Can You Outsource Your PRRC? How External PRRC Services Work (and What They Cost)

Quick answer: Yes — if you are a micro or small enterprise under EU definitions, Article 15(2) of EU MDR (2017/745) lets you contract an external Person Responsible for Regulatory Compliance instead of employing one. The external PRRC must be a named, qualified individual who is "permanently and continuously at your disposal," formally mandated in writing, and genuinely involved in your release, post-market surveillance, and vigilance decisions. QLE Group provides PI-insured external PRRC mandates from Brussels for EU MedTech manufacturers.

Who is allowed to outsource the PRRC role

The exemption applies to micro and small enterprises as defined in Commission Recommendation 2003/361/EC — broadly, companies with fewer than 50 employees and turnover or balance sheet total not exceeding €10M. Medium and large manufacturers must have the PRRC available within their organisation.

Most MedTech startups and scale-ups qualify. If you have one to three devices and no dedicated regulatory department, an external PRRC is usually the economically rational structure.

What a legitimate external PRRC mandate includes

A compliant external PRRC arrangement is more than a name on an org chart. Before signing, verify the mandate covers:

A written contract naming the individual. The PRRC is a person, not a firm. The contract should name who holds the role, evidence their Article 15(1) qualifications, and define availability.

Genuine access and involvement. The PRRC must be able to verify device conformity before release, review technical documentation and the declaration of conformity, oversee post-market surveillance compliance, and act on vigilance timelines (15 days for serious incidents, 10 days for death or serious deterioration, 2 days for serious public health threats).

Documented verification activities. Auditors ask for evidence that the PRRC actually did the checks — signed release verifications, PSUR reviews, vigilance decision records.

Professional indemnity insurance. The PRRC carries personal regulatory responsibility. A provider unwilling to insure that responsibility is telling you how seriously they take it. QLE Group mandates carry €1M PI cover.

Red flags in cheap PRRC services

The market includes providers who sell PRRC "coverage" as a letterbox service. Warning signs: the contract names a company rather than an individual; the PRRC has never seen your technical documentation; there is no defined process for vigilance escalation; the same person "covers" dozens of manufacturers with no capacity analysis; and no insurance stands behind the signature. Notified bodies have learned to probe exactly these arrangements.

How external PRRC pricing works

Serious providers price PRRC mandates against regulatory complexity — the number of devices, the maturity of your QMS, your post-market data volume, and vigilance likelihood — not against device class alone. A monthly retainer model is standard, because the obligations (PMS oversight, PSUR cycles, vigilance readiness) are continuous, not transactional. QLE Group publishes its complexity-indexed pricing openly at qle.be.

How the handover works in practice

A typical onboarding runs: (1) a scoping call and complexity assessment; (2) gap review of technical documentation, PMS system, and QMS to confirm the PRRC can lawfully take responsibility; (3) written mandate and QMS integration — the PRRC is named in your quality manual and release procedures; (4) ongoing rhythm of release verification, PSUR/PMS review, and vigilance standby.

Expect a serious provider to refuse the mandate if your documentation is in a state no qualified professional could take responsibility for — and to quote remediation first.

Frequently asked questions

Is an outsourced PRRC accepted by notified bodies? Yes, for micro and small enterprises — provided the arrangement is real. Notified bodies audit the substance: mandate, qualifications, evidence of involvement.

Can our authorised representative also be our PRRC? The roles are distinct and Article 15(6) requires the AR to have its own PRRC. Combining functions in one person creates conflict-of-interest questions; keep them separate.

What does an external PRRC cost? Retainers vary with complexity. QLE Group indexes pricing to regulatory complexity — device count, QMS maturity, PMS volume — never device class alone, and publishes rates transparently.

Can we switch to an in-house PRRC later? Yes. A good external PRRC builds documentation an in-house successor can inherit — treat it as infrastructure, not dependency.

About QLE Group

QLE Group is a Brussels regulatory practice providing external PRRC mandates, ISO 13485:2016 QMS build-outs, and full outsourced RA/QA infrastructure for EU MedTech companies. All mandates are held personally by Radoslav Milkov — qualified PRRC, accredited ISO 13485 and 21 CFR 820 Lead Auditor, LL.M. in EU Law, European Commission external expert.

Exploring an external PRRC? Book a scoping call or email info@qle.be.

Previous
Previous

PRRC vs Authorised Representative vs Importer: Who Does What Under EU MDR

Next
Next

What Is a PRRC? EU MDR Article 15 Explained for Medical Device Companies