MDR Vigilance Reporting Deadlines: 2, 10, and 15 Days — What Triggers Each
Quick answer: Under EU MDR Article 87, manufacturers must report serious incidents to the competent authority not later than 15 days after becoming aware; 10 days if the incident caused death or an unanticipated serious deterioration in health; and 2 days for a serious public health threat. Field safety corrective actions (FSCAs) must be reported before implementation except in urgency. The clock starts at awareness, not at completion of your investigation — which is why vigilance readiness is a process design problem, not a form-filling problem.
What counts as a serious incident
Article 2(65) defines a serious incident as one that directly or indirectly led, might have led, or might lead to: death of a patient, user, or other person; temporary or permanent serious deterioration of health; or a serious public health threat. Note the "might have led" — near-misses with serious potential are reportable. Expected side effects that are clearly documented in the product information and quantified in the technical documentation are excluded, as is trend-level information (handled under Article 88 trend reporting).
The deadlines, precisely
Serious public health threat — immediately, and not later than 2 days after awareness (Article 87(4)).
Death or unanticipated serious deterioration in health — immediately, and not later than 10 days (Article 87(5)).
Any other serious incident — immediately, and not later than 15 days (Article 87(3)).
Uncertain whether reportable? — report within the applicable timeframe anyway; when in doubt, report (Article 87(2) principle).
FSCA — advance notice before implementation, except where urgency requires otherwise (Articles 87(1)(b), 87(8)).
An initial report can be incomplete — follow up with a final report. What you cannot do is sit on an event while investigating whether it "really" qualifies.
Trend reporting: the quiet obligation
Article 88 requires reporting of statistically significant increases in the frequency or severity of non-serious incidents or expected side effects that could materially affect the benefit-risk analysis. This only works if your PMS plan defined baselines and threshold values — another place where post-market surveillance and vigilance interlock.
Designing a process that hits the clock
The deadline failures we see are process failures upstream of the form: complaints sitting in a support inbox for a week before anyone triages them (awareness may already have started the clock); no decision tree distinguishing complaint → incident → serious incident; nobody authorised to file when the responsible person is on leave; and no rehearsal — the first live serious incident is the worst time to learn the workflow.
A vigilance-ready system has: 24–72h complaint triage with documented reportability decisions, a named decision-maker plus deputy, pre-drafted report templates, and the PRRC's verification role (Article 15(3)(d)) built into the flow rather than bolted on. This is exactly the infrastructure an external PRRC mandate should include — QLE Group runs vigilance standby as part of its PRRC retainers.
Frequently asked questions
Does the clock start when the customer emails, or when quality reads it? "Awareness" is when information reaches the manufacturer's organisation — an unread inbox is not a defence. Triage speed is the control.
Do we report to every member state? Reports go to the competent authority of the member state where the incident occurred, using the manufacturer incident report (MIR) form; once EUDAMED's vigilance module is fully operational, submission is centralised there.
Are incidents outside the EU reportable under MDR? FSCAs undertaken in third countries are reportable when they relate to a device also legally made available in the EU. Incident data everywhere feeds PMS regardless.
Who decides if an event is reportable? Your documented procedure decides; the PRRC verifies vigilance obligations are met. Decisions "not reportable" must be recorded with rationale — auditors sample them.
About QLE Group
QLE Group builds and staffs vigilance systems — triage procedures, reportability decision trees, MIR filing, and FSCA management — integrated with PI-insured external PRRC mandates from Brussels. Delivered by Radoslav Milkov, qualified PRRC, ISO 13485 / 21 CFR 820 Lead Auditor, LL.M. in EU Law. Pricing indexed to complexity at qle.be.
Test your vigilance readiness before an incident does. Book a scoping call or email info@qle.be.