Manufacturer Reporting: Understanding Generic Company Safety Obligations

When a medical device fails, a toy breaks, or a car part wears out dangerously, who makes sure the public finds out? In the U.S., it’s not just the company’s responsibility to fix the problem-it’s the law. Manufacturers must report safety issues to federal agencies. This isn’t optional. It’s a legal requirement built into decades of consumer protection laws. If you make a product that can hurt someone, you have to tell the government-fast. And the rules are different depending on what you make.

What Exactly Do Manufacturers Have to Report?

The core idea is simple: report anything that could cause death, serious injury, or a malfunction that might lead to harm if it happened again. But the details? They’re complex. Three major agencies handle this, each with their own rules.

The FDA oversees medical devices. Under 21 CFR Part 803, manufacturers must report any device-related death or serious injury within 30 days. If a device malfunctions in a way that could cause harm if it happened again, that’s reportable too. For emergencies-like a device that needs immediate repair to prevent injury-the clock starts ticking in just five working days. The FDA gets over 1.2 million of these reports every year.

The CPSC handles everything else: toasters, cribs, electronics, lawn mowers. Their rule is stricter on timing. If a company learns that a product has a defect that could create a substantial risk of injury or death, they have just 24 hours to report it. And here’s the kicker: no one even has to get hurt yet. If you know a product could be dangerous, you report it. The CPSC received over 14,000 such reports in 2023, mostly from electronics and children’s products.

The NHTSA deals with vehicles and auto parts. Tire makers, for example, must report if they get word of five or more deaths, ten or more injuries, or ten or more property damage claims tied to a single tire model. It’s not about one bad tire-it’s about patterns.

Why the Different Rules?

You might wonder: why does the FDA give you 30 days, but CPSC gives you 24 hours? It’s about risk level. Medical devices are often used in hospitals, on vulnerable patients, and can directly affect life-or-death outcomes. A pacemaker malfunction is a bigger deal than a blender overheating. But CPSC’s 24-hour rule reflects how quickly consumer products can spread through homes and how many people might be exposed.

There’s also a difference in what counts as “reportable.” The FDA requires manufacturers to investigate every event thoroughly. You can’t just file a report and walk away. You need to document your findings, analyze root causes, and keep records for at least two years after the device is last sold. CPSC doesn’t require that level of internal investigation-just the initial report. But they follow up hard. In 2023, 54% of home appliance manufacturers got warning letters from CPSC for late or incomplete reports.

How Much Does It Cost to Comply?

Compliance isn’t free. Small medical device companies (fewer than 50 employees) spend an average of $50,000 a year just on reporting. Some spend as much as 18.7% of their entire quality department budget on it. For larger firms, the cost can hit $750,000 or more for a full quality management system (QMS) that tracks complaints, investigations, and submissions.

Time is another hidden cost. One MedTech manager estimated her company spends 1,200 hours a year on MDR paperwork. That’s over 30 full workweeks. And it’s not just about filling out forms. You need trained staff who understand what counts as “becoming aware.” The FDA says if any employee-even someone in customer service-learns about a problem, that counts as the company being aware. That’s a big shift from how most companies operate.

IT systems matter too. All reports must be submitted electronically through the FDA’s Electronic Submission Gateway. Setting that up takes about 2.5 full-time IT staff equivalents, according to a 2023 RAPS study. And if your system doesn’t meet the FDA’s E3 standards? Your report gets rejected.

What’s Changing in 2024 and Beyond?

The rules aren’t static. In August 2024, the FDA expanded its Voluntary Malfunction Summary Reporting program. Now, companies can group similar device malfunctions into one summary report instead of filing dozens of individual ones. Medtronic reported a 63% drop in individual reports after switching-freeing up staff to focus on real safety analysis, not paperwork.

The FDA is also pushing for faster reporting on high-risk devices. A bill called the Medical Device Safety Act of 2023 is moving through Congress. If passed, it would cut the reporting window from 30 days to 15 days for certain life-critical devices.

On the CPSC side, they’re spending $25 million in 2025 to modernize their reporting system. They want to cut the average review time for reports from 17 days to 10 by 2026. And they’re encouraging companies to use AI tools to flag potential problems before they become reports.

Some companies are already ahead of the curve. Philips Healthcare is using machine learning to scan patient feedback and service logs. Their system now cuts MDR preparation time from over eight hours to just 3.5 hours per report. That’s not just efficiency-it’s better safety.

Common Mistakes Manufacturers Make

Even experienced teams mess up. Here are the top three errors:

• Waiting too long to decide if something’s reportable. If you’re unsure, report it. The agencies would rather have a false positive than miss a real danger.
• Assuming one report covers everything. A single product failure might trigger reports to both FDA and CPSC if it’s a hybrid device (like a smart insulin pump). Know your jurisdiction.
• Ignoring internal complaints. A nurse’s email saying “this monitor keeps shutting off” counts. Don’t wait for a lawsuit or death to trigger action.

And don’t underestimate the power of inconsistent interpretations. One FDA inspector might say a glitch is reportable. Another might say it’s not. That’s why companies are investing in internal training-40 to 80 hours per staff member-to align everyone on what counts.

What Happens If You Don’t Report?

Fines can hit $252,756 per violation. But the real cost is reputation. The FDA and CPSC don’t just slap fines-they issue public warning letters. In 2023, the CPSC published 89 warning letters online. If your company name shows up there, retailers pull your products. Insurance rates spike. Customers lose trust.

There’s also the risk of mandatory recalls. If the agency finds out you knew about a defect and didn’t report it, they can force a recall-and make you pay for it. That’s far more expensive than filing a report upfront.

How to Get Started

If you’re a manufacturer, here’s your first step: map your product to the right agency. Is it a medical device? Go to FDA. Is it a household item? CPSC. Is it a car part? NHTSA.

Then, build a process:

1. Train every employee-sales, service, support-on what counts as reportable information.
2. Create a written procedure for handling complaints and evaluating risk.
3. Set up an electronic reporting system that meets the agency’s technical standards.
4. Assign a compliance officer to review reports before submission.
5. Keep records for at least two years after the last product sale.

Use tools like the FDA’s Voluntary Summary Reporting if you qualify. It saves time and reduces noise. And don’t wait for a crisis to start. The best companies treat safety reporting like quality control-not a burden, but a shield.