DJ Fang
Real-world data is reshaping medtech — but at what cost?
May 02, 2025
By DJ Fang
Data is changing the way medtech companies operate, not just in how devices are built but also in how they’re approved, regulated, and launched in global markets. Real-world data and AI tools are becoming a key part of regulatory operations, helping teams build evidence, manage submissions, and meet compliance requirements across different regions.
This shift is reshaping investment and hiring across the industry, with companies building out data infrastructure, regulatory technology, and AI capabilities to support these demands. But as the use of data grows, so does regulatory risk. Companies are facing new pressures to manage privacy, security, and compliance, particularly when operating across markets with different rules on data use.
Data is reshaping regulatory workflows
Regulatory processes in medtech are changing. What was once a manual, document-heavy exercise is becoming faster and more data-driven. Real-world evidence, once used mainly after products reached the market, is now shaping regulatory decisions much earlier, helping companies strengthen submissions and speed up approval processes.
AI tools are making it easier to manage this shift. They’re helping regulatory teams clean and structure large datasets, identify gaps in documentation, and generate evidence from patient records or registries. This isn’t about AI inside the product. It’s about using AI to improve the process of getting that product to market.
With better access to real-world data, companies can respond to regulators faster, back up claims with stronger evidence, and in some cases, shorten approval timelines. As McKinsey notes, AI is most effective when built into day-to-day workflows. In regulatory operations, that means using AI to handle repetitive data tasks such as cleaning datasets, structuring evidence, or flagging gaps while experts focus on decisions that require human judgment.
Regulators are responding to these changes too. The FDA, for example, continues to expand its guidance on real-world evidence. Meanwhile, in Europe, EMA’s DARWIN EU project is designed to improve regulator access to real-world health data.
More data, more responsibility
But with innovation comes more responsibility. Working with data across global markets adds complexity. Rules around what data can be collected, where it can be stored, and how it can be shared vary widely.
For regulators, the integrity and traceability of that data are critical. It’s not enough to submit evidence; companies need to show how that evidence was collected, validated, and managed across its lifecycle. Data provenance is becoming a central concern in regulatory submissions, particularly for companies operating across multiple regions. In fact, 69% of medtech leaders say maintaining data integrity while meeting changing regulatory requirements is their biggest challenge.
This focus on traceability is also shaping emerging legislation. In Europe, the proposed AI Act is expected to increase expectations around audit trails, performance monitoring, and transparency — particularly for systems handling sensitive health data. While the Act primarily targets AI used in products or clinical settings, its principles of transparency, traceability, and accountability are already influencing how regulators view AI use within regulatory operations.
For medtech companies, this means compliance can no longer be treated as a final checkbox. Regulatory strategy needs to be embedded throughout the entire data lifecycle, from the way data is gathered to how it is used in submissions, ensuring that every insight meets regulatory standards and supports patient safety.
Data security is now a regulatory issue
As regulatory processes become more dependent on real-world data, privacy and security expectations are rising. Regulators want to see exactly where data comes from, how it moves, who has access to it, and how it’s protected.
This becomes even more challenging when health data crosses borders, as privacy rules vary widely between regions. In Europe, for example, GDPR requires companies to demonstrate how personal data is collected, stored, and deleted. In the US, HIPAA places strict controls on how health information is shared. Other markets are introducing their own data localization and protection laws, adding further complexity for companies operating globally.
Data is now central to regulatory strategy in medtech. It’s reshaping how evidence is built, how submissions are managed, and how compliance is maintained. But working with that data, especially across multiple markets, means privacy and security need to be built in from the start, not bolted on later.
About the author: DJ Fang is the co-founder & COO of Pure Global.
Data is changing the way medtech companies operate, not just in how devices are built but also in how they’re approved, regulated, and launched in global markets. Real-world data and AI tools are becoming a key part of regulatory operations, helping teams build evidence, manage submissions, and meet compliance requirements across different regions.
This shift is reshaping investment and hiring across the industry, with companies building out data infrastructure, regulatory technology, and AI capabilities to support these demands. But as the use of data grows, so does regulatory risk. Companies are facing new pressures to manage privacy, security, and compliance, particularly when operating across markets with different rules on data use.
Data is reshaping regulatory workflows
Regulatory processes in medtech are changing. What was once a manual, document-heavy exercise is becoming faster and more data-driven. Real-world evidence, once used mainly after products reached the market, is now shaping regulatory decisions much earlier, helping companies strengthen submissions and speed up approval processes.
AI tools are making it easier to manage this shift. They’re helping regulatory teams clean and structure large datasets, identify gaps in documentation, and generate evidence from patient records or registries. This isn’t about AI inside the product. It’s about using AI to improve the process of getting that product to market.
With better access to real-world data, companies can respond to regulators faster, back up claims with stronger evidence, and in some cases, shorten approval timelines. As McKinsey notes, AI is most effective when built into day-to-day workflows. In regulatory operations, that means using AI to handle repetitive data tasks such as cleaning datasets, structuring evidence, or flagging gaps while experts focus on decisions that require human judgment.
Regulators are responding to these changes too. The FDA, for example, continues to expand its guidance on real-world evidence. Meanwhile, in Europe, EMA’s DARWIN EU project is designed to improve regulator access to real-world health data.
More data, more responsibility
But with innovation comes more responsibility. Working with data across global markets adds complexity. Rules around what data can be collected, where it can be stored, and how it can be shared vary widely.
For regulators, the integrity and traceability of that data are critical. It’s not enough to submit evidence; companies need to show how that evidence was collected, validated, and managed across its lifecycle. Data provenance is becoming a central concern in regulatory submissions, particularly for companies operating across multiple regions. In fact, 69% of medtech leaders say maintaining data integrity while meeting changing regulatory requirements is their biggest challenge.
This focus on traceability is also shaping emerging legislation. In Europe, the proposed AI Act is expected to increase expectations around audit trails, performance monitoring, and transparency — particularly for systems handling sensitive health data. While the Act primarily targets AI used in products or clinical settings, its principles of transparency, traceability, and accountability are already influencing how regulators view AI use within regulatory operations.
For medtech companies, this means compliance can no longer be treated as a final checkbox. Regulatory strategy needs to be embedded throughout the entire data lifecycle, from the way data is gathered to how it is used in submissions, ensuring that every insight meets regulatory standards and supports patient safety.
Data security is now a regulatory issue
As regulatory processes become more dependent on real-world data, privacy and security expectations are rising. Regulators want to see exactly where data comes from, how it moves, who has access to it, and how it’s protected.
This becomes even more challenging when health data crosses borders, as privacy rules vary widely between regions. In Europe, for example, GDPR requires companies to demonstrate how personal data is collected, stored, and deleted. In the US, HIPAA places strict controls on how health information is shared. Other markets are introducing their own data localization and protection laws, adding further complexity for companies operating globally.
Data is now central to regulatory strategy in medtech. It’s reshaping how evidence is built, how submissions are managed, and how compliance is maintained. But working with that data, especially across multiple markets, means privacy and security need to be built in from the start, not bolted on later.
About the author: DJ Fang is the co-founder & COO of Pure Global.