FDA Updated Software Guidance

In September 2022, FDA Updated the Software Guidance Policy for Device Software Functions and Mobile Medical Applications.  Last revised in September 2019, the policy is intended to clarify FDA’s regulatory oversight on software functions, including those used on mobile platforms and general-purpose computing platforms as well as software in the function or control of a hardware device.  Here are some of the key takeaways from 2022 update:

  • Alignment with 21st Century Cures Act: FDA explains that the policy was updated in accordance with the changes described in the guidance Changes to Existing Medical Software Policies Resulting from Section 3060 of the 21st Century Cures Act.  Further updates to the policy from the FDA are also expected to harmonize with the final rule Medical Devices; Medical Device Classification Regulations To Conform to Medical Software Provisions in the 21st Century Cures Act” (86 FR 20278) and the FDA guidance Clinical Decision Support Software.
  • Moving accessories into the grey zone: Software functions that are extensions of medical devices by connecting to control or analyze data which may be used in combination with other devices now may be categorized as an accessory by the FDA whereas in the 2019 guidance, these software functions were considered accessories by the FDA.
  • Expanded software examples: The updated guidance includes examples of software functions cleared by the FDA through 510(k) submissions.  In addition, the guidance includes extensive examples of software functions that FDA does and does not consider as medical devices as well as software functions that FDA intends to exercise enforcement discretion.  Some examples which FDA had explicitly listed as software FDA intends to exercise enforcement discretion from the 2019 guidance are no longer mentioned in the revised 2022 guidance.
  • Patient and medical information: The updated guidance provides more detailed explanation on how to determine whether software used to record patient medical information is considered a medical device.  FDA mentions different scenarios and environments in which this type of software may be used and how the FDA intends on regulating these software.

FDA’s policy is a solid starting point for device and software manufacturers to develop their regulatory strategy.  An analysis of a software’s features and claims will also help manufacturers and developers classify their product and for innovative products, FDA meetings such as a presub (Q-sub) are encouraged.

Upcoming SoftwareCPR Training Courses:

Public Course – Jan 9-11, 2023 – Risk Management (in-person)

Our newly updated ISO 14971:2019 Medical Device Risk Management, A Software Organization’s Perspective public training course is now open for registration!

Where:  Tampa, Florida

  • Coverage of ISO 14971:2019, IEC 62304; amd1, and IEC/TR 80002-1.
  • System level hazards analysis – mapping to software, cybersecurity, and usability
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Dr. Peter Rech, Brian Pate

Discount Registration through October 31, 2022.  Reserve your spot!

Register here: https://events.eventzilla.net/e/2023-softwarecpr-public-training-course–iso-14971-medical-device-risk-management-a-software-organizations-perspective-2138576610


Public Course – Dec 12-15, 2022 – Being Agile & Yet Compliant (virtual)

COST: 4 half days for $1,920 per person

HOURS: 11 am until 3 pm EDT each day

TRAINING LOCATION: Virtual – live online

Register here:



Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.