What Is Vigilance in the Context of MDR and IVDR?

Vigilance refers to a post-market surveillance system for monitoring the safety of medical devices and IVDs once they are placed on the market. It involves detecting, analyzing, reporting, and documenting serious incidents and implementing Field Safety Corrective Actions (FSCAs) to prevent recurrence. Vigilance is mandatory for all supply chain actors: manufacturers, authorized representatives, importers, and distributors.

What Events Must Be Reported?

According to Article 87 MDR and Article 82 IVDR, the following must be reported:

  • Serious incidents – events that led or could have led to death, serious deterioration of health, or life-threatening conditions, including incorrect IVD results.
  • Field Safety Corrective Actions (FSCA) – technical or organizational measures implemented post-market to reduce risk to users or patients.

Reports are submitted to the competent authority in the relevant Member State and, per Article 92 MDR, to the EUDAMED system.

Role of PRRC in Vigilance

The Person Responsible for Regulatory Compliance (PRRC), as required under Article 15 MDR/IVDR, oversees the accuracy and completeness of incident and FSCA reporting, ensures alignment with technical documentation and risk analysis, and integrates vigilance into the quality management system. The PRRC is also responsible for timely communication with authorities and the notified body.

Incident Reporting Deadlines and Data Structure

Deadlines under MDCG 2023-3:

  • Initial report within 2 working days – for serious public health threats
  • Standard incident report within 10 working days
  • Final report – after internal investigation concludes

Each report must include: SRN, device data (UDI-DI, type, serial number), incident description, contact information, root cause analysis, and FSCA plan.

Manufacturer Responsibilities Under Vigilance

Manufacturers must fully implement the Vigilance system, including:

  • incident and FSCA analysis and reporting procedures,
  • serious incident and user complaint log,
  • Corrective and Preventive Action (CAPA) plans,
  • effectiveness monitoring of corrective actions,
  • integration with ISO 13485 and ISO 14971.

Integration of Vigilance With PMS, PMCF, and PSUR

Vigilance data should be analyzed within:

  • PMS plan – per Annex III MDR/IVDR,
  • PMCF (for MD) or PMPF (for IVD),
  • Periodic Safety Update Report (PSUR) – for class IIa, IIb, III devices and class C/D IVDs.

Lack of integration leads to audit-detected inconsistencies.

Vigilance Obligations of Authorized Representatives, Importers, and Distributors

  • Authorized Representative – cooperates with authorities, retains reports for 10 years, and forwards info to the manufacturer.
  • Importer – immediately notifies the manufacturer of incidents and retains related documentation.
  • Distributor – informs the manufacturer of customer complaints and suspected non-compliances.

Failure to respond or relay such information may result in administrative fines of up to PLN 5,000,000 as per the Medical Devices Act.

Vigilance and EUDAMED – New Obligations from 2026

Under Regulation 2025/1021:

  • Incident and FSCA reporting will be mandatory via EUDAMED,
  • XML format and SRN integration will be required,
  • Reports must be standardized and suitable for public disclosure.

Lack of readiness may prevent compliance with Articles 92 MDR and 82 IVDR.

Mandatory Documentation for Vigilance

Recommended documentation set:

  • Incident and FSCA reporting procedures,
  • Forms aligned with MDCG 2023-3,
  • FSCA and CAPA registry,
  • Communication logs with authorities and notified bodies,
  • Integration with PMS, PMCF/PMPF, and PSUR.

Common Deficiencies and Their Consequences

  • Outdated incident reporting procedures,
  • Missed 2/10-day deadlines,
  • Ineffective CAPA actions,
  • Lack of integration with PMS and PMCF,
  • Failure to analyze user reports.

Such deficiencies are classified as major non-conformities during MDR/IVDR audits.

How Pure Clinical Supports Manufacturers in Vigilance

Pure Clinical provides comprehensive support for incident analysis, FSCA documentation, and MDR/IVDR compliance through:

  • development of Vigilance procedures and MDCG-compliant forms,
  • training for RA/QA teams on incident assessment and CAPA,
  • Vigilance integration with QMS and risk analysis systems,
  • support with PSUR, PMCF, FSCA, and EUDAMED submissions,
  • audit preparation for notified bodies and national authorities.

FAQ

Is every CAPA action considered a Field Safety Corrective Action (FSCA)?

No. Only CAPA measures that mitigate patient or user risk for devices already on the market qualify as FSCA. Internal process optimizations or design tweaks without risk implications are not FSCA but must be documented in the QMS.

Will EUDAMED incident reports be publicly visible?

Yes. From 2026, FSCA and serious incident reports will be published in a standardized format. While clinical data will be anonymized, details like the manufacturer’s name, device type, corrective actions, and dates will be publicly accessible.

Who determines whether an incident requires an FSCA submission?

The manufacturer is responsible, based on risk analysis and PRRC oversight. In uncertain cases, guidance from MDCG 2023-3 or consultation with the notified body or competent authority is recommended.

What IT tools support Vigilance compliance?

Effective tools include eQMS platforms with CAPA modules, incident-tracking systems (e.g. TrackWise, SmartSolve), XML-based reporting tools for EUDAMED, and integration with PMS/PMCF data for full lifecycle traceability.