Post

Predetermined Change Control Plans for Artificial Intelligence and Machine Learning-Enabled Device Software Functions

This guidance provides recommendations for marketing submissions containing a Predetermined Change Control Plan (PCCP) for Artificial Intelligence-enabled Device Software Functions (AI-DSFs). The guidance applies to AI-DSFs that manufacturers intend to modify over time, whether modifications are implemented automatically, manually, or both. While broadly applicable to all AI-enabled devices, it is particularly tailored to devices incorporating machine learning.

  1. Develop a comprehensive PCCP containing:
    • Description of Modifications
    • Modification Protocol
    • Impact Assessment
  2. Ensure PCCP includes:
    • Data management practices
    • Re-training protocols
    • Performance evaluation methods
    • Update procedures
  3. Establish clear acceptance criteria and performance requirements
  4. Define communication and transparency procedures for users
  5. Implement monitoring and tracking systems for:
    • Safety events
    • Performance issues
    • Real-world data
  6. Maintain documentation in accordance with quality system requirements
  7. Consider early engagement with FDA through Q-Submission Program
  8. Ensure labeling remains current with modifications
  9. Implement version control procedures
  10. Establish procedures for handling deviations from authorized PCCP

Key Considerations

Clinical testing

  • Clinical validation required for modifications affecting clinical performance
  • Clinical testing protocols must be specified in the Modification Protocol
  • Performance requirements and acceptance criteria must be pre-defined
  • Clinical testing data must be representative of intended use populations

Non-clinical testing

  • Analytical validation required for modifications affecting device performance
  • Test protocols must be specified in the Modification Protocol
  • Performance requirements and acceptance criteria must be pre-defined
  • Test data must be representative of intended use conditions

Human Factors

  • Impact on users must be assessed for modifications affecting user interface or workflow
  • User training requirements must be specified when needed
  • Communication plan for informing users about modifications required

Software

  • Software verification and validation protocols required
  • Data management practices must be defined
  • Re-training protocols must be specified
  • Performance evaluation methods must be documented
  • Update procedures must be detailed

Cybersecurity

  • Cybersecurity risk management required
  • Validation processes must be defined
  • Security controls must be specified

Labeling

  • Updates to labeling required for modifications
  • Performance changes must be communicated
  • Version control information required
  • User instructions must be updated as needed

Safety

  • Safety impact assessment required
  • Risk management processes must be followed
  • Monitoring plan for safety required
  • Adverse event tracking procedures needed

Other considerations

  • ISO 14971: Medical devices - Application of risk management to medical devices
  • AAMI CR 34971:2022: AAMI Consensus Report - Guidance on the Application of ISO 14971 to Artificial Intelligence and Machine Learning
  • IEEE 2802: Standard for Performance and Safety Evaluation of Artificial Intelligence Based Medical Devices: Terminology
  • ISO 13485: Medical devices - Quality management systems - Requirements for regulatory purposes

Original guidance

  • Predetermined Change Control Plans for Artificial Intelligence and Machine Learning-Enabled Device Software Functions
  • HTML / PDF
  • Issue date: 2024-12-04
  • Last changed date: 2024-12-03
  • Status: FINAL
  • Official FDA topics: Medical Devices, Digital Health, Drugs, Premarket, Biologics
  • ReguVirta summary file ID: 2581f61604f8b537e276c1a9b3b5611a
This post is licensed under CC BY 4.0 by the author.