Published On: 2. April 2026

Copy & paste in regulatory affairs: why the supposed shortcut becomes a compliance trap

Imagine the following scenario: A Regulatory Affairs Manager updates a risk analysis according to the current ISO 14971. The new standard reference is adapted, the entry in the document is correct. But the GSPR table in the same dossier still contains the old standard, copied from a previous project. During the next audit, the Notified Body discovers the inconsistency. The result: a major non-conformity, rework, delay in approval.

Not an extreme case, but everyday life in regulated companies.

The shortcut that isn’t a shortcut

Copy & paste is deeply rooted in technical documentation. This is not due to a lack of diligence on the part of the teams, it is due to the structures under which they work. Product descriptions, intended uses, lists of standards, UDI information and risk measures must appear in several places in MDR and IVDR dossiers. Those who maintain this without a connecting logic inevitably duplicate content: manually, time-consuming and error-prone.

The temptation is real. Open an existing document, adopt relevant passages, adapt, save. What sounds like a sensible approach in theory quickly becomes a source of inconsistencies in practice. Because what is copied today may or may not be developed separately tomorrow, and that is precisely the problem.

Notified bodies and testing authorities have also recognized this. Guidelines on technical documentation according to the MDR explicitly point out that information that is duplicated in several places, such as Basic UDI-DI, intended purpose, indications, contraindications or warnings, must be kept consistent and that the risk of potential errors and inconsistencies should be specifically taken into account when updating.

The advice from the same guidelines: “Consider the use of an electronic document management system to synchronize updates throughout the documentation.” This sounds like a helpful tip, but is actually an urgent recommendation.

If an incorrect date jeopardizes the approval

What exactly happens when copy & paste goes wrong? The error types are well known and easy to document:

  • Outdated standard references:
    A standard is being revised, for example ISO 14971 for risk management. The team updates the risk management file, but forgets to update the GSPR checklist and the clinical evaluation report. Three different versions of the same standard appear in the audit.

  • Conflicting intended uses:
    The intended use is the core of the dossier. It must be identical in the instructions for use, in the GSPR, in the clinical evaluation report and in the labeling. Minimal deviations from different copying processes are sufficient to raise questions during a trial.

  • Inconsistent UDI information:
    Basic UDI-DI and UDI-DI must be entered correctly and consistently both in the dossier and in EUDAMED. If the value is taken from an older document without verifying it, discrepancies will arise between the registration database and the technical documentation.

  • Error propagation across product generations:
    Copy & paste is particularly treacherous when creating dossiers for product variants or successor generations. Content is copied from the previous dossier, incompletely adapted and the errors in the original document are silently carried over.

The consequences are not abstract. According to the MDR and IVDR, all information accompanying a product must be consistent with the data from the clinical evaluation report and the performance evaluation. Inconsistent or misleading information is considered a quality defect and can result in audit questions, rectification requirements and even withdrawal from the market by the authorities.

An analogy from the clinical environment and what it means for regulatory affairs

A similar problem exists in the clinical area: copy & paste is widespread in electronic health records (EHRs). Studies show that between 66 and 90 percent of clinical documenters routinely use this function. A study by the U.S. VA health care system found that 2.6 percent of diagnostic errors could be directly attributed to copy and paste, with measurable impact on patient safety. Typical error types: propagated misinformation, internal inconsistencies and content reused in the wrong context.

What leads to treatment errors in the clinical area leads to compliance errors in regulatory documentation. The mechanisms are the same: information is recorded incorrectly or not updated once, then copied many times and no one can keep track of where the source of the error is or how many places it has already infected.

The difference: in the clinical context, these are patient records; in technical documentation, they are approval documents. The consequences are real in both fields.

 

Copy&PasteinRegulatoryAffairs

The silent burden: what copy & paste does to teams

In addition to the compliance risk, there is a second dimension that is less frequently discussed: The impact on the people who do this work every day.

Regulatory affairs teams in medical technology and IVD companies are under considerable pressure. The MDR has significantly increased the requirements for the scope and depth of technical documentation. More documents, more cross-references, more verification obligations and often with the same resources as before.

If a large proportion of working time in this environment is not spent on content analysis and regulatory assessment, but on manually searching, comparing and synchronizing text modules, a form of invisible but real exhaustion arises. The risk of overlooking something is not only human, but structural. Teams working under these conditions are not doing a worse job, they are working in a system that leaves them no other choice.

The fact that copy & paste leads to burnout risks in regulated industries is now an explicitly discussed topic in English-language specialist literature.

What GSPR tables, standards lists and risk matrices have in common

They are cross-sectional content. This means that they appear in several documents, are interdependent and must remain synchronized. Across the entire product life cycle, across product variants and across update cycles.

This is precisely the structural problem behind copy & paste in technical documentation. It’s not about individual employees being careless. It’s about information being torn apart into separate documents without any connecting logic and then developing independently of each other.

The MDR and IVDR stipulate that the technical documentation must be kept up to date and designed in such a way that it enables conformity assessment. (Source: Article 10, Regulation (EU) 2017/745 and Regulation (EU) 2017/746) This requires consistent, fully traceable content across all documents, not just within individual files.

What regulatory affairs teams need is not more diligence. It’s a different structure.

Single source of truth: the opposite principle to copy & paste

The concept is simple and at the same time fundamental: every piece of information exists exactly once. It is maintained in a central location and from there is imported into all relevant documents. If something changes, such as a standard reference, a purpose or a risk measure, this change is made once and rolled out consistently everywhere.

In practice, this means that documentation content is no longer stored as isolated blocks of text in files, but as structured, linked information units. Regulatory requirements, risk controls and proof of compliance with standards are not reformulated for each document, but are maintained once and output in context.

This is the approach that BAYOOSOFT Themis consistently implements. Themis guides manufacturers through the process of creating technical documentation in accordance with MDR and IVDR. Not as a classic document management system that stores and archives files, but as an active platform for structuring, linking and audit-proof maintenance of documentation content.

Copy & Paste in Regulatory Affairs

Content such as GSPR requirements, risk measures or proof of compliance with standards is stored centrally once and can be integrated into all relevant document sections from there. If an input variable changes, the update follows automatically. This means: no manual synchronization across documents, no hidden inconsistencies, no uncertainty as to which document contains the current status.

For teams that previously worked with Excel spreadsheets or generic DMS solutions, the difference is noticeable. Dr. Jan Ole Jungmann from EUROIMMUN Medizinische Labordiagnostika AG describes it like this: “Previously, we worked with Excel spreadsheets and things could easily get lost. Our alternative ALM software solutions were very generic and not much better than the Excel spreadsheets. With BAYOOSOFT Themis, we don’t have to worry about this, as maintained documentation is generated completely at the touch of a button.”

Changes that used to take weeks can be implemented in a fraction of the time with Themis, not because content is copied faster, but because it no longer needs to be copied at all.

Conclusion: The problem is not the team – it’s the structure

Copy & paste is not laziness or the fault of individuals. It is the logical consequence of documentation systems that were not built for networked, regulatory complex content. As long as information lives in isolated files, every update becomes a manual synchronization project. With all the risks that entails.

In regulated industries, this is not an academic problem. Inconsistent technical documentation is a concrete compliance risk that jeopardizes audits, delays approval processes and burdens teams.

The answer is not more control, but better structure. A single source of truth, in which information is maintained once and used consistently everywhere, solves the problem at its root.

This is how we support you

With BAYOOSOFT Themis, you can digitize linked processes and sustainably reduce documentation costs while minimizing redundant data. This allows you to keep track of your required evidence and documents when it comes to performance evaluation and thus comply with the regulations.

BAYOOSOFT Themis

FAQ: Frequently asked questions about copy & paste in regulatory documentation

The most typical error patterns include outdated standard references that have been updated in some documents but not in others; different wording of the intended purpose in different parts of the dossier; inconsistent UDI information between technical documentation and EUDAMED registration; and risk measures that are correctly recorded in the risk management report but not reflected accordingly in the GSPR table. All these errors are not caused by negligence, but by a lack of structural linking of the content.

Inconsistent documentation is considered a quality defect and can lead to queries, rectification requirements or classification as non-conformity during an inspection by the notified body or a market surveillance authority. In the worst case, approval processes can be significantly delayed or there is a risk of withdrawal from the market by the authorities. The MDCG Guideline 2021-27 makes it clear that all product-related information must be consistent with the clinical evaluation data.

A classic DMS manages and archives files. It ensures that documents are versioned and accessible – but does not solve the problem of having to manually maintain the same information ten times in ten different documents. A single source of truth platform such as BAYOOSOFT Themis goes one step further: content is stored centrally once and integrated into all relevant document parts in a structured manner. If an input variable changes, the system updates itself consistently – without manual synchronization.

Yes, completely. The IVDR (EU 2017/746) places similarly high demands on the technical documentation for in-vitro diagnostics as the MDR does for medical devices. Here too, performance evaluation, risk files, classification certificates, intended purpose and labeling data must be kept consistent and up-to-date throughout the entire product life cycle. These requirements are particularly critical for manufacturers in higher risk classes (C and D), who must involve a notified body.

Not through more manual checks, but through a system that only stores information once and makes it available in a linked format. In practice, this means that content such as standards lists, GSPR requirements and risk controls are maintained in a central platform and imported into the relevant documents from there. Changes are updated system-wide. This approach – known as the single source of truth – is the opposite of copy & paste and the basis on which BAYOOSOFT Themis is built.

If a considerable amount of working time is spent on manually searching, comparing and synchronizing document content, there is less capacity for content-related regulatory work. The permanent uncertainty as to whether all positions are up to date and the knowledge that every change requires a time-consuming comparison is a structural burden. In an environment that is already under pressure due to increasing regulatory requirements, this is a relevant factor for teams and companies.

Is your company looking for a strong partner for management software solutions?

Contact us now and we will introduce you to our products without obligation.

Klingt spannend? Teilen Sie diesen Beitrag doch mit Ihrem Netzwerk.

Is your company looking for a strong partner for management software solutions?

Contact us now and we will introduce you to our products without obligation.