EU MDR Alignment Guide#

Scope#

This document maps MADDENING’s documentation and design to EU MDR (EU 2017/745) requirements that a downstream commercial manufacturer would need to address. MADDENING is not subject to EU MDR — this mapping is provided voluntarily.

Annex I — General Safety and Performance Requirements (GSPRs)#

GSPR

Requirement

MADDENING Contribution

Manufacturer Responsibility

1

Devices shall achieve intended performance and not compromise safety

MADDENING provides verified computational tools; does not define intended performance

Define intended performance for their device; validate MADDENING outputs for their COU

3

Devices shall be safe and effective throughout intended lifetime

Version-pinned releases, SOUP package per version, known anomalies tracked

Pin MADDENING version, monitor for updates, maintain throughout product lifetime

4

Risk management per ISO 14971

NodeMeta.hazard_hints provides technical hazard identification input; known_anomalies.yaml identifies candidate hazard contributors

Full ISO 14971 risk management file; clinical risk assessment

17.1

Software developed per state of the art, considering lifecycle, risk management, V&V

IEC 62304 lifecycle mapping (Section 11), registered verification benchmarks, anomaly management

Apply IEC 62304 to their own software; cite MADDENING evidence in SOUP assessment

17.2

Software safety classification

MADDENING provides Class C-ready SOUP documentation

Classify their software per IEC 62304 based on their risk assessment

17.4

Repeatability, reliability, performance

Functional purity (deterministic outputs), version pinning, regression tests

Validate in their operational environment; execution-layer monitoring

Annex II — Technical Documentation#

Annex II Section

Content Required

What MADDENING Provides

§1 — Device description

Component description including SOUP

docs/regulatory/intended_use.md, SOUP package Section 2

§4 — Design and manufacturing

Software architecture, IEC 62304 lifecycle, SOUP list

DESIGN.md, docs/regulatory/iec62304_mapping.md, SOUP package

§5 — Benefit-risk analysis

ISO 14971 risk management file including SOUP failure mode analysis

NodeMeta.hazard_hints, known_anomalies.yaml

§6 — Product V&V

Computational V&V evidence

Verification benchmarks, algorithm guides, test suite

MDCG 2019-16 — Cybersecurity#

MADDENING provides:

  • SBOM: CycloneDX format, attached to each release (when implemented)

  • SECURITY.md: vulnerability reporting process

  • Dependency monitoring: GitHub Dependabot + manual JAX changelog review

  • Cybersecurity boundary: documented in docs/regulatory/intended_use.md

The manufacturer must assess MADDENING’s cybersecurity posture as part of their MDCG 2019-16 documentation and implement additional controls as needed for their deployment context.