Sam studied MRes Medical Device Design & Entrepreneurship at Imperial College London under the supervision of Prof James Moore Jr, The Royal Academy of Engineering Chair of Medical Device Design. Here, Sam gained experience in the development of biofeedback, closed loop neuromodulation devices for neurorehabilitation. After graduating from Imperial College London, Sam took a Research Associate position in the lab of Professor Rylie Green, Head of Department for Bioengineering. Today, Sam is a Cambridge NeuroWorks Frontier Fellow developing Myonerv, a wearable medical device to monitor and treat stroke-induced paralysis, funded by ARIA. With a passion in seeing world-class medical devices to treat patients with neurological diseases, and improving lives around the world.
Medical device safety is important, self-explanatory, and has no argument against. However, when a startup begins their journey towards medical device certification, they’ll come across a small club of organisations responsible for issuing compliance certificates i.e. the only way of legally selling medical devices. These entities hold the keys to the major passageway between breakthrough technologies and clinical use. Access to their library of Standards are gatekept, interpretation is then sold, and patient lives are being held at ransom for regulatory approval. Is this how patient safety and technological advancements should be managed? And if this doesn’t change, is society itself under the control of a mafia, at the very top of the command chain?
The cost of compliance for early-stage technologies is often insurmountable. It can cost £200,000 from a regulatory consultant to prepare your first documentation packages. This leaves so many incredible ideas buried within world-class institutions, as it’s not worth risking a steady research career to venture into the high-stakes world of fundraising a startup, whereby a disproportionate sum goes towards navigating regulation. With the advent of AI, can this notoriously high bar for accessibility flatten?
In the UK and EU, the Medical Device Directive/Regulation (MDD/MDR) sets the stage for regulatory compliance — a publicly available legal document that outlines a series of Essential Requirements that devices must meet. In order to comply with these Essential Requirements, you’re required to reference Standards written by external non-profit Organisations — most commonly the International Organization for Standardisation (ISO), International Electrotechnical Commission (IEC), or European Standards (EN) specifications. These Organisations restrict access to these documents behind paywalls, yet they form the basis of your legal obligation. These Standards can cost hundreds of pounds each just to view and are updated frequently, requiring ongoing purchases to stay compliant; containing language that is notoriously vague and dense . This is because each Standard is written as a “one-size-fits-all” to apply for any innovation. Ironically, Standards are supposed to help innovators comply with the MDD/MDR, but instead they’ve only added an additional layer of complexity to the existing puzzle, one that will cost you time and money to solve.
It is the manufacturer's responsibility to know which Standards they need. But where does a small startup begin, when access to Standards are blocked, relevance unclear and insights gatekept. The entire process is incredibly convoluted; it is a purpose built maze under the guise of a non-profit, with no signposts or guides – only toll booths at every turn, with no option to buy a map. Why would they offer one, if they feel they’ve met the minimum requirements of their task, and millions are already standing in line for this approved service. Manufacturers ranging from small startups to multi-nationals therefore rely on consultants to navigate this maze of Standards and compliance. Consultants who hail from these non-profit Notifying Bodies, Competent Authorities or Standards Organisations themselves. Building their competence from their time behind the firewall, within this exclusive club. In some cases, consultants are former manufacturers who struggled to navigate this same maze and pivoted to consultancy. Regulatory consulting is for-profit, and you are charged for every "work package," every round of feedback, and every regulatory iteration. Most are trying to help, but Standards aren’t intuitively applicable to innovations – especially for emerging technologies. Meanwhile, the exchange of cash throughout this industry has created a market size worth $6.8 billion in 2024 and will reach $13.7 billion in 20321, for medical devices alone (i.e. excluding In-Vitro Diagnostics, BioTech, Pharma etc.). Quite the growth for an industry with non-profits at its core.
An Access Expense – Not a Technical Expense
This is where the frustration lies: the costs imposed by regulation are not like those of prototyping, clinical testing, or engineering. These are technically-driven challenges. You innovate through clever engineering to solve a technical problem. You invest in clinical trials to generate data.
But the cost of regulatory compliance is tied to access. You're paying for pre-written text in an existing library. You're buying documents, and then paying someone by the day to interpret them — with no guarantee they understand your technology or field, being lucky to be paired with someone who understands your vocabulary. Some Notifying Bodies, like the British Standards Institution (BSI), offer training courses costing thousands of pounds just to cover the surface of the Standards landscape, but these don’t equip you with the confidence to understand regulatory compliance for your medical device.
Meanwhile, ISO Standards themselves, referenced in UK and EU regulations, cost anywhere from £100 to £500 per document and are regularly amended — creating a recurring expense just to remain compliant. Multiply that by dozens of documents per device, £100,000s in consulting work packages and notifying body audits - then the total feels strangely disproportionate when access to text becomes more expensive than engineering the innovation. Innovators are surprised by their own budget when pitching to investors. But investors and governmental grant bodies are fully aware that a project’s success hangs entirely on the ability to execute on regulatory compliance, and expect costing in the £100,000s per project for consulting, or they just won’t invest in you. This is the industry standard, and it’s costing society millions.
AI: The Tool That Could Break the Firewall
For the first time, the monopoly maintained through limited-access and ambiguity is vulnerable. Tools such as RegMetrics and RegNav are beginning to emerge in a bid to tackle this multi-billion pound industry head-on. It’s only a matter of time before the system is democratised for the benefit of mankind. Imagine this: a ChatGPT that outlines every Standard you need to be compliant for your medical device. It’s perfect. It wouldn’t even be pushing AI to the fullest, and yet it would change the world. Parsing a pre-existing library of Standards – this is our destiny. RegMetrics is charging only £200 per month, and still implementing consulting in their practice, suggesting test houses and advising on the device output, but the weight of the workload is offset. Large Language Models (LLMs) can parse entire legal frameworks — MDR, ISO Standards, guidance documents, and post-market surveillance protocols — in minutes. This is a tool that cannot replace consultants, but allows them to increase the quality of their service, take on more clients, and increase the throughput of innovation into clinics.
The Case for Structural Reform
Regulation is about protecting patients. But if world class technologies are being held from the public behind this expensive labyrinth - then we must ask ourselves if these Organisations are “protecting” us, or if this is “protection racketeering”? Offering safety to the public at a price, with the implied threat that failure to pay will result in patients not receiving life-saving treatments. The comparison to the mafia in this article should shock, but is this an exposé if the status quo is so blatant, or is it satirical if the silence is louder than the laugh? Let’s be frank: legal requirements should be transparent, and ideally accompanied by freely accessible Standards, with open-source tools for navigating them. If Standards will not become open-source, then Governments should put pressure on Standard Organisations to reform the way Standards are presented – by way of interactive checklists or decision trees. In any case, LLMs are perfect for this industry, and what Rita Hendricusdottir at RegMetrics is doing is an attempt to save the world. A real David and Goliath moment. Otherwise, regulators will continue taking financial advantage of their privilege. Sure, they go by “non-profits”, but what’s stopping them from pivoting into consultancy and charging millions; after designing the standards as ambiguous. Now, with the rise of AI, the hinges holding the door of this regulatory fortress are beginning to shake, and the quest to improving patient lives has never been so accessible.
1Medical Device Regulatory Affairs market size, share and forecast 2032 (2025) Credence Research Inc. Available at: https://www.credenceresearch.com/report/medical-device-regulatory-affairsmarket#:~:text=Market%20Overview,9.15%25%20during%20the%20forecast%20perio d. (Accessed: 10 June 2025).