Medical device and IVD Vigilance in EU and Switzerland

If you place medical devices and IVDs on the market in the EU and Switzerland, you must understand the requirements relative to the reporting of device-related issues to competent authorities. The terminology, reporting criteria, and timelines in the EU MDR/IVDR have evolved from the former Directives, and now special requirements apply in Switzerland. To know more, read this article.

Key takeaways

  • All medical devices and IVDs placed on the market in the EU are subject to Vigilance obligations under the EU MDR/IVDR, which are incumbent on the manufacturer. 
  • Switzerland is no longer fully aligned with the EU on Vigilance requirements. Reporting criteria, forms, and notification pathways are now different, and a special situation has been introduced for devices placed on the market in Liechtenstein.
  • IMDRF AET’s codes and terms are a challenging aspect of Vigilance reporting, and need to be consistently integrated in the manufacturer’s complaint system.


What is Vigilance?

There is no legal definition of Vigilance in the Regulations (EU) No. 2017/745 on medical devices (EU MDR) and 2017/746 on in-vitro diagnostic devices (IVDR). The term is however extensively covered in Chapter VII section 2 of both regulations.

“Vigilance” refers to the mandatory reporting to national competent authorities of certain device-related issues revealed in the post-market phase. In brief:

  • Serious incidents (under certain conditions)
  • Any Field Safety Corrective Actions (FSCA)
  • (Vigilance) Trends with significant impact on benefit-risk profile and leading to unacceptable risks

Vigilance is a EU-specific term. Device manufacturers from jurisdictions beyond the EU, sometimes mistake the term with “adverse event”, which is instead terminology from the International Medical Device Regulators Forum (IMDRF), also carried over in some geographies (e.g. Australia, Brazil, Japan). In EU legislation, “adverse event” is used only in the context of clinical studies conducted in the pre-market phase.

What is a Serious Incident?

“Serious incident” is defined in the EU MDR/IVDR as any incident that:
“directly or indirectly led, might have led or might lead to any of the following: 

  • the death of a patient, user or other person, 
  • the temporary or permanent serious deterioration of a patient’s, user’s or other person’s state of health, 
  • a serious public health threat.”
    [EU MDR Art. 2(65) / IVDR Art. 2(68)]

“Incident” is in turn defined as:

  • device malfunction
  • deterioration in the device characteristics or performance 
  • use-error due to ergonomic features
  • any inadequacy in the information supplied by the manufacturer 
  • for non-IVDs only: any undesirable side-effect 
  • for IVDs only: any harm as a consequence of a medical decision, action taken or not taken on the basis of information or result(s) provided by the device
    [EU MDR Art. 2(64) / IVDR Art. 2(67)]

“Serious deterioration of health” includes:

  • a life-threatening illness or injury, 
  • impairment of a body structure or function (incl. leading to diagnosed trauma), 
  • a condition necessitating new/prolonged hospitalisation, 
  • medical/surgical intervention to prevent the above
  • a chronic disease, 
  • foetal distress/death or congenital abnormality (physical or mental) or birth defects.
    [See MDCG 2023-3]

“Serious public health threat” is defined as:

“an event which could result in imminent risk of death, serious deterioration in a person’s state of health, or serious illness, that may require prompt remedial action, and that may cause significant morbidity or mortality in humans, or that is unusual or unexpected for the given place and time.”
[EU MDR Art. 2(66) / IVDR Art. 2(69)]

It is very important to stick to the legal definitions to ensure compliant reportability of device-related issues.

What is an FSCA?

Field Safety Corrective Action (FSCA) is defined as any:

“corrective action taken by a manufacturer for technical or medical reasons to prevent or reduce the risk of a serious incident in relation to a device made available on the market.”
[EU MDR Art. 2(68) / IVDR Art. 2(71)]

In the past, a manufacturer might have been able to decide in certain cases whether a corrective action taken was an FSCA or not. This leeway no longer exists today. According to the EU MDR/IVDR, any measure that falls under the above legal definition is an FSCA and must be treated as such.

The term Field Safety Corrective Action (FSCA) is frequently considered a synonym for product recall but they could also be:

  • device modification on-site (e.g. software upgrades) or at the manufacturer,
  • device destruction on-site (i.e. by the user) or at the supplier (distributor, importer or manufacturer),
  • IFU amendments or additions,
  • advice on the use of the device and/or the follow up of patients (e.g. implants, IVD sensitivity/specificity).

FSCAs can in fact be driven by either:

  • A recall, meaning “any measure aimed at achieving the return of a device that has already been made available to the end user.” [EU MDR Art. 2(62) / IVDR Art. 2(65)]
    This is a reactive action.
  • A withdrawal, meaning any “measure aimed at preventing a device in the supply chain from being further made available on the market.” [EU MDR Art. 2(63) / IVDR Art. 2(66)]
    This is a proactive action.

FSCAs are to be notified by the manufacturer to affected customers via the Field Safety Notice (FSN).

Office. Three people. One person is explaining something to the others.

In the past, a manufacturer might have been able to decide in certain cases whether a corrective action taken was an FSCA or not. This leeway no longer exists today.

Is Vigilance the same as Market Surveillance?

Not at all.

Also described in Chapter VII of the EU MDR and IVDR, market surveillance refers to the compliance controls and enforcement deployed by national competent authorities.

Market surveillance is conducted by competent authorities via a pre-established plan and may involve:

  • announced and unannounced audits of economic operators,
  • sampling of devices,
  • confiscation of devices that present an unacceptable risk or are falsified.

Competent authorities may request at any time device documentation, information, or samples from a manufacturer, its authorized representative, or importer/distributor. 

The market surveillance plans are established based on risk and Vigilance data or complaints reported to them, but this does not mean that low-risk devices with no incident reports are excluded from such inspections. For example, the Swiss competent authority, Swissmedic, conducted an inspection of 27 Class I device manufacturers in March 2023.

What devices require Vigilance activities?

All medical devices and IVDs placed on the market are subject to the Vigilance obligations under Chapter VII of the EU MDR or IVDR, as applicable. 

This means that “legacy” devices must comply with the Vigilance requirements in the new Regulations in lieu of the corresponding requirements in the former Directives (MDD, AIMDD, and IVDD), as confirmed in MDCG 2021-25 (for non-IVDs) and MDCG 2022-8 (for IVDs).

Moreover, Vigilance requirements apply to:

  • Custom-made devices (CMD), i.e. those tailored to a specific patient upon prescription by a healthcare professional.
  • Annex XVI products, i.e. products without an intended medical purpose that are governed by the EU MDR, in alignment with the corresponding Common Specifications (CS), Regulation (EU) 2022/2346

Conversely, there are no Vigilance requirements that concern specifically Procedure Packs and Systems, as referred to in EU MDR Art. 22 or MDD Art. 12. This is different in Switzerland. See How does Vigilance in Switzerland differ from the EU?

Who is responsible for Vigilance?

The manufacturer is responsible for Vigilance, irrespective of where it is located.

There is no difference for manufacturers based outside of the EU/EEA/Turkey, who need an EU Authorised Representative. Article 11(4) of the EU MDR and IVDR explicitly prohibits delegating Vigilance obligations to the EU Authorised Representative.

Within the manufacturer, the Person Responsible for Regulatory Compliance (PRRC) must oversee Vigilance activities to ensure that the obligations are complied with. And, whereas PMS obligations under the EU MDR and IVDR also apply to legacy devices, a PRRC is not required for legacy devices, as clearly indicated in both MDCG 2021-25 for non-IVDs and MDCG 2022-8 for IVDs.

What does Vigilance entail for the manufacturer?

Manufacturers shall have a system for recording and reporting of incidents and FSCAs. This means having a Vigilance procedure where the legal definitions, criteria for reportability, and precise timelines for reporting are described.

Vigilance decisions on when and what to report must be standardized and driven by the criteria in EU MDR and IVDR, in consideration of MDCG 2023-3. This guidance document is very detailed regarding Vigilance duties under the EU MDR, and can be extrapolated by analogy for the IVDR in the absence of a similar, bespoke guideline. 

Moreover, a conservative approach to reporting is expected:

  • In case of uncertainty, reporting is required. 
  • To ensure timely reporting, an incomplete initial report can be submitted, followed up by a complete report.

In addition manufacturers shall conduct trend analysis of non-serious incidents and shall report any statistically significant increase in their frequency or severity that has a significant impact on the benefit-risk profile of the device and leads to actual or potential unacceptable risks [EU MDR Art. 88(1) / IVDR Art. 83(1)]. Appropriate baselines and thresholds must be established by the manufacturer to allow systematic trending. Until the long-awaited MDCG guidance document on trend reporting is issued, Appendix C in the old guideline GHTF/SG2/N36R7 can be used as a basis.

The picture below provides an overview of an appropriate Vigilance process:

Graphic. It shows the vigilance process.

What are PSRs?

Periodic Summary Reports (PSRs) are a special way to report similar serious incidents that repeatedly occur  with the same type of device, under the conditions stipulated in EU MDR Art. 87(9) / IVDR Art. 82(9), i.e.:

“For similar serious incidents that occur with the same device or device type and for which the root cause has been identified or a [FSCA] implemented or where the incidents are common and well documented, the manufacturer may provide periodic summary reports instead of individual serious incident reports, on condition that the coordinating competent authority […] has agreed with the manufacturer on the format, content and frequency of the periodic summary reporting. […]” 

Transitioning from individual reporting to periodic reporting requires filing a request to the concerned competent authority. A PSR template exists but additional/different documentation might be decided.

Watch out for potential confusion between the acronyms PSR (Periodic Summary Report) and PSUR (Periodic Safety Update Report).

How shall Vigilance cases be reported?

Specific forms must be used for reporting Vigilance cases. The corresponding templates are available from the EU’s website under the Post-Market Surveillance section in Guidance MEDDEVs file.

  • For serious incidents, the Manufacturer Incident Report (MIR), in English or national languages, using the MIR template.
  • For FSCA, the FSCA report template (in English or national languages) and the FSN using the FSN template with the appropriate reply templates (in English and national languages). 
  • For trend reports, the Trend report template.
  • For PSRs, according to the format and content agreed with the coordinating competent authority, the PSR template may be used.

Until EUDAMED’s Vigilance module becomes operational, reports are to be sent in machine-readable electronic format, via e-mail to the corresponding competent authority, and, where applicable, to the Notified Body.

MIR/FSCA information is disseminated by the “evaluating” competent authority to all concerned competent authorities in the form of a National Competent Authority Report (NCAR). It is in the manufacturer’s interest to ensure consistent MIR/FSCA reporting across EU/EEA/Turkey.

What are IMDRF AET codes?

Adverse Event Terminology (AET) is a harmonized set of codes and terms for reporting adverse events (i.e. incidents under the EU MDR/IVDR) that has been developed and is maintained by the International Medical Device Regulators Forum (IMDRF).

The use of IMDRF AET codes and terms is mandatory in MIR and FSCA forms. Specifically, the following types of codes/terms need to be carried over in the corresponding sections of the MIR/FSCA form:

IMDRF AET codes and terms must be embedded in the manufacturer’s complaint management and Vigilance systems for consistent implementation of MIR and FSCA forms.

In our regulatory support and consultancy activities, we realize that the use of IMDRF AET codes in Vigilance and PMS is a challenge frequently underestimated by many manufacturers:

  • Most manufacturers still do not use IMDRF AET codes when logging PMS data into their databases and, consequently, cannot retrieve the appropriate information for Vigilance reporting.
  • Even for manufacturers who have started using IMDRF AET codes, historical data is frequently not coded accordingly, which might hinder trend analysis.
  • Sometimes, various codes might apply to a given case, which requires maintaining a matrix to systematically assign the same code to the same type of case. 
  • Code allocation to complaints or incidents might evolve in time, for example, upon availability of further evidence, a different code might be found to be more appropriate, which should be duly documented to avoid inconsistencies.
  • In addition, IMDRF AET working group comes up with new codes from time to time, which might reveal a better match for a given case that had already been assigned another code.

Manufacturers who have not taken the time to consistently implement the use of IMDRF AET codes have a high effort in completing MIR or FSCA forms. To achieve such consistency, IMDRF AET codes/terms must be embedded in the manufacturer’s complaint management and Vigilance systems. Adopting IMDRF codes is a labor-intensive task that should be carefully planned by the manufacturer.

How does Vigilance in Switzerland differ from the EU?

Swiss legislation on medical devices (SR 812.213, MedDO) and IVDs (SR 812.219, IvDO) is based on EU legislation, i.e. EU MDR and IVDR respectively.

For Vigilance, the legal definitions and reporting timelines in Switzerland are those in the EU MDR/IVDR.


  • Reporting criteria slightly differ from EU’s in that only serious incidents occurring in Switzerland and FSCAs deployed in Switzerland need to be reported to Swissmedic.
  • Serious incidents and FSCA from Liechtenstein must be reported to Swissmedic if the concerned device had been supplied in Liechtenstein under the Customs Treaty between Switzerland and Liechtenstein (i.e. according to the MedDO or IvDO).
  • Vigilance requirements also apply to Procedure Packs and Systems in Switzerland.
  • The notification pathway for economic operators is via e-mail to Swissmedic until the Swiss version of EUDAMED, Swissdamed, becomes operational.
  • The Swiss competent authority, Swissmedic, has been adapting the reporting forms and instructions.
    There are now:
  • Swiss-specific FSCA form
  • Swiss-specific PSR form
  • Swiss-specific trend report form
  • Swiss-specific instructions for filling out MIR, FSCA forms, and FSNs

Swissmedic has also provided instructions to avoid disclosing personal data or customer’s data in the FSNs, since these are published on Swissmedic’s website.

Although the manufacturer is always responsible for maintaining a compliant Vigilance process, for foreign manufacturers and Procedure Pack or System producers, the Swiss Authorised Representative endorses an oversight role to ensure that Vigilance reporting is duly undertaken. The actual submission of the Vigilance reports can be undertaken by the foreign manufacturer and Procedure Pack or System producers, or by their Swiss Authorized Representative.

It is recommended to always download the current instructions and forms from Swissmedic’s website to avoid oversights.

How to avoid the most common Vigilance issues?

The most common issues when implementing and deploying Vigilance processes are those relative to decision-making, the actual reporting to competent authorities, and FSCA deployment.

Decision making:

  • Using wrong reporting criteria as basis (e.g. US FDA’s or old MEDDEV)
  • Unproven causality due to inefficient complaint investigation (e.g. complainant lost to follow-up)
  • Lenient interpretation of “serious incident” definition
  • Reporting decision overseen/driven by top management instead of by PRRC
  • Inconclusive root cause investigation hindering the determination of corrective/preventive actions needed
  • Disagreement within the supply chain (e.g. between the distributor and the manufacturer)


  • Untimely reporting
  • Use of wrong or outdated forms
  • Inconsistent information within the same MIR or FSCA form, across MIR forms for repeated incidents involving the same device, or in the answers provided to subsequent inquiries from the competent authority
  • Inconsistent IMDRF codes

FSCA deployment:

  • Lack of practice 
  • Deficient traceability, making reconciliation files a nightmare
  • No plans for reaching over-the-counter end users
  • Insufficient cooperation from local distributors

Vigilance needs (continuous) internal training at all levels of the company. For FSCA, mock exercises to test the level of device traceability and the logistics of FSN deployment are recommended.

How Decomplix can help

Decomplix offers consultancy services in all regulatory and quality assurance matters relative to medical devices. 

We can support your company in fulfilling all Vigilance requirements under the EU MDR and IVDR, respectively the Swiss MedDO and IvDO, and ensuring compliance most efficiently. If you wish to discuss your needs with us, please contact us for a non-binding CE marking quote.

Further reading

More articles