Artifact GuideEU

EU MDR penalties and enforcement risk

The MDR does not publish one EU-wide fine table. Article 113 requires each Member State to set penalties for MDR infringements and to implement them.

Use this page to separate national fine exposure from EU-level enforcement consequences such as inspections, corrective action, market restriction, withdrawal, recall, and certificate action.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

EU MDR penalty work starts with Article 113, but enforcement risk is broader than fines. Member States set the penalty rules, while the MDR itself gives competent authorities and notified bodies routes to request records, inspect operators, require corrective action, restrict devices, withdraw or recall products, and suspend, withdraw, or restrict certificates where requirements are no longer met.

Section 1

Penalty exposure starts with Member State rules

Article 113 is the MDR penalty provision: Member States must lay down penalty rules for infringements of the MDR, take the measures needed to implement them, and make the penalties effective, proportionate, and dissuasive. That is why a useful penalty assessment should not invent an EU-wide maximum fine.

For a device-specific issue, the first evidence item is a national-law mapping: the Member State, competent authority, economic operator role, alleged MDR infringement, local penalty provision, and status of any authority contact. If the national law is not already grounded, leave the amount blank rather than guessing.

  • Record the Member State where the device was placed on the market, made available, put into service, investigated, or affected by the incident.
  • Name the operator role separately: manufacturer, authorised representative, importer, distributor, system or procedure pack producer, sponsor, or notified-body relationship.
  • Tie each penalty line to a specific MDR duty, such as technical documentation, QMS, clinical evaluation, PMS, vigilance reporting, UDI or registration, labelling, conformity assessment, or cooperation with competent authorities.
  • Keep monetary fine amounts out of the artifact unless they come from a grounded national source.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Article 113 is the MDR basis for Member State penalty rules and does not provide a harmonised EU fine table.
Section 2

EU-level obligations that can trigger enforcement

Penalty exposure normally follows a concrete MDR failure. The most enforcement-relevant records are the ones competent authorities can request or inspect: technical documentation, EU declaration of conformity, certificates, QMS procedures, risk management, clinical evaluation, PMS records, vigilance reports, field safety corrective actions, and cooperation evidence.

Manufacturers must keep technical documentation, the EU declaration of conformity, and relevant certificates available for competent authorities for at least 10 years after the last device covered by the declaration is placed on the market, or at least 15 years for implantable devices. A missing, incomplete, or incorrect response to an authority request can itself escalate risk because Article 10 allows authorities to restrict, withdraw, or recall a device until cooperation or complete and correct information is provided.

  • For manufacturers, preserve the Article 10 file: technical documentation, declaration of conformity, certificates and amendments, QMS procedures, risk management, PMS, vigilance, CAPA, and authority-response logs.
  • For importers, preserve checks that the device was CE marked, documentation existed, registration obligations were addressed, complaint/non-conforming-device registers were maintained, and manufacturer or authority escalation happened where required.
  • For distributors, preserve pre-market checks, complaint forwarding, storage and transport controls, and withdrawal or recall cooperation evidence.
  • For serious-risk scenarios, capture who informed competent authorities and, where applicable, the notified body that issued the certificate.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Article 10 grounds manufacturer documentation retention, authority cooperation, corrective action, withdrawal, recall, and authority restrictions for non-cooperation or incomplete information.
Recommended next step

Build an MDR enforcement evidence file

Turn Article 113 penalty mapping, competent-authority measures, notified-body certificate status, recalls, withdrawals, and corrective actions into one authority-ready evidence record.

Research workflow
Open Research Copilot

Answer MDR scope, enforcement, and evidence questions with cited outputs.

Explore next step
Talk to Sorena
Talk through MDR enforcement risk

Review penalty mapping, corrective-action evidence, certificate status, recall exposure, and next actions.

Explore next step
Section 3

Market restriction, withdrawal, recall, and corrective action

The MDR enforcement path depends on the risk and the type of non-compliance. Under Article 94, competent authorities evaluate devices suspected of presenting an unacceptable risk or otherwise failing MDR requirements. If Article 95 applies, authorities can require corrective action proportionate to the risk, including market restrictions, specific requirements, withdrawal, or recall.

Article 97 covers other non-compliance where the device does not present an unacceptable health or safety risk. The operator still must end the non-compliance within a defined and communicated period; if it does not, the Member State can restrict or prohibit availability, or ensure recall or withdrawal. Article 98 separately supports preventive health protection measures where a potential risk justifies prohibition, restriction, special requirements, withdrawal, or recall.

  • Classify the enforcement route: Article 95 unacceptable risk, Article 97 other non-compliance, or Article 98 preventive health protection.
  • Track the action required: bring into compliance, restrict availability, add specific requirements, withdraw, recall, confiscate, destroy, or render inoperable.
  • Keep the authority notice, inspection report, operator submissions, corrective-action plan, device traceability data, customer or user communications, and field safety notice history together.
  • When the device has an Article 56 certificate, include the notified body and the certificate identifier in the enforcement file.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Articles 94 to 100 ground competent-authority evaluation, corrective action, market restrictions, withdrawal, recall, procedural safeguards, and notification through the market surveillance electronic system.
Section 4

Notified body and certificate consequences

For devices requiring notified-body involvement, fines are not the only material consequence. Article 56 says certificates may be valid for a stated period not exceeding five years, but if the notified body finds MDR requirements are no longer met, it must, proportionately, suspend or withdraw the certificate or impose restrictions unless timely corrective action restores compliance.

Certificate evidence should identify the manufacturer, device or device group, risk classification, intended purpose where required, Basic UDI-DI where applicable, conformity assessment annex, tests and examinations, surveillance conditions, validity limits, and any supplement, restriction, suspension, reinstatement, withdrawal, refusal, or reissue history.

  • Check whether the device is covered by the certificate scope; Annex XII requires certificates to unambiguously identify covered devices.
  • Keep notified-body nonconformity findings, deadlines, corrective-action submissions, decisions, reasons, and certificate status changes.
  • Do not treat voluntary or unregulated certificates as a substitute for MDR conformity assessment by a properly designated notified body.
  • Use Commission/NANDO notified-body listings to verify designation and scope when the certificate or body status matters to enforcement risk.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Article 56 and Annex XII ground certificate validity, notified-body restrictions, suspension, withdrawal, public certificate status information, and certificate content.
European Commission - Notified bodies for medical devices
Commission source for the notified-body system and the role of Member State designation for medical-device conformity assessment bodies.
Single Market Compliance Space - notified bodies
Commission source for checking notified-body listings and avoiding reliance on unregulated certificates where MDR notified-body status is required.
Section 5

Practical evidence file for penalties and enforcement

A defensible MDR penalties file should let counsel, regulatory, quality, and management reconstruct the enforcement exposure without relying on memory. It should show what MDR obligation was at issue, which Member State penalty rule was checked, which authority or notified body was involved, what the operator did, and whether the device risk was eliminated, mitigated, restricted, withdrawn, recalled, or otherwise closed.

For vigilance-linked matters, keep Article 87 serious-incident and field safety corrective action reports with the Article 89 investigation, risk assessment, field safety corrective action decision, authority communications, and field safety notice. For market-surveillance matters, keep the Article 93 inspection report, Article 94 evaluation basis, and any Article 95 to 98 measures or operator submissions.

  • Create one row per enforcement issue with device identifier, Basic UDI-DI where applicable, certificate number, operator role, Member State, MDR article, national penalty source, authority, notified body, owner, and status.
  • Attach retained documents: technical documentation, declarations, certificates, QMS procedures, risk files, clinical evaluation, PMS/PMCF outputs, complaint files, incident reports, FSCA records, field safety notices, and CAPA effectiveness checks.
  • Record all dates as evidence events, not guessed deadlines: authority request received, response sent, inspection completed, corrective action required, recall or withdrawal started, certificate action taken, and closure accepted.
  • Escalate to national counsel when the fact pattern needs a monetary fine range, criminal-law assessment, reimbursement impact, or country-specific appeal route.
Sources for this answer
Regulation (EU) 2017/745 on medical devices
Articles 87, 89, 93, 99, and 100 ground vigilance reports, serious-incident investigations, inspection reports, operator submissions, and market-surveillance information flows.
Primary sources

References and citations

Regulation (EU) 2017/745 on medical devices
eur-lex.europa.eu
Referenced sections
  • Articles 87, 89, 93, 99, and 100 ground vigilance reports, serious-incident investigations, inspection reports, operator submissions, and market-surveillance information flows.
"the opportunity to make submissions to the competent authority"
Single Market Compliance Space - notified bodies
webgate.ec.europa.eu
Referenced sections
  • Commission source for checking notified-body listings and avoiding reliance on unregulated certificates where MDR notified-body status is required.
"only notified bodies may issue certificates of compliance"
Related guides

Explore more topics

Custom-made medical devices under the EU MDR | EU MDR FAQ
Concise EU MDR FAQ on custom-made device definition, mass-produced exclusions, Annex XIII statements, documentation, conformity assessment, PMS, vigilance, and records to retain.
EU MDR Annex II and III Technical Documentation
Build an MDR technical documentation index for Annex II device files and Annex III post-market surveillance evidence, including GSPR, risk, clinical, PMS, UDI, and EUDAMED records.
EU MDR Annex VIII Classification Guide
Classify EU MDR medical devices under Annex VIII using intended purpose, duration, invasiveness, active device and software rules, and conformity assessment impact.
EU MDR Annex XVI products without a medical purpose
source-linked EU MDR guide for Annex XVI products: listed product groups, common specifications, clinical evidence, notified-body route, UDI, EUDAMED, PMS, and vigilance evidence before launch.
EU MDR Applicability Test
Test whether a product, accessory, software function, or Annex XVI product falls under the EU Medical Device Regulation, and record the evidence for the next classification step.
EU MDR change assessment workflow
Assess EU MDR device, design, software, intended purpose, QMS, clinical, PMS, UDI, classification, and notified-body impacts before releasing a medical device change.
EU MDR Checklist for Medical Device Compliance
Practical EU MDR checklist covering qualification, classification, conformity assessment, technical documentation, GSPR, clinical evidence, UDI, EUDAMED, PMS, vigilance, QMS, and legacy transition evidence.
EU MDR classification workflow
A concrete EU MDR classification workflow for intended purpose, device or accessory qualification, Annex VIII rule selection, Rule 11 software review, class outcome, and notified body impact.
EU MDR Clinical Evaluation Overview
EU MDR clinical evaluation overview covering Article 61, Annex XIV, clinical data sources, equivalence, PMCF, CER evidence, notified body review, GSPR, and benefit-risk support.
EU MDR Clinical Evaluation Report Template
A source-linked EU MDR clinical evaluation report template covering intended purpose, GSPR linkage, clinical data appraisal, equivalence limits, PMCF, conclusions, and reviewer signoff.
EU MDR clinical evidence guide
source-linked EU MDR guide to clinical evaluation, clinical investigations, equivalence, PMCF, GSPR support, technical documentation, and notified-body review.
EU MDR compliance obligations
EU MDR compliance guide for device qualification, classification, conformity assessment, QMS, technical documentation, UDI, EUDAMED, PMS, vigilance, and legacy transition controls.
EU MDR conformity route workflow
source-linked EU MDR workflow for classifying a device, choosing the conformity assessment route, preparing technical and QMS evidence, and reaching certificate, DoC, UDI, EUDAMED, and CE outputs.
EU MDR deadlines and compliance calendar
Grounded EU MDR calendar for application, legacy-device transition, UDI, EUDAMED, and recurring QMS, technical documentation, clinical, PMS, vigilance, certificate, and change reviews.
EU MDR Device Classification Guide
Classify an EU MDR medical device by intended purpose, Annex VIII duration, invasiveness, active-device and software rules, then document the conformity route impact.
EU MDR EUDAMED and UDI registration
source-linked MDR guide to Basic UDI-DI, UDI-DI, EUDAMED device registration, actor roles, labels, technical documentation, and UDI data governance.
EU MDR FAQ: qualification, evidence, UDI, and transition
Concise EU MDR FAQ covering device qualification, software classification, accessories, custom-made devices, clinical evidence, UDI, EUDAMED, notified bodies, significant changes, and legacy transition.
EU MDR Legacy Device Transition
source-linked EU MDR legacy device transition guide covering Regulation (EU) 2023/607 conditions, certificate validity, significant-change limits, surveillance, PMS, vigilance, QMS, and evidence records.
EU MDR notified body route selection
Choose an EU MDR conformity assessment route by device class, Article 52 option, notified body designation scope, QMS readiness, technical documentation, clinical evidence, and certificate evidence.
EU MDR PMS and Vigilance Guide
EU MDR guide to post-market surveillance, PMCF updates, PMS reports, PSURs, serious incident reporting, FSCA/FSN handling, trend reporting, and evidence records.
EU MDR PMS and vigilance records
source-linked EU MDR guide to PMS plans, PMS reports, PSURs, PMCF updates, serious incident and FSCA reporting, trend reporting, and EUDAMED evidence handling.
EU MDR PMS Plan Template for Medical Devices
A source-linked EU MDR post-market surveillance plan template covering device scope, PMS data sources, PMCF linkage, vigilance, trend reporting, PMSR or PSUR outputs, roles, cadence, and evidence records.
EU MDR QMS and technical file evidence map
Map EU MDR Article 10 QMS duties to Annex II and Annex III technical documentation, PMS, vigilance, UDI records, and notified-body review evidence.
EU MDR QMS requirements under Article 10
EU MDR QMS guide for Article 10 manufacturer controls covering regulatory strategy, design, risk, clinical evaluation, PMS, vigilance, UDI, suppliers, CAPA, and conformity records.
EU MDR qualification and borderline products
EU MDR qualification guide for medical purpose claims, accessories, software, Annex XVI products, and borderline routes to classification and conformity assessment.
EU MDR qualification workflow
A concrete EU MDR workflow for deciding whether a product is a medical device, accessory, Annex XVI product, IVD interface, medicinal-product interface, or non-MDR product before classification and conformity assessment.
EU MDR requirements checklist
Concrete EU MDR requirements for medical-device scope, classification, GSPR, conformity assessment, technical documentation, QMS, clinical evidence, UDI, EUDAMED, PMS, vigilance, and economic-operator records.
EU MDR Rule 11 software classification
Classify MDR medical device software under Rule 11 using intended purpose, diagnosis or therapy decision impact, physiological monitoring, conformity route, clinical evidence, and software-change records.
EU MDR significant changes FAQ: legacy-device transition and notified-body review
FAQ on MDR significant changes for legacy devices, including intended-purpose, design, software, material, sterilisation, clinical, QMS, notified-body, and evidence impacts.
EU MDR Transition Timelines: practical guide
EU Medical Device Regulation guide to Transition Timelines with scope decisions, owner actions, evidence records, source-linked citations, and practical next steps.
EU MDR UDI and EUDAMED registration guide
EU MDR guide to Basic UDI-DI, UDI-DI, UDI carriers, EUDAMED actor and device registration, change impacts, and evidence governance.
EU MDR vigilance reporting workflow
Concrete EU MDR vigilance workflow for incident intake, serious incident assessment, FSCA and FSN handling, trend reporting, EUDAMED caveats, CAPA, PMS, clinical evaluation updates, and records.
How should Basic UDI-DI and UDI-DI be assigned under the EU MDR? | EU MDR FAQ
EU MDR FAQ explaining what Basic UDI-DI and UDI-DI identify, how they connect to UDI carriers, EUDAMED records, change triggers, and retained evidence.
MDR vs AI Act for medical-device software
Compare MDR software qualification, classification, clinical evidence, QMS, PMS, UDI, EUDAMED, and notified-body evidence boundaries against cautiously scoped AI Act overlap.
MDR vs GPSR: medical-device boundary checks
Compare MDR medical-device scope with general product-safety fallback questions for borderline, non-medical, and Annex XVI products.
MDR vs IVDR: medical devices and IVDs compared
Compare EU MDR and IVDR scope, classification, conformity routes, technical documentation, clinical or performance evidence, UDI, EUDAMED, PMS, and vigilance.
MDR vs Product Liability Directive evidence comparison
Compare EU MDR market-access evidence with Product Liability Directive exposure without treating compliance records as a liability outcome.
What should an EU MDR PMCF plan and report cover? | EU MDR FAQ
Under the EU MDR, PMCF is part of PMS and clinical evaluation. See what the plan, activities, report, updates, and retained evidence should cover.
What should manufacturers do when an EU MDR classification changes? | EU MDR FAQ
Concise EU MDR FAQ on classification changes, intended purpose, software, notified-body route impact, certificates, technical documentation, and retained evidence.
When can clinical equivalence be used under the EU MDR?
EU MDR FAQ on clinical equivalence, including technical, biological, and clinical characteristics, access to equivalent-device data, class III and implantable-device limits, clinical evaluation, PMCF, and retained evidence.
When do software or products make medical purpose claims under the EU MDR? | EU MDR FAQ
EU MDR FAQ on medical purpose claims, intended purpose evidence, software qualification, Annex XVI contrasts, and records to keep.
When is a PSUR required under the EU MDR and what should it contain? | EU MDR FAQ
EU MDR FAQ on PSUR scope, content, update cadence, PMS and PMCF links, notified-body handling, EUDAMED submission, and evidence to retain.
When is an accessory regulated under the EU MDR? | EU MDR FAQ
EU MDR FAQ on when an article is a medical device accessory, how intended purpose affects classification, and what evidence to keep.
When is software regulated as SaMD under the EU MDR? | EU MDR FAQ
Concise EU MDR FAQ on software qualification, intended medical purpose, Rule 11 classification, modules, clinical evidence, change assessment, UDI, and EUDAMED.
Which devices need an SSCP under the EU MDR and what should it include? | EU MDR FAQ
EU MDR FAQ on when an SSCP is required, who prepares, validates, uploads, and updates it, and what evidence should support the summary.
Which EUDAMED modules matter under the EU MDR? | EU MDR FAQ
EU MDR FAQ mapping EUDAMED modules to actor registration, UDI/device data, certificates, clinical investigations, vigilance/PMS, market surveillance, and practical records.