Glossary & acronym decoder
The vocabulary of AI medical devices, in one place. Hover any term in the wider site for a quick definition; come here for the full entry, the source, and the cross-links.
-
510(k)
#510kPremarket Notification under section 510(k) of the FD&C Act
FDA submission demonstrating that a device is substantially equivalent to a legally marketed predicate device.
The most common pathway for Class II devices. AI/ML-specific recommendations apply (GMLP, transparency principles, PCCP for planned post-market modifications).
FDA -
AIaMD
#aiamdArtificial Intelligence as a Medical Device
MHRA's term for AI/ML-enabled medical-device software, the UK counterpart of FDA's AI/ML-DSF.
A subset of SaMD where the medical purpose is achieved using AI/ML. Subject to UK MDR 2002 (post-Brexit) and the MHRA's evolving AIaMD framework.
UKAI/ML -
Annex III
#annex-iiiAI Act Annex III, High-Risk Use Cases
Standalone list of high-risk AI use cases (biometrics, employment, education, essential services, law enforcement, migration, justice, democracy).
Distinct from the Art. 6(1) Annex I route used by medical-device AI. An Art. 6(3) derogation is available for narrow procedural / preparatory tasks unless the system performs profiling.
EUAI/ML -
Article 6
#article-6AI Act Article 6, Classification Rules for High-Risk AI
Two routes to high-risk: (1) safety component of a product covered by Annex I harmonisation legislation requiring third-party conformity, or (2) listed in Annex III.
Medical-device AI reaches high-risk via Art. 6(1) because the MDR is in Annex I and Class IIa+ devices require Notified Body assessment. Art. 6(3) provides a derogation for narrow procedural / preparatory tasks.
EUAI/ML -
CE Mark
#ce-markConformité Européenne marking
Mark affixed to products that comply with applicable EU regulations, including the MDR/IVDR.
For Class IIa+ medical devices the CE mark is accompanied by the four-digit identifier of the Notified Body that performed conformity assessment.
EUSee alsoNotified BodyMDR -
De Novo
#de-novoDe Novo Classification Request
FDA pathway for novel low-to-moderate-risk devices for which no predicate exists; creates a new Class I or II classification.
Used when general (and special) controls are sufficient to provide reasonable assurance of safety and effectiveness but no suitable 510(k) predicate exists. Successful De Novo grants become predicates for future 510(k)s.
FDA -
Drift
#driftDataset / Concept Drift
Degradation in model performance over time as the deployment data distribution diverges from the training distribution.
Two flavours: covariate (input) drift and concept (label) drift. Detection requires real-world performance monitoring with appropriate ground truth and statistical tests.
AI/ML -
EU AI Act
#ai-actRegulation (EU) 2024/1689
EU horizontal regulation on artificial intelligence, in force August 2024 with phased application through 2027.
Risk-tiered: prohibited practices (Art. 5), high-risk systems (Art. 6 + Annex III), limited-risk transparency obligations (Art. 50), and general-purpose AI models (Chapter V).
EUAI/MLEU AI Act text See alsoArticle 6Annex IIIFRIA -
EUDAMED
#eudamedEuropean Database on Medical Devices
Central EU database for actor, UDI/device, certificate, clinical investigation, vigilance, and market-surveillance data.
Some modules are mandatory; others are being phased in. UDI registration is required before placing devices on the EU market.
EU -
FRIA
#friaFundamental Rights Impact Assessment
Assessment required by Art. 27 of the AI Act for deployers of certain high-risk AI systems, primarily public bodies.
Covers process description, period and frequency of use, categories of affected persons, specific risks of harm to fundamental rights, human-oversight measures, and the response plan if risks materialise.
EUAI/MLSee alsoEU AI Act -
GMLP
#gmlpGood Machine Learning Practice
Ten guiding principles jointly published by FDA, Health Canada, and MHRA for the development of ML-enabled medical devices.
Covers multi-disciplinary expertise, good software engineering, representative datasets, training/test independence, performance evaluation, model selection, transparency, deployment monitoring, and security.
FDACanadaUKAI/MLFDA, GMLP Guiding Principles See alsoPCCPSaMD -
Health Canada
#health-canadaHealth Canada, Therapeutic Products Directorate
Canadian medical-device regulator. Co-author of the GMLP guiding principles with FDA and MHRA.
Operates a four-class licensing system. Recognises ISO 13485 via MDSAP. Issued draft pre-market guidance for ML-enabled medical devices in 2023.
CanadaAI/ML -
IEC 62304
#iec-62304IEC 62304, Medical device software lifecycle processes
International standard for the lifecycle of medical-device software, with safety classes A, B, C based on potential harm.
Defines processes for software development, maintenance, risk management, configuration management, and problem resolution. Foundational to most software medical-device submissions.
InternationalQuality -
IEC 62366
#iec-62366IEC 62366-1, Application of usability engineering to medical devices
International standard for usability engineering and human-factors validation of medical devices.
Critical for AI devices intended for clinician decision-support, where automation bias and over-reliance are foreseeable use errors.
InternationalQuality -
IMDRF
#imdrfInternational Medical Device Regulators Forum
Voluntary group of medical-device regulators (FDA, EMA, MHRA, Health Canada, NMPA, PMDA, TGA, ANVISA) that publishes harmonised guidance.
Successor to the Global Harmonization Task Force. IMDRF documents (e.g., the SaMD risk-categorisation framework N12) are non-binding but heavily cited by national regulators.
InternationalIMDRF homepage See alsoSaMDIMDRF N12GMLP -
IMDRF N12
#n12SaMD: Possible Framework for Risk Categorization
Risk-categorisation matrix that maps SaMD into Categories I–IV using significance of information × healthcare situation.
Two axes: significance of information provided (inform / drive / treat or diagnose) and state of healthcare situation (non-serious / serious / critical). Adopted as the conceptual basis for FDA's SaMD framework and informs MDR Rule 11.
International -
ISO 13485
#iso-13485ISO 13485:2016, Medical devices, Quality management systems
International QMS standard for medical device manufacturers; the reference standard for EU MDR and (from Feb 2026) the FDA QMSR.
Specifies requirements for a QMS where an organisation needs to demonstrate its ability to provide medical devices that consistently meet customer and applicable regulatory requirements.
InternationalQuality -
ISO 14971
#iso-14971ISO 14971:2019, Application of risk management to medical devices
International standard for medical-device risk management across the full product lifecycle.
Required (or strongly expected) by every major regulator. Defines hazard, harm, risk, risk control, and benefit-risk analysis. AAMI TIR34971 extends the framework to AI/ML devices.
InternationalQualityAI/ML -
IVDR
#ivdrRegulation (EU) 2017/746, EU In Vitro Diagnostic Regulation
EU regulation governing in-vitro diagnostic medical devices, including IVD software.
Companion to the MDR with its own classification rules (Classes A–D). Covers diagnostic algorithms operating on patient samples.
EUSee alsoMDR -
MDCG 2019-11
#mdcg-2019-11Guidance on Qualification and Classification of Software (rev.1, June 2025)
EU Medical Device Coordination Group guidance for deciding whether software is a medical device and how to classify it under MDR/IVDR.
Endorsed by all EU Member States. Provides decision trees for MDSW qualification and worked examples for Rule 11 classification.
EUSee alsoMDRMDR Rule 11MDSW -
MDR
#mdrRegulation (EU) 2017/745, EU Medical Device Regulation
EU regulation governing medical devices, replacing the MDD. Software medical devices are classified under Rule 11.
Came into application on 26 May 2021. Mandates Notified Body conformity assessment for Class IIa and above, clinical evaluation, post-market surveillance, and EUDAMED registration.
EU -
MDR Rule 11
#rule-11Annex VIII Rule 11 of the EU MDR
Classification rule for software intended to provide information used to take decisions for diagnostic or therapeutic purposes, at least Class IIa.
IIb if decisions may cause serious deterioration or surgical intervention; III if death or irreversible deterioration. Software for monitoring physiological processes is IIa (IIb where variations could result in immediate danger).
EUMDCG 2019-11 rev.1 See alsoMDRMDCG 2019-11 -
MDSAP
#mdsapMedical Device Single Audit Program
Programme allowing a single QMS audit to satisfy regulators in Australia, Brazil, Canada, Japan, and the US.
Audit reports are accepted by participating regulators in lieu of their own routine inspections. Built on ISO 13485.
InternationalQuality -
MDSW
#mdswMedical Device Software
Software that meets the MDR/IVDR definition of a medical device, the European counterpart of SaMD.
MDCG 2019-11 walks through the qualification decision: software is MDSW if it has a medical purpose on its own (not merely storage, communication, or simple search).
EUSee alsoSaMDMDCG 2019-11 -
MHRA
#mhraMedicines and Healthcare products Regulatory Agency
UK regulator for medicines and medical devices, including AIaMD.
Operates the AI Airlock sandbox and is delivering an AIaMD change programme aligned with FDA's GMLP and PCCP work.
UKAI/MLMHRA AIaMD programme See alsoAIaMDGMLP -
Model Card
#model-cardStructured disclosure document describing an AI model's intended use, training data, performance, limitations, and known biases.
Originally proposed by Mitchell et al. (2019). Endorsed by FDA's Transparency for ML-Enabled Medical Devices guiding principles as a recommended format.
AI/ML -
NMPA
#nmpaNational Medical Products Administration (China)
China's medical-device regulator. Publishes specific AI/ML medical-device technical guidance.
Successor to CFDA. AI medical software is classified by intended use and risk; high-risk AI typically requires Class III registration with clinical data from Chinese sites.
ChinaAI/MLSee alsoSaMD -
Notified Body
#notified-bodyNotified Body (EU)
Independent conformity-assessment organisation designated by an EU Member State to audit MDR/IVDR compliance for Class IIa+ devices.
Issues CE certificates after auditing the manufacturer's QMS and reviewing technical documentation. Examples: BSI, TÜV SÜD, DEKRA.
EU -
PCCP
#pccpPredetermined Change Control Plan
An FDA-authorised plan that lets a manufacturer implement specified post-market modifications to an AI device without a new submission.
Three required components: Description of Modifications, Modification Protocol, and Impact Assessment. Each modification must still meet quality-system requirements (full design-control V&V of the entire device).
FDAAI/ML -
PMA
#pmaPremarket Approval
FDA's most stringent pathway, required for Class III devices that support or sustain human life or pose unreasonable risk.
Requires valid scientific evidence (typically clinical investigation) of safety and effectiveness. Often involves Advisory Committee review for novel AI.
FDA -
Premarket Cyber
#premarket-cyberFDA Premarket Cybersecurity Guidance (2023)
FDA guidance on cybersecurity content in premarket submissions, mandated by section 524B of the FD&C Act.
Requires a Secure Product Development Framework, threat modelling, SBOM, vulnerability management plan, and post-market patching commitments for any cyber device.
CybersecurityFDA -
Q-Sub
#qsubQ-Submission Program (Pre-Submission)
FDA mechanism for soliciting agency feedback before formal marketing submission.
Highly recommended for novel AI devices, automatic implementation of modifications, or any PCCP element where alignment with FDA review division is uncertain.
FDA -
QMSR
#qmsrQuality Management System Regulation
FDA's successor to 21 CFR 820, incorporating ISO 13485:2016 by reference. Effective 2 February 2026.
Aligns FDA's quality-system requirements with the global ISO 13485 baseline used by the EU MDR, MDSAP, and most other major jurisdictions, reducing duplicate compliance burden.
FDAQuality -
QSR
#qsrQuality System Regulation (21 CFR Part 820)
FDA's medical-device quality-system rule. Replaced by the QMSR effective 2 February 2026.
Sets requirements for design controls, document controls, CAPA, complaint handling, and other QMS elements for device manufacturers selling in the US.
FDAQuality -
RWP
#rwpReal-World Performance
Ongoing measurement of an AI device's performance after deployment, on real clinical data.
Distinct from real-world evidence (RWE), RWP focuses on monitoring for drift, subgroup degradation, and unexpected failure modes. Often required as part of a PCCP monitoring plan.
AI/MLClinical -
SaMD
#samdSoftware as a Medical Device
Software intended to be used for one or more medical purposes that performs those purposes without being part of a hardware medical device.
Defined by the IMDRF in N10 and N12. Distinguishes pure-software medical devices from Software in a Medical Device (SiMD), software embedded in hardware. Most AI-enabled medical products today fall under SaMD.
InternationalAI/MLIMDRF SaMD WG/N10 See alsoSiMDIMDRFIMDRF N12 -
SBOM
#sbomSoftware Bill of Materials
Machine-readable inventory of software components, used to assess vulnerability exposure.
Required by FDA's 2023 premarket cybersecurity guidance for cyber devices. Common formats: SPDX and CycloneDX.
CybersecurityFDASee alsoPremarket Cyber -
SiMD
#simdSoftware in a Medical Device
Software embedded inside a hardware medical device, distinct from SaMD.
Examples include firmware in an infusion pump or the controller of a CT scanner. SiMD is regulated as part of the parent device, not as a standalone software device.
InternationalSee alsoSaMD -
TIR 34971
#tir34971AAMI TIR34971, Application of ISO 14971 to AI/ML
AAMI Technical Information Report applying ISO 14971 risk management to AI- and ML-enabled medical devices.
Provides AI-specific hazards (e.g., dataset shift, automation bias, adversarial inputs) and recommended controls. Increasingly cited in FDA submissions and Notified Body reviews.
AI/MLQuality -
Transparency Principles
#transparencyTransparency for ML-Enabled Medical Devices
FDA / Health Canada / MHRA guiding principles on what information should be disclosed to users of AI-enabled devices.
Companion to the GMLP principles. Covers what, why, where, and how information should be communicated, including model purpose, training data, performance, and limitations.
FDAUKCanadaAI/ML -
UDI
#udiUnique Device Identifier
Globally unique identifier required by FDA, EU MDR, and other major jurisdictions for traceability and post-market surveillance.
FDA PCCP guidance requires a new UDI for new versions/models and for new device packages, including model updates implemented under an authorised PCCP.
FDAEUInternational