The document provides an overview of the regulatory approach to be applied with respect to medical devices based on innovative technologies for data processing.

The Saudi Food and Drug Administration (SFDA), a country’s regulating authority in the sphere of healthcare products, has published a guidance document dedicated to medical devices based on Artificial Intelligence (AI) and Machine Learning (ML) technologies. The document provides additional clarifications regarding the applicable regulatory requirements, as well as recommendations to be taken into consideration by medical device manufacturers and other parties involved in order to ensure compliance thereto. At the same time, provisions of the guidance are non-binding in their legal nature, nor are intended to introduce new rules or impose new obligations. Moreover, the authority reserves the right to make changes to the guidance, should such changes be reasonably necessary to reflect corresponding amendments to the underlying regulations. 

In particular, the document highlights the key points to be considered in the context of applying for Medical Devices Marketing Authorization (MDMA) for the said products. The scope of the guidance covers any and all devices intended to diagnose, manage or predict diseases by analyzing medical data with the help of AI and ML technologies. 


Regulatory Background

Medical devices based on the use of such technologies as big data and artificial intelligence could be utilized for the prediction of diseases and many other medical purposes for which the analysis of medical data and pattern recognition could be of assistance. In such cases, machine learning is utilized to recognize common patterns, while the extension of datasets used to train the algorithms improves the accuracy of the results, provided that the data used for training is relevant, reliable, and accurate. 

The scope of the present SFDA guidance covers independent AI-based software products (standalone software) intended to be used for medical purposes. Initially, the guidance describes the regulatory requirements related to standalone software, which could be installed on different platforms and thus should be treated as a separate medical device. However, the scope of the document also covers software intended to be used with particular hardware medical devices, as well as clinical decision supporting (CDS) software or computer-aided detection/diagnosis (CAD) software. 

The regulatory requirements described in the guidance are based on the provisions of the following acts:

– The Law of Saudi Food and Drug Authority (Royal Decree No. (M/6) issued on 25/1/1428 H;

– Guidance on Requirements for Listing and Medical Device Marketing Authorization (MDS – G5);

– Guidance to Pre-Market Cybersecurity of Medical Devices MDS-G38;

– Guidance to Post-Market Cybersecurity of Medical Devices MDS-G37. 

Regulatory Background 

First of all, the authority reminds that any and all medical devices should be subject to registration in order to be allowed for marketing and use in the country. The appropriate authorization should be granted by the SFDA unless the device in question falls within the scope of a specific exemption. 

The document also contains references to guidance documents “Requirements for Medical Device Marketing Authorization (MDS-REQ 1)”, “Guidance to Pre-Market Cybersecurity of Medical Devices MDS-G38”, and “Guidance to Post-Market Cybersecurity of Medical Devices MDS-G37”. 


Classification Criteria 

The authority further acknowledges the increasing importance of AI and ML technologies that are widely used in medical devices nowadays. At the same time, these technologies are associated with certain additional risks, so their use requires additional attention to be paid in order to ensure the safety of patients. In order to assist medical device manufacturers and other parties involved in determining the proper level of regulatory controls to be applied with respect to AI- and ML-based medical devices, the guidance provides an overview of the applicable classification criteria to be taken into consideration. 

Under the general rule, the intended use of the device in question should be one of the main factors to be taken into consideration when determining its regulatory status. This includes the intended purpose indicated in the instructions for use, product specifications, and other documentation provided by the medical device manufacturer. According to the guidance, if the Artificial Intelligence (AI) and Machine Learning (ML) devices are intended by the Product developer to be used for investigation, detection diagnosis, monitoring, treatment, or management of any medical condition, disease, anatomy or physiological process, it will be classified as a medical device subject to SFDA’s regulatory controls. The document further provides several examples of healthcare products that meet the definition of a medical device based on their intended use. 

Premarket Review Considerations 

According to the guidance, the authority expects AI- and ML-based products to meet the respective regulatory requirements the devices of such class are subject to. When applying for marketing authorization, a party responsible for a medical device should submit:

  • Device description and specification, including variants and accessories;
  • Information to be provided by the manufacturer;
  • Design and manufacturing information;
  • Essential principles of safety and performance;
  • Benefit-risk analysis and risk management;
  • Product verification and validation;
  • Post-market surveillance plan;
  • Periodic safety update report and post market surveillance report. 

The document further outlines special considerations to be taken into account when preparing an application for marketing authorization. In particular, it is stated that the scope and complexity of testing the device should undergo should correspond to the risk associated thereto, its intended purpose, the way it should be used, and other similar factors. Performance testing and respective documentation to be submitted by the party responsible for a medical device should include:

  • Verification that the device meets its design specifications;
  • Validation that the device performs as intended;
  • Usability study that verifies that the information provided to the user to connect to the device and allows the user to ensure that the connection has been made correctly; and 
  • Validation that the device will perform safely and within specification when used under normal conditions and abnormal conditions that are reasonably likely to occur. 


Intended Use 

As it was mentioned before, the key factors to be taken into consideration for the purpose of medical device classification are the intended use of the device and the potential risks associated thereto. In this respect, the document refers to the general classification rules for medical devices. 

In summary, the present SFDA guidance describes the approach the authority applies with respect to medical devices based on novel technologies, such as Artificial Intelligence and Machine Learning. The document highlights the key points to be considered by the parties responsible for such products and also outlines the scope of information and documentation to be submitted when applying for marketing authorization. 



How Can RegDesk Help?

RegDesk is a holistic Regulatory Information Management System that provides medical device and pharma companies with regulatory intelligence for over 120 markets worldwide. It can help you prepare and publish global applications, manage standards, run change assessments, and obtain real-time alerts on regulatory changes through a centralized platform. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Global expansion has never been this simple.