Regulations
Regulations for medical devices - legally binding requirements for market access
Note: FDA regulations are legally binding requirements, not voluntary standards. These regulations are freely available from the FDA and must be complied with for US market access.
21 CFR Part 11
Electronic Records; Electronic Signatures
Requirements for electronic records and electronic signatures in FDA-regulated industries
21 CFR Part 820
Quality System Regulation (QMSR)
Quality system requirements for medical devices (aligned with ISO 13485:2016)
21 CFR Part 830
Unique Device Identification (UDI)
Requirements for device identification and labeling for post-market surveillance
21 CFR Part 812
Investigational Device Exemptions (IDE)
Requirements for clinical investigations of medical devices
21 CFR Part 807
Establishment Registration and Device Listing
Requirements for device establishment registration and product listing
21 CFR Part 803
Medical Device Reporting (MDR)
Requirements for reporting device-related adverse events and malfunctions
510(k) Premarket Notification
Premarket Notification Submission
Requirements for demonstrating substantial equivalence to predicate devices
PMA (Premarket Approval)
Premarket Approval Application
Requirements for Class III device approval including clinical data
eSTAR Template
electronic Submission Template And Resource
Structured electronic submission template for 510(k) submissions
FDA Cybersecurity Guidance
Cybersecurity in Medical Devices: Premarket Submissions
Finalized guidance on SPDF, threat modeling, SBOM, and cybersecurity risk assessment for premarket submissions
Section 524B (FD&C Act)
Ensuring Cybersecurity of Devices
Statutory mandate requiring SBOM, patching plans, and reasonable assurance of cybersecurity for cyber devices
HIPAA Security Rule
45 CFR Parts 160, 162, and 164 — Security Standards for ePHI
Administrative, physical, and technical safeguard requirements for protecting electronic Protected Health Information
HIPAA BAA Requirements
Business Associate Agreement Provisions — 45 CFR § 164.314(a)
BAA requirements for medical device companies handling ePHI, cloud provider BAAs, and vendor management
FDA Guidance Documents
FDA guidance documents provide recommendations and best practices for compliance with regulations. While not legally binding, they represent FDA's current thinking and are valuable for implementation.
Software as Medical Device (SaMD)
Complete implementation guide for software that meets the definition of a medical device, including classification, validation, and regulatory pathways.
View FDA GuidanceCybersecurity
Premarket and postmarket guidance for managing cybersecurity risks in medical devices, including threat modeling and security controls.
View FDA GuidanceHome-Use Devices
Human factors considerations and usability engineering requirements for medical devices intended for use in the home environment.
View FDA GuidanceLaser Notice 56
FDA guidance on conformance with IEC 60825-1 Ed. 3 and IEC 60601-2-22 Ed. 3.1 for laser products. Provides recommendations for manufacturers on demonstrating compliance with international laser safety standards.
View Laser Notice 56Quality System Regulation (21 CFR 820)
Quality system requirements for medical devices (QMSR), aligned with ISO 13485:2016. Includes design controls, process validation, and quality system requirements.
View DetailsEU MDR/IVDR Regulations
European Union Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR) requirements. These regulations are freely available and legally binding for EU market access.
MDR Annex I - General Safety
Complete checklist of general safety and performance requirements for medical devices under EU MDR, including essential requirements. This is the core regulation document.
View EU MDR RegulationSoftware Classification
MDCG 2019-11 guidance on qualification and classification of software as a medical device. Provides decision tree and examples for classifying software under EU MDR.
View MDCG 2019-11Clinical Evaluation
MDCG 2020-13 guidance on clinical evaluation documentation. Comprehensive guide for writing Clinical Evaluation Reports (CER) under EU MDR, including clinical data requirements.
View MDCG 2020-13Device-Specific Guidance
FDA guidance documents for specific device types, including special controls, classification, and regulatory pathways. These documents provide detailed requirements and recommendations for manufacturers of specific device categories.
Dental Equipment
FDA guidance for dental devices including classification, special controls, and testing requirements. Covers electrical safety, biocompatibility, sterilization, and performance standards for various dental equipment types.
Key Requirements:
- IEC 60601-1 (Electrical safety and essential performance)
- ISO 10993 (Biological evaluation of medical devices)
- ISO 17664 (Information to be provided by the manufacturer for the processing of resterilizable medical devices)
- ISO 14971 (Risk management for medical devices)
- FDA 510(k) requirements for Class II devices
Home Monitoring Devices
Comprehensive guidance for connected home monitoring medical devices, including cybersecurity requirements, usability engineering, remote monitoring capabilities, and data privacy considerations. Addresses unique challenges of home-use environments.
Key Requirements:
- IEC 81001-5-1 (Cybersecurity for health software and health IT systems)
- IEC 62366 (Usability engineering for medical devices)
- FDA Cybersecurity Premarket Guidance
- HIPAA compliance for protected health information
- Design considerations for home-use devices
Surgical Laser Systems
FDA guidance for surgical and therapeutic laser systems, including classification, special controls, performance standards, and safety requirements. Covers various laser types used in surgical procedures including ophthalmic, dermatological, and general surgery applications.
Key Requirements:
- IEC 60601-2-22 (Particular requirements for basic safety and essential performance of surgical, cosmetic, therapeutic and diagnostic laser equipment)
- IEC 60825-1 (Safety of laser products)
- Laser Notice 56 (Conformance with IEC standards)
- FDA Special Controls for specific laser types
- 510(k) requirements and performance testing
Wearable Medical Devices
Regulatory considerations for wearable medical devices including continuous monitoring devices, fitness trackers with medical claims, and implantable wearables. Covers form factor constraints, battery safety, environmental durability, and user experience requirements.
Key Requirements:
- IEC 60601-1 (Electrical safety for portable devices)
- IEC 62366 (Usability engineering for wearable interfaces)
- Environmental testing (temperature, humidity, shock, vibration)
- Battery safety and performance standards
- Software validation (IEC 62304) for connected wearables
- Cybersecurity for data transmission
AI/ML in Medical Devices
Comprehensive regulatory framework for artificial intelligence and machine learning-enabled medical devices. Includes FDA's AI/ML Action Plan, validation requirements, continuous learning considerations, and premarket/postmarket guidance for adaptive algorithms.
Key Requirements:
- FDA AI/ML Action Plan and Good Machine Learning Practice (GMLP)
- IEC 62304 (Software lifecycle processes for medical device software)
- Clinical validation and performance evaluation
- Change control for continuous learning algorithms
- Transparency and explainability requirements
- Cybersecurity for AI/ML systems
FDA Regulations - Legal Requirements
FDA regulations are legally binding requirements that must be complied with for US market access. Unlike standards, regulations are mandatory and enforceable by law. This section provides implementation guidance to help understand and comply with these regulations.