How do you build a structured, ongoing system that actively monitors your device in the real world and detects risks early — not just reacts to problems?
A proactive PMS system is not about collecting data — it’s about anticipating risk before it becomes visible.
Post-market surveillance (PMS) under EU MDR 2017/745 is no longer a passive regulatory obligation. Medical device manufacturers are expected to maintain continuous oversight of device performance in real-world use — and demonstrate that oversight through structured, documented systems. However, in practice, many PMS systems remain largely reactive, focused on collecting complaints and reporting adverse events after they occur.
This approach is increasingly misaligned with regulatory expectations.
Moving toward a proactive PMS model requires more than expanding data sources. It involves rethinking how surveillance activities are structured, integrated, and maintained across the product lifecycle. Rather than functioning as a standalone activity, PMS should operate as a dynamic system that continuously informs clinical evaluation, risk management, and post-market clinical follow-up (PMCF) — the structured process of actively collecting clinical data on a device after it has reached the market.
This article outlines how manufacturers can transition from reactive surveillance to a proactive, structured PMS system that aligns with current regulatory expectations and supports ongoing device safety.
What Does Proactive Post-Market Surveillance Look Like Under EU MDR?
A proactive post-market surveillance (PMS) system extends beyond the routine collection of complaints and periodic reporting. It is characterised by structured, ongoing activities designed to identify emerging risks, detect performance trends, and generate clinically meaningful insights before issues escalate.
In contrast, reactive PMS systems rely primarily on adverse event reporting and customer complaints. While these remain essential components, they typically capture issues only after they have already affected patients or users. Proactive PMS, by comparison, seeks to identify early signals—subtle shifts in data that may indicate a developing safety or performance concern.
In practice, this means implementing surveillance activities that are both continuous and anticipatory, rather than intermittent and retrospective.
Key characteristics of a proactive PMS system include:
Regular, structured literature surveillance
Systematic and repeatable searches designed to identify new clinical data, emerging risks, and changes in the state of the art.
Trend analysis of post-market data
Ongoing evaluation of complaint rates, incident reports, and device performance metrics to detect statistically or clinically relevant changes over time.
Integration of multiple data sources
Combining inputs from complaints, vigilance data, registries, literature, and post-market clinical follow-up (PMCF) activities to build a comprehensive evidence base.
Early signal detection and escalation pathways
Defined processes for identifying, assessing, and acting on potential safety signals before they develop into reportable events.
Feedback into risk management and clinical evaluation
Ensuring that insights generated through PMS are systematically incorporated into risk management files and clinical evaluation reports, rather than remaining isolated outputs. Clinical evaluations are essential for demonstrating the safety and performance of medical devices, providing evidence that the device meets regulatory requirements for market approval.
Notified Bodies are designated organizations that assess the conformity of medical devices before they can be marketed in the EU, ensuring compliance with the Medical Device Regulation (MDR). The involvement of Notified Bodies is mandatory for most medical devices classified as Class IIa, IIb, and III, which require a thorough assessment of their technical documentation and quality management systems. Notified Bodies increasingly expect to see evidence of these activities during conformity assessments and audits.
A PMS system that relies solely on passive data collection is insufficient, particularly for higher-risk devices such as Class IIa and above, or those with evolving clinical evidence. Under the EU MDR, manufacturers of Class IIa and IIb medical devices are required to review their existing clinical evaluations to ensure compliance with updated regulations, which may include new requirements for devices previously exempt from such evaluations. A common limitation in PMS systems is the absence of clearly defined thresholds, meaning potential trends may be observed but not formally recognised or acted upon.
Proactive PMS is not defined by the volume of data collected, but by how effectively that data is analysed, assessed, interpreted, and translated into action.
Building a Proactive PMS System: A Continuous Surveillance Cycle
Rather than functioning as a series of isolated steps, a proactive PMS system is best understood as a continuous cycle in which data is generated, analysed, and translated into action.
This cycle typically consists of five interconnected stages:
Defining the PMS Framework
At the core of the system is a clearly structured PMS plan, required under EU MDR regulations, but more importantly, essential for operational clarity and for preparing and maintaining compliance documents.
This stage establishes:
- Who is responsible for surveillance activities
- Which data sources will be actively monitored
- What thresholds will trigger further investigation
- How the level of surveillance aligns with device risk
Without this foundation, PMS activities often remain reactive and fragmented. A common limitation is that while data sources are well defined, the mechanisms for evaluating and escalating emerging trends are not always clearly specified.
In practice, this framework is formalised through the development of a structured PMS plan within the manufacturer’s quality management system. The PMS plan is developed as a controlled document, typically authored by regulatory or quality teams with input from clinical and post-market functions, and approved through internal document control processes. Once finalised, the plan defines the specific PMS activities to be performed, assigns responsibilities, and establishes timelines and thresholds for action. These activities are then operationalised through standard operating procedures and integrated into routine workflows, ensuring that the plan is not only documented, but actively implemented and maintained.
Generating Real-World Data
Once defined, the system must actively generate relevant data rather than relying solely on passive inputs.
This includes structured approaches such as:
- Clinical follow-up (PMCF)
- Literature surveillance
- User and usability feedback
- Registry or real-world datasets
Post-market clinical follow-up (PMCF) is a structured, ongoing process through which manufacturers actively collect clinical data on their device after it has reached the market. Under EU MDR, a PMCF plan must be established for all devices, with activities proportionate to the device’s risk classification and the nature of available clinical evidence. PMCF findings feed directly into the CER and risk management file, making it a critical input to the overall PMS system.
Interpreting and Detecting Signals
Data only becomes valuable when it is systematically analysed.
At this stage, the focus shifts to:
- Identifying trends across datasets
- Detecting early signals of potential risk
- Assessing clinical relevance through cross-functional review
This is where proactive PMS distinguishes itself from routine reporting. For example, a gradual increase in device-related user errors, while not immediately reportable, indicates a developing safety or performance concern worth investigating.
Translating Insights into Action
A functional PMS system must be capable of responding to identified signals in a timely and structured manner.
This involves:
- Triggering CAPA processes
- Updating risk management and clinical evaluation documentation
- Implementing field actions where necessary
The speed and appropriateness of this response are key indicators of system effectiveness.
Closing the Loop Through Review
The final stage ensures that PMS remains dynamic rather than static.
This includes:
- Periodic reporting (e.g., PMS reports or PSURs)
- Management-level review
- Continuous refinement of surveillance strategies
In many cases, PMS systems fail not due to a lack of data, but due to a lack of structure in how that data is interpreted and acted upon.
Importantly, this stage feeds back into the PMS plan, reinforcing the cyclical nature of the system. Once the review and refinement process is completed for a cycle, the system is ready to begin the next round of activities conducted.
As illustrated above, these stages operate as a continuous loop rather than a linear process, with each cycle refining and strengthening the overall surveillance system.
MDR Post-Market Surveillance: Reporting Obligations and Regulatory Oversight
A proactive PMS system must ultimately demonstrate compliance within a defined regulatory framework. Under EU MDR 2017/745 and EU IVDR 2017/746, manufacturers are required to ensure that post-market data is not only collected and analysed, but also clearly documented, reported, and reviewed in accordance with applicable regulations and official guidance documents.
This includes:
- Maintaining up-to-date technical documentation, including the Clinical Evaluation Report (CER) and Risk Management File, in accordance with ISO 13485 and other applicable standards and guidance.
- Regular preparation and submission of Periodic Safety Update Reports (PSURs) for higher-risk devices (Class IIa, IIb, III), as required under EU regulations.
- Annual safety and performance reports mandated by the European Medical Devices Regulation (EU MDR) for products sold in the European marketplace.
- Timely vigilance reporting, including serious incidents and field safety corrective actions (FSCAs), in accordance with applicable requirements.
- Review by Notified Bodies, particularly during conformity assessments and surveillance audits.
In this context, PMS outputs are not standalone deliverables, but form part of an interconnected regulatory system in which ongoing safety and performance must be continuously demonstrated. Importantly, PMS should not function in isolation, but as an integrated component of the broader quality management system, aligned with standards such as ISO 13485 and closely linked to risk management processes.
All PMS activities and decisions should be traceable and documented, ensuring that conclusions can be clearly justified during regulatory review. Secure access to these documents is essential, allowing only authorized personnel to review or modify records, which is critical for maintaining compliance and passing audits.
Risks of an Insufficient Post-Market Surveillance System Under EU MDR
The primary goal of Post-Market Surveillance (PMS) is to protect patients from harm by identifying rare or long-term side effects and adverse events that only emerge during widespread use. An ineffective or reactive PMS system does not simply represent a regulatory gap—it has direct implications for patient safety, product performance, and organisational risk.
Where surveillance activities are insufficiently structured or delayed, emerging safety signals will go undetected. This can result in:
- Compromised patient safety, where risks are identified only after harm has occurred
- Delayed corrective actions increase the likelihood of widespread impact
- Incomplete or outdated clinical and risk documentation, affecting the validity of benefit–risk conclusions
Effective PMS enables timely measures such as safety warnings, modifications, or recalls when the risks of a product begin to outweigh its benefits. Post-market surveillance mechanisms are essential for identifying the need for corrective actions if the risks associated with the continued use of a medical device outweigh its benefits, highlighting opportunities for improvement.
Risk management integration involves updating the risk management file with real-world data and re-evaluating a device’s risk/benefit profile to ensure ongoing safety and compliance.
From a regulatory perspective, inadequate PMS systems may lead to:
- Non-compliance with requirements under EU MDR 2017/745 and EU IVDR 2017/746
- Critical audit findings and non-conformities during Notified Body assessments
- Increased scrutiny, certification delays, or potential suspension of CE marking
Beyond regulatory consequences, there are also broader ethical and reputational considerations. A failure to proactively monitor device performance may undermine trust among clinicians, patients, and regulatory authorities.
PMS is not solely a compliance activity—it is a core mechanism for ensuring that medical devices remain safe and effective throughout their lifecycle.
Conclusion
Post-market surveillance has evolved from a passive, compliance-driven activity into a central component of the medical device lifecycle. As regulatory expectations continue to shift under frameworks such as EU MDR 2017/745 and EU IVDR 2017/746, manufacturers are required not only to collect post-market data, but to actively interpret and act on it.
A proactive PMS system is defined not by the volume of data it generates, but by how effectively that data is translated into insight and action. Systems that remain reactive risk missing early signals, delaying intervention, and compromising both compliance and patient safety.
By adopting a structured, cyclical approach — where data generation, analysis, and action are continuously integrated — manufacturers can move beyond minimum regulatory requirements and establish PMS as a meaningful driver of device safety and performance. If you are reviewing your current PMS system or building one from the ground up, Citemeds works with manufacturers to design surveillance frameworks that meet regulatory expectations and support long-term device safety. Get in touch to discuss your requirements.
Frequently Asked Questions
What is post-market surveillance under EU MDR?
Post-market surveillance (PMS) under EU MDR 2017/745 is the ongoing process by which medical device manufacturers collect, analyse, and act on real-world data about their device’s safety and performance. Unlike previous frameworks, EU MDR requires PMS to be proactive and continuous — not simply reactive to complaints or adverse events. Manufacturers must maintain a documented PMS plan and demonstrate active surveillance through regular reporting and clinical evaluation updates.
What is the difference between PMS and PMCF?
Post-market surveillance (PMS) is the broader system through which manufacturers monitor device performance across multiple data sources, including complaints, vigilance data, literature, and registries. Post-market clinical follow-up (PMCF) is a specific component of PMS focused on actively collecting clinical data on the device after it has reached the market. PMCF findings feed directly into the clinical evaluation report and risk management file, making it one of the most important inputs to the overall PMS system.
What is a PSUR and when is it required?
A Periodic Safety Update Report (PSUR) is a structured document in which manufacturers summarise post-market surveillance data, assess the ongoing benefit-risk profile of their device, and confirm that the conclusions of the clinical evaluation remain valid. Under EU MDR, PSURs are required for Class IIa devices at a minimum of every two years, and annually for Class IIb and Class III devices. The PSUR is one of the primary documents reviewed by Notified Bodies when assessing the effectiveness of a manufacturer’s PMS system.
What happens if a manufacturer’s PMS system is insufficient?
An insufficient PMS system can have serious consequences at both a regulatory and patient safety level. From a regulatory perspective, manufacturers risk critical audit findings during Notified Body assessments, non-compliance with EU MDR 2017/745, and potential suspension of CE marking. From a patient safety perspective, an ineffective system means emerging risks may go undetected until harm has already occurred. Notified Bodies are increasingly scrutinising PMS systems during conformity assessments, particularly for higher-risk devices.
How does ISO 13485 relate to post-market surveillance?
ISO 13485 requires manufacturers to maintain documented procedures for post-market surveillance activities, ensuring that real-world performance data feeds back into quality management processes. Under EU MDR, PMS must function as an integrated component of the broader quality management system — not as a standalone activity. Aligning PMS processes with ISO 13485 supports both regulatory compliance and operational consistency across the product lifecycle.
When should a manufacturer review their PMS plan?
A PMS plan should be reviewed regularly as part of the cyclical surveillance process, and updated whenever significant new data emerges — such as a change in the state of the art, a new safety signal, or an update to the device’s intended use. For higher-risk devices, this review should occur at least annually. The outcomes of each review cycle should feed back into the PMS plan, ensuring the system remains current and proportionate to the device’s evolving risk profile.
