/>iAs the federal agency tasked with regulating medical devices, the Food and Drug Administration (FDA) regularly releases guidance to inform medical device manufacturers how to best achieve FDA approval. The topics in these documents often reflect the agency’s proactive approach toward emerging issues in the medical device space, including cybersecurity and computational modeling.
On December 4, 2024, the FDA provided initial guidance for Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence-Enabled Device Software Functions. Following public input, the FDA issued its final guidance on August 18, 2025, which addresses a practical issue inherent to AI-enabled device software functions (AI-DSF): AI, by design, may need repeated adjustments for optimal function, which may require manufacturers to separately apply for FDA approval for each change prior to implementation. Thus, the guidance explains how manufacturers can submit and receive FDA approval for a predetermined change control plan (PCCP), a document that discloses the manufacturer’s planned changes to AI-DSF. Because the PCCP is filed with the marketing authorization for a device with an AI-DSF, an approved PCCP can allow a manufacturer to prospectively obtain FDA authorization for both the device and its future modifications. At a high-level, the components of a PCCP are:
- A description of planned modifications to the AI-DSF;
- The protocol for how the modifications will be developed, validated, or implemented, including data management practices, re-training practices, performance evaluation protocols, and update procedures, for each modification; and
- An impact assessment of the modifications regarding the safety and efficacy of the AI-DSF.
Detailed recommendations in the guidance further clarify how manufacturers can create a compliant PCCP and meet other obligations that may be impacted by approved modifications. For example, a PCCP may need to include proposed edits to the AI-DSF’s labeling in conjunction with the proposed modifications and disclose cybersecurity risk management processes in the modification protocol. As federal oversight for AI continues to evolve, manufacturers should take note of this final guidance to streamline both immediate and future legal compliance when integrating AI into medical devices.
