What is post-market surveillance for medical devices?

hand holding black binoculars on a yellow background

The PIP scandal, in which thousands of women were injured by faulty breast implants over a period of twenty years, triggered a major adjustment to medical device regulation around the world. Medical device developers are now required to design systems that proactively monitor quality, performance and safety data throughout a device’s lifetime. Here’s what you need to know about PMS (post-market surveillance) in the EU.

What is post-market surveillance?

Post-market surveillance is a vital part of the EU Medical Device and IVD regulation (known as the EU MDR and IVDR). The MDR defines post-market surveillance as:

“All activities carried out by manufacturers in cooperation with other economic operators to institute and maintain a systematic procedure to proactively collect and review experience gained from devices they place on the market, make available on the market, or put into service for the purpose of identifying any need to immediately apply any necessary corrective or preventive actions”

Ready to take control? Download our guide to digital document control for  medical device developers

Why is post-market surveillance so important?

PMS requirements were formally added to the EU regulation following the fallout from the PIP scandal, in which unapproved silicone gel was used in a popular breast enhancement product, causing 30% of implants to rupture. 300,000 women in as many as 65 countries were injured over two decades, as the company involved had no means of monitoring or acting on reports of product malfunctions.

What does the PMS regulation require?

 All medical device manufacturers must have a documented system in place that:

  • Captures and reports on all adverse events related to their devices
  • Proactively generates and stores feedback about these devices

To do this effectively, the regulation requires companies to:

  • Document their PMS plans
  • Produce required reports based on those plans
  • Make them available to the regulator during audits

What is a post-market surveillance plan? 

A post-market surveillance plan, addresses the collection and utilisation of information such as user feedback, trend reports, clinical follow-up data, and more. This plan should include:

  • The appropriate statistical and analytical methods a company has in place for assessing collected data
  • Documented threshold values for assessing risk-benefit and effective risk management
  • Appropriate systems and tools for investigating complaints and other experience collected in the field
  • Documented protocols for communicating effectively with the competent authorities, notified bodies, economic operators, and users
  • Documented procedures and systems for implementing Corrective Actions when required
  • Tools to trace and identify devices for which corrective actions may be needed (traceability of potentially defective products in case a recall is needed, for example)

Not only this, but the plan must include procedures to fulfil the manufacturer's obligations for either a PMSR (Post-Market Surveillance Report) or PSUR (Periodic Safety Update Report).

Will you need a PMSR or PSUR?

Depending on the class of the device involved, the implemented plan should result in the production of a Post-Market Surveillance Report (PMSR) or Periodic Safety Update Report (PSUR).  

What classification is your medical device, IVD or implantable? Check out our guide

What should the PMSR include?

A PMSR must be produced by those responsible for

  • Class I medical devices (as defined by the MDR)
  • Class A and B devices (as defined by the IVDR)

PMSRs should present:

(i) results and conclusions of data gathered from the post-market surveillance plans

(ii) a description of any corrective and preventive actions taken. 

This documentation should be available for inspection at the manufacturer’s site and be available to a competent authority upon request

What should the PSUR include?

A PSUR must be produced by those responsible for:

  • Class IIa, IIb and III medical devices (as defined by the MDR)
  • Class C and D in-vitro devices ( as defined by the IVDR)

It should include:

(i) Conclusions of the benefit-risk determination

(ii) The main findings of the post-market clinical follow-up

(iiii) Volume of sales of the device together with information on the population using the device.

The PSUR is part of the technical documentation and must be updated regularly. This means at least every two years for class IIa devices and annually for class IIb and class III devices.

It should be noted that for implantable devices (Class IIb) and Class III devices, submission to notified bodies will be through Electronic submission via Eudamed.

But don’t relax just yet, your post-market responsibilities do not end there.

The FDA submission process: 510K vs PMA. What’s the difference?

Post-Market Clinical Follow-up (PMCF)

Annex 3 of the regulation also requires companies to supply:

“A Post-Market Clinical Follow-up (PMCF) plan…or a justification as to why a PMCF is not applicable.

Unless you can provide a medical medical-scientific rationale that shows it is unnecessary, all medical device manufacturers need to conduct Post-Market Clinical Follow-up (PMCF) investigations to collect additional information about there product when it is on sale in Europe.

Manufacturers should base their PMCF process on a PMCF plan. The findings of the PMCF must be documented in a PMCF evaluation report which, in turn, will form part of a Clinical Evaluation Report (CER) and the technical documentation. PMCF activities are intended to:

  • Confirm safety and performance of the device
  • Identify unknown side-effects of device usage
  • Identify contraindications or risks
  • Ensure continued acceptability of the benefit-risk ratio
  • Identify the risks of off-label use-misuse
  • Address specific goals in the CER

Post-market data must be used to continually reassess the benefit–risk analysis in the CER and to update the risk management part of the technical documentation.

Any actions such as recalls and notifications have to be discussed in the PMCF evaluation report. Incidents should be displayed in a table and (serious) adverse events mentioned in detail - with a focus on the evaluation of whether an incident is device-related or not.

 For Class III devices and implantable devices, the PMCF evaluation report is required to have annual data updates.


This was just a brief look at the responsibilities thrown up for manufacturers and other economic operators in the medical device chain by the MDR and IVDR.

To meet these PMS requirements, those responsible for medical device development need to have the means of publishing, maintaining, auditing and controlling the documentation and systems that can oversee the safety of a product throughout its lifecycle.

It requires tools to continually monitor the risk a device poses to users, based on your vigilance and the proactive gathering of feedback and data around the usage of the device. The effectiveness of your QMS will be key to delivering on these obligations and demonstrating to regulators that you have done so.

New call-to-action

Last updated on 10/01/2023

Tags: Medical Device Development

Joe Byrne

Written by Joe Byrne

Joe Byrne is the CEO of Cognidox. With a career spanning medical device start-ups and fortune 500 companies, Joe has over 25 years of experience in the medical device and high-tech product development industries. With extensive experience in scaling businesses, process improvement, quality, medical devices and product development, Joe is a regular contributor to the Cognidox DMS Insights blog where he shares expertise on scaling and streamlining the entire product development cycle, empowering enterprises to achieve governance, compliance, and rigour.

Related Posts

Medical Device Technical File requirements: what you need to know

What is the medical device technical file? What should it contain and how should it be structured? ...

4 challenges you'll face moving from a paper based QMS to an eQMS

The case for ditching paper based QMS (Quality Management Systems) can seem like a no-brainer. But ...

IQ, OQ, PQ: what's needed for equipment validation in life sciences?

Controlling and documenting IQ, OQ and PQ effectively is a complex and time-consuming process for ...