Skip to content
Menu Icon Menu Icon Search Icon

Findings
Software changes must be assessed for potential impacts on the safety and effectiveness of the device, even if they are routine updates.
A risk-based assessment is required to determine whether changes introduce new risks, modify existing risks, or necessitate new risk controls.
Cybersecurity updates, routine maintenance changes, and minor clarifications may not require a new 510(k) if they do not affect performance specifications or safety.
Substantial modifications, such as adding new algorithms, introducing new functionalities, or modifying clinical performance, generally require a new 510(k).
Manufacturers must document all changes, even those not requiring a new 510(k), in compliance with QS regulations.

Recommendations
Use the provided flowchart and guiding principles to evaluate whether software changes exceed the regulatory threshold for submission of a new 510(k).
Conduct a risk-based assessment for all changes, focusing on new or modified risks and the adequacy of existing risk controls.
Verify and validate changes to ensure they meet device specifications and do not introduce unintended consequences.
Submit a new 510(k) for changes that significantly affect clinical functionality, performance specifications, or introduce new risks that are not mitigated.
Maintain detailed documentation of all decisions regarding software changes, including rationale for whether submission of a new 510(k) was required.

Regulatory Considerations
Submission of a new 510(k) is required for changes that could significantly impact the safety or effectiveness of a device or constitute a major modification to its intended use.
Cybersecurity updates generally do not require a new 510(k) if they solely strengthen security without affecting device performance.
Manufacturers must evaluate cumulative changes and submit a new 510(k) if the combined impact exceeds the regulatory threshold.
Device software changes involving substantial algorithm modifications or system architecture updates are likely to require a new 510(k).
Changes that address compliance during a recall or correction must be evaluated under FDA’s guidance for recalls and device enhancements.