The FDA recently released a draft guidance for what documentation sponsors should include in premarket submissions for software-based products. The new guidance is an update to the current guidance, which is from 2005, and it has important information for anyone operating in the digital health space. In addition to BrightInsight’s regulatory experts, we spoke with Sonia Nath, Partner at Cooley LLP, to get insight into the updated guidance. While the draft guidance is extensive, here at BrightInsight we believe that there are three important things you need to know about it.

1. The new framework is likely to be the guiding principle that the FDA will use moving forward.

The new draft guidance applies to Software in a Medical Device (SiMD), Software as a Medical Device (SaMD) and the device constituent part of combination products. However, the FDA indicated that after finalization of this guidance, they intend to update the current guidance on off-the-shelf software so that it is consistent with the new framework.

Under the new framework, the FDA provides recommendations on the documentation sponsors should include in premarket submissions for software-based products—basic or enhanced—depending on the risk level of the software functions. You can see the exact documentation required for software devices that fall into each category in Table 1 on page 9 and in Table 2 on page 24 of the draft guidance.

“This is reflective of the FDA’s view of low risk/high risk when it comes to devices,” explains Nath. “This may be interpreted as a simpler risk-based approach to viewing software devices generally.”

While the previous 2005 guidance used a three-tier “Levels of Concern” framework, it makes sense to simplify the documentation process—the more categories the FDA is juggling, the harder it is administratively to evaluate a software device’s risk level. By focusing on basic and enhanced risk, they’re eliminating the middle ground and streamlining the process.

With the ever-increasing number of submissions to the FDA, it’s no wonder they’re updating their framework. The agency is trying to encourage innovation by providing guidance with more clarity that will allow innovators to accelerate time-to-market.

“In my opinion, the thinking behind this guidance is, if we tell you more explicitly what we need, you can get through the approval process more quickly because there’s not going to be so much back and forth,” says Nath. “Technology is always faster than the law and the guidance documents.”

This updated draft guidance is the FDA’s attempt to keep up with the influx of cutting-edge submissions.

2. The FDA has added more specificity in terms of what they expect in a submission.

In Table 1 on page 9 of the draft guidance, you’ll find the recommended documentation for submissions—and there is more clarification around expected content within documents, such as the Software Design Specification. While some people may see this as an additional hurdle, BrightInsight views it as a benefit. Sonia Nath agrees.

“I don’t see it as increasing the burden so much as the agency making sure that companies are thinking about the full product lifecycle and development at the time of submission, and that they have these elements that will be the backbone of their Quality Management System,” says Nath. “I actually think it’s a way that companies can clearly demonstrate how they ensure safety and efficacy of the software medical device at the time of clearance. So, it’s a win-win.”

3. Higher-risk Class II products will require additional documentation.

Many Class II software devices will fall into the enhanced category when it comes to risk. A malfunction in one of these lifesaving products could be catastrophic, so the FDA wants to make sure they have the appropriate documentation—and with the updated draft guidance, that means additional paperwork.

“Think about a ventilator or something in the hospital, or more likely the software that’s hooked up to that product. If that stopped working, it’s very high risk. So, the FDA is going to want to make sure that those products have sufficient guards on the software so that can’t happen,” Nath explains. “I also think that this guidance reflects the FDA’s concerns about cybersecurity, as today cybersecurity goes hand in hand with device safety.”

To learn more about the FDA’s new framework, read the draft guidance. Please note that it is open for comments until 02/02/2022, as the FDA wants to allow industry professionals a chance to provide input before the guidance becomes final.