Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

The Latest Guidance for AI and Machine Learning in Medical Devices V1

  • Published: April 22, 2024
  • Category: Medical Devices

Share this post

Avatar photo
Daniel Mannion

Share this post

AI Medical Devices (AiMD) and Software as Medical Devices (SaMD) manufacturers can speed up approvals and develop safer and more effective technology by applying the latest regulatory guidance. Regulators are often criticised for being behind-the-times with their application of and guidance on regulations, making it difficult for medical device manufacturers to evidence they are state-of-the-art. This was recently recognised by Melissa Torres, Director of International Affairs at the FDA’s Medical Device Centre (CDRH). 

In this blog we will unpack the latest thinking and developments on Artificial Intelligence (AI) and Machine Learning (ML) in medical devices and the steps businesses can take to ensure they’re ready.

IMDRF SaMD

The International Medical Device Regulators Forum (IMDRF) is an international group of medical device regulators working towards international alignment.  It including the US FDA, UK MHRA and the EU European Commission, so when they publish the first document on medical device software in 7 years*, SaMD developers should pay attention.

The document recently published by the IMDRF covers a lot of common ground with other guidance and latest thinking covered in this blog, including the importance of understanding the context of the software (i.e. the Use Environment), addressing the level of clinical autonomy and considerations around change management of software (including AI/ML software). It also calls out BS 34971 (in the US format AAMI TIR 34971) as a reference document, suggesting possible future recognition of this standard by regulators.

Especially useful will be the 22 pages of appendices showing worked examples for:

  • writing an Intended Use/Purpose Statement
  • characterising the software
  • software hazards and information risks
  • specific risks

*Ok, it’s only a draft for now and there have been some publications on cybersecurity in that time, but it’s still a big deal.

Good Machine Learning Practice

In 2023, the UK MHRA, US FDA and Health Canada released a rare joint statement on Good Machine Learning Principles for Medical Device Manufacturers. It’s a short document but gives a clear indication of the thinking of these three major medical device regulators.

Important requirements include:

  • The application of multi-disciplinary expertise, including understanding integration into the clinical workflow.
  • The need for Independent Test Data Sets
  • A focus on the performance of the Human-AI Team and Human Interpretability.
  • Clear Information for Users on intended use and performance of the device on different groups.
  • Post-Market Monitoring of device performance and re-training risks.

These provisions are a stepping stone towards further guidance for AI/ML medical devices and are being used as a starting position by the FDA in chairing the International Medical Device Regulatory Forum (IMDRF) in 2024. Given its approval by three independent regulators (all members of the IMDRF), it is expected that this will act as the basis of guidance documents on AI/ML medical devices from multiple regulators over the next few years.

BS/AAMI 34971:2023

ISO 14971 is the international standard for medical device risk management; BS/AAMI 34971:2023 is new guidance on the specific application of ISO 14971 to medical devices that include Machine Learning components. It provides valuable guidance on the ways in which Machine Learning components can impact product risks and gives a method to integrate these into the ISO 14971 approach to risk management.

There is a clear intersection between ISO 14971 and DCB0129 (the UK’s standard for Clinical Safety in the NHS for health care technology) and we recently wrote about the crossover in another blog here. For any AI / SaMD manufacturers planning on working in the UK/NHS, DCB0129 is an important and achievable standard that can form part of a robust quality management system. 

BS/AAMI 34971 is currently being reviewed for a potential future recognition/release as European Norm (EN) ISO 24971-2.

If you’re not currently applying ISO 14971 as part of your Quality Management System or are unsure how to do so effectively, our team can help. 

AMLAS

Assurance of Machine Learning in Automated Systems (AMLAS) is a process for integrating safety assurance into the development of Machine Learning products, including in Medical Devices as part of DCB0129. It has been developed by the Assuring Autonomy International Programme at the Institute for Safe Automation, University of York, UK. AMLAS presents a comprehensive structure for design control of ML systems and production of a compelling safety case for regulatory approval, reassurance of customers, and fulfilling the requirements of DCB0129. 

While not yet widely adopted and limited in scope for the implementation of digital health technologies, NHS England are actively supporting the training and upskilling of CSO’s to apply AMLAS as part of DCB0160 assessments. Despite its current application to the NHS alone, it still provides a clear structure for design controls which medical devices could utilise as part of their quality management system. 

 

ISO/IEC 42001:2023

A management system standard in the vein of ISO 9001, ISO 13485 and ISO/IEC 27001, ISO/IEC 42001:2023 guides organisations creating or using AI towards good practices and also allows for certification by a certification body of an organisation’s AI Management System (although at least in the UK, there appear to be no certification bodies accredited for this standard at time of writing).

ISO/IEC 42001 is structured to allow easier integration with other ISO Management System Standards into an Integrated Management System making it a sensible addition for AIaMD or SaMD manufacturers when developing their management system.

 

Upcoming Guidance and Standards

International regulators are already aware of the potential opportunities and harm posed by the rise of AI in medical devices. Below we have summarised what we know is already being developed: 

 

UK MHRA

Alongside completely overhauling the UK’s medical device regulations (although this is expected to look a lot like copying the EU’s homework in the form of adopting the EU Medical Device Regulation into UK law), the MHRA have three work packages planned that AI medical device developers specifically should be aware of:

  • “Rigour” – including Good Machine Learning Practice as above, standards and guidance on application of Medical Device Regulations to AI medical devices
  • Interpretability – Increasing requirements around being human-centric in AI system development and making AI systems trustworthy.
  • Adaptivity – perhaps the holy grail for AI developers, this points towards the option of allowing AI systems to continuously learn.

The Office for Artificial Intelligence, under the Department for Science Innovation and Technology, has published a Policy Paper explaining the UK’s “Pro-Innovation” approach to AI regulation, perhaps suggesting some exemptions or reduced requirements for AI/ML medical devices in the UK. Most recently, the MHRA have confirmed they plan to adopt the IMDRF recommendations for software risk classification, which means there will be a route for some AI/ML medical devices to be self-certified in the UK (unlike in the EU MDR, which adopted an amended version that ruled out self-certification for AI/ML software).

 

EU

The major AI-related development in the EU is the progression of the EU AI Act towards implementation after it was approved in March 2024. The EU AI Act lists medical device applications as a High-Risk area for AI, requiring additions and changes for AI products within product-specific regulations (i.e. EU Medical Device Regulation and EU In Vitro Diagnostic Regulation). Once adopted (which looks almost certain now), AI medical device manufacturers should expect to see additional or clearer requirements implemented through changes to the EU MDR and IVDR, introduction of new Medical Device Coordination Group (MDCG) guidelines and harmonisation of standards over a 3-year transition period.

 

US FDA

The FDA AI/ML-Based Software as a Medical Device Action Plan was released three years ago and includes an overview of their approach to Total Product Lifecycle for AI/ML medical devices:

machine learning The Latest Guidance for AI and Machine Learning in Medical Devices V1 machine learning, Machine Learning in Medical Devices, AI Medical Devices, AI for Medical Devices

This includes  4 key areas to be addressed:

  1. Quality Management Systems (QMSs) – the FDA expects QMSs to be adapted to the specifics of developing AI/ML Medical Devices.
  2. Initial Premarket Assurance – the FDA wants to have data available to review on the Valid Clinical Association, Analytical Validation and Clinical Validation of the AI/ML Medical Device. This will prove critical in establishing ethical AI and ensuring that bias is accurately recorded or removed from the technology.
  3. The FDA plans to implement a system of “Predetermined Change Control Plans” – a mechanism of the FDA pre-approving changes to medical devices that include AI components where careful justification and evidence exists to support allowing these changes.
  4. Transparency and Post-Market Surveillance – the FDA wants to ensure AI/ML medical devices are performing well over time and that developers are being transparent when changes in performance occur.

Summary

Any AI/ML medical device manufacturer should know they are in a rapidly-evolving space – this applies to both competition and technology, but also the regulatory landscape. As regulators get a better handle on regulating AI/ML medical devices, expect to see current players experience regulatory troubles if they don’t keep on top of these changes in regulations, standards and guidelines.

However, by keeping abreast of and applying the relevant guidance as it emerges, this will keep you ahead of any changes and give you a competitive edge. By embedding your compliance and regulatory strategy as part of the wider business strategy, your business will be well positioned to provide  safe, ethical and impactful outcomes for customers and end users.

 

How Can 8fold help you?

We at 8foldGovernance are here to support your medical device regulatory needs. We focus on SaMDs and have extensive experience with SaMDs incorporating AI/ML; reach out to us for advice on Regulatory Strategy and keeping ahead of frequent changes in medical device regulations and standards through our QMaaS.

Loading...
The Latest Guidance for AI and Machine Learning in Medical Devices V1

The Latest Guidance for AI and Machine Learning in Medical Devices V1

Read More →

April 22, 2024
The Latest Guidance for AI and Machine Learning in Medical Devices V3

The Latest Guidance for AI and Machine Learning in Medical Devices V2

Read More →

June 17, 2024
The Latest Guidance for AI and Machine Learning in Medical Devices V3

The Latest Guidance for AI and Machine Learning in Medical Devices V3

Read More →

September 9, 2024

Other Articles​

Loading...
IEC 62304 vs EU MDR classification

Implementing IEC 62304: 5 Common Mistakes

Read More →

July 3, 2026
FAQ: What is a Technical File?

FAQ: What is a Technical File?

Read More →

May 9, 2026
What is IEC 62304

FAQ: What is IEC 62304?

Read More →

April 27, 2026
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept