Manufacturer Reporting: Understanding Generic Safety Obligations for Companies

When a medical device fails, a children’s toy breaks, or a car’s airbag doesn’t deploy, someone has to tell the government. That someone is the manufacturer. Across the U.S., companies are legally required to report safety problems with their products-not when something goes wrong, but as soon as they become aware of a potential risk. These aren’t suggestions. They’re federal obligations with real penalties.

What Exactly Are Manufacturer Safety Reporting Obligations?

Manufacturer safety reporting means companies must notify federal agencies when their products may be causing harm. These rules exist because waiting for a flood of injuries before acting is too late. The goal is to catch problems early-before more people get hurt.

Three major agencies handle these reports, each with its own rules:

• FDA oversees medical devices, over-the-counter drugs, and some food products.
• CPSC handles everything else you buy at a store-toys, appliances, tools, electronics.
• NHTSA regulates cars, tires, and vehicle parts.

The core idea is the same: if your product could cause death, serious injury, or a malfunction that might lead to harm, you must report it. But how you report it, and how fast, depends on the agency and the product.

FDA’s Medical Device Reporting (MDR): The Most Detailed System

If you make a pacemaker, an insulin pump, or even a simple blood pressure cuff, you’re under FDA’s MDR rules (21 CFR Part 803). Here’s what you need to know:

• You must report deaths or serious injuries linked to your device within 30 days.
• If a malfunction could cause death or injury if it happened again, you still have to report it-even if no one got hurt.
• If you need to fix the problem quickly to prevent harm, you have just 5 working days to file.

You can’t just email a note. Reports must go through the FDA’s Electronic Submission Gateway. You’ll use Form FDA 3500A or its digital equivalent. And you can’t just file and forget. The FDA requires you to keep detailed records of every event for at least two years after the device is last sold.

Worse, you’re expected to investigate every report. That means tracing the issue back to its source-was it a bad batch? A design flaw? User error? This isn’t optional. Failure to investigate can trigger FDA inspections, warning letters, or fines up to $252,756 per violation.

CPSC’s 24-Hour Rule: Faster, But Messier

If you sell a space heater, a high chair, or a Bluetooth speaker, you answer to the CPSC under Section 15(b) of the Consumer Product Safety Act. The rules here are simpler in theory but harder in practice.

You must report within 24 hours of obtaining “reportable information.” That means:

• You know your product has a defect that could cause serious injury or death.
• You know it doesn’t meet a safety standard.
• You know it’s created a substantial risk-even if no one has been hurt yet.

There’s no waiting for confirmed injuries. If a customer emails you saying your blender’s blade flew off and nearly hit their child, you’ve got one day to file. And you can’t delay because you’re still investigating. You report first, investigate later.

This creates a huge burden. Many companies don’t have systems ready to catch these reports in real time. A 2023 CPSC report found that 37% of initial reports were incomplete and needed follow-up. Companies are hiring extra staff just to keep up. In 2023, CPSC issued warning letters to 54% of appliance manufacturers for late reporting-more than double the rate for FDA violations.

NHTSA’s Early Warning Reporting: Data-Driven and Quarterly

For car parts and tires, the rules are different. NHTSA doesn’t require you to report every single incident. Instead, you submit data quarterly.

You track:

• Number of crashes involving your product
• Number of injuries
• Number of property damage claims

If you hit certain thresholds-like 5 deaths or 10 injuries tied to a single tire model-you must file a detailed report. This system is built for patterns, not single events. It’s less about panic and more about spotting trends before they become crises.

How Much Does This Cost Companies?

Compliance isn’t free. For small medical device makers (under 50 employees), the average annual cost is over $50,000. That includes software, staff time, training, and legal review. One company reported spending 1,200 hours a year just on FDA reporting.

Larger companies spend hundreds of thousands. A full quality management system (QMS) that handles reporting can cost $185,000 for a small business and over $750,000 for a big one. IT teams need to integrate systems with the FDA’s gateway. Staff need 40 to 80 hours of training just to understand what counts as a reportable event.

And it’s getting harder. The FDA received 1.2 million medical device reports in 2023-up 37% since 2018. CPSC reports rose 22% in the same period. More products, more data, more pressure.

Where Companies Struggle the Most

The biggest complaints from manufacturers aren’t about the rules-they’re about the gray areas.

• When do you “become aware”? If a nurse emails your customer service rep about a device failure, is that reportable? What if it’s a technician in your warehouse? FDA says: if any employee who might pass the info to compliance hears it, you’re on the clock.
• What’s a “malfunction”? One FDA district says a slightly loose screw is reportable. Another says it’s not. Companies get conflicting advice from inspectors.
• How much detail do you need? CPSC wants a quick 24-hour notice. But if you report too early, you risk a false alarm. Too late, and you’re fined.

Reddit threads and industry forums are full of stories like this: “We had three FDA inspectors give us three different answers on the same malfunction.”

What’s Changing in 2025 and Beyond

The system is evolving. The FDA now lets companies submit summary reports for certain types of malfunctions instead of filing each one individually. Medtronic reported a 63% drop in individual reports after joining this program.

The FDA is also rolling out new Unique Device Identification (UDI) rules by 2026. Each device will have a barcode that tracks it from factory to patient. That’ll make it easier to trace problems and reduce false reports.

Congress is pushing for faster timelines. The Medical Device Safety Act of 2023 proposes cutting the FDA reporting window from 30 days to 15 for high-risk devices. CPSC is spending $25 million to speed up its review process, aiming to cut response time from 17 days to 10 by 2026.

And AI is starting to help. Philips Healthcare now uses machine learning to scan customer complaints and flag potential safety issues. Their MDR prep time dropped from over 8 hours to under 4 per report.

What You Should Do Right Now

If your company makes a product that’s sold in the U.S., here’s your checklist:

1. Identify which agency regulates your product (FDA, CPSC, or NHTSA).
2. Write down your internal process for receiving complaints-customer service, tech support, warranty claims.
3. Train every employee on what counts as “reportable information.”
4. Set up a system to log and track all safety-related feedback.
5. Know your deadlines: 30 days for FDA, 24 hours for CPSC, quarterly for NHTSA.
6. Review your compliance budget. Are you spending enough on software, staff, and training?

Don’t wait for a warning letter. The agencies aren’t looking to punish you-they’re looking to prevent harm. But they will punish you if you ignore the rules.