What Is a Non-Compliant Product Under MDR/IVDR?
A non-compliant product is any medical device or in vitro diagnostic (IVD) device that fails to meet the requirements outlined in MDR 2017/745 or IVDR 2017/746. This may include the absence of CE marking, non-compliance with the intended purpose, labeling errors, or incomplete technical documentation. Suspected counterfeits or falsified origins also qualify as non-compliant. Devices that do not meet GSPR requirements or have been modified post-certification without updated conformity assessment—per the definition of a significant change—are also considered non-compliant.
Importer and Distributor Obligations in Case of Suspected Non-Compliance
If an importer or distributor identifies or suspects non-compliance, they must immediately:
- halt distribution or use of the product,
- notify the manufacturer and the authorised EU representative,
- document the situation and secure the product,
- in case of suspected falsification or health risk, report the incident to the URPL President and competent authorities in other countries where the product was distributed.
These obligations must be executed according to the quality management system (QMS), and corrective actions are subject to PRRC verification.
Cooperation with the Manufacturer and Regulatory Authorities
If the product has already reached the market, the importer and distributor must cooperate with the manufacturer and authorities to:
- verify device compliance,
- conduct product withdrawal or recall if necessary,
- fully document corrective and preventive actions (FSCA).
These actions must comply with MDCG 2023-3 and include evidence of CAPA implementation and effectiveness, reviewed during internal audits.
Serious Incidents – What to Do?
A serious incident is any case resulting in, or likely to result in, death, life-threatening situations, or serious deterioration in a patient’s health. The distributor or importer must immediately notify the manufacturer or their representative, even if the incident has already been reported. Every serious incident should be analysed within the QMS as a potential trigger for updating PMS and vigilance procedures.
Required Data for Incident Reporting
According to Article 48 of the Polish Medical Devices Act (April 7, 2022), incident reports must include:
- date and location of the event,
- clinical data: gender, age, weight,
- description of consequences and medical interventions,
- device identification: model, serial number, UDI, date of manufacture, version,
- device storage details on the day of the report,
- user type (professional, patient, third party),
- contact details for the manufacturer, distributor, importer, and reporter.
All data must be stored per MDR/IVDR requirements and made available to national authorities and notified bodies upon request.
Complaint and Incident Registers – Documentation Obligations
Under MDR, IVDR, and national legislation, distributors and importers must maintain their own registers of:
- user and patient complaints,
- non-compliant product reports,
- incident and claim reports from healthcare facilities and clients.
This register must be integrated into the QMS and provided to the manufacturer upon request. Failure to maintain or provide the register may result in financial penalties or administrative decisions from URPL. It is recommended to integrate the register with PMS procedures and post-market surveillance documentation.
New Obligations from 2025 – Updated Non-Compliance Procedures
EU Regulation 2025/1021 introduces changes impacting non-compliant product handling:
- mandatory use of functional EUDAMED modules for reporting non-compliance,
- standardized non-compliance report format effective from January 2026,
- enhanced authority powers to enforce sales halts or recalls when public health risks are identified.
Internal procedures must be updated to reflect these changes and align with MDCG and EUDAMED reporting templates.
Common Errors in Handling Non-Compliant Devices
- ignoring end-user reports,
- failure to initiate immediate distribution halt,
- lack of formal incident reporting to the manufacturer or URPL,
- absence of a standard reporting form or escalation procedure,
- insufficient risk analysis not aligned with ISO 14971.
Failure to involve the PRRC in incident analysis and non-compliance with CAPA procedures constitutes a serious regulatory violation subject to penalties.
How Pure Clinical Supports Non-Compliant Device Management
Pure Clinical offers comprehensive support in regulatory and operational compliance:
- audits of non-compliant product procedures and incident registers,
- development and implementation of harmonized reporting templates,
- training for QA/RA, import, and distribution teams on MDR and IVDR obligations,
- support during URPL inspections and notified body audits,
- verification of register compliance with new EUDAMED and MDCG 2023-3 requirements.
FAQ
Can a non-conforming device continue to be used if it poses no immediate risk to public health?
Is it legal for a distributor to unilaterally withdraw a device from the market without the manufacturer’s consent?
Should incidents involving off-label use of medical devices still be reported?