This might be a legal matter specific to your country, having to do with patent protection, rather than ISO 13485 or medical device regulations.
Was this an auditor from an EU notified body?
Also, if your auditor is citing requirements, they should be actually citing them. That is to say, they shouldn't just be telling you that you are required to do this or required to do that. They should cite the specific section of a specific law, regulation, or guidance where the requirement can be found. You should not accept an audit report or findings without these citations, nor should you accept an auditing organization that sends out auditors who fail to provide them. IMO. Hopefully the EU will not be accepting such auditors and audit reports going forward, but time will tell. If medical device companies are willing to accept them, then that's on them.