21 CFR Part 803 – Medical Device Reporting (MDR)

This topic is part of the SG Systems Global regulatory glossary series.

Updated October 2025 • FDA / QSR • Postmarket Surveillance

21 CFR Part 803 sets forth the Medical Device Reporting (MDR) requirements for manufacturers, importers, and device user facilities. It mandates the reporting of deaths, serious injuries, and malfunctions to the U.S. FDA to identify and mitigate public health risks associated with medical devices.

“MDR is the FDA’s early-warning system for device safety — designed to detect product failures, misuse, or design flaws before they become systemic.”

1) What It Is

Part 803 implements Section 519 of the Federal Food, Drug, and Cosmetic Act (FD&C Act), establishing timelines, formats, and responsibilities for mandatory adverse event reporting. Reports feed into the FDA’s public MAUDE database for postmarket surveillance and trend analysis.

Scope & application. Applies to all medical device firms selling in the U.S. market — including manufacturers, contract assemblers, reprocessors, importers, and hospitals (user facilities).

Selected requirements under Part 803:

• 803.10–20 Reporting obligations. Defines which entities must report and what constitutes a reportable event.
• 803.50 Manufacturer reports. Must submit to FDA within 30 days of learning of an event; 5-day reports required for urgent safety issues.
• 803.56–58 Follow-up reports. Procedures for additional information and corrections to initial submissions.
• 803.18 Recordkeeping. Maintain complaint files, investigations, and correspondence for at least 2 years or the device’s expected life.
• Electronic submission. All MDRs are submitted via FDA’s Electronic Submissions Gateway (ESG).

Relation to other rules. MDR ties directly to Part 820 (QSR), Part 806 (Corrections & Removals), and Part 11 (Electronic Records).

2) FAQ

Q1. Who must file MDRs?
Device manufacturers, importers, and user facilities must report adverse events — each with specific timelines and responsibilities.

Q2. What qualifies as a reportable event?
Any incident where a device may have caused or contributed to a death, serious injury, or malfunction likely to recur.

Q3. How quickly must reports be submitted?
Within 30 days for standard reports, and within 5 days for events requiring remedial action to prevent public harm.

Q4. What data are included in an MDR?
Device identification, event description, investigation summary, corrective actions, and contact details for responsible personnel.

Q5. How are MDRs related to CAPA?
Each MDR typically triggers a CAPA or complaint investigation under Part 820 to prevent recurrence.

Q6. Where can I find MDR data?
MDRs are public in FDA’s MAUDE Database.

3) How It Relates to V5

V5 by SG Systems Global helps device manufacturers comply with MDR by managing complaint intake, CAPA investigation, and traceability within its integrated Quality Management System (QMS).

• Complaint handling. Capture and categorize device complaints that may require MDR submission under Part 820.
• CAPA integration. Automatically link MDR-related investigations to corrective actions with full audit trail.
• Electronic signatures & validation. Compliant with Part 11 for submission approvals and traceability.
• Device history correlation. Link adverse events to serial numbers, batches, or eDHRs for rapid root cause analysis.
• Regulatory reporting workflow. Generate draft MDR forms, assign reviewers, and store supporting evidence within the QMS.

End-to-end example. A device complaint is logged in V5; QA determines it qualifies as an MDR; the system captures investigation notes, CAPA linkage, and sign-offs. The MDR summary and evidence are exported for submission via the FDA ESG.

Primary References:
• FDA eCFR: 21 CFR Part 803
• Quality System Regulation: 21 CFR Part 820
• Corrections & Removals: 21 CFR Part 806
• Electronic Records: 21 CFR Part 11