AI SaMD Playbook is a working reference for RA/QA, product, and security teams turning machine-learning models into cleared Software as a Medical Device · covering the new FDA, EU AI Act, MHRA, Health Canada, and NMPA expectations, the risk vectors auditors are now asking about, and the artifacts (PCCP, model cards, crosswalks) you need on file.
Sponsored by Blue Goat Cyber · 250+ FDA submissions, zero rejections.
Global obligations across the ML development pipeline
Hover any node for the compliance question it raises.
AI didn't just add a feature to medical software. It rewrote the assumptions underneath every premarket submission, every post-market report, and every cybersecurity threat model.
PCCPs let manufacturers pre-authorize specified model updates without a new submission. The catch: the modification protocol must be airtight, and drift outside it is an unauthorized change.
Ten guiding principles for the lifecycle of ML-enabled devices: representative data, performance monitoring, human-in-the-loop, transparency. Increasingly cited in deficiency letters.
An AI SaMD that is Class IIa under MDR is almost always high-risk under the AI Act. Two conformity assessments, two technical files, two sets of post-market obligations · but one device.
Regulators increasingly expect model cards, intended-use populations, subgroup performance, and a clear story for how clinicians should weigh the output. Black boxes are getting harder to ship.
A curated reading list of the regulations, guidances, and frameworks that an AI/ML SaMD program is expected to know · with the canonical link to each.
Medical Device Coordination Group guidance · including MDCG 2019-11 on qualification & classification of software, the MDCG-endorsed cybersecurity guidance, and MDR/AI Act interplay.
The UK's iterative reform programme · eleven workstreams covering qualification, premarket, post-market, cybersecurity, and AI-specific transparency. Targeted guidance lands on a rolling basis.
Final guidance reissued 3 Feb 2026, superseding the June 2025 version. The reference document for SBOM, threat modelling, vulnerability management and post-market cyber for any AI-enabled device.
Phase 2 (announced Oct 2025) adds seven technologies spanning ambient clinical scribes, cancer diagnostics, eye-disease detection and obesity treatment. April 2026 funding extends the programme through 2028.
Health Canada's risk-based premarket framework · data quality, validation, transparency, predetermined-change handling, and post-market monitoring for ML-enabled SaMD.
Draft guidance (Jan 2025) outlining premarket and lifecycle expectations for AI-enabled device software functions, including transparency, performance monitoring, and labelling.
June 2025 joint MDCG + AI Board guidance on how MDR/IVDR conformity assessment lines up with AI Act high-risk obligations · the canonical reference for a single dual-conformity file.
Published Oct 2025, the 77-page synthesis of the Apr 2024 – Mar 2025 pilot cohort. Not formal guidance, but the clearest signal of how MHRA is reasoning about AIaMD evidence, monitoring and change control.
Final guidance on how manufacturers can pre-authorize specified model modifications without a new submission. Defines the Description of Modifications, Modification Protocol, and Impact Assessment.
Classifies medical AI as high-risk under Article 6 + Annex I. High-risk obligations apply Aug 2026; GPAI obligations from Aug 2025. Layers on top of MDR/IVDR conformity assessment.
A live sandbox pairing manufacturers, approved bodies, and the NHS with the MHRA to test how novel AI medical devices can be safely regulated before launch.
Draft 2024 expansion of the ten GMLP principles, prepared by the IMDRF AI/ML Working Group. Feeds back into FDA, MHRA, and HC alignment.
WHO guidance on the ethics and governance of large multi-modal models in health, covering oversight, transparency, bias, and accountability across the lifecycle.
Voluntary framework increasingly cited by US regulators and procurers · Govern, Map, Measure, Manage. Adopted as the spine of many manufacturer AI risk programs.
The harmonised vocabulary regulators now reference · model, training data, locked vs. adaptive, deployment environment. The starting point for any cross-jurisdictional submission.
Co-authored with Health Canada and the MHRA. The de facto checklist regulators read submissions against: representative data, human-in-the-loop, lifecycle monitoring.
A live, dated read on the FDA, EU AI Act, MHRA and APAC milestones that change what an AI/ML SaMD program must do.
HEADS UP · The EU's proposed Digital Omnibus on AI (in trilogue) would push high-risk dates from 2 Aug 2026 to 2 Dec 2027. Treat EU 2026/2027 entries as proposed, not settled.
Health Canada finalises lifecycle expectations for machine-learning enabled medical devices, aligning with IMDRF GMLP and FDA action plan.
MHRA opens its regulatory sandbox for AI as a Medical Device, pairing manufacturers with approved bodies and the NHS to stress-test novel AI devices pre-market.
Predetermined Change Control Plans become the expected vehicle for bounded post-market model updates; the lifecycle draft is now cited in reviews.
Prohibited practices apply across the Union and providers / deployers must ensure AI-literacy for staff operating AI systems.
General-purpose AI providers face transparency, copyright, and systemic-risk obligations that propagate downstream into medical-device integrations.
Refreshed premarket cybersecurity expectations including SBOM, AI-aware threat modelling, and post-market coordinated vulnerability disclosure.
TGA publishes its updated approach to AI in medical devices, with explicit positions on evidence packages and Australian-population data.
Second cohort runs under multi-year funding, locking in the Airlock as a permanent route for novel AI devices through 2028.
Primary date for high-risk AI systems (Arts. 9–14, 72) to be fully compliant. EU's Digital Omnibus on AI proposes pushing this to 2 Dec 2027 — treat as pending.
Japan's IDATEN scheme and Confirmation of Change Plans are explicitly extended to AI-based devices, with Japan-specific evidence expectations.
Final lifecycle guidance is expected to formalise GMLP-aligned expectations across the total product life cycle for AI-enabled devices.
Dual conformity (MDR + AI Act) required with no further grandfathering for legacy Annex I devices that integrate AI components.
Australia's software-as-medical-device rules consolidate, with AI-aware criteria for clinical decision support and adaptive systems.
A dated read on the FDA, EU AI Act and MHRA milestones that change what an AI/ML SaMD program has to do, and by when.
Heads up - The EU's proposed Digital Omnibus on AI (in trilogue) would push the high-risk application date from 2 Aug 2026 to 2 Dec 2027, with knock-on effects for the Annex I extension. Treat the EU 2026/2027 entries below as the regulation as enacted, not as a settled timetable.
MHRA opens its regulatory sandbox for AI as a Medical Device, pairing manufacturers with approved bodies and the NHS to stress-test novel AI devices pre-market.
Regulation (EU) 2024/1689 enters into force. Most obligations apply on a staged timetable; the clock starts here for medical AI manufacturers.
On 3 Dec 2024 FDA publishes the final Marketing Submission Recommendations for a Predetermined Change Control Plan for AI-Enabled Device Software Functions, letting manufacturers pre-authorise specified model modifications without a new submission.
On 7 Jan 2025 FDA publishes draft lifecycle-management guidance for AI-enabled device software functions (docket FDA-2024-D-4488), signalling expectations on transparency, monitoring and labelling that reviewers are already citing in submissions ahead of finalisation.
Prohibited AI practices (Art. 5) and AI literacy obligations (Art. 4) become applicable. Affects any deployer or provider operating in the EU, including medical AI vendors.
General-Purpose AI model rules (Chapter V), governance bodies and penalties become applicable. Foundation-model providers used inside SaMD now in scope.
MHRA publishes the 77-page AI Airlock pilot programme report (Apr 2024 – Mar 2025) and announces a Phase 2 cohort of seven AI technologies, signalling how the agency expects evidence, monitoring and change control to evolve for AIaMD.
MHRA continues releasing workstream outputs (qualification, premarket, post-market, cybersecurity, AI-specific transparency) on a rolling basis under the SaMD/AIaMD Change Programme.
FDA reissues the final Cybersecurity in Medical Devices guidance (3 Feb 2026), superseding the June 2025 version. Now the controlling document for SBOM/AIBOM, threat modelling, vulnerability management and post-market cyber for any AI-enabled device submission.
MHRA confirms £3.6M over three years to expand the AI Airlock, locking in the sandbox as a standing component of UK AIaMD regulation through 2028.
Full high-risk regime applies to AI systems classified under Article 6 + Annex III. Most medical AI is high-risk via the MDR/IVDR conformity-assessment route under Annex I, risk management, data governance, transparency, human oversight and post-market monitoring become enforceable.
Extended transition period closes for high-risk AI embedded in products covered by Annex I sectoral law (medical devices, IVDs, machinery). Full conformity assessment under both MDR/IVDR and the AI Act required.
Eight AI-specific risk vectors that are reshaping how SaMD is reviewed, monitored, and · when it goes wrong · recalled. Severity reflects how often we see them in 2024–2025 deficiency letters.
A working primer on the recurring themes in 2024–2025 deficiency letters. Tap any row to expand the regulator's expectation and the watchpoints we look for in a submission review.
Training data that under-represents skin tones, ages, sexes or device vendors produces silent disparities in sensitivity and specificity. FDA, MHRA and Health Canada now expect performance to be reported by clinically relevant subgroups, with mitigation plans where gaps are found.
Seven sourced incidents · from regulated SaMD failures to the consumer-chatbot tragedies that are now driving how the FDA, EU and MHRA rewrite the rules.
Several entries describe suicide, self-harm and patient deaths in clinical detail. Sourced to court filings, peer-reviewed journals and primary reporting. If you are in crisis, please contact your local emergency services or findahelpline.com.
An on-device AI triage algorithm for pneumothorax detection on chest X-ray · cleared via 510(k) and a worked example of how the FDA expects AI lifecycle controls to look in a real submission.
Wrongful-death suit alleging ChatGPT coached a 16-year-old toward suicide over months of conversation.
First major US wrongful-death suit against an AI companion app: 14-year-old Sewell Setzer III died by suicide after months of attachment to a Character.AI persona.
An adult Belgian man died by suicide after six weeks of conversation with 'Eliza', a chatbot built on the Chai app's GPT-J–based model.
The US National Eating Disorders Association pulled its Tessa chatbot days after launch when it began dispensing weight-loss advice to users with eating disorders.
MHRA-regulated triage app repeatedly criticised for missing serious presentations including heart attack and sepsis in safety researcher tests.
Internal IBM documents revealed Watson recommended 'unsafe and incorrect' cancer treatments, including a regimen contraindicated by the patient's bleeding.
External validation of Epic's widely-deployed sepsis prediction model found it missed 67% of sepsis cases and generated alert fatigue at scale.
A condensed view of how the major regulators are positioning on AI in SaMD. Use it to scope your global submission strategy before the divergence multiplies your timeline.
IMDRF SaMD tiers down the side, every regulator's local class across the top. Each cell is the one obligation that bites at that tier in that jurisdiction.
|
IMDRF SaMD tier
|
FDA
United States
|
EU
EU AI Act + MDR
|
MHRA
United Kingdom
|
HC
Canada
|
PMDA
Japan
|
TGA
Australia
|
NMPA
China
|
|---|---|---|---|---|---|---|---|
|
Tier IInform
Inform clinical management · non-serious condition
e.g. Wellness coach prompting hydration
|
Class I / often exempt
510(k)-exempt likely; QSR + cybersecurity still apply
|
MDR Class I · AI Act high-risk if Annex I route
Self-declared CE under MDR; AI Act may still pull in if rule applies
|
UK Class I
Self-declared; SaIAMD Workstream 02 on intended purpose
|
Class I
Establishment licence only; MDEL
|
Class I · General
Self-notification; no PMD Act premarket review
|
Class I
ARTG inclusion; conformity assessment evidence
|
Class I
Record-filing with provincial NMPA bureau
|
|
Tier IIDrive
Inform clinical management · serious condition
e.g. Triage suggestion in primary care
|
Class II · 510(k) / De Novo
510(k) or De Novo; PCCP recommended for any retraining
|
MDR Class IIa · AI Act high-risk
Notified Body conformity + AI Act Annex IV technical file
|
UK Class IIa
Approved Body review; SaIAMD WS 02 + WS 09 (cyber-secure AI)
|
Class II
Medical Device Licence; ML-enabled pre-market guidance applies
|
Class II · Controlled
Third-party certification or PMDA review depending on generic class
|
Class IIa
Conformity assessment; AI evidence guidance for software
|
Class II
Provincial NMPA review + algorithm filing + Chinese clinical data
|
|
Tier IIIDiagnose
Drive clinical management · serious condition
e.g. AI-CADx flagging suspicious lesions
|
Class II/III · De Novo or PMA
Clinical validation expected; AI/ML lifecycle draft cited in reviews
|
MDR Class IIb · AI Act high-risk
Notified Body + AI Act Arts. 9–14 + Art. 72 post-market AI plan
|
UK Class IIb
Approved Body design-dossier or type review; AI Airlock candidate
|
Class III
Clinical evidence + ML pre-market guidance + post-market plan
|
Class III · Highly Controlled
PMDA review; IDATEN / Confirmation of Change Plans for AI changes
|
Class IIb
TGA conformity assessment; AI-specific evidence expected
|
Class II/III
CMDE technical review; Chinese-population validation; locked model
|
|
Tier IVTreat or diagnose critical
Diagnose / treat · critical condition
e.g. Autonomous AI dosing or critical-care diagnosis
|
Class III · PMA
Full PMA + rigorous clinical; PCCP mandatory for any model update
|
MDR Class III · AI Act high-risk
Annex IX conformity + AI Act + FRIA (Art. 27) for public deployers
|
UK Class III
Approved Body design-dossier; Innovative Devices Pathway encouraged
|
Class IV
Highest scrutiny; clinical investigation + full ML evidence package
|
Class IV · Highly Controlled
Full PMDA review + locked-model expectations + post-market obligations
|
Class III / AIMD
TGA conformity assessment; clinical investigation typical
|
Class III
NMPA national review; CMDE AI guideline; Chinese trial data required
|
Classifications are indicative · local rules and intended-use specifics control · for a personalised classification run the risk wizard.
Population, modality, decision class. Everything else · PCCP, GMLP, post-market · flows from this.
Specify which parameters can change, the protocol that governs changes, and the impact assessment template.
Treat the model as an attack surface: poisoning, evasion, extraction, prompt injection, supply chain.
Datasets, subgroup performance, known failure modes. Regulators read these. So do plaintiffs.
Drift detectors, performance dashboards, AE triage, and a documented rollback path on day one.
One control set; two technical files. Save the quarter you'd otherwise spend rewriting.
Short, plain-English answers to the AI-specific concerns we see surface in deficiency letters, notified-body Q&A, and pre-submission meetings. Use them as a self-check against your own technical file.
What reviewers want to see anticipated in your hazard analysis · beyond the usual SaMD risks.
How to keep a learning system inside its cleared envelope without filing a new submission for every retrain.
Where the FDA 2023 cybersecurity guidance and AI/ML expectations intersect · and what auditors now ask.
The documents reviewers and notified bodies are now explicitly asking for in AI/ML submissions.
Informational only · not legal or regulatory advice. Always reconcile against the current text of FDA, EU AI Act, MHRA, Health Canada, and NMPA guidance for your specific intended use.
The cybersecurity team behind 250+ FDA submissions with zero rejections. Penetration testing, threat modeling, SBOM, and AI/ML model security for medical device manufacturers · from first 510(k) to global rollout.
Every week, another regulator publishes another draft on AI in SaMD. Manufacturers don't need another PDF · they need one place to see the shape of the field, the risks that matter, and the playbook that keeps a submission moving.
Book a working session and we'll come back with a tailored read on the regulatory and cybersecurity work in front of you. No sales pitch · a 30-minute discovery call.
Replies within one business day · NDA on request
Live calendar · video link sent on confirmation. Bring your device concept, target regulator(s), and any open questions.
Book a discovery sessionOpens go.bluegoatcyber.com in a new tab