In this guide
- What Post-Market Surveillance means under EU MDR
- The four PMS documents — PMS Plan, PMSR, PSUR, PMCF
- PMS requirements by device class
- Where PMS data actually comes from
- PMS vs. vigilance — what triggers what
- The CER feedback loop
- Common Notified Body audit findings
- How to build a PMS system that scales
- Key MDCG guidance documents to reference
What Post-Market Surveillance means under EU MDR
EU MDR defines Post-Market Surveillance (PMS) in Article 83 as the systematic process by which a manufacturer collects, records, and analyzes data on the quality, performance, and safety of a medical device throughout its lifetime on the market. PMS is mandatory for every device, every class — there is no exemption.
The intent is straightforward: real-world device behavior often diverges from pre-market clinical performance. A device that performs flawlessly in a 200-patient pre-market clinical investigation may behave differently when it reaches 200,000 patients in routine practice — with broader patient demographics, varied clinical settings, untrained users, and longer follow-up periods. PMS is the structured process for detecting this divergence early and acting on it.
The four PMS documents — PMS Plan, PMSR, PSUR, PMCF
EU MDR introduces a structured four-document system for PMS that replaces the looser MEDDEV-era approach. Each document has a defined purpose and update cadence:
| Document | Purpose | Required for | Update cadence |
|---|---|---|---|
| PMS Plan | Strategy for collecting and analyzing PMS data | All classes | Updated as needed; reviewed annually |
| PMSR (Class I) | Post-Market Surveillance Report — summary of PMS activities and conclusions | Class I | Updated as needed; available on request to authorities |
| PSUR (Class IIa+) | Periodic Safety Update Report — formal periodic summary | Class IIa, IIb, III | Class IIa: every 2 years · Class IIb and III: annually |
| PMCF Plan / PMCF ER | Post-Market Clinical Follow-up — proactive clinical data collection | All classes unless justified inapplicable | Plan: ongoing; Evaluation Report: aligned with CER and PSUR cycles |
PMS Plan (MDR Annex III)
The PMS Plan defines the strategy: what data will be collected, from where, how it will be analyzed, what indicators will trigger action, and how findings will feed back into design, labeling, and clinical evaluation. It is a planning document, written before the device hits the market, and refined over time.
PMSR — Class I only
For Class I devices, the PMSR is a self-contained summary of PMS activities, findings, conclusions, and corrective actions. It is updated "as necessary" and made available to competent authorities on request. Not formally submitted on a schedule.
PSUR — Class IIa, IIb, and III
The PSUR is the formal periodic safety report. It aggregates: incident data (vigilance), trend reporting, PMS findings, PMCF data, scientific literature, complaints, and any changes to the device or its use. The PSUR is submitted to the Notified Body (and for implantable and Class III devices, made publicly available via EUDAMED).
PMCF Plan / PMCF Evaluation Report
PMCF is the proactive clinical data collection layered on top of passive PMS. The Plan defines studies, registries, surveys, or other data-collection mechanisms designed to address the clinical questions left open after pre-market evaluation. The Evaluation Report summarizes findings and feeds back into the Clinical Evaluation Report (CER).
PMS requirements by device class
Class I (non-sterile, non-measuring, non-reusable)
PMS Plan required. PMSR maintained and updated. No formal PSUR cycle. PMCF often justifiable as not applicable (with documented rationale), particularly for low-risk devices with established safety profiles.
Class I sterile / measuring / reusable
PMS Plan required. PMSR maintained. Notified Body involvement on the specific regulated aspect — they will review PMS activities related to that aspect during certificate audits.
Class IIa
PMS Plan required. PSUR every 2 years, submitted to Notified Body. PMCF Plan required unless justified inapplicable. The "justified inapplicable" route is narrowing — most Class IIa devices now require active PMCF.
Class IIb (non-implantable)
PMS Plan required. PSUR annually, submitted to Notified Body. PMCF Plan required, with active data collection in most cases.
Class IIb implantable
PMS Plan required. PSUR annually, submitted to Notified Body AND made publicly available via EUDAMED. PMCF Plan required and prescriptive. Implantable devices carry SSCP (Summary of Safety and Clinical Performance) public-facing document obligations.
Class III
PMS Plan required. PSUR annually, submitted to Notified Body AND made publicly available via EUDAMED. PMCF Plan required and typically involves prospective clinical studies, registries, or large-scale surveillance programs. SSCP required and publicly available.
Where PMS data actually comes from
Manufacturers often build PMS plans that look good on paper but rely on passive data sources that produce little actual information. Robust PMS draws from multiple channels:
Internal sources
- Customer complaints received via service teams, distributors, or direct customer contact.
- Vigilance reports filed under MDR Articles 87–92.
- Service and repair data — failure modes, time-to-failure, replacement parts consumption.
- Returns and credits — patterns can reveal quality or design issues before they become safety incidents.
External sources
- Scientific literature — periodic systematic searches for publications mentioning your device or similar devices.
- Public databases — FDA MAUDE (for global signal detection even if your device isn't sold in the US), national vigilance registries.
- Competent authority safety communications — MHRA, BfArM, ANSM bulletins.
- Notified Body field safety notices — patterns in your category from other manufacturers' issues.
Proactive (PMCF) sources
- Post-market clinical studies — formal protocols, often investigator-initiated.
- Patient registries — particularly for implantables where long-term outcomes matter.
- User surveys — structured feedback from clinicians using your device.
- Real-world data partnerships — hospital data, payer data, EMR-derived outcomes.
PMS vs. vigilance — what triggers what
A common confusion: PMS and vigilance are related but distinct systems with different trigger thresholds.
| System | Trigger | Reporting deadline | Where it goes |
|---|---|---|---|
| Vigilance — serious incident | Death, serious deterioration in health, public health threat | 15 days (immediate for death/public health: 2 days) | Competent authority (national) |
| Vigilance — FSCA | Field Safety Corrective Action initiated | Immediate | Competent authority + EUDAMED |
| Trend reporting | Statistically significant increase in non-serious incidents or expected side effects | As frequent as specified in PMS Plan | Competent authority |
| PMS / PSUR | Routine — no specific incident trigger | Class IIa: 2 yrs · IIb/III: 1 yr | Notified Body (PSUR); EUDAMED for IIb implantable and III |
The practical implication: vigilance is incident-driven and urgent. PMS is continuous and periodic. Both must operate, with different SOPs, different ownership, and different response timelines.
The CER feedback loop
PMS data is not an end in itself — it must feed back into the Clinical Evaluation Report (CER). MDR Article 61 and Annex III require that PMS findings inform CER updates on a defined cadence.
The loop in practice:
- PMS Plan defines what clinical questions PMS data will address (e.g., "long-term durability beyond 5 years," "performance in elderly populations").
- PMS data is collected from internal and external sources continuously.
- PMCF studies and registries gather targeted clinical data.
- PSUR aggregates findings periodically.
- CER is updated to reflect new clinical data — confirming benefit-risk balance, identifying any new risks, refining IFU and labeling as needed.
- Next-cycle PMS Plan is refined based on the CER conclusions.
Notified Bodies test this loop directly. A PMS system that produces data which never appears in the CER is a major non-conformity finding. The audit question is: "Show me the chain of evidence from your PMS data through your PSUR into your most recent CER update."
Common Notified Body audit findings
Based on Notified Body audit feedback patterns in MDR surveillance audits since 2021, the recurring findings are:
1. PMS Plan too generic
The Plan reads as a procedural template without device-specific objectives, indicators, or trigger thresholds. Fix: write device-specific PMS Plans that reference your CER's identified clinical questions.
2. PMCF not actively executed
PMCF Plan exists on paper but no actual data collection is happening. Fix: define realistic, executable PMCF activities (even small ones — a clinician survey or registry contribution is better than nothing) and document execution.
3. Trend reporting not implemented
Manufacturers track individual incidents but have no statistical process for detecting trends. Fix: define quantitative thresholds in the PMS Plan (e.g., "more than X incidents of Y type per 1000 units in any rolling 6-month period triggers trend analysis") and run them.
4. PSUR not connected to PMS data flow
PSUR documents are written as standalone reports rather than as analytical synthesis of underlying PMS data streams. Fix: structure PSUR with traceability links back to specific PMS data sources.
5. Distributor / EC REP data flow broken
Customer feedback received by distributors or the EC REP does not consistently reach the manufacturer's PMS system. Fix: establish written protocols, monthly distributor reporting requirements, and audit them quarterly.
How to build a PMS system that scales
For small and mid-sized medical device manufacturers, PMS often grows organically — a complaint log here, an annual report there, a PMCF study attached to a single product launch. This works at small scale but breaks when device count or sales volume grows. The recommended building blocks for a scalable system:
1. Single ownership
Designate a PMS Manager (or assign within the regulatory team) with clear responsibility for the full PMS lifecycle. Without single ownership, data falls between roles and audits surface gaps.
2. Centralized complaint and incident database
Even a structured spreadsheet works for small portfolios — but for >5 devices or >1000 units/year, invest in a dedicated complaint management system integrated with your QMS. Off-the-shelf solutions include MasterControl, Greenlight Guru, Veeva Vault QualityDocs, Tracelink. For early-stage manufacturers, a structured Airtable or SmartSheet implementation can be sufficient until volume justifies upgrade.
3. Distributor reporting protocol
Distributors are your most important PMS data channel — they are closest to customers. Build a monthly distributor reporting requirement into your distribution agreements that includes: complaints received, repairs requested, customer feedback themes, any incident concerns. Verify execution quarterly.
4. Quarterly PMS review cadence
Whether or not your PSUR is annual, run a quarterly internal PMS review: review the period's complaints, vigilance reports, literature findings, distributor reports, and assess against trend thresholds. Document the review.
5. Annual PMS calendar
Build an annual calendar with key PMS milestones: literature search refresh, distributor audit, PMCF data check-in, PSUR drafting window, CER update review. Embed in your QMS calendar so it doesn't get deprioritized.
Key MDCG guidance documents to reference
The Medical Device Coordination Group (MDCG) publishes guidance that, while not legally binding, defines de facto Notified Body expectations. The essential MDCG references for PMS:
- MDCG 2020-7 — PMCF Plan template
- MDCG 2020-8 — PMCF Evaluation Report template
- MDCG 2022-21 — PSUR template and methodology
- MDCG 2023-3 — Q&A on vigilance terms and concepts
- MDCG 2023-1 — Periodic Safety Update Reports — sector-specific guidance
Use these templates as starting points rather than reinventing structure. Notified Bodies reviewing your PSUR will subconsciously compare to the MDCG template — deviations require explicit justification.
Where this fits in your European market work
PMS is a continuing operational discipline, not a one-time project. Building a sustainable PMS system in the first 12 months on the market saves significant rework when your first surveillance audit arrives. For manufacturers with European distributor partnerships, the distributor data flow into PMS is the most under-invested element — establishing it well in distribution agreements pays back for years.
The directory at MedicalDeviceDistributors.com covers distributor selection — finding partners with the regulatory maturity to handle PMS data flow reliably. For end-to-end European market entry combining regulatory and commercial functions, see Fractio.