Manufacturer Reporting: What Every Company Must Know About Safety Obligations

When a product fails, people get hurt. That’s not just a tragedy-it’s a legal event. And for manufacturers, that event triggers a chain of mandatory actions you can’t afford to ignore. Whether you make heart monitors, children’s toys, or car tires, federal law requires you to report safety problems. Not when it’s convenient. Not when you have time. But on time.

What Exactly Do You Have to Report?

It’s not enough to wait for someone to sue you or for a product recall to make headlines. The government has systems in place to catch problems before they spiral. Three major agencies oversee reporting, each with its own rules:

• FDA (Food and Drug Administration) - Covers medical devices like pacemakers, insulin pumps, surgical tools, and diagnostic equipment.
• CPSC (Consumer Product Safety Commission) - Covers everything else: baby strollers, blenders, electronics, furniture, and toys.
• NHTSA (National Highway Traffic Safety Administration) - Focuses on vehicles, tires, car seats, and auto parts.

For medical devices, the FDA’s Medical Device Reporting (MDR) system requires manufacturers to report any event that may have caused or contributed to a death, serious injury, or malfunction that could cause harm if it happened again. That’s not just a guess-it’s a legal obligation. You have 30 calendar days to file a report. But if the issue requires immediate action to prevent harm-like a faulty battery that could overheat-you have just 5 working days.

For consumer products, the CPSC is even stricter. You must report within 24 hours of learning that your product could create a substantial risk of injury or death-even if no one has been hurt yet. No waiting for complaints. No internal reviews. If your smart toaster has a 1 in 10,000 chance of catching fire, and you find out, you have one day to tell the CPSC.

NHTSA doesn’t require instant reports. Instead, tire and auto part makers must submit quarterly data on crashes, injuries, and property damage. But if you hit certain thresholds-like 5 deaths or 10 injuries linked to one tire model-you’re legally required to trigger a deeper investigation and report.

Why This Isn’t Just Red Tape

Some companies treat reporting as a cost center. A box to check. But it’s not. It’s a lifeline.

In 2023, the FDA received over 1.2 million medical device reports. That’s not noise-it’s early warning data. One report might be about a single patient. But if 20 other companies report the same malfunction, the FDA can spot a pattern before dozens more people are injured. That’s how recalls happen. That’s how lives are saved.

Take the case of a faulty glucose monitor in 2022. Three hospitals reported inconsistent readings. One company filed its report on day 28. Another waited 45 days. The first company avoided penalties. The second? They got a warning letter, a public notice, and a 17% drop in sales. The FDA doesn’t punish you for a problem. They punish you for hiding it.

CPSC data shows that 37% of initial reports are incomplete. Why? Because companies wait too long to investigate. The 24-hour clock starts the moment someone in your company-anyone-learns about a potential defect. A customer service rep gets an email. A warehouse worker sees a broken part. That’s your trigger. Not when HR approves a report. Not when legal signs off. Right then.

How Much Does It Cost to Comply?

It’s expensive. But it’s cheaper than a recall.

A 2023 survey of 247 medical device companies found that 68% spent over $50,000 a year just on reporting. Small businesses under 50 employees spent nearly 19% of their entire quality department budget on compliance. That’s not a line item. That’s a full-time job.

Most companies need:

• A dedicated quality management system (QMS) - $185,000 to $750,000+
• Staff trained to interpret reporting rules - 40 to 80 hours of training per person
• IT systems that connect complaint logs to FDA’s Electronic Submission Gateway
• Legal and compliance oversight to avoid missteps

And the clock doesn’t stop. You must keep records for at least two years after the last device was shipped. That’s not filing. That’s archiving. That’s auditing. That’s a paper trail that can be subpoenaed.

One MedTech manager in Seattle told me her team spends 1,200 hours a year on MDR alone. That’s three full-time employees. And they’re not alone. The FDA’s own data shows that 23% of required reports are filed more than 90 days late. That’s not negligence-it’s systemic confusion.

The Hidden Trap: "When Did You Become Aware?"

This is the question that breaks companies.

The FDA doesn’t ask when you filed. They ask: When did you become aware?

That means: the moment any employee who could reasonably pass the info along to someone in compliance heard about it. A tech support agent. A field engineer. A sales rep. Even a Reddit comment about your product failing. If someone in your company knew, and you didn’t report, you’re in violation.

One company got an FDA 483 inspection notice because a customer emailed a complaint to a sales rep who forwarded it to a manager who then... forgot. The manager didn’t think it was serious. The FDA didn’t care. That email was the trigger. The company had 30 days from that moment. They missed it by 12 days. Fine: $125,000.

CPSC is even more aggressive. In 2023, 54% of consumer product companies received warning letters for late reporting. That’s more than double the rate for medical device companies. Why? Because CPSC’s 24-hour window leaves no room for error. If your system can’t auto-flag incoming complaints, you’re playing Russian roulette with your compliance status.

What’s Changing in 2025 and Beyond?

The rules are tightening, not loosening.

In August 2024, the FDA expanded its Voluntary Malfunction Summary Reporting program. Now, instead of filing 50 individual reports for the same glitch in a ventilator, you can submit one summary report. This cut reporting time for Medtronic by 63%. But it’s still voluntary. And only for certain device types.

Meanwhile, the FDA is pushing for mandatory electronic reporting standards and shorter timelines for high-risk devices. A bill introduced in 2023 would cut the MDR window from 30 to 15 days for implantable devices. It’s likely to pass.

CPSC is spending $25 million in 2025 to modernize its system. Their goal? Reduce report review time from 17 days to 10. That means faster investigations. Faster penalties. Faster public alerts.

And AI is coming. Philips Healthcare already uses machine learning to scan complaints and auto-flag reportable events. Their reporting time dropped from 8.2 hours per case to 3.5. That’s not a luxury-it’s becoming the standard.

What Should You Do Right Now?

If you’re a manufacturer and you haven’t reviewed your reporting process in the last year, you’re at risk.

Here’s what to do:

1. Map your reporting triggers. Who in your company hears about product problems? Sales? Support? Quality? Field reps? List them all. Then train them.
2. Set up automated alerts. If an email or ticket mentions "malfunction," "injury," or "safety," it should trigger a notification to your compliance team-no exceptions.
3. Test your reporting system. Run a mock scenario. Pretend you just learned about a defect. Can you file the report in under 24 hours (for CPSC) or 30 days (for FDA)? If not, fix it.
4. Know your thresholds. For NHTSA, know the death/injury numbers for your product type. For FDA, know which malfunctions are reportable. Don’t guess. Check the regulations.
5. Invest in training. The FDA says staff need 40-80 hours of training. Don’t send someone to a 2-hour webinar. Get them certified.

There’s no shortcut. There’s no workaround. If you make a product that people use, you have a duty to report when it fails. Not because it’s nice. Not because it’s ethical. Because the law demands it. And the cost of ignoring it? Far worse than the cost of compliance.