For regulated life sciences teams, demonstrating compliance isn't optional, and a declaration of conformity is one of the most important documents in your compliance toolkit. Whether you're a pharmaceutical sponsor managing vendor relationships, a CRO running clinical trials across multiple regions, or a quality team preparing for an inspection, you've almost certainly encountered this document. But what exactly is it, when do you need one, and how should you be managing it?
This guide breaks down everything life sciences teams need to know about declarations of conformity: what they are, what they must contain, when they're required, and how to manage them in a way that keeps you audit-ready at all times.
What Is a Declaration of Conformity?
A declaration of conformity (DoC) is a legally binding document in which a manufacturer, or their authorized representative, formally self-declares that a product meets all applicable regulatory requirements, directives, or standards. In essence, it's the manufacturer saying: "We have assessed this product against the relevant rules, and we confirm it complies."
This is distinct from a certificate of conformity, which is issued by an independent third party (such as a notified body or certification organization) after an external audit or assessment. A declaration of conformity is a self-declaration, and the responsibility sits with the manufacturer, not an outside assessor.
In the life sciences world, declarations of conformity are most closely associated with the EU regulatory framework. They are a formal requirement under several key regulations and directives, including:
- EU MDR 2017/745 — Medical Devices Regulation
- EU IVDR 2017/746 — In Vitro Diagnostics Regulation
- CE marking directives — covering machinery, electronics, PPE, and other product categories
- EU Annex 11 / GxP — which applies to computerized systems used in regulated pharmaceutical environments
It's worth noting that equivalent concepts exist outside the EU. In the United States, the FCC uses a Supplier's Declaration of Conformity (SDoC) for certain electronic equipment, and FDA-regulated environments may require similar conformity documentation for software and systems used in clinical and manufacturing contexts.
Important for life sciences teams: Under EU Annex 11 and GxP guidelines, regulated computerized systems, including document management platforms, eTMF systems, and quality management systems, should be accompanied by a declaration of conformity from the software vendor. This is part of demonstrating that your systems are fit for purpose and properly validated.
When Is a Declaration of Conformity Required?
The short answer: any time a manufacturer places a product on the EU market under a CE-marking directive, a declaration of conformity is required before the CE mark can be applied. But for life sciences teams specifically, there are several contexts where you'll encounter, or need to produce, a DoC.
Medical devices and IVDs
Under EU MDR 2017/745, manufacturers of medical devices must draw up a declaration of conformity as part of their technical documentation before placing a device on the market. The same requirement applies to in vitro diagnostic manufacturers under EU IVDR 2017/746. These documents must be kept current and available to competent authorities on request.
Computerized systems under GxP and EU Annex 11
Pharmaceutical sponsors and CROs operating in GxP environments are expected to qualify and validate the computerized systems they use, from electronic trial master file systems to quality management platforms. As part of vendor qualification, sponsors should obtain a declaration of conformity (and ideally a full validation package) from their software vendors, confirming that the system has been developed and validated in accordance with applicable regulations.
Vendor qualification and audits
Even if your company doesn't manufacture regulated products directly, you are responsible for the compliance of the vendors and systems you use. Quality teams running vendor qualification programs should routinely collect and maintain DoC documentation as part of the audit trail. Regulatory inspectors may ask to see these documents, and "we have it in an email somewhere" is not an acceptable answer.
Clinical trial applications
Clinical trials involving investigational devices, particularly in the EU under the Clinical Trials Regulation (EU CTR), may require inclusion of conformity documentation as part of the trial application. If your study involves a device component, it's worth checking whether a DoC is required for your Clinical Trial Application (CTA).
Due diligence
Investors and acquirers conducting due diligence on life sciences companies will commonly request evidence of regulatory compliance, including conformity documentation for your products, systems, and vendor relationships. Having these documents organized and accessible can accelerate the process considerably.
What Must a Declaration of Conformity Include?
The required contents of a declaration of conformity vary depending on which regulation or directive applies. However, under EU MDR Annex IV, which sets out requirements for medical device declarations, the document must include the following elements:
- Manufacturer identity: Name, registered trade name or mark, and address of the manufacturer (and authorized representative if applicable)
- Product identification: Name, model, product code, lot or serial number, UDI (Unique Device Identifier) where applicable
- Statement of conformity: A declaration that the product conforms to all applicable provisions of EU MDR 2017/745 (or the relevant regulation)
- Applicable standards: Any common specifications or harmonized standards that have been applied
- Notified body details: Where a notified body has been involved in the conformity assessment, their name, identification number, and the certificate number
- Supplementary information: Any applicable annexes, codes, or performance standards
- Date and place of issue
- Authorized signatory: Name, function, and signature of the person authorized to sign on behalf of the manufacturer
For software systems under EU Annex 11, the structure may differ, but the core principle is the same: a named, accountable individual declares that the system meets applicable requirements, and that declaration is backed by documented evidence.
Key ongoing requirements
A declaration of conformity is not a one-time document. It must be kept up to date throughout the product's lifecycle. If the product changes, through a design update, a software release, or a significant change in manufacturing, or if the applicable regulations change, the DoC must be reviewed and revised accordingly.
Under EU MDR, manufacturers must retain the declaration of conformity (and supporting technical documentation) for at least 10 years from the date the last product was placed on the market. For implantable devices, this extends to 15 years.
This retention requirement alone makes the case for a structured document management system. Maintaining a legally compliant 10-year document archive in a shared drive or email inbox is not a realistic or defensible approach.
Declaration of Conformity in Clinical Trials and Pharma Operations
For pharmaceutical sponsors and CROs, declarations of conformity show up in two distinct ways: as documents you receive from vendors, and, in some cases, as documents you may need to produce or include in regulatory submissions.
Managing vendor DoC documents
If your organization uses GxP-relevant computerized systems, including electronic document management, eTMF, QMS, CTMS, and LIMS, you should have a declaration of conformity on file from each vendor. This is part of vendor qualification: before a vendor is approved, you need documented evidence that their system is fit for purpose and compliant with applicable regulations.
The challenge is that these documents accumulate quickly. A mid-sized sponsor might have DoC documents for a dozen or more systems, each with their own version history and update cycle. When an inspector asks to see your vendor qualification file for a specific system, you need to produce the right version of the right document immediately, not spend three days searching through inboxes.
Investigational devices in clinical trials
If your clinical trial involves an investigational medical device, such as a drug delivery system, a diagnostic device, or a combination product, you may need to include or reference conformity documentation in your CTA. Under the EU Clinical Trials Regulation, the requirements around device components are more stringent than under older frameworks, and regulatory affairs teams need to be prepared.
eTMF considerations
For trials involving investigational devices, certain conformity documents may be appropriate for inclusion in the Trial Master File. Your TMF reference model and study-specific TMF plan should define where device-related regulatory documents belong, and your eTMF system should make it easy to file and retrieve them.
Inspection readiness
Regulatory inspections, whether by the FDA, EMA, MHRA, or a national competent authority, can include requests for conformity documentation with little notice. Inspectors may ask to see your vendor qualification records, including DoC documents for your computerized systems. Organizations that can produce these documents immediately, in a well-organized format, create a very different impression than those scrambling to find them.
How to Manage Declaration of Conformity Documents Effectively
Managing declarations of conformity well is less about the documents themselves and more about the system you use to store, version, track, and retrieve them. Here are the practices that separate audit-ready teams from everyone else.
1. Centralize everything in one controlled repository
All DoC documents, whether received from vendors or produced internally, should live in a single, controlled document management system. Not a shared drive. Not a folder in your email. Not a combination of both with a spreadsheet to track which is which. A controlled repository with defined naming conventions, folder structures, and access controls is the only defensible approach for regulated environments.
2. Enforce version control from day one
When a vendor updates their declaration of conformity, following a software release, a regulatory change, or an internal process update, the new version must be captured and the previous version archived with its history intact. Overwriting the old document is not acceptable in a regulated environment. Your document management system should handle versioning automatically, maintaining a complete, unalterable history of every document.
3. Track expiry and renewal dates
DoC documents often reference underlying certifications that do expire. ISO 9001, SOC 2, and similar standards are renewed on defined cycles. If a vendor's certification lapses and you don't notice, you may have an unqualified vendor in your system. Automated alerts tied to renewal dates are essential for staying ahead of this.
4. Apply role-based access controls
Regulatory affairs, quality, and clinical operations teams all need access to conformity documentation, but not everyone needs the same level of access. Role-based permissions ensure that documents can be viewed by those who need them, while edit and approval rights are appropriately restricted. This is both a compliance requirement and a practical necessity for maintaining document integrity.
5. Maintain a complete audit trail
Every action taken on a controlled document, including every view, download, version change, and approval, should be logged automatically with a timestamp and user identity. This audit trail is a core requirement for GxP compliance and is what gives regulators confidence that your document management practices are sound.
6. Connect DoC management to your vendor qualification workflow
The most mature approach doesn't treat DoC collection as a one-off task. It embeds it into a repeatable vendor qualification process. When a new vendor is onboarded, DoC collection is a required step. When a vendor's certification comes up for renewal, the system prompts for an updated document. This way, your vendor qualification records stay current without relying on individual memory or manual follow-up.
How Kivo Helps Life Sciences Teams Manage Conformity Documentation
Life sciences teams managing declarations of conformity need a system that's already compliant, not one that adds to your compliance burden. That's the premise behind Kivo.
Kivo itself supplies a full validation package and declaration of conformity with every software release. Rather than placing the validation burden on your team, Kivo delivers pre-validated software with complete documentation, including conformity evidence aligned with EU Annex 11 requirements, loaded directly into your workspace. Customers tell us this reduces time spent on validation by 80–90% compared to legacy systems.
Beyond that, Kivo's Document Management System (DMS) is purpose-built for exactly the kind of controlled document management that declarations of conformity require:
- Version control: Every document version is captured automatically, with a complete, unalterable history. When a vendor updates their DoC, the new version is filed and the old one is archived, never lost.
- Expiry date tracking and automated alerts: Set renewal dates on time-sensitive certifications and receive automatic alerts before they lapse.
- Role-based access controls: Define exactly who can view, edit, and approve documents based on their role, with a secure document viewer that prevents unauthorized downloading, printing, or copying.
- Automatic audit trail: Every action on every document is logged automatically, including who viewed it, who changed it, and when, meeting GxP auditability requirements without any manual effort.
- Part 11 compliant e-signatures: For documents that require formal sign-off, Kivo includes built-in Part 11 compliant electronic signatures as well as DocuSign integration.
Kivo's Quality Management System (QMS) module extends this further, allowing teams to build vendor qualification workflows that include DoC collection as a structured, repeatable step, so nothing falls through the cracks when a new vendor is onboarded or an existing one comes up for renewal.
Kivo is FDA 21 CFR Part 11 compliant, EU Annex 11 compliant, SOC 2 and ISO 9001 certified, and trusted by more than 100 sponsors and service providers worldwide.
See Kivo in action — get a demo today.
Declaration of Conformity: Frequently Asked Questions
What is the difference between a Declaration of Conformity and a Certificate of Conformity?
A declaration of conformity is a self-declaration made by the manufacturer, asserting that their product meets applicable requirements based on their own assessment. A certificate of conformity is issued by an independent third party, such as a notified body or accredited certification organization, after completing an external audit or assessment. Both may be required depending on the product risk class and applicable regulation.
Who signs a Declaration of Conformity?
The declaration must be signed by a named, accountable individual who is authorized to act on behalf of the manufacturer, typically a senior quality, regulatory, or legal officer. The signatory is personally attesting to the accuracy of the declaration, so the role carries real accountability. Where an authorized EU representative is used (for manufacturers outside the EU), that representative may sign on the manufacturer's behalf.
How long must a Declaration of Conformity be kept?
Under EU MDR 2017/745, declarations of conformity and supporting technical documentation must be retained for at least 10 years from the date the last product was placed on the market. For implantable devices, this period extends to 15 years. Other regulations and directives have their own retention requirements, so always check the specific regulation that applies to your product.
Does a Declaration of Conformity expire?
The declaration itself does not have a fixed expiry date, but it must be updated whenever the product, manufacturing process, or applicable regulations change in a way that affects conformity. Underlying certifications that the DoC references, such as ISO 9001 or SOC 2, do expire on defined renewal cycles, and if those lapse, the DoC may no longer be accurate. This is why tracking renewal dates is critical.
Do I need a Declaration of Conformity for software?
Under EU Annex 11 and GxP guidelines, pharmaceutical organizations are expected to obtain conformity evidence from vendors of regulated computerized systems. A software vendor's declaration of conformity, along with a full validation package, is part of demonstrating that a system is suitable for use in a regulated environment. If your document management system, eTMF, or QMS vendor cannot supply this documentation, that's a significant qualification risk.
What's the difference between a declaration of conformity and a validation package?
These are complementary but distinct. A declaration of conformity is the manufacturer's formal statement that a product meets applicable requirements. A validation package is the body of documented evidence, including IQ/OQ/PQ testing, test scripts, screenshots, and results, that supports that declaration. In a properly managed system, the DoC is backed by the validation package, and both should be available for inspection.
Where should Declaration of Conformity documents be stored?
In a validated, Part 11 compliant document management system with version control, automatic audit trail, and role-based access controls. Storing controlled documents in shared drives, email folders, or unvalidated file storage systems is not compliant with GxP requirements and creates significant inspection risk. A purpose-built DMS ensures every document is versioned, traceable, and retrievable on demand.
The Bottom Line on Declarations of Conformity
A declaration of conformity isn't just a piece of paperwork. It's a formal, legally accountable statement about a product's compliance with applicable regulations. For life sciences teams, it shows up as something you receive from vendors, something you may need to produce or reference in regulatory submissions, and something regulators may request during inspections.
Managing these documents well, with proper version control, expiry tracking, audit trails, and controlled access, is not optional in a regulated environment. The good news is that it doesn't have to be complicated. The right document management system handles the compliance infrastructure for you, so your team can focus on the work that actually moves your programs forward.
Kivo gives growing life sciences teams a fully validated, Part 11 compliant document and process management platform that's ready from day one, with no lengthy implementation, no hidden fees, and no compliance burden shifted onto your team.
