Medtech Insight is part of the Business Intelligence Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call +44 (0) 20 3377 3183

Printed By


Medical device vigilance requirements under the new EU regulations

This article was originally published in SRA

Executive Summary

A lot has changed since I wrote a guide on medical device vigilance back in 19981. Medical device vigilance, as governed in the EU, for example, by Directives 93/42/EEC, 98/79/EC and 90/385/EEC and related guidelines2, has become more complex, particularly from a global perspective, but also as trial-related incidents are now part of the medical device vigilance process. Reporting formats, reportability criteria, national nuances and enforcement policies at EU member state level complicate what is to be reported, when and how. This article reassesses whether the process I set out in 1998 is still valid; it also examines key issues that contribute to the complexity of medical device vigilance in a global arena.


The basis of medical device vigilance in regulated markets is still complaint handling, as defined in the quality system requirements (ISO 13485 and ISO 9001)3,4. The term "complaint" is defined in the quality system requirements but not necessarily in the regulatory requirements of all countries (eg EU medical device regulations do not contain a specific definition). In the regulatory requirements of Australia, Canada, Japan and the US, for instance, the term is used and defined. Although the definition of a complaint has national nuances, it is internationally considered to be any information or communication that is reported concerning an unacceptable deficiency (or problem) with a device relating to the device's identity, quality, safety, performance, use, durability, reliability or effectiveness, etc.

To determine whether a complaint meets the medical device vigilance criteria, it must be screened. Each incident must be screened (to identify severity, whether it is anticipated or unanticipated) and investigated, the findings analysed, root cause and causal relationship identified and problem mitigated (see Figure 1). Mitigation takes the form of corrective action; not only for the device but also for device-related processes (eg manufacturing, design, clinical trials, etc) are affected by corrective actions. By and large, the pathway defined in the 1998 article is still valid.


Medical device vigilance, in short, concerns device problems (incidents), their analysis and mitigation to ensure the device and patient safety are maintained. Incidents can be anticipated and/or expected, ie inherent to the device and risk profile as listed in the instructions for use and unanticipated and/or unexpected (eg serious, life-threatening, patient death).

The main differences between the medical device vigilance process in general in 1998 and the process today are:

  • the level of detail of the reporting criteria has expanded;

  • reporting time frames have become more consolidated;

  • reporting formats have been standardised; and

  • the number of parties responsible for reporting medical device vigilance has increased when looking at commercialised and trial-related incidents.

Reporting criteria and time frames

In the EU, reporting criteria are more detailed than they were, as they now apply to commercialised and trial-related incidents. Basic criteria are still life-threatening, serious injury, permanent damage to body function or part, and so forth. Incidents are reported to the national competent authorities using web-based databases or medical device vigilance forms downloaded from the national competent authority websites. As user reporting is encouraged, the medical device vigilance form or database applies to manufacturers and users alike.

A manufacturer or authorised representative reports serious unanticipated adverse events, ie those that occur suddenly, fall outside the scope of the risk analysis and are not part of the inherent risks under which the product can be used safely. What has remained unchanged is the old adage, "When in doubt, report the incident."

Reporting time frames have also changed. Information is to be reported more promptly (see Table 1 for details of EU reporting times). Screening incidents today requires more information to be taken into consideration. A questionnaire or checklist is a prerequisite to ensure that all information is obtained and reviewed. Setting up a medical board or safety board is no longer voluntary – it is a necessity. For trial-related incidents, an independent data monitoring committee (IDMC) is mandatory as stipulated by good clinical practice requirements.

Table 1. Reporting time frames in the EU for commercialised products



Time scale


Serious public health risk


Immediately, without any undue delay that cannot be justified, but no later than 48 hours (or two calendar days) after becoming aware of the incident


Serious adverse event


Immediately, without any undue delay that cannot be justified, but no later than ten calendar days after becoming aware of the incident



Adverse events



Immediately, without any undue delay that cannot be justified, but no later than 30 calendar days after becoming aware of the incident


Investigational devices

The medical device vigilance process in the EU involves additional complexity when it comes to trial-related incidents. Incidents that occur during clinical trials can be anticipated and unanticipated, and can relate to the device or the medical procedure used. However, device deficiencies can also lead to potential safety issues, particularly when pre-market devices are involved.

Trial-related incidents apply to pre-market device trials but also to trials conducted with post-market devices used off-label, ie for new indications, applications or uses. For the EU, the European Commission has issued a specific MEDDEV guideline (2.7/3) for trial-related incidents5. It is not only MEDDEV 2.7/3 that requires trial-related incidents to be reported; there are also GCP requirements defined in Annex X of the Medical Devices Directive (93/42/EEC, as amended); national biomedical laws and ISO 14155 also set out requirements for the handling of trial-related incidents.

Adverse events and serious adverse events, as well as device deficiencies arising from a trial, are to be documented and reported to the trial sponsor. The trial sponsor needs to set out conditions for communicating trial-related incidents in the protocol and procedures. As pre-market trials use unapproved devices, incidents that arise from a trial must be reported immediately. Device or procedure related serious adverse events are to be reported to the national competent authority and ethics committees immediately. Device or procedure-related anticipated adverse events are to be reported by the investigator in a summary report to the ethics committee on a periodic basis if so stipulated by the ethics committee or at the completion of the trial. Both types of incidents are to be tracked and trended and assessed against the risk assessment.

Mitigating trial-related incidents impacts the device-related processes as much as the trial process and the medical procedure used. Mitigation can lead to protocol amendments and even temporary or permanent suspension of the trial. Device deficiencies are to be documented and reported when they affect the safety of the patient. Recording device deficiencies in a trial can be arduous as many may arise but not all of them may lead or contribute to a (serious) adverse event.


Medical device vigilance – in the EU and elsewhere – has taken on new dimensions in 2011. Numerous and different factors affect the medical device vigilance process, whether such processes are for commercialised and/or investigational devices. The steps of the vigilance process, however, are still as valid today as they were in 1998. The real complexity lies with trial-related incidents for pre-market devices. But in every situation, it is important to understand the medical device vigilance process as a whole and how it can be applied in particular situations; this is still a matter of keeping the process simple and communication transparent.


1. Jong de MG, Practical Guide to Medical Device Vigilance, November 1998, ISBN 1-874409-08-0

2. European Commission, MEDDEV 2.12-1 rev 6, Guidelines on a Medical Devices Vigilance System, December 2009,

3. ISO 13485:2003, Medical devices – Quality management systems – Requirements for regulatory purposes,

4. ISO 9001: 2008, Quality management systems – Requirements,

5. European Commission, MEDDEV 2.7/3, Clinical Investigations: Serious Adverse Event Reporting under Directives 90/385/EEC and 93/42/EEC, December 2010,

Marja de Jong is managing director of Medidas, a regulatory due diligence consultancy for medical devices based in the Netherlands. Her recently published regulatory reference guide, Medical device vigilance reference guide (ISBN 978-99-78027-07-2), sets out the medical device vigilance process for commercialised and investigational devices in detail. Website: Email:




Ask The Analyst

Please Note: You can also Click below Link for Ask the Analyst
Ask The Analyst

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts