Skip to content
Menu Icon Menu Icon Search Icon

Findings
FDA oversight focuses on software functions that meet the definition of a medical device under section 201(h) of the FD&C Act and pose risks to patient safety.
Many software functions are exempt from regulation if they do not meet the medical device definition or pose minimal risk.
Mobile medical apps that transform general-purpose platforms into regulated devices (e.g., by using sensors or attachments) fall under FDA’s regulatory scope.
Certain apps, like those for general wellness or simple medical calculations, are subject to enforcement discretion due to their low risk.
Manufacturers are encouraged to adopt quality systems to ensure software safety and effectiveness throughout the product lifecycle.

Recommendations
Clearly identify the intended use of software functions and ensure they align with definitions for medical devices under the FD&C Act.
Adopt a robust Quality System (QS) to ensure software safety and mitigate risks.
For mobile medical apps that transform general-purpose platforms into devices, ensure compliance with FDA classification and regulatory requirements.
Distinguish between software functions for general wellness and those with patient-specific analysis to assess regulatory oversight needs.
Engage with FDA early in the development process to clarify requirements for new or novel device software functions.

Regulatory Considerations
Device software functions that meet FDA’s medical device definition and pose safety risks are subject to classification (Class I, II, or III) and regulatory requirements.
FDA exercises enforcement discretion for low-risk software functions, such as apps for medication reminders or wellness tracking.
Mobile apps used solely for administrative purposes or patient education generally do not meet the definition of a medical device.
Developers of regulated software must comply with labeling, quality system, and premarket submission requirements, depending on classification.
Apps that collect, transfer, or display medical device data without modifying it may fall under MDDS guidance and are typically exempt from rigorous regulation.