Life Sciences Horizons Brochure 2025 - Flipbook - Page 21
20
2025 Horizons Life Sciences and Health Care
Software as a medical device (SaMD) regulation: Navigating an evolving landscape
Software as a Medical Device (SaMD) is emerging
as one of the fastest-growing sectors in the medical
device industry. Referring to standalone software that
performs medical functions without being part of
a physical device, SaMD can range from AI-driven
diagnostic tools and clinical decision support systems
to mobile health apps and wearable-integrated
software. However, the very nature of SaMD – its
ability to rapidly evolve through software updates,
machine learning (ML)-based algorithms, and cloudbased functionalities – are not easy to fit within FDA’s
traditional medical device regulatory framework.
FDA’s Center for Devices and Radiological Health oversees the
regulation of SaMD. The agency applies a risk-based approach that
aligns with international standards, particularly those set by the
International Medical Device Regulators Forum, which takes into
account the severity of the condition the software addresses and
its level of involvement in clinical decision-making.
In the past year, FDA has developed more granular guidance
clarifying the requirements for training and clinical validation
of AI-based algorithms to mitigate bias and ensure adequate
explainability, so that users can evaluate whether the software is
appropriate for their patient populations and clinical contexts of
use. FDA has also been focusing increasingly on the need to
demonstrate not only that a device “works,” but that its outputs
are clinically meaningful and can improve patient outcomes.
Unlike traditional medical devices, software can undergo frequent
updates and AI-driven modifications that significantly alter
performance postmarket. FDA has recently focused on how to
ensure that software with an AI/ML component continues to
function as intended post-commercialization, through
appropriate real-world performance monitoring and
communication with users. The agency has also issued updated
guidance on predetermined change control plans (PCCPs),
defining how sponsors can obtain “pre-approval” of narrowly
defined modifications they expect to make to their software-based
devices after obtaining FDA authorization. Highlighting how
regulation lags behind innovation, the agency has yet to authorize
a fully adaptive (i.e., continuously learning) AI model.
Real-world performance data is particularly critical for AI-driven
SaMD, where algorithms may drift over time as they encounter
new patient populations and evolving clinical data. This was a
key topic of discussion in the recent inaugural meeting of FDA’s
Digital Health Advisory Committee in November. Related topics
of significant focus are cybersecurity and data privacy
compliance, given that SaMD often relies on cloud-based storage
and interacts with electronic health records (EHRs) and other
medical devices to import and transmit patient data. Under
FDA’s recently updated guidance, sponsors must submit
detailed cybersecurity risk management plans with their
premarket applications.
By engaging in early interactions with regulators and embracing
robust design controls, comprehensive clinical validation, and
postmarket performance monitoring, developers can navigate the
evolving regulatory landscape. In the coming years, we expect:
Continued effort to standardize the regulatory approach with
that of other key regulators, enhancing harmonization in
multiple global markets.
Additional attention to developing methods for appropriate
pre- and postmarket review of generative AI-based devices,
as industry presses to be able to commercialize continually
learning models.
Greater emphasis on cybersecurity and patient data protection,
particularly as SaMD integrates with broader
health care IT ecosystems.
Jodi Scott
Partner
Denver
Suzanne Levy Friedman
Counsel
Washington, D.C.
