Standards, Guidance & Notices
Showing 11–20 of 123
MHLW
Notice
Notice
MHLW-PFSB-MDED-0306-No.4
Notice No. 医薬機審発0306第4号 on Establishment of Witness Inspection Implementation Standards for Registered Conformity Assessment Bodies and Partial Revision of On-site Inspection Standards (March 6, 2026)
MHLW notice establishing witness inspection procedures for registered conformity assessment bodies and revising on-site inspection implementation standards to ensure compliance and quality oversight.
Published: 2026-03-06
MHLW
Notice
Notice
MHLW-PSEHB-PSD-0210-No.3
Notice on Partial Revision of 'Reporting of Medical Device Defects and Other Incidents' (Notice 医薬安発0210第3号, February 10, 2026)
Amendment to medical device adverse event reporting requirements, updating procedures for manufacturers and importers to report defects, malfunctions, and serious incidents to PMDA and MHLW in a timely manner.
Published: 2026-02-13
FDA
CDRH
CDRH
FDA-2026-D-Cybersecurity-QMS
Cybersecurity in Medical Devices: Quality Management System Considerations and Content of Premarket Submissions
Replaces the September 2023 final guidance. Title updated from "Quality System" to "Quality Management System" reflecting the QMSR final rule (21 CFR Part 820, effective February 2, 2026), which incorporates ISO 13485:2016 by reference. Core requirements for SPDF, premarket cybersecurity documentation, SBOM submission, and CVD policy remain. Adds terminology (Threat surface, Quality of Service) in Appendix 5.
Published: 2026-02-03
FDA
CDRH
CDRH
FDA-2022-D-0795
Computer Software Assurance for Production and Quality Management System Software
FDA final guidance (Feb 2026) on risk-based assurance for software used in medical device production and quality management systems. Supersedes the September 24, 2025 version, with the title updated from "Quality System Software" to "Quality Management System Software" to align with the QMSR (21 CFR Part 820 / ISO 13485:2016 harmonization effective February 2, 2026). Replaces Section 6 of the 2002 GPSV. Does NOT apply to SaMD/SiMD.
Published: 2026-02-03
ISO
ISO 81001-1 Ed.2
ISO 81001-1 Ed.2 - Health Software and Health IT Systems - Safety, Effectiveness and Security - Part 1: Principles and Concepts
ISO 81001-1 Edition 2 establishes fundamental principles and conceptual frameworks for ensuring safety, effectiveness, and security of health software and health information technology systems. Currently in Committee Draft (CD) stage under ISO/TC 210/WG1, the document is undergoing international standardization review with a voting deadline of March 27, 2026. This standard serves as a foundational framework supporting medical device software regulation globally, providing overarching principles that align with and complement harmonized standards including IEC 62304, ISO 14971, and others. The document addresses the integrated governance of safety, effectiveness, and cybersecurity across the health software lifecycle. Manufacturers should reference this standard to establish consistent quality management approaches and risk governance frameworks applicable to health software and IT systems. Edition 2 reflects evolving regulatory expectations regarding artificial intelligence, machine learning, and connected health technologies in the medical device ecosystem.
Published: 2026-01-30
FDA
CDRH
CDRH
FDA-2026-D-CDS
Clinical Decision Support Software
Final guidance clarifying the regulatory status of Clinical Decision Support (CDS) software under Section 520(o) of the FD&C Act. Defines criteria distinguishing device CDS (subject to FDA oversight) from non-device CDS (exempt). Addresses application to AI/ML-based CDS functions and provides examples across clinical specialties.
Published: 2026-01-29
CEN/
CENELEC
CENELEC
EN ISO 18562-1:2024
EN ISO 18562-1:2024 Biocompatibility evaluation of breathing gas pathways in healthcare applications – Part 1: Evaluation and testing within a risk management process
This newly established harmonized standard under EU MDR addresses biocompatibility evaluation specifically for medical devices with breathing gas pathways, such as ventilators and anesthesia delivery systems. The document provides comprehensive methodology for assessing biological safety of materials and substances in contact with respiratory gases through a risk management framework. Manufacturers should evaluate the biocompatibility potential of device materials and their extractables using appropriate biological testing and chemical analysis methods proportionate to patient exposure duration and conditions. The standard specifies evaluation strategies, test selection criteria, and acceptance criteria for breathing gas pathway components. Requirements apply to all devices intended to deliver or facilitate breathing gas therapy or anesthesia. This standard was published in the EU Official Journal via Decision 2026/193.
Published: 2026-01-28
AAMI
TIR
TIR
AAMI CR515:2025
AAMI CR515:2025 - Cybersecurity Considerations Specific to Machine Learning-enabled Medical Devices
AAMI CR515:2025 establishes cybersecurity considerations specific to machine learning-enabled medical devices. Recognized by the FDA as a consensus standard (Recognition Number: 13-153) on December 22, 2025, the document serves as a normative reference in the Software/Informatics domain. The standard specifies security risk management requirements essential for the development and operational deployment of medical devices incorporating artificial intelligence and machine learning technologies. Manufacturers should implement the specified cybersecurity controls and risk management procedures to address vulnerabilities introduced by machine learning algorithms, including model drift, adversarial attacks, and data integrity threats. The document provides manufacturers with practical guidance for integrating cybersecurity considerations throughout the device lifecycle, from initial algorithm development through post-market surveillance and model updates.
Published: 2025-12-22
NIST
CSWP
CSWP
CSWP 34
Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration
In-patient service demands have increased during a time when patients have experienced reduced access to hospital care. Hospital-at-Home (HaH) solutions are a form of telehealth that provide an in-patient care experience in patients’ homes, offering the potential for improved outcomes. While these are desirable benefits, HaH involves privacy and cybersecurity risks by introducing hospital-grade medical or biometric devices and information systems outside the hospital’s direct control (i.e., the patient’s home). Patient homes increasingly feature Internet of Things (IoT) devices, such as voice assistants (e.g., smart speakers), as part of a broader “smart home” ecosystem. These devices may not have capabilities that support privacy and security practices and may be used as pivot points for attackers to gain access to a hospital’s information system.
This paper introduces a notional high-level smart home integration reference architecture to better un
Published: 2025-12-17
IEC
IEC TS 81001-2-2:2025
Health software and health IT systems safety, effectiveness and security — Part 2-2: Guidance for the disclosure, communication and implementation of security needs, risks and controls
Consolidates and upgrades IEC TR 80001-2-2:2012 and IEC TR 80001-2-8:2016 from TR to TS. Strengthens alignment with MDS2 (Manufacturer Disclosure Statement for Medical Device Security). Specifies guidance for disclosure, communication and implementation of security needs, risks and controls. SBOM handling is treated separately from MDS2.
Published: 2025-10-01