If your software diagnoses, treats, or drives clinical decisions, it may be a regulated medical device — and the FDA pathway is expensive, multi-year, and unforgiving of shortcuts. Taction Software builds Software as a Medical Device to the engineering standard the FDA expects: a quality-managed design-controls process, IEC 62304 software lifecycle, ISO 14971 risk management, premarket cybersecurity, and the verification, validation, and documentation that support a submission — including AI/ML SaMD with a Predetermined Change Control Plan.
One thing to be clear about: we are your software engineering partner for regulated development, not an FDA regulatory consultancy or law firm. We build the compliant software and engineering evidence; your regulatory strategy and the FDA submission are led by you and your regulatory advisors, with whom we work closely. For decision-support products specifically, see our clinical decision support practice.
Schedule an FDA SaMD Pathway Strategy Workshop (Free 60-Min) → (NDA-protected)
Regulated-software engineering specialists · ISO 13485 QMS experience · IEC 62304 lifecycle · healthcare engineering credentials
When Your Software Triggers FDA Regulation
Definition of SaMD
Software as a Medical Device is software intended for a medical purpose that performs that purpose without being part of a hardware device. Intended use is what determines it.
Clinical Decision Support Carve-Out (Cures Act §3060)
Some clinical decision support is excluded from device regulation when it meets the statutory non-device CDS criteria — including that the clinician can independently review the basis for the recommendation. Whether your CDS qualifies is a determination to confirm with your regulatory advisors; we design with the distinction in mind.
Wellness vs. Medical Device
General-wellness software intended to maintain a healthy lifestyle generally falls outside device regulation, while software making medical claims does not. The line is in the intended use and claims.
Class I, II, III Determination
Devices are classified by risk — Class I (low), II (moderate), III (high) — which drives the pathway and the evidence required.
FDA Pathways We Support
510(k) Premarket Notification
Predicate device strategy, substantial-equivalence documentation, and support through the FDA review process for devices that can demonstrate equivalence to a legally marketed predicate.
De Novo Pathway
For a novel device without a predicate, with risk-based classification and special controls for low-to-moderate-risk innovations.
PMA (Premarket Approval)
For Class III devices, the most rigorous pathway, typically with clinical-trial requirements and the strongest evidence burden.
AI/ML SaMD With PCCP
A Predetermined Change Control Plan, continuous-learning model management, and real-world performance monitoring so AI/ML devices can evolve within a pre-authorized envelope rather than re-submitting for every change — built on our healthcare AI work.
Our FDA SaMD Engineering Methodology
Quality Management System (ISO 13485 / QMSR)
We engineer within a quality management system aligned to ISO 13485, consistent with the FDA’s Quality Management System Regulation (QMSR), which harmonized 21 CFR 820 with ISO 13485 effective February 2026.
Design Controls (21 CFR 820)
We follow design controls — inputs, outputs, reviews, verification, validation, and a design history file — as the backbone of regulated development.
Software Lifecycle (IEC 62304)
We develop to IEC 62304, the medical-device software lifecycle standard, with the rigor scaled to your software’s safety classification.
Risk Management (ISO 14971)
We apply ISO 14971 risk management throughout, so hazards are identified, controlled, and traced.
Cybersecurity (FDA Premarket Cybersecurity Guidance)
We build to FDA premarket cybersecurity expectations (including the “cyber device” requirements under FD&C Act §524B), with an SBOM and security testing — drawing on our penetration testing and security audit practices.
AI/ML-Specific FDA Considerations
We handle the AI/ML specifics: PCCP authoring, the choice between a locked algorithm and continuous learning, the algorithm change protocol that defines permitted changes, and real-world performance monitoring — the framework that lets an AI device improve safely within FDA’s expectations.
Cost & Timeline
These are typical industry ranges and vary widely by device, evidence needs, and pathway; the regulatory fees, regulatory-consultant, and clinical-trial costs are separate from our engineering scope:
- 510(k): roughly 9–18 months, $300K–$1.5M.
- De Novo: roughly 12–24 months, $500K–$2M.
- PMA: roughly 24–48 months, $2M–$10M+.
- AI/ML with PCCP: an add-on to the above, scoped to the model and change plan.
We give a firmer estimate of the engineering scope after the pathway workshop.
Combined FDA + HIPAA + Quality Management
FDA, HIPAA, and quality-management obligations overlap, and a stacked compliance strategy with shared documentation and audit crosswalks avoids doing the same work three times — connecting to our HIPAA-compliant development and data security practices.
Schedule an FDA SaMD Pathway Strategy Workshop (Free 60-Min) →
Frequently Asked Questions
Does our product require FDA clearance?
It depends on intended use and claims. Software with a medical purpose generally is regulated; general-wellness software and CDS that meets the Cures Act non-device criteria generally are not. This is a determination to confirm with your regulatory advisors — we help you understand where your product likely sits and design accordingly, but the regulatory call is theirs.
510(k) vs De Novo decision?
If a suitable predicate device exists, 510(k) via substantial equivalence is usually faster; if your device is genuinely novel with no predicate, De Novo is the route for low-to-moderate risk. We help frame the engineering and evidence for either, and your regulatory advisors confirm the strategy.
AI/ML continuous learning approval path?
The current approach is a Predetermined Change Control Plan: you define, up front, the changes the model may undergo and how they will be validated and monitored, so the device can update within that authorized envelope. We author the PCCP engineering and build the monitoring; the submission strategy is led with your regulatory advisors.
Pre-Submission meeting strategy?
An FDA Pre-Submission (Q-Sub) is a valuable way to align with the FDA on your pathway, predicate, and evidence before you invest fully. We prepare the technical and engineering content that supports a strong Pre-Sub, working alongside your regulatory team who manage the FDA interaction.
Schedule an FDA SaMD Pathway Strategy Workshop (Free 60-Min) →
Reviewed by Taction Software’s regulated-software engineering team. ISO 27001-certified information security management. We provide regulated-software engineering and documentation, not regulatory or legal services; FDA strategy and submission are led with your regulatory advisors. PHI is handled under a signed BAA.