top of page

USFDA Med.Dev: Draft Guidance Select Updates for the Premarket Cybersecurity -Section 524B of the FD&C Act

Today (13 March, 2024) the U.S. Food and Drug Administration (FDA) Center for Biologics Evaluation and Research Center for Devices and Radiological Health released the draft guidance "Select Updates for the Premarket Cybersecurity Guidance: Section 524B of the FD&C Act"for the public comment purposes.

A “cyber device” as a device that

  1. includes software validated, installed, or authorized by the sponsor as a device or in a device;

  2. has the ability to connect to the internet; and

  3. contains any such technological characteristics validated, installed, or 61 authorized by the sponsor that could be vulnerable to cybersecurity threats.

The FDA has developed this draft guidance to provide select updates to its guidance document on cybersecurity in medical devices. FDA is proposing to add the Premarket Cybersecurity Guidance with a Section VII to accommodate novel cybersecurity considerations for devices. This new section outlines the cybersecurity information that FDA deems generally necessary to fulfill obligations under section 524B of the FD&C Act.

Any individual, including a manufacturer, who submits a premarket application or submission under pathways such as 510(k), PMA, PDP, De Novo, or HDE for a device meeting the definition of a "cyber device" as per section 524B(c) of the FD&C Act, must include information as required by FDA to ensure compliance with the cybersecurity requirements outlined in section 524B(b) of the FD&C Act.

For more information and specific details on the documentation Recommendations to Comply with 524B, click this LINK.


bottom of page