SaMD Regulatory Landscape in the US and Europe

Software as a Medical Device (SaMD) represents a growing category of digital health technologies that collect, analyze, and interpret clinical data to support disease management, diagnosis, and patient care. Enabled by advanced analytics, SaMD can improve clinical decision-making, automate elements of care, and offer real‑time insights. Although the technology offers significant advantages—including reduced clinic visits, more frequent monitoring, and timely alerts—it also presents challenges due to reduced in‑person interactions and evolving regulatory expectations.

Evolving Regulatory Environment

The regulatory framework for SaMD is complex, reflecting the difficulty of classifying software that performs medical functions independently of hardware. The International Medical Device Regulators Forum (IMDRF), which includes the FDA, EMA, and other global regulators, defines SaMD as software intended for medical purposes without being part of a hardware medical device. The software must influence medical decisions or outcomes, but not directly control a physical device.

Software that automates workflows, organizes data, or performs closed‑loop actions without a clinical intermediary is not considered SaMD under the IMDRF model. This creates a substantial gray area, making early engagement with regulators essential to determine appropriate classification and pathways.

Developers increasingly rely on SaMD within clinical trials, sometimes making clinical performance claims before fully considering regulatory requirements. Low‑risk SaMD may be perceived as Class I, but misclassification can result in compliance gaps.

Addressing Regulatory Gaps

To advance regulatory oversight, the FDA introduced its Digital Health Software Precertification Program, which aims to streamline review processes for software‑based medical devices. Additionally, IEC 82304:2016 establishes safety and security requirements for health software products. In the EU, software that drives or influences device use is regulated accordingly; standalone medical-purpose software is classified independently.

U.S. FDA Approach

The FDA recognizes three categories of software associated with medical devices:

• Software as a Medical Device (SaMD) 
• Software in a medical device (SiMD) 
• Software used in manufacturing or maintaining a medical device 

IMDRF Risk Categorization Framework

SaMD risk is categorized into four levels (I–IV) based on the impact of incorrect output on patient or public health:

• Category IV: Highest impact 
• Category I: Lowest impact 

Quality Management Considerations for SaMD Manufacturers

Manufacturers should implement:

• Organizational structures that ensure leadership, oversight, and adequate resources 
• Lifecycle processes covering requirements, design, development, V&V, deployment, maintenance, and decommissioning 
• Realization and use processes that ensure safety, performance, and effectiveness 

Regulatory Requirements for U.S. Market Entry

Introducing SaMD into the U.S. market may require FDA clearance. Key regulatory references include:

• 21 CFR Part 11 – Electronic records and signatures 
• 21 CFR Part 820 – Quality System Regulation (QSR), reflecting current Good Manufacturing Practice (CGMP) requirements 

EU Regulatory Approach (MDR 2017/745)

Under the Medical Device Regulation (EU) 2017/745, Medical Device Software (MDSW) is defined as software intended for a medical purpose on its own or when influencing device use. Key principles include:

• Software with an independent medical purpose qualifies as MDSW 
• Software that drives or influences a hardware medical device and has a medical purpose is also considered MDSW 
• Software location does not affect qualification (cloud, mobile, desktop, embedded) 
• Intended users may include clinicians or laypersons 
• Software not qualifying as MDSW but intended as an accessory falls within MDR or IVDR scope 

This alignment ensures consistent evaluation of safety, perogy for a medical device or in vitro diagnostic medical device, they fall under the scope of the MDR.