Post-Market Surveillance That Holds Up: What MDCG 2025-10 Expects

Post-market surveillance is one of those requirements that most manufacturers technically meet and few do well. A procedure exists, complaints get logged, a PMS report or PSUR gets updated on schedule. Then a notified body asks how the PMS data actually changed the risk file, and the gap shows.

In December 2025, the Medical Device Coordination Group published MDCG 2025-10, a comprehensive EU guidance document on post-market surveillance covering both medical devices and IVDs. It doesn't create new legal obligations. What it does is spell out, in practical detail, what competent authorities and notified bodies expect a working PMS system to look like under the MDR and IVDR. That makes it the reference point your next audit will measure against, which is reason enough to read your own PMS system against it now.

What The Guidance Actually Is

MDCG 2025-10 interprets the PMS requirements already set out in the MDR (Articles 83 to 86) and the IVDR (Articles 78 to 81). It is guidance, not a binding act. Only the Court of Justice of the EU can give binding interpretations of the law. In practice, though, MDCG guidance represents the shared expectation across member states and notified bodies, so treating it as optional is a poor bet.

The document covers the PMS system as a whole, the PMS plan in detail, the main activities in the PMS cycle, and, importantly, how PMS feeds the rest of your quality management system. It applies to all device classes, including custom-made devices.

PMS is not a report you produce once a year. It is a continuous system that runs for the entire lifetime of the device.

The Word That Carries The Most Weight: Proactive

If there is one idea the guidance returns to, it's that PMS has to be proactive. The distinction matters. A reactive system waits for information to arrive through complaints and incidents. A proactive system deliberately goes looking for it.

The guidance is explicit that manufacturers should actively seek out available information rather than merely wait for it. It lists the kinds of sources that count: customer and user surveys, screening of scientific literature, user feedback gathered during training, evaluation of registers and registries where suitable, data on similar devices already on the market, and post-market clinical or performance follow-up. Complaint handling is part of PMS, but a PMS system built only on complaints is the most common way manufacturers fall short of the expectation.

What Belongs In The PMS Plan

The PMS plan is part of the technical documentation, and its required contents come from section 1(b) of Annex III of both regulations. MDCG 2025-10 works through each element. A plan that meets the expectation needs to define the scope of devices it covers, then set out several things clearly.

It needs a proactive, systematic process for collecting post-market information, with the data sources and the frequency named. It needs the methods for assessing and analysing that data, proportionate to the device's risk. It needs suitable indicators and threshold values, the limits beyond which action is triggered, feeding the continuous reassessment of the benefit-risk balance. It needs methods for investigating complaints and for trend reporting under Article 88 MDR / Article 83 IVDR, including how a statistically significant increase in frequency or severity is determined. It needs defined communication routes to competent authorities, notified bodies, other economic operators, and users. And it needs the PMCF or PMPF plan, or a documented justification for why one isn't applicable.

A PMS plan that lists activities but never states a threshold for action is a plan that can’t tell you when something has gone wrong.

The guidance is clear that indicators and threshold values should be set in the pre-market phase, then refined as real-world data comes in. This is where many plans are thinnest. They describe what data will be collected without ever committing to what level of signal means the benefit-risk balance needs re-examining.

The Part That Gets Missed: PMS Has To Feed The QMS

The strongest section of MDCG 2025-10, from a practical standpoint, is the one on how PMS interacts with the rest of the quality system. Under Article 83(3) MDR / Article 78(3) IVDR, information from PMS must be used, on a continuous basis, as input to other processes.

That means PMS data updating the benefit-risk determination and the risk management file. It means PMS findings feeding updates to design and manufacturing information, the instructions for use, and labelling. It means PMS output flowing into the clinical or performance evaluation, into the SS(C)P for the higher-risk devices that require one, and into the identification of corrective, preventive, and field safety corrective actions. The guidance even includes worked scenarios, tracing how an increase in incidents moves through investigation, CAPA, risk file update, and field action.

This is the join that audits probe hardest. A PMS system that collects data diligently but never demonstrably changes the risk file or the IFU is a system that isn't closing the loop the regulation requires.

Reading Your Own System Against The Guidance

The practical exercise is to take your current PMS plan and check it against what MDCG 2025-10 lays out. Does it name proactive data sources, or does it lean almost entirely on complaints? Are there real indicators and thresholds, or just a description of monitoring? Can you show, with documented examples, PMS data actually updating your risk management file, your clinical evaluation, or your labelling? If those links are implied rather than evidenced, the plan may read well, but it will not hold up when someone tests whether the system is actually working.

This is interpretation rather than a new requirement: MDCG 2025-10 doesn't oblige you to rewrite a compliant PMS plan. But a plan read cold against the guidance, before a notified body reads it, tends to reach the audit in far better shape.

How Gladiolus Can Help

Gladiolus QRS helps medical device and IVD manufacturers build and strengthen post-market surveillance systems that hold up under review, with the emphasis on finding weak points before an assessor does.

If you don't yet have a PMS plan in place, we prepare one with you from the ground up: defining proactive data sources, setting indicators and threshold values tied to your device's risk, and specifying trend reporting and complaint investigation methods to match the structure MDCG 2025-10 sets out. If you already have a plan, we review it against that same structure and identify what needs to close. Either way, we help build the connections that audits probe: PMS feeding the ISO 14971 risk management file, complaint handling and CAPA, and updates to technical documentation, IFU, and labelling. Where the links between PMS and the rest of the QMS are thin, we help make them explicit and evidenced.

Whether you're building a PMS system from scratch, preparing for an MDR or IVDR audit, or want a second read of a plan you already have, Gladiolus QRS can assess your current post-market surveillance against the guidance and identify the practical gaps to close. As an EU MDR PMS consultant and medical device regulatory advisor, Gladiolus QRS helps make surveillance a controlled, evidenced process rather than a surprise at audit. Get in touch to discuss PMS plan preparation, a gap assessment, or risk management alignment.

Next
Next

MDSAP Certification Explained: One Audit for Five Medical Device Markets