or implantable, SSCP preparation is mandatory for EU MDR compliance.

The SSCP must be prepared by the manufacturer, validated by the notified body as part of the conformity assessment process, and uploaded to the EUDAMED database once publicly accessible. The notified body's validation and the manufacturer's final version are both stored in EUDAMED. Once published, the SSCP is publicly accessible — any healthcare professional, patient, or researcher can read it.

This public accessibility fundamentally changes how manufacturers must think about the document. The SSCP is not an internal technical document — it is a public-facing summary that must be written in terms accessible to intended users and patients, while containing sufficient clinical and safety data to be informative to healthcare professionals.

Required Content: What the SSCP Must Include

Article 32 of EU MDR and MDCG 2019-9 (the guidance document on SSCP preparation) specify the mandatory content elements. An SSCP that is missing required elements will be rejected by the notified body during validation.

Device identification: The SSCP must clearly identify the device, including: device name and model number, basic UDI-DI (once assigned), EU MDR device classification, intended purpose, indications for use, contraindications, and warnings and precautions. The intended purpose in the SSCP must exactly match the intended purpose in the technical documentation and labeling.

Clinical performance and safety summary: This is the core of the SSCP. Manufacturers must summarize: the clinical evidence supporting the device's safety and performance, the clinical investigation(s) conducted (if any), the post-market clinical follow-up approach, and key clinical outcomes including relevant safety events and device deficiencies. The summary must be based on the Clinical Evaluation Report (CER) but must be written at a level accessible to the intended readership.

Residual risks and undesirable effects: The SSCP must disclose the residual risks identified in the risk management process (under ISO 14971) and any known undesirable side effects. This does not require disclosure of all risk management detail — but any residual risk accepted as part of the benefit-risk analysis must be summarized.

Post-market surveillance summary: The SSCP must include a summary of the post-market surveillance (PMS) and post-market clinical follow-up (PMCF) plan, including the frequency of PMS report updates. Once the device is on the market, the SSCP must be updated with PMS findings on a defined schedule — annually for Class III devices, at least every two years for implantable Class IIb devices.

Previous generations and similar devices: If the device is a modification of a previous device, or if performance claims are based on data from substantially equivalent devices, the SSCP should briefly address this. The notified body may require explicit disclosure of the device lineage in the SSCP.

Lay language summary: EU MDR requires that the SSCP include a section written specifically for patients and lay users, in language that is understandable to non-medical readers. This section must describe what the device does, the key benefits and risks in plain language, and how the device compares to available alternatives where relevant.

Notified Body Validation: The Review Process

The SSCP must be validated by the notified body before the manufacturer can finalize it. "Validation" in this context means the notified body reviews the SSCP for completeness, accuracy, and consistency with the technical documentation — particularly the CER, risk management file, and labeling.

The validation process occurs as part of the conformity assessment procedure. For most Class III and implantable devices, the SSCP review is integrated into the technical documentation review cycle. Notified bodies typically review the SSCP draft at the same time as the CER and risk management file, since the SSCP draws on both.

What notified bodies look for: - Consistency between SSCP claims and CER conclusions — if the SSCP describes clinical performance that is not supported by the CER, the notified body will issue a finding - Completeness against the MDCG 2019-9 checklist — notified bodies use the guidance document's content requirements as a review checklist - Accuracy of device identification data against EUDAMED registration data - Appropriateness of the lay language section for the intended patient population - Adequate disclosure of residual risks without promotional framing

Common SSCP validation findings: - SSCP performance claims that exceed what the CER supports - Residual risks disclosed in the risk management file but absent from the SSCP - Lay language section written at a reading level inappropriate for lay users - Missing post-market surveillance summary or frequency information - Inconsistency between SSCP intended purpose and labeling intended purpose

The manufacturer must address all notified body findings before the SSCP is finalized. Once validated, the notified body uploads its validation opinion to EUDAMED alongside the manufacturer's final SSCP.

Updating the SSCP: Post-Market Obligations

The SSCP is not a one-time document — it is a living document with mandatory update obligations tied to the post-market surveillance cycle. Manufacturers frequently underestimate the ongoing effort required to maintain SSCP compliance after initial certification.

Update frequency requirements: - Class III devices: SSCP must be updated at least annually, aligned with the Periodic Safety Update Report (PSUR) cycle - Implantable Class IIb devices: SSCP must be updated at least every two years - All classes: SSCP must be updated immediately upon any significant change that affects the device's safety, performance, or intended purpose — this includes field safety corrective actions and significant labeling changes

What triggers an unscheduled update: Any event that materially changes the safety or performance profile of the device should trigger an SSCP update. This includes: new serious adverse events reported through the vigilance system, significant field safety corrective actions, new clinical evidence from PMCF studies, post-market surveillance data that identifies new risks or undesirable effects, and significant changes to the risk management file.

EUDAMED upload obligations: Updated SSCPs must be uploaded to EUDAMED within the applicable timeline. Failure to maintain a current SSCP in EUDAMED is a non-conformance that notified bodies assess during surveillance audits. The EUDAMED module for SSCPs logs version history, so auditors can verify that updates were made within the required timeframe.

Interaction with the Authorized Representative: For non-EU manufacturers, the Authorized Representative (AR) has specific responsibilities related to the SSCP. The AR must have access to the technical documentation, including the SSCP, and must be able to provide it to competent authorities on request. Some ARs require manufacturers to notify them of SSCP updates and to confirm that EUDAMED records are current.

Practical Guide: Writing an Effective SSCP

Manufacturers approaching SSCP preparation for the first time frequently make the same structural mistakes. The most common is treating the SSCP as a condensed version of the technical documentation — producing a dense, technical document that satisfies the content requirements but fails the lay language accessibility test and generates notified body findings.

Start with the MDCG 2019-9 template: MDCG 2019-9 includes a template that maps directly to the Article 32 requirements. Use it. The template's structure is what notified bodies expect to see, and deviating from it without reason adds review time.

Write the lay section last, then revise the whole document: Write the complete technical SSCP first, then write the lay language section. Once the lay section is complete, review the full document to ensure the lay section is consistent with the technical content. Inconsistency between technical and lay sections is a common notified body finding.

Coordinate with the CER author: The SSCP clinical performance summary must be consistent with the CER conclusions. If the CER and SSCP are written by different people without coordination, inconsistencies are virtually guaranteed. The simplest approach is to have the CER author write the clinical performance section of the SSCP, or at minimum review it against the CER before submission.

Document the benefit-risk balance explicitly: EU MDR requires manufacturers to demonstrate a positive benefit-risk balance. The SSCP should explicitly state the benefit-risk conclusion and summarize the basis for it. Avoid vague statements like "the benefits outweigh the risks." Specify what the benefits are (in quantified terms where the clinical data supports it) and what the residual risks are (with their risk classifications from the risk management file).

Plan the update cycle before certification: Before submitting for conformity assessment, establish your internal SSCP update procedure: who owns the SSCP, what data sources trigger a review, what the internal approval process is before uploading to EUDAMED, and how updates are communicated to the notified body. Notified bodies will ask about your SSCP maintenance process during surveillance audits.

---

Ready to implement this? Download our EU MDR Technical Documentation Toolkit.