When a medical device fails, a toy breaks, or a car part wears out dangerously, who makes sure the public finds out? In the U.S., itâs not just the companyâs responsibility to fix the problem-itâs the law. Manufacturers must report safety issues to federal agencies. This isnât optional. Itâs a legal requirement built into decades of consumer protection laws. If you make a product that can hurt someone, you have to tell the government-fast. And the rules are different depending on what you make.
What Exactly Do Manufacturers Have to Report?
The core idea is simple: report anything that could cause death, serious injury, or a malfunction that might lead to harm if it happened again. But the details? Theyâre complex. Three major agencies handle this, each with their own rules.The FDA oversees medical devices. Under 21 CFR Part 803, manufacturers must report any device-related death or serious injury within 30 days. If a device malfunctions in a way that could cause harm if it happened again, thatâs reportable too. For emergencies-like a device that needs immediate repair to prevent injury-the clock starts ticking in just five working days. The FDA gets over 1.2 million of these reports every year.
The CPSC handles everything else: toasters, cribs, electronics, lawn mowers. Their rule is stricter on timing. If a company learns that a product has a defect that could create a substantial risk of injury or death, they have just 24 hours to report it. And hereâs the kicker: no one even has to get hurt yet. If you know a product could be dangerous, you report it. The CPSC received over 14,000 such reports in 2023, mostly from electronics and childrenâs products.
The NHTSA deals with vehicles and auto parts. Tire makers, for example, must report if they get word of five or more deaths, ten or more injuries, or ten or more property damage claims tied to a single tire model. Itâs not about one bad tire-itâs about patterns.
Why the Different Rules?
You might wonder: why does the FDA give you 30 days, but CPSC gives you 24 hours? Itâs about risk level. Medical devices are often used in hospitals, on vulnerable patients, and can directly affect life-or-death outcomes. A pacemaker malfunction is a bigger deal than a blender overheating. But CPSCâs 24-hour rule reflects how quickly consumer products can spread through homes and how many people might be exposed.Thereâs also a difference in what counts as âreportable.â The FDA requires manufacturers to investigate every event thoroughly. You canât just file a report and walk away. You need to document your findings, analyze root causes, and keep records for at least two years after the device is last sold. CPSC doesnât require that level of internal investigation-just the initial report. But they follow up hard. In 2023, 54% of home appliance manufacturers got warning letters from CPSC for late or incomplete reports.
How Much Does It Cost to Comply?
Compliance isnât free. Small medical device companies (fewer than 50 employees) spend an average of $50,000 a year just on reporting. Some spend as much as 18.7% of their entire quality department budget on it. For larger firms, the cost can hit $750,000 or more for a full quality management system (QMS) that tracks complaints, investigations, and submissions.Time is another hidden cost. One MedTech manager estimated her company spends 1,200 hours a year on MDR paperwork. Thatâs over 30 full workweeks. And itâs not just about filling out forms. You need trained staff who understand what counts as âbecoming aware.â The FDA says if any employee-even someone in customer service-learns about a problem, that counts as the company being aware. Thatâs a big shift from how most companies operate.
IT systems matter too. All reports must be submitted electronically through the FDAâs Electronic Submission Gateway. Setting that up takes about 2.5 full-time IT staff equivalents, according to a 2023 RAPS study. And if your system doesnât meet the FDAâs E3 standards? Your report gets rejected.
Whatâs Changing in 2024 and Beyond?
The rules arenât static. In August 2024, the FDA expanded its Voluntary Malfunction Summary Reporting program. Now, companies can group similar device malfunctions into one summary report instead of filing dozens of individual ones. Medtronic reported a 63% drop in individual reports after switching-freeing up staff to focus on real safety analysis, not paperwork.The FDA is also pushing for faster reporting on high-risk devices. A bill called the Medical Device Safety Act of 2023 is moving through Congress. If passed, it would cut the reporting window from 30 days to 15 days for certain life-critical devices.
On the CPSC side, theyâre spending $25 million in 2025 to modernize their reporting system. They want to cut the average review time for reports from 17 days to 10 by 2026. And theyâre encouraging companies to use AI tools to flag potential problems before they become reports.
Some companies are already ahead of the curve. Philips Healthcare is using machine learning to scan patient feedback and service logs. Their system now cuts MDR preparation time from over eight hours to just 3.5 hours per report. Thatâs not just efficiency-itâs better safety.
Common Mistakes Manufacturers Make
Even experienced teams mess up. Here are the top three errors:- Waiting too long to decide if somethingâs reportable. If youâre unsure, report it. The agencies would rather have a false positive than miss a real danger.
- Assuming one report covers everything. A single product failure might trigger reports to both FDA and CPSC if itâs a hybrid device (like a smart insulin pump). Know your jurisdiction.
- Ignoring internal complaints. A nurseâs email saying âthis monitor keeps shutting offâ counts. Donât wait for a lawsuit or death to trigger action.
And donât underestimate the power of inconsistent interpretations. One FDA inspector might say a glitch is reportable. Another might say itâs not. Thatâs why companies are investing in internal training-40 to 80 hours per staff member-to align everyone on what counts.
What Happens If You Donât Report?
Fines can hit $252,756 per violation. But the real cost is reputation. The FDA and CPSC donât just slap fines-they issue public warning letters. In 2023, the CPSC published 89 warning letters online. If your company name shows up there, retailers pull your products. Insurance rates spike. Customers lose trust.Thereâs also the risk of mandatory recalls. If the agency finds out you knew about a defect and didnât report it, they can force a recall-and make you pay for it. Thatâs far more expensive than filing a report upfront.
How to Get Started
If youâre a manufacturer, hereâs your first step: map your product to the right agency. Is it a medical device? Go to FDA. Is it a household item? CPSC. Is it a car part? NHTSA.Then, build a process:
- Train every employee-sales, service, support-on what counts as reportable information.
- Create a written procedure for handling complaints and evaluating risk.
- Set up an electronic reporting system that meets the agencyâs technical standards.
- Assign a compliance officer to review reports before submission.
- Keep records for at least two years after the last product sale.
Use tools like the FDAâs Voluntary Summary Reporting if you qualify. It saves time and reduces noise. And donât wait for a crisis to start. The best companies treat safety reporting like quality control-not a burden, but a shield.
Do I have to report if no one got hurt?
Yes. Under CPSC rules, you must report if you know a product has a defect that could create a substantial risk of injury-even if no one has been hurt yet. The FDA also requires reporting of malfunctions that could cause harm if they happened again. The goal is prevention, not reaction.
How long do I have to keep safety reports?
For medical devices under FDA rules, you must keep all MDR records for at least two years after the deviceâs last distribution date or its manufacture date-whichever is later. CPSC doesnât specify a retention period, but itâs wise to keep records for at least five years to protect against legal claims.
Can I use software to help with reporting?
Yes. Many companies use quality management systems (QMS) with built-in reporting modules. Some newer tools use AI to scan customer feedback, service logs, and warranty claims to flag potential issues. Philips Healthcare reduced report preparation time by over 50% using AI. These tools donât replace human judgment, but they make compliance faster and more accurate.
What if my product is sold internationally?
U.S. reporting rules still apply if your product is sold in the U.S., even if itâs made overseas. You must report to FDA, CPSC, or NHTSA based on the product type. Other countries have their own rules-like the EUâs Medical Device Regulation (MDR) or Australiaâs Therapeutic Goods Administration-but U.S. obligations are separate and mandatory.
Are small businesses treated differently?
No. The law applies equally to all manufacturers, regardless of size. But the FDA and CPSC offer guidance resources and sometimes extended timelines for first-time filers. Still, small companies often struggle with costs and staffing. About 68% of small medical device firms spend over $50,000 annually on compliance-nearly 20% of their quality budget.
Nick Cole
January 16, 2026 AT 13:04