addressing AI technologies, including:

• Software as a Medical Device (SaMD): Clinical Evaluation – This guidance emphasizes a risk-based approach to evaluating SaMD and outlines what constitutes sufficient clinical evidence to support safety and effectiveness claims.
• Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device: Action Plan – This document describes the FDA’s commitment to advancing the development and regulation of AI/ML technologies through a robust oversight framework that includes premarket review and postmarket monitoring.

EU Regulations

In Europe, AI applications within medical devices are subject to the Medical Devices Regulation (MDR) and the In Vitro Diagnostic Regulation (IVDR). Key points include:

• Classification – The classification of AI SaMD follows the EU MDR’s risk-based classification system, determining the level of regulatory scrutiny based on potential risks to patients and users.
• Clinical Evaluation Requirements – Manufacturers must present comprehensive clinical evaluation data that supports the safety, performance, and intended purpose of AI devices.

UK Regulations

The UK has adopted its own medical device regulation laws post-Brexit, primarily reflecting the EU framework. Key differences, however, are evolving:

• UK Medical Devices Regulations 2002 (as amended) – These regulations incorporate key features of the EU framework while allowing the MHRA to make additional national provisions tailored to UK needs.
• Guidance from the MHRA on AI – The MHRA is in the process of releasing guidance that specifically addresses AI technologies, aiming to provide clarity on expectations and compliance pathways.

Documentation

Effective regulatory affairs compliance related to AI and digital health products hinges on comprehensive and well-organized documentation. Some core documentation requirements include:

Technical File/Design Dossier

A detailed technical file or design dossier is vital for demonstrating compliance with regulatory requirements, encompassing:

• Device description, including intended use and specifications
• Risk management files outlining potential hazards and mitigations
• Evidence of the software development life cycle (SDLC) that adheres to applicable guidelines, including testing protocols and validation plans
• Data management plans to ensure integrity and confidentiality of patient and clinical data

Clinical Evaluation Reports (CER)

Regulatory expectations mandate that manufacturers produce a clinical evaluation report for AI-based devices that address:

• Analyzing existing clinical data and literature supporting safety and efficacy
• Detailing the testing conducted on device performance in real-world settings
• Justifying any bridging data requirements where existing clinical evidence from similar devices is applied

Post-Market Surveillance (PMS) Plan

Given the ongoing nature of AI model training and performance monitoring, a robust PMS plan is necessary that includes:

• Strategies for gathering post-market real-world evidence (RWE)
• Methods for monitoring software performance and updates
• Plans for reporting adverse events, aligning with pharmacovigilance requirements

Review/Approval Flow

Understanding the approval process for AI-driven products is critical for regulatory affairs professionals. Each jurisdiction has specific review pathways, which often integrate traditional approval processes with innovative regulatory frameworks.

FDA Review Flow

The FDA employs two main pathways for the approval of SaMD:

• PreMarket Approval (PMA) – For high-risk devices, requiring extensive clinical data and rigorous review.
• 510(k) Clearance – For devices similar to existing legally marketed devices, the requirement is to demonstrate substantial equivalence.

During the review process, the FDA assesses the safety and effectiveness of the AI algorithms, including performance data and clinical evaluation outcomes. Engaging with the FDA through their Pre-Submission program can provide valuable insights and guidance throughout product development.

EU/UK Review Flow

Within the EU, the Notified Body (NB) plays a crucial role in assessing compliance with the MDR or IVDR. The review pathways include:

• Full Conformity Assessment – For higher-risk devices (Class IIb and III), which requires an in-depth review of the technical documentation and clinical evaluation.
• Self-Certification – For lower-risk devices (Class I), where manufacturers can self-certify their products, demonstrating compliance against relevant standards.

For products intended for the UK market, the MHRA offers a similar assessment process, albeit with provisions that may differ from the EU due to regulatory changes post-Brexit. Manufacturers should ensure that they remain updated on the evolving landscape around regulatory approvals in the UK.

Common Deficiencies

In the context of AI-driven devices, companies often face challenges during regulatory submissions that lead to common deficiencies identified by regulatory agencies. Addressing these deficiencies proactively is critical for a successful application.

Insufficient Clinical Data

One major deficiency observed by the FDA, EMA, and MHRA is a lack of sufficient clinical evidence to support product claims. It is essential to:

• Provide clear justification for any reliance on bridging data
• Conduct rigorous clinical evaluations that meet the expectations outlined in the specific guidance documents

Inadequate Risk Management

Regulatory authorities expect detailed risk analysis, including identification, evaluation, and control measures. Organizations should ensure that:

• All potential risks associated with AI algorithms are thoroughly addressed in the risk management file
• Mitigation plans are established and demonstrated prior to submission

Insufficient Post-Market Plans

Deficiencies related to post-market surveillance and reporting can lead to compliance issues. Companies should ensure that:

• PMS plans are outlined with relevant methodologies for collecting and analyzing RWE
• Clear protocols are established to report adverse events and ensure ongoing product safety

Regulatory Affairs-Specific Decision Points

Decision-making in regulatory affairs requires careful consideration of various aspects to ascertain compliance with existing regulatory frameworks. Specific decision points relevant to AI-driven products include:

Variation vs. New Application

Determining whether to file a variation or a new application is critical when making changes to an existing AI-enabled system. Generally, a variation is appropriate when:

• The change does not significantly affect the product’s intended use or safety
• The modification pertains to software updates that enhance performance without altering fundamental claims
• The change can be deemed a minor amendment under existing guidance

Bridging Data Justification

The concept of bridging data is often essential in securing approval for AI products, especially when relying on existing studies or data from related devices. When justifying bridging data, it is important to:

• Clearly establish the relevance of the existing data to the new application
• Detail the degree of similarity between the devices and how that informs safety and efficacy

Conclusion

The integration of AI in medical devices and drug development poses unique regulatory challenges, necessitating a deep understanding of evolving guidelines and compliance expectations. Regulatory affairs professionals must navigate complex interactions with multiple stakeholders, including CMC, clinical, pharmacovigilance, quality assurance, and commercial teams, to ensure successful submissions. By adhering to established regulatory frameworks and proactively addressing common deficiencies, companies can secure compliance and facilitate timely product approval in the competitive landscape of modern healthcare.