The problem is that "group of devices" is not a defined term anywhere that I know of. If you mean by a "group of devices" a device family (which is a term usually defined in regulations, for example), then ISO 14971 already applies to that (but you have to perform the process for each family, anyway).
The rest of your comments are more or less what I mentioned, you can do anything you want regarding analysis, create lists, etc., but it is something "extra" to facilitate the application of the risk management process for a specific device or family. But you still need to transpose all the information to the specific risk analysis (you may try to link things, but from my experience it may create a lot of trouble, in particular when related to verifying completeness and assessing changes).
"Also, besides not being a good engineering practice .." <= Why is this considered as such ?
If you don't mind, please add a reference for me to research this in more detail.
I mentioned this in the context of what you seemed to be implying - to do something like a "bulk" risk analysis. Your further comments seems to have clarified that. However, your comments still look to imply that you would simply link things to a generic document, which as I mentioned above, may create trouble.
You identified "bad readability due to direct sunlight".
This is not a risk, as it does not have the exposure and related harm of the patient/user/etc. In particular, and I also mentioned this above, risks will depend on the intended use (including intended user) of the device, so even for the same similar devices, different intended uses will change the risks. This is the other aspect that I would be concerned in the approach you mentioned.
For example, if you look at the problem you mentioned (and I'm not discussing it being a risk or not), of "bad readability due to direct sunlight", if the intended use of the device is to be used in closed environments, this problem does not exist.
I do not agree that there is only one legitimate approach to complying to ISO 14971. At its core, it is expected to assess all risks that arise from the use of the device to user and / or patient, implement measures to minimize the risk as far as possible resulting in a product with a positive risk / benefit ratio.
Again, it seems that I understood your original comment wrong. I did not try to imply that applying ISO 14971 can only be done thru one way. In fact, one of the strengths (unfortunately, it's also a big weakness due to some problems) is that it's a generic standard (as always based on good safety engineering practices of the last 50 or 80 years), and you may comply with it with several ways.
I do not see how the approach described above does not fulfill this requirement.
Product specific risk analysis is not skipped nor is it cut short. Instead common / alike risks are not explicitly listed in the product specific risk analysis but are still mentioned in the final product risk profile and are mitigated as well.
I still think that this approach will in practice create some problems and possible gaps, and for these reasons, I've never seen this done that way anywhere in the literature of risk management (I've seem some examples of approaches that tried to to that but used things as starting points, as I mentioned).
You certainly won't see NASA doing somethings like this (and they tried), because it was noted that, for optimal performance, you need to focus risk management activities in the particular problem, even if they share common characteristics.
In fact, ISO 14971 even mentions that in NOTE 1 to 4.1:
NOTE 1 If a risk analysis, or other relevant information, is available for a similar medical device, that analysis or information can be used as a starting point for the new analysis. The degree of relevance depends on the differences between the devices and whether these introduce new hazards or significant differences in outputs, characteristics, performance or results. The extent of use of an existing analysis is also based on a systematic evaluation of the effects the changes have on the development of hazardous situations.
Even in the case above, it's expected that you use the previous analysis as a basis, and not share it with other analysis.
So, related to your initial question - would be legit and in compliance with ISO 14971? I still think that it's not a good way to comply (not that I'm that fixed on complying directly with ISO 14971 because unfortunately, the current and also the newer version to be published in a while have several technical mistakes, so in principle I would say that it's really impossible to fully comply with the standard unless you correct those mistakes and make the correct activities - which I always do).