Predetermined Change Control Plans for Artificial Intelligence and Machine Learning-Enabled Device Software Functions
This guidance provides recommendations for marketing submissions containing a Predetermined Change Control Plan (PCCP) for Artificial Intelligence-enabled Device Software Functions (AI-DSFs). The guidance applies to AI-DSFs that manufacturers intend to modify over time, whether modifications are implemented automatically, manually, or both. While broadly applicable to all AI-enabled devices, it is particularly tailored to devices incorporating machine learning.
What You Need to Know? π
What is a Predetermined Change Control Plan (PCCP) for AI-enabled medical devices?
A PCCP is documentation describing planned modifications to AI-enabled device software functions and how those modifications will be assessed. It allows manufacturers to implement pre-authorized changes without requiring new marketing submissions, provided they follow the established protocol and remain within approved specifications.
Which types of AI device modifications can be included in a PCCP?
PCCPs can include modifications related to quantitative performance specifications, device inputs and compatibility, and certain use/performance changes within specific subpopulations. Modifications must maintain the deviceβs intended use and be specific enough to verify and validate while improving safety or effectiveness.
What are the three main components required in a PCCP submission?
A PCCP must include: 1) Description of Modifications - specifications for planned device changes; 2) Modification Protocol - methodology for developing, validating, and implementing modifications; and 3) Impact Assessment - evaluation of benefits, risks, and risk mitigation strategies for the proposed changes.
How does FDA review PCCPs differently from traditional device modifications?
FDA reviews the entire PCCP as part of the initial marketing submission to ensure modifications can be safely implemented without additional submissions. The review focuses on whether proposed changes maintain device safety and effectiveness across intended populations, with emphasis on verification and validation protocols.
What happens if a manufacturer deviates from their authorized PCCP?
Deviations from an authorized PCCP could significantly affect device safety or effectiveness, potentially making the device adulterated and misbranded. Significant modifications not specified in or implemented according to the PCCP likely require a new marketing submission before implementation.
Can PCCPs include automatically implemented AI modifications?
Yes, PCCPs can include modifications implemented automatically by software (continuous learning), manually with human input, or combinations of both. For automatic updates, manufacturers should establish clear boundaries or guardrails defining the range of automatic modifications and discuss considerations with FDA.
What You Need to Do π
Recommended Actions
- Develop a comprehensive PCCP containing:
- Description of Modifications
- Modification Protocol
- Impact Assessment
- Ensure PCCP includes:
- Data management practices
- Re-training protocols
- Performance evaluation methods
- Update procedures
- Establish clear acceptance criteria and performance requirements
- Define communication and transparency procedures for users
- Implement monitoring and tracking systems for:
- Safety events
- Performance issues
- Real-world data
- Maintain documentation in accordance with quality system requirements
- Consider early engagement with FDA through Q-Submission Program
- Ensure labeling remains current with modifications
- Implement version control procedures
- Establish procedures for handling deviations from authorized PCCP
Key Considerations
Clinical testing
- Clinical validation required for modifications affecting clinical performance
- Clinical testing protocols must be specified in the Modification Protocol
- Performance requirements and acceptance criteria must be pre-defined
- Clinical testing data must be representative of intended use populations
Non-clinical testing
- Analytical validation required for modifications affecting device performance
- Test protocols must be specified in the Modification Protocol
- Performance requirements and acceptance criteria must be pre-defined
- Test data must be representative of intended use conditions
Human Factors
- Impact on users must be assessed for modifications affecting user interface or workflow
- User training requirements must be specified when needed
- Communication plan for informing users about modifications required
Software
- Software verification and validation protocols required
- Data management practices must be defined
- Re-training protocols must be specified
- Performance evaluation methods must be documented
- Update procedures must be detailed
Cybersecurity
- Cybersecurity risk management required
- Validation processes must be defined
- Security controls must be specified
Labeling
- Updates to labeling required for modifications
- Performance changes must be communicated
- Version control information required
- User instructions must be updated as needed
Safety
- Safety impact assessment required
- Risk management processes must be followed
- Monitoring plan for safety required
- Adverse event tracking procedures needed
Other considerations
- Quality system requirements apply
- Documentation requirements specified
- Version control needed
- Transparency to users required
- Real-world performance monitoring recommended
Relevant Guidances π
- Content of Premarket Submissions for Device Software Functions
- Predetermined Change Control Plans for Medical Device Modifications (Draft)
- Content of Premarket Submissions and Lifecycle Management for Artificial Intelligence and Machine Learning-Enabled Medical Devices (Draft)
- Off-The-Shelf Software in Medical Devices: Documentation Requirements for Premarket Submissions
- Software Validation for Medical Device Production, Quality Systems, and Device Components
- Clinical Evaluation of Software as a Medical Device (SaMD)
Related references and norms π
- ISO 14971: Medical devices - Application of risk management to medical devices
- AAMI CR 34971:2022: AAMI Consensus Report - Guidance on the Application of ISO 14971 to Artificial Intelligence and Machine Learning
- IEEE 2802: Standard for Performance and Safety Evaluation of Artificial Intelligence Based Medical Devices: Terminology
- ISO 13485: Medical devices - Quality management systems - Requirements for regulatory purposes
Original guidance
- Predetermined Change Control Plans for Artificial Intelligence and Machine Learning-Enabled Device Software Functions
- HTML / PDF
- Issue date: 2024-12-04
- Last changed date: 2024-12-03
- Status: FINAL
- Official FDA topics: Medical Devices, Digital Health, Drugs, Premarket, Biologics
- ReguVirta ID: 2581f61604f8b537e276c1a9b3b5611a