EU MDR Post-Market Surveillance Plan: MDCG 2025-10 Practical Guide
Build a PMS plan aligned with MDCG 2025-10 guidance: proactive data collection, QMS integration, trend reporting, PMS reports vs PSURs, and custom-made device obligations.
Post-market surveillance (PMS) is no longer a peripheral compliance exercise. Under the EU MDR and IVDR, manufacturers must operate a structured PMS system that actively gathers real-world data, feeds it back into risk management and clinical evaluation, and generates documented reports proportionate to device risk. The MDCG's December 2025 publication of MDCG 2025-10: Guidance on post-market surveillance of medical devices and in vitro diagnostic medical devices is the most detailed interpretive document the regulator has issued on this topic — and it raises the bar significantly above what most manufacturers had in place under the MDD.
This guide translates MDCG 2025-10 into a practical framework for building and maintaining a PMS plan that meets MDR Article 84, IVDR Article 79, and Annex III requirements, with specific attention to what changed in the guidance, how PMS interacts with other QMS processes, and what Notified Bodies are now looking for during audits.
Why MDCG 2025-10 Matters
Published on December 19, 2025, MDCG 2025-10 is not legally binding, but it represents the consensus view of all EU member state competent authorities on how PMS requirements should be interpreted and implemented. Notified Bodies use MDCG guidance as a benchmark during conformity assessment and surveillance audits. The document:
- Expands on Articles 83 (MDR) and 78 (IVDR) — the core PMS system requirements — with detailed interpretation of what "proactive" and "systematic" data gathering actually means.
- Provides three reference tables that map Annex III requirements to practical implementation: Table 1 (PMS plan elements), Table 2 (information sources), and Table 3 (PMS–QMS interaction points).
- Clarifies the relationship between PMS, risk management, clinical evaluation, and CAPA — areas where previous guidance was thin.
- Addresses custom-made device PMS obligations, which were largely undefined before this document.
For any manufacturer holding or seeking MDR/IVDR certification, aligning your PMS plan with MDCG 2025-10 is no longer optional in practice.
The PMS System vs. the PMS Plan vs. PMS Reports
These three elements form a hierarchy that the guidance treats as distinct but interconnected:
| Element | Definition | Where Defined | Applies To |
|---|---|---|---|
| PMS system | The organizational framework — procedures, responsibilities, resources — that governs how post-market data is collected, analyzed, and acted upon. Part of the QMS. | MDR Article 83, IVDR Article 78 | All devices, all classes |
| PMS plan | A documented plan describing the specific PMS activities, methods, data sources, and timelines for a device or group of devices. Part of the technical documentation. | MDR Article 84, IVDR Article 79, Annex III | All devices, all classes (proportionate to risk) |
| PMS report | The output document summarizing PMS findings and conclusions. Takes two forms: a PMS report (Class I / Class A–B IVDs) or a PSUR (Class IIa–III / Class C–D IVDs). | MDR Articles 85–86, IVDR Articles 80–81 | All devices, format depends on class |
A common error is treating the PMS plan as a static document. MDCG 2025-10 emphasizes that the plan must be a living document within the technical documentation, updated as new data emerges and as the device's risk profile evolves over its lifecycle.
Building the PMS Plan: MDCG 2025-10 Requirements
Annex III of the MDR/IVDR specifies the minimum content of a PMS plan. MDCG 2025-10 Table 1 (pages 8–9) expands each requirement with implementation detail. The core elements are:
1. Scope and Device Identification
The plan must identify the device or group/family of devices it covers, including model/variant designations, intended use, and risk classification. Grouping is permitted where devices share the same technology, intended use, and risk profile, but the rationale for grouping must be documented.
2. Data Collection Methods and Sources
MDCG 2025-10 Table 2 (pages 11–12) details the information sources listed in Annex III and what manufacturers should collect from each:
| Information Source | What to Collect |
|---|---|
| Serious incidents and FSCA reports | All reportable events, timelines, root cause analysis, corrective actions |
| Non-serious incidents and complaints | Volume, trends, patterns, adequacy of existing risk controls |
| Trend reporting data | Non-serious incidents and expected undesirable side effects that show statistically significant increases |
| Relevant specialist or technical literature, databases, and publications | Published clinical data, safety signals, state-of-the-art benchmarks |
| Information from users, patients, and caregivers | Usability feedback, off-label use reports, real-world performance data |
| Published clinical or performance evaluation data | New clinical evidence, systematic review updates, registry data |
| PMCF / PMPF data | Results from post-market clinical or performance follow-up studies |
| Screening of public databases | EUDAMED vigilance module, FDA MAUDE, MHRA, BfArM, Swissmedic, and other competent authority databases |
| Market surveillance data from competent authorities | Inspection findings, product recalls, safety alerts |
| Comparable device data | Performance of equivalent or similar devices on the market |
A critical shift in MDCG 2025-10: the guidance explicitly requires proactive data collection, not just passive complaint handling. Manufacturers must actively seek information from the sources above, not merely wait for complaints to arrive.
3. Proactive Data Collection: What "Proactive" Means
The guidance devotes specific attention to this concept because many manufacturers relied on a complaint-driven model under the MDD. MDCG 2025-10 clarifies that proactive means:
- Systematic literature surveillance at defined intervals (not just during CER updates).
- Active user feedback channels, including surveys, user group meetings, and direct outreach to healthcare professionals.
- Screening of external databases for safety signals related to the device type, not just your own device.
- Benchmarking against comparable devices to assess whether your device's performance is in line with the state of the art.
- Using PMCF/PMPF data to actively generate new clinical evidence, not just to confirm existing claims.
4. Methods for Assessment and Analysis
The plan must describe the methodologies used to evaluate collected data, including:
- Statistical methods for trend analysis and signal detection.
- Criteria for triggering investigations or corrective actions.
- How PMS data will be compared against the benefit-risk profile established during initial conformity assessment.
- Performance indicators that will be tracked.
5. Trend Reporting Methodology
MDR Article 88 and IVDR Article 83 require manufacturers to report trends in non-serious incidents and expected undesirable side effects. MDCG 2025-10 requires the PMS plan to define:
- The methodology for detecting statistically significant increases in frequency or severity.
- Thresholds for when a trend becomes reportable.
- The reporting format and timelines for trend reports to competent authorities.
Trend reporting is one of the areas where Notified Bodies have issued the most non-conformities, because manufacturers often lack documented statistical methodology in their PMS plans.
6. Risk Management Feedback Loop
PMS data must feed into the risk management file (ISO 14971) on an ongoing basis. The plan must describe how newly identified risks or changed risk levels detected through PMS will trigger risk management updates, including:
- Re-evaluation of the benefit-risk ratio.
- Updates to risk control measures.
- Assessment of whether previously acceptable residual risks have become unacceptable.
7. Communication with Competent Authorities and Notified Bodies
The plan must outline procedures for communicating PMS findings to regulators, including timelines and formats for:
- Serious incident reporting (MDR Article 87, IVDR Article 82).
- FSCA notifications.
- Trend reports.
- PSUR submissions to Notified Bodies.
8. Traceability and Device Tracking
The plan must describe methods for tracing devices following complaints or adverse events, including:
- UDI-based traceability.
- Complaint lot/batch tracking.
- Procedures for identifying affected devices in the field.
PMS Report vs. PSUR: Which One Do You Need?
| Document | Applies To | Update Frequency | Shared With |
|---|---|---|---|
| PMS report | Class I devices (MDR) / Class A and B IVDs (IVDR) | As needed, and at minimum when required by competent authority | Available to competent authorities on request |
| PSUR (Periodic Safety Update Report) | Class IIa, IIb, III devices (MDR) / Class C and D IVDs (IVDR) | Class IIa / Class C: when necessary and at least every two years. Class IIb–III / Class D: at least annually. | Submitted to Notified Body as part of surveillance review |
Key distinctions:
- PSURs are always required for Class IIa and above under the MDR and Class C/D under IVDR. There is no exemption.
- PSURs must summarize results and conclusions of PMS data analysis, the volume of sales, and an assessment of whether the benefit-risk profile remains acceptable.
- Class I PMS reports are less formal but must still be available for inspection. MDCG 2025-10 confirms that the MDR/IVDR does not define a specific update frequency for PMS reports, though a three-year cycle is considered best practice.
- PSURs are part of the technical documentation (MDR Article 86(2)) and must be updated throughout the device lifetime.
PMS and QMS Integration
MDCG 2025-10 Table 3 (pages 15–17) provides the most detailed mapping yet of how PMS interacts with other QMS processes:
| PMS Output | QMS Process Fed | How |
|---|---|---|
| New risk signals from complaint analysis | Risk management (ISO 14971) | Triggers risk re-evaluation and potential risk control updates |
| Clinical data from PMCF | Clinical evaluation (MDR Article 61, Annex XIV) | Updates the CER, confirms or revises clinical evidence claims |
| Trend data showing increasing incident frequency | Vigilance / Trend reporting | Triggers trend report to competent authorities |
| User feedback on usability issues | Design and development inputs | May trigger design change requests (ECO) |
| PMS findings showing inadequate risk controls | CAPA system | Opens CAPA for root cause investigation and corrective action |
| Overall PMS system effectiveness data | Management review (ISO 13485 §5.6) | PMS KPIs reported to top management for resource allocation decisions |
| Device performance vs. state of the art | SSCP updates (Class III, implantable) | New data integrated into SSCP published in EUDAMED |
This integration is what separates a compliant PMS system from a documentation exercise. Notified Bodies are specifically looking for evidence that PMS data actually flows into these processes and drives decisions, not just that data is collected and filed.
Custom-Made Device PMS Obligations
MDCG 2025-10 Section 3.2 clarifies that PMS requirements under Article 83 MDR apply to all devices including custom-made devices (CMDs). This means:
- CMD manufacturers must establish a PMS system proportionate to the device risk.
- Section 5 of Annex XIII MDR requires CMD manufacturers to review and document experience gained in the post-production phase, including PMCF.
- PMS findings must be used to implement corrective actions.
- Vigilance reporting obligations apply to CMDs in the same way as to serial-produced devices.
Previously, many CMD manufacturers treated PMS as inapplicable or minimal. The guidance makes clear that this is not acceptable.
Practical Implementation Checklist
If you are building or updating your PMS plan to align with MDCG 2025-10, use this checklist:
- PMS system is documented as part of the QMS, with defined roles, responsibilities, and reporting lines to top management.
- PMS plan exists for each device or device group, is part of the technical documentation, and is dated and version-controlled.
- Proactive data sources are specified — not just complaints, but literature surveillance, database screening, user feedback, and PMCF.
- Information sources from MDCG 2025-10 Table 2 are mapped to specific data collection activities in the plan.
- Trend reporting methodology is documented, including statistical methods and thresholds.
- Risk management feedback loop is described, with triggers for risk file updates.
- Clinical evaluation feedback loop is described, with triggers for CER updates.
- CAPA linkage is documented, with PMS data as a recognized CAPA input source.
- Management review receives PMS system performance data at defined intervals.
- PMS report or PSUR format is defined, with update frequency appropriate to device class.
- Custom-made device PMS is documented if applicable.
- Traceability procedures leverage UDI and batch/lot tracking.
Common Non-Conformities
Based on Notified Body audit findings across 2024–2026, the most frequent PMS-related non-conformities include:
- PMS plan is generic and not device-specific. A single plan covering all devices without differentiation by risk class or device characteristics.
- No proactive data collection. Plans that list only complaint handling as a data source, with no literature surveillance or external database screening.
- Missing trend reporting methodology. Plans that mention trend reporting but do not define statistical methods, thresholds, or reporting triggers.
- PMS data not feeding into risk management or clinical evaluation. Data is collected and filed but there is no documented process for using it to update risk files or CERs.
- PSUR update frequency not met. PSURs overdue or not updated at the required intervals.
- No PMS plan for custom-made devices. CMD manufacturers with no documented PMS activities.
Key Takeaways
- MDCG 2025-10 is the definitive reference for PMS under MDR/IVDR. Notified Bodies are using it as an audit benchmark.
- PMS must be proactive — actively gathering data from multiple sources — not merely reactive complaint handling.
- The PMS plan is part of technical documentation (not just the QMS) and must be updated throughout the device lifecycle.
- PMS data must flow into risk management, clinical evaluation, CAPA, design change, and management review through documented processes.
- Trend reporting requires explicit statistical methodology; this is a top audit finding area.
- Custom-made devices are not exempt from PMS requirements.
- PSUR frequency and content requirements vary by device class and must be strictly maintained.
Sources
- Regulation (EU) 2017/745 (MDR), Articles 83–88, Annex III.
- Regulation (EU) 2017/746 (IVDR), Articles 78–83, Annex III.
- MDCG 2025-10, Guidance on post-market surveillance of medical devices and in vitro diagnostic medical devices, December 2025. Available at: health.ec.europa.eu.
- MDCG 2022-21, Guidance on Periodic Safety Update Report (PSUR), Revision 0, December 2022.
- ISO 14971:2019, Medical devices — Application of risk management to medical devices.
- ISO 13485:2016, Medical devices — Quality management systems — Requirements for regulatory purposes, Section 5.6 (Management Review), Section 8.2 (Feedback, Complaint Handling, Reporting).
- Casus Consulting, MDCG 2025-10: New MDR/IVDR Guidance on Post-Market Surveillance (PMS), January 2026.
- Emergo by UL, PMS & PSUR Requirements Under the European MDR, whitepaper.
- ECA Academy, MDCG publishes Guidance on the Surveillance of Medical Devices and IVDs, January 2026.