International Framework for Regulating Software as a Medical Device

In September 2014, the International Medical Device Regulators Forum (IMDRF) issued a final version of “Software as a Medical Device: Possible Framework for Risk Categorization and Corresponding Considerations”. The IMDRF is the regulators-only successor group to the Global Harmonization Task Force (GHTF).

The harmonized document manifests the risk concerns to be the top priority in regulating software for medical purposes that is becoming increasingly important and appears in a variety of forms and on many computing platforms.

The new document proposes risk recognition and a control framework for Software as a Medical Device (SaMD). This is definitely a move in the right direction, because the existing regulations only apply to and address risks of the software embedded in medical devices, and the health risks posed by standalone software have not been properly assessed and regulated.

With the aim of establishing a shared foundation for the regulation of SaMD in member countries, the framework developed by the IMDRF proposes categorization of devices according to their risk profiles and identification of controls to assure their safety and effectiveness.

The IMDRF determined four risk categories for the SaMD: very high impact, high impact, medium impact, and low impact, with Category I being the lowest impact, based on the two main criteria:

  • The state of the healthcare situation or condition for which the SaMD is intended
  • The significance of the information provided by the SaMD to the healthcare decision: Is it intended to treat, diagnose, drive, or inform clinical management?

The document also provides a clear definition of SaMD and examples for each category, sets the stage for further discussions, and proposes developing approaches for SaMD regulatory controls.

It is available at