For example, one of the deviations is that, even though ISO 14971 says that for low, negligible risks, the manufacturer is not require to take any measure, the official interpretation of the directive (and which will be considered a deviation of the revised EN ISO 14971) is that all risk, regardless of being negligible or not, have to be reduced as much as possible. This creates a somewhat impossible situation in which manufacturers have to go after ALL risks, even the ones in which the probability is extremely low or the severity is negligible.
And this is only one of the 7 "weird" deviations.
The above appears to be absurd if we look at individual hazardous situations, which is the current structure of ISO 14971. However, as mentioned in previous posts, if the estimated "risk" includes the risk associated with the use of resources (increase cost of medical device, delay to market, disincentive to innovation), then it is perfectly reasonable (and desirable) to set an objective of reducing risk without limit.
In the case of "negligible" risks, most likely the application of risk management resources will increase risk (cost, delay, disincentive), and as such the risk can be considered already minimized; no action is required.
The real difference (and concern from Europe) comes in the risk/benefit area, where under ISO 14971 as long as the benefit exceeds the risk, a manufacturers can justify no further effort, because they set their own criteria. And in fact this happens frequently in the real world.
True story: a hearing aid manufacturer places a new high powered 145dB model on the market, at the request of doctors. When asked about the risk of hearing damage, they found clinical literature that showed already around 6% of patients with hearing aids suffer further hearing loss due to their hearing aids. But, the manufacturer argued, without the hearing aid the brain's auditory part shuts down (the brain starts to use it for other purposes). So, given the benefit exceeds the risk by a high factor (more than 10:1), the manufacturer considered no further action is necessary.
This complies with ISO 14971.
But, on basic principles it is wrong.
Let's assume that by putting some simple intelligence into the hearing aid the amount of hearing damage could be reduced. Hearing damage is a function of sound level and time. So, we could limit the daily amount of peak output, or better still integrate daily exposure and reducing the output if daily limits are exceeded. Let's further assume this new software could reduce the incidence of patient damage from 6% to 2%.
Clearly, the a small amount of resources in software development would be well justified.
So, it should be obvious that "acceptable risk", or "risk/benefit" are not very good criteria for deciding if risk should be reduced. Rather, it is simply a case determining if the application of resources can get a significant reduction in risk, a "bang for your buck" so to speak.
What about the remaining 2%? If the manufacturer can demonstrate that trying to reduce the 2% further would cause excessive complications (excessive cost, or excessive limitation of the output), then the residual risk should be deemed acceptable. But, even at 2% the risk is high and should be subject to constant review, including review of new technology, clinical literature and the like.
This I think is what the Europeans are trying to get at.