The Regulatory Naughty & Nice List: A Holiday Guide for MedTech Startups

Because Santa isn’t the only one checking twice… your regulatory team is too.

The holiday season has a way of making all of us reflect—on what we’ve built, what we’ve learned, and what we might need to tighten up going into the new year. For medtech startups, it’s also the perfect moment to pause and take stock of your regulatory and quality practices before heading into another round of development, funding, or FDA milestones.

At Avio MedTech, we’ve worked with enough innovators to know this: regulatory success isn’t magic—it's habits. Some teams build those habits early, and others… well, they’re on the naughty list for a reason.

So in the spirit of the season, here’s our lighthearted (but accurate!) Regulatory Naughty & Nice List—a guide to the behaviors that keep your startup on the right side of compliance, and the pitfalls that can land you in hot cocoa–worthy trouble.

🎅 The Nice List

These are the teams heading into the new year with tidy DHFs, confident submissions, and good regulatory karma.

✨ 1. You document early, and you document often.

Great startups don’t rush to catch up on documentation the night before an audit. They treat documentation as part of development, not a separate chore. Design decisions, risk assessments, testing rationale, clinical assumptions—everything has a home.

✨ 2. You engage FDA or your Notified Body early.

You don’t guess your way through regulatory strategy. Q-Subs, Sprint Discussions, and informal interactions—these touchpoints reduce uncertainty, prevent costly rework, and keep your pathway realistic.

✨ 3. You align testing plans with your regulatory strategy.

You know exactly which standards apply and why. You choose tests intentionally—not because they sound good, but because they’re required based on your risk profile, intended use, and regulatory pathway.

✨ 4. You build quality into company culture from day one.

Quality isn’t an SOP that sits in a folder—it’s how people think and operate. The earlier a startup embraces this mindset, the smoother everything becomes: development, testing, verification, submission, and scaling.

✨ 5. You perform real, robust risk management (ISO 14971).

Not surface-level. Not copy-paste. You analyze hazards thoughtfully, link mitigations clearly, and understand your residual risks. This discipline leads to smarter design decisions and fewer surprises.

✨ 6. You validate your software, tools, and processes.

If it's used in development, testing, or release—it’s validated. Whether it's a piece of test equipment or a spreadsheet that calculates critical outputs, validation builds reliability into your processes.

✨ 7. You maintain a clean, current DHF/DMR.

Version control? Clear. Traceability? Solid. Auditor? Pleasantly surprised. These companies won’t need Santa’s help—just a steady team and a consistent approach.

😈 The Naughty List

Teams on this list aren’t bad—they’re just making preventable mistakes that could slow down development or derail a submission. Don't worry… there’s still time to get back on track.

❌ 1. “We’ll write the documentation later.”

Spoiler alert: “later” never arrives until it’s far too late. Scrambling to recreate months of decisions is one of the fastest paths to errors, inconsistencies, and an unhappy auditor.

❌ 2. Making design changes without updating risk or traceability.

If Santa can keep track of billions of kids, you can track a design update. Unlinked changes are among the most common—and expensive—regulatory issues for startups.

❌ 3. Treating the QSMR like a box-checking exercise.

If your team doesn’t actually use your quality system, you don’t have one. FDA and Notified Bodies can tell the difference between a system that’s lived-in and one that’s performative.

❌ 4. Submitting before testing is complete or stable.

If your test report begins with “draft” or “pending data,” the FDA will notice. Startups often submit too early because of investor pressure—but it always backfires.

❌ 5. Using unvalidated tools or AI outputs without justification.

Generative AI, uncalibrated equipment, or “just trust me” spreadsheets can’t support regulatory decisions without validation and justification.

❌ 6. Skipping usability or human factors.

“Intuitive” is not a justification.

❌ 7. Developing without a regulatory strategy.

“Pretty sure this is a 510(k)” is not a strategy. A poor regulatory plan leads to wrong testing, wrong design assumptions, and wrong timelines. The naughty list isn’t about blame—it’s a reminder that early-stage decisions shape the success or failure of your entire regulatory journey.

🎁 Santa’s Final Advice for MedTech Startups

Whether you're on the naughty or nice list today, here’s what Santa—and your regulatory team—ultimately care about:

• You understand your intended use clearly.

• You know your regulatory pathway and evidence requirements.

• You connect design, risk, and testing.

• You treat quality as a philosophy, not paperwork.

• You communicate early, openly, and often.

  
  

These principles don’t just avoid headaches—they accelerate innovation and increase the odds of regulatory success.

🌟 Closing Thoughts

Regulatory excellence isn’t about perfection—it’s about consistency, clarity, and alignment. For medtech startups, building good regulatory habits early can be the difference between delays and decisive progress.

If you want help getting off the naughty list (or staying off it), Avio MedTech is always here to support your journey. Contact us to get started.