Why your FSCA gets rejected before you notify anyone
Most field safety corrective actions fail before they reach Competent Authorities. The manufacturer notifies the FSCA, sends letters to customers, updates labels. Then regulators reject the entire approach. Not because of what was done, but because the manufacturer never identified what needed to be corrected in the first place.
In This Article
- What Makes an Action a Field Safety Corrective Action
- The Root Cause That No One Wants to Write Down
- Why the Corrective Action Itself Must Be Specific
- The Timing Trap That Catches Everyone
- The Field Safety Notice Content That Gets Overlooked
- Why Follow-Up Determines FSCA Effectiveness
- What Happens When You Notify Late or Incorrectly
- The Integration That Makes FSCAs Sustainable
- The Next Regulatory Expectation That Is Already Here
I see this pattern repeatedly. A manufacturer discovers a problem. They act quickly. They notify. They send Field Safety Notices. They update documentation. Then they face enforcement action because the FSCA itself was insufficient.
The issue is not speed. The issue is understanding what an FSCA actually is under MDR Article 89.
What Makes an Action a Field Safety Corrective Action
Under MDR Article 89, an FSCA is any corrective action taken by a manufacturer for technical or medical reasons to prevent or reduce a risk of serious incident associated with the use of a device already placed on the market.
This definition contains three elements that manufacturers consistently misinterpret.
First, the action must be corrective. That means it addresses a root cause. It changes something about the device, its use, or the information provided with it. An FSCA is not an investigation. It is not monitoring. It is not a communication exercise. It is a correction.
Second, the reason must be technical or medical. Financial decisions, commercial strategy changes, or supply chain modifications do not trigger FSCA requirements. But here is where manufacturers make the first major error: they assume that if they frame a decision as commercial, they avoid FSCA obligations. That only works if the underlying reason is truly commercial. If there is any technical or medical concern driving the decision, the FSCA requirement applies regardless of how the manufacturer labels it.
Third, the risk must concern a serious incident. The threshold is defined in MDR Article 2(65). Manufacturers often argue that because no serious incident has occurred, no FSCA is needed. This misses the point. The regulation says prevent or reduce a risk of serious incident. If the potential exists, the FSCA obligation exists.
Manufacturers treat FSCAs as communication exercises. They focus on notifying users rather than correcting the root cause. Regulators reject FSCAs where the corrective action itself is unclear or insufficient.
The Root Cause That No One Wants to Write Down
Every FSCA must identify a root cause. This is not optional. This is not implied. MDCG 2020-10-1 explicitly requires manufacturers to investigate and document the root cause of the issue that triggered the FSCA.
Yet in most submissions, the root cause section is vague. The manufacturer describes what happened. They describe what they will do. But they avoid stating clearly what went wrong and why.
This avoidance creates a problem. Without a clear root cause, the corrective action cannot be evaluated. Competent Authorities and Notified Bodies cannot assess whether the proposed action actually addresses the problem. More importantly, they cannot assess whether the same root cause affects other devices, other batches, or other markets.
Manufacturers resist documenting root cause because it feels like an admission of fault. In some legal contexts, it is. But under MDR, the root cause must be documented regardless of legal concerns. The regulation does not allow manufacturers to skip this step to protect themselves from liability. If the root cause cannot be stated, the FSCA cannot be justified.
Here is what happens when root cause is missing: the Competent Authority asks for clarification. The manufacturer provides additional explanation. The Competent Authority finds inconsistencies. The manufacturer revises the explanation. The Competent Authority opens an investigation into whether other devices are affected. What could have been a clear, limited FSCA becomes a prolonged regulatory issue.
A clear root cause limits regulatory scrutiny. A vague root cause expands it. The manufacturer who avoids stating the problem clearly ends up answering more questions, not fewer.
Why the Corrective Action Itself Must Be Specific
The second failure point is the corrective action itself. Manufacturers often describe actions that are not corrective.
Sending a Field Safety Notice is not a corrective action. It is a notification requirement under MDR Article 89(4). The corrective action is what the notice instructs users to do, or what the manufacturer changes about the device.
Updating the Instructions for Use is not always a corrective action. If the update provides new information that reduces risk, it is corrective. If the update clarifies existing information without changing how the device is used, it may not meet the threshold for an FSCA.
Offering product replacement is not automatically a corrective action. If the replacement device is identical to the original, no correction has occurred. If the replacement device has been modified, the modification is the corrective action. The replacement is the implementation method.
Competent Authorities evaluate FSCAs by asking: what has been corrected? If the answer is not immediately clear from the FSCA documentation, the submission is deficient.
This is not a theoretical standard. MDR Article 89 requires manufacturers to immediately inform Competent Authorities of the corrective action taken. Not the action planned. Not the investigation ongoing. The action taken. This means the manufacturer must know, before notification, exactly what is being corrected and how.
The Timing Trap That Catches Everyone
MDR Article 89(3) requires notification without delay and at the latest within 10 days after the date on which the manufacturer establishes the need for the FSCA. This deadline seems clear until you ask: when exactly did the manufacturer establish the need?
Manufacturers often interpret this generously. They count from the day they complete their investigation, or the day they finalize their corrective action plan, or the day they receive management approval to proceed. None of these interpretations align with regulatory expectations.
The need for an FSCA is established when the manufacturer has sufficient information to conclude that a risk of serious incident exists and that corrective action is necessary. This can occur early in an investigation. It does not wait for full root cause analysis. It does not wait for action plan approval. It does not wait for convenience.
Competent Authorities assess this timing by working backward. They review the manufacturer’s complaint files, risk management documentation, and internal communications. They identify when the key information was available. If notification occurred more than 10 days after that point, the manufacturer is in breach regardless of their internal justification.
This has practical implications. If you wait to notify until you have a complete corrective action plan, you may already be late. The regulation requires you to notify when you establish the need, not when you finalize the solution.
Manufacturers notify after completing their internal process. Regulators expect notification as soon as the need is established. The gap creates non-compliance even when the manufacturer acted in good faith.
The Field Safety Notice Content That Gets Overlooked
MDCG 2020-10-1 specifies the minimum content for Field Safety Notices. Most manufacturers meet the checklist. They include device identification, description of the problem, corrective action instructions, and contact information.
But there is a content requirement that gets overlooked: the notice must enable the user to understand the risk and act appropriately. This is not about listing information. It is about communication effectiveness.
I review Field Safety Notices where all required elements are present, but the actual risk remains unclear. The notice describes a technical issue without explaining the clinical consequence. It provides instructions without explaining why those instructions matter. It meets the regulatory checklist but fails to achieve the regulatory purpose.
Competent Authorities increasingly evaluate Field Safety Notices for comprehensibility. If a healthcare professional cannot determine from reading the notice whether they need to stop using the device, check specific patients, or take immediate action, the notice is deficient.
This is particularly important for notices directed to patients or non-professional users. The language must be clear without being patronizing. The instructions must be specific without being technical. The risk must be explained without causing unnecessary alarm.
The standard is simple: after reading the Field Safety Notice, could a reasonable user identify affected devices, understand the risk, and implement the corrective action? If the answer is not clearly yes, the notice needs revision before distribution.
Why Follow-Up Determines FSCA Effectiveness
MDR Article 89(5) requires manufacturers to ensure that FSCAs are implemented all the way down the supply chain to the user. This is not a suggestion. This is an obligation that most manufacturers underestimate.
Sending a Field Safety Notice is not sufficient. The manufacturer must verify that the notice reached the intended recipients and that the corrective action was implemented. This means tracking distribution, confirming receipt, and monitoring implementation.
For devices used in healthcare settings, this typically involves contacting distributors and direct customers. But it also means following up when responses are not received. It means re-sending notices through alternative channels. It means escalating when compliance is poor.
For devices sold to consumers, the challenge is greater. The manufacturer may not have direct contact with end users. Distribution records may be incomplete. Tracking implementation may be impossible. These difficulties do not eliminate the obligation. They require the manufacturer to use available channels and document reasonable efforts.
Competent Authorities evaluate FSCA effectiveness partly by reviewing follow-up activities. If a manufacturer cannot demonstrate systematic follow-up, the FSCA is considered incomplete regardless of how well the initial notification was executed.
This creates an ongoing obligation. An FSCA is not closed when the notice is sent. It is closed when the corrective action has been implemented to the extent reasonably possible and when the manufacturer has documented their efforts to verify implementation.
The most compliant FSCA notification becomes non-compliant if follow-up is missing. Regulators assess the entire process, not just the initial submission.
What Happens When You Notify Late or Incorrectly
The consequences of FSCA deficiencies are not theoretical. Competent Authorities have clear enforcement pathways under MDR Article 95.
Late notification triggers investigation into whether the delay increased patient risk. If it did, the manufacturer faces penalties. If the delay suggests systematic problems with post-market surveillance, the manufacturer faces broader scrutiny of their quality system.
Incomplete or unclear FSCAs lead to requests for additional information, which extend the timeline and increase resource burden. If the deficiencies are significant, Competent Authorities may issue their own safety communications, which damage manufacturer reputation more than any self-initiated FSCA.
Failure to implement corrective actions or verify implementation leads to market surveillance actions. These can include mandatory recall, suspension of certificates, or restrictions on placing devices on the market.
The enforcement approach varies by Competent Authority, but the trend is consistent: regulators are less tolerant of FSCA deficiencies than they were under the previous directives. MDR gives them clearer authority and more specific requirements to enforce.
This means manufacturers cannot rely on informal approaches or relationship-based compliance. The FSCA process must be systematic, documented, and complete.
The Integration That Makes FSCAs Sustainable
FSCAs do not exist in isolation. They are part of the manufacturer’s quality management system, post-market surveillance system, and risk management process. This integration is not automatic. It requires deliberate design.
The quality management system must include procedures for FSCA decision-making, notification, implementation, and verification. These procedures must specify roles, timelines, and documentation requirements. They must be tested through periodic review or simulation.
The post-market surveillance system must feed FSCA decision-making. Complaint trends, literature findings, and clinical follow-up data should be systematically evaluated for potential FSCA triggers. This evaluation cannot wait for annual review. It must be ongoing.
The risk management process must be updated when an FSCA occurs. The identified hazard, the root cause, and the corrective action must all be reflected in the risk management file. This update informs future design decisions and demonstrates that the manufacturer has learned from the issue.
Notified Bodies assess this integration during audits. They look for evidence that FSCAs are systematically managed, not handled ad hoc. They review how FSCA information flows within the organization and how it influences other processes. If the integration is weak, it signals broader quality system deficiencies.
The practical implication: building FSCA capability is not about creating templates or checklists. It is about embedding FSCA thinking into how the organization operates. It is about making root cause analysis, corrective action planning, and verification standard practice, not exceptional activity.
The Next Regulatory Expectation That Is Already Here
Competent Authorities are beginning to evaluate FSCA patterns across manufacturers. They are identifying common failure modes, comparing manufacturer responses, and assessing industry-wide risks. This trend will accelerate as EUDAMED becomes fully operational.
For manufacturers, this means that individual FSCAs will be evaluated not only on their own merits but also in context of industry patterns. If your FSCA addresses a problem that other manufacturers in the same device category have already addressed, regulators will ask why your surveillance system did not identify the issue earlier. If your corrective action is less comprehensive than industry standard, regulators will question its adequacy.
This shifts FSCA management from reactive to anticipatory. Manufacturers need to monitor not only their own devices but also regulatory communications about similar devices. They need to assess whether issues affecting competitors could affect their devices. They need to document these assessments even when they conclude no action is needed.
The manufacturers who manage FSCAs most effectively are those who treat them as learning opportunities, not compliance burdens. They analyze root causes deeply. They implement corrective actions thoroughly. They verify effectiveness systematically. And they apply lessons learned to prevent similar issues in the future.
That is the standard. That is what meets regulatory expectations. Everything less creates risk, for patients and for the business.
Peace,
Hatem
Clinical Evaluation Expert for Medical Devices
Follow me for more insights and practical advice.
Frequently Asked Questions
What is a Clinical Evaluation Report (CER)?
A CER is a mandatory document under MDR 2017/745 that demonstrates the safety and performance of a medical device through systematic analysis of clinical data. It must be updated throughout the device lifecycle based on PMCF findings.
How often should the CER be updated?
The CER should be updated whenever significant new clinical data becomes available, after PMCF activities, when there are changes to the device or intended purpose, and at minimum during annual reviews as part of post-market surveillance.
What causes CER rejection by Notified Bodies?
Common reasons include inadequate equivalence demonstration, insufficient clinical data for claims, poorly structured SOTA analysis, missing gap analysis, and lack of clear benefit-risk determination. Structure and logical flow are as important as the data itself.
Which MDCG guidance documents are most relevant for clinical evaluation?
Key documents include MDCG 2020-5 (Equivalence), MDCG 2020-6 (Sufficient Clinical Evidence), MDCG 2020-13 (CEAR Template), MDCG 2020-7 (PMCF Plan), and MDCG 2020-8 (PMCF Evaluation Report). MDR Article 89, MDCG 2020-10-1
Need Expert Help with Your Clinical Evaluation?
Get personalized guidance on MDR compliance, CER writing, and Notified Body preparation.
✌
Peace, Hatem
Your Clinical Evaluation Partner
Follow me for more insights and practical advice.
– Regulation (EU) 2017/745 (MDR), Article 89
– MDCG 2020-10-1: Guidance on Field Safety Corrective Actions (FSCAs) issued by manufacturers
Deepen Your Knowledge
Read Complete Guide to Clinical Evaluation under EU MDR for a comprehensive overview of clinical evaluation under EU MDR 2017/745.
