We use cookies to display personalized content, analyze site traffic, provide recommendations, and ensure you have a great browsing experience. By continuing to use our site, you consent to our use of cookies. Privacy Policy.
Software that functions as a medical device sits at the intersection of digital health innovation and FDA regulation. Knowing where your product falls under the SaMD framework is the first step toward a clear compliance path. Since 2007, QSS has guided device developers, digital health companies, and international software manufacturers through FDA regulation with clarity and confidence.
FDA SaMD regulation applies to software that performs a medical function independently, not software that simply runs a hardware device. Determining whether your product meets that definition, and at what risk level, shapes every decision that follows: whether you need a 510(k), a De Novo request, or fall under enforcement discretion.
The landscape has shifted significantly with FDA's Digital Health Center of Excellence and evolving guidance on clinical decision support software and mobile medical applications. What applied two years ago may not apply today. Companies that move forward without current regulatory intelligence risk building a compliance strategy around outdated assumption.
For international companies entering the U.S. market, FDA SaMD requirements add another layer to an already complex market entry picture. Classification, submission, cybersecurity documentation, and post-market obligations all need to be addressed before your software reaches U.S. users.
We assess your software’s intended use, clinical function, and risk profile to determine how FDA classifies it and which regulatory pathway applies. This is the foundation of every SaMD compliance strategy, and the step most companies underestimate.
Many Class II software devices require a 510(k) premarket notification before reaching the U.S. market. We prepare the full SaMD 510(k) submission package, including software documentation, substantial equivalence arguments, and performance data structured to FDA’s current guidance for software devices.
FDA expects premarket submissions for SaMD to include a defined set of software documentation. We help prepare the full package: software description, architecture, hazard analysis, requirements specification, verification and validation documentation, traceability, unresolved anomalies, revision history, and release documentation. A complete, well-organized software documentation package reduces the risk of Additional Information requests and keeps your review on track.
For software that incorporates artificial intelligence or machine learning, FDA expectations extend beyond traditional software documentation. We advise on model inputs, training and validation data, performance monitoring considerations, and how future algorithm changes will be managed after clearance or authorization. Where applicable, we support Predetermined Change Control Plan development to accommodate iterative model updates within an FDA-reviewed framework.
For novel, high-risk, AI-enabled, or otherwise uncertain SaMD products, early FDA engagement can reduce pathway uncertainty before a full submission investment is made. We support Q-submission preparation, meeting packages, FDA question development, and response strategy so companies understand what the agency expects and can build their submission accordingly.
When your software is novel and no valid predicate exists, the De Novo pathway may be the appropriate route. We evaluate De Novo eligibility and support the classification request for software devices presenting low to moderate risk.
Not all CDS software is regulated as a medical device under FDA’s current framework. We assess whether your software meets the criteria for regulated CDS and advise on documentation and labeling requirements accordingly.
FDA expects cybersecurity to be addressed across the total product lifecycle for connected and software-based medical devices. We help structure cybersecurity documentation for premarket submissions, including threat modelling, risk controls, vulnerability management, software bill of materials (SBOM) considerations, and post-market cybersecurity monitoring expectations.
FDA’s PCCP framework allows software developers to plan for future modifications without triggering a new submission for every update. We advise on whether a PCCP is appropriate for your device and help structure the plan to FDA’s requirements.
After clearance, software changes must be evaluated to determine whether they affect intended use, risk controls, clinical performance, cybersecurity, or algorithm behaviour. We help clients document change assessments and determine the appropriate path forward — whether that’s a new 510(k), a De Novo supplement strategy, a PCCP approach, or internal documentation.
SaMD is software intended to be used for one or more medical purposes without being part of a hardware medical device. It runs on general-purpose platforms — smartphones, tablets, cloud environments — and performs a medical function on its own. Examples include software that analyses medical images, supports diagnosis or treatment decisions, monitors patient-specific health data, or generates clinical risk assessments. Whether your software meets this definition determines whether FDA regulation applies and at what level.
No. Not every health or wellness application is automatically regulated as a medical device. FDA takes a risk-based approach and exercises enforcement discretion over certain software categories, including some low-risk general wellness apps and specific clinical decision support tools. Whether your software requires clearance depends on its intended use, clinical claims, functionality, risk to the patient, and the degree to which its output informs diagnosis, treatment, prevention, or monitoring. Determining that accurately requires a regulatory assessment — not a general assumption based on product category.
FDA uses a risk-based framework to classify SaMD based on the significance of the information it provides and the condition it is intended to address. Higher-risk classifications — where the software drives or informs critical clinical decisions — require more rigorous premarket review. Lower-risk software may qualify for enforcement discretion or a streamlined pathway. Classification directly determines which submission type, if any, is required.
Many Class II SaMD products require a 510(k) premarket notification before they can be marketed in the United States. The specific requirement depends on your device classification and whether a valid predicate exists. Some novel software devices may require a De Novo classification request instead. An accurate pathway assessment at the start of your project is the most reliable way to avoid investing in the wrong submission type.
FDA expects premarket submissions for SaMD to include a cybersecurity plan covering threat modeling, security controls, and a software bill of materials (SBOM). Requirements have expanded significantly under FDA’s 2023 cybersecurity guidance. The level of documentation expected scales with the risk profile of the device and the sensitivity of the data it handles.
Yes, but FDA requirements apply regardless of where the software is developed. International SaMD developers must meet the same classification, submission, and post-market obligations as U.S.-based manufacturers. A U.S. Agent may also be required depending on your establishment registration obligations. QSS works with international digital health companies navigating U.S. market entry on a regular basis.
A PCCP is a framework that allows SaMD developers to plan and implement certain future software modifications without submitting a new 510(k) for each change. FDA introduced PCCP guidance to accommodate the iterative nature of software development. Not every SaMD product requires one, but for companies planning ongoing updates to their device, a well-structured PCCP can reduce regulatory burden significantly over time.
Talk to a specialist about your SaMD compliance pathway — whether you are determining classification for the first time or preparing a submission for the U.S. market.