Good Machine-Learning Practice (GMLP) = ten regulator-endorsed principles for AI/ML medical devices, covering data, design, validation, human-AI use, transparency, and post-market monitoring. First published by FDA/Health Canada/MHRA and finalized by IMDRF in 2025, they’re nonbinding but widely expected in submissions and lifecycle docs for AI-enabled device software.

Any SaMD or AI/ML-enabled medical device must adhere to GMLP; adjacent digital-health tools should adopt them for quality and future compliance preparedness.

What Are GMLP & Where They Come From

The FDA released its first GMLP discussion paper in January 2023, updated in October 2024, to bring structure and predictability to AI/ML-based medical devices.

GMLP draws on international standards (notably IMDRF’s AI-enabled Device Software Functions N41 guidance) and is now reflected in premarket reviews (510(k), De Novo, PMA).

At its core, GMLP is about proving your ML system is:

  • Built on high-quality, traceable data.
  • Designed transparently and robustly.
  • Continuously monitored and updated with documented change control.

The Ten Core GMLP Principles

  1. Multi-Disciplinary Expertise Is Leveraged Throughout the Total Product Life Cycle In-depth understanding of the model’s integration into clinical workflow, intended benefits, and associated patient risks ensures AI/ML-enabled devices are safe, effective, and address meaningful clinical needs over the device lifecycle.
  2. Good Software Engineering and Security Practices Are Implemented Model design incorporates robust software engineering, data quality assurance, data management, cybersecurity, and methodical risk management to ensure data authenticity, integrity, and secure implementation.
  3. Clinical Study Participants and Data Sets Are Representative of the Intended Patient Population Data collection protocols ensure that characteristics such as age, sex, race, and ethnicity of the intended population are adequately represented to manage bias and promote generalizable performance.
  4. Training Data Sets Are Independent of Test Sets Training and test datasets are selected to be appropriately independent, considering all potential dependencies (patient, acquisition, site factors) to assure unbiased evaluation.
  5. Selected Reference Datasets Are Based Upon Best Available Methods Reference datasets are developed using accepted best methods to ensure clinically relevant, well-characterized data, and limitations of references are understood; accepted reference datasets are used to promote robustness and generalizability.
  6. Model Design Is Tailored to the Available Data and Reflects the Intended Use of the Device Model design suits the data and mitigates risks such as overfitting and performance degradation; clinical benefits and risks inform meaningful performance goals aligned with intended use.
  7. Focus Is Placed on the Performance of the Human-AI Team Emphasis on how the AI system interacts with human users to ensure safe and effective clinical decision-making.
  8. Testing Demonstrates Device Performance during Clinically Relevant Conditions Testing protocols simulate real-world clinical conditions to validate device performance and safety.
  9. Users Are Provided Clear, Essential Information Users receive transparent, understandable information about the AI/ML device’s capabilities, limitations, and appropriate use.
  10. Deployed Models Are Monitored for Performance and Re-training Risks are Managed Continuous monitoring of model performance in the field is conducted, with managed processes for retraining and mitigating risks from model updates.

Multi-Disciplinary Expertise Is Leveraged Throughout the Total Product Life Cycle

Good Software Engineering and Security Practices Are Implemented

Clinical Study Participants and Data Sets Are Representative of the Intended Patient Population

Training Data Sets Are Independent of Test Sets

Selected Reference Datasets Are Based Upon Best Available Methods

Model Design Is Tailored to the Available Data and Reflects the Intended Use of the Device

Focus Is Placed on the Performance of the Human-AI Team

Testing Demonstrates Device Performance during Clinically Relevant Conditions

Users Are Provided Clear, Essential Information

Deployed Models Are Monitored for Performance and Re-training Risks are Managed

Who Must Follow GMLP?

Primary Audience:

  • Medical device manufacturers developing AI/ML-enabled medical devices (Software as a Medical Device - SaMD).

Why Follow GMLP?

  • Ensure safety, effectiveness, and quality throughout the device lifecycle.
  • Meet regulatory expectations (FDA, Health Canada, MHRA) during premarket (510(k), De Novo, PMA) and postmarket phases.

The Fastest Path to Market

No more guesswork. Move from research to a defendable FDA strategy, faster. Backed by FDA sources. Teams report 12 hours saved weekly.

Screenshot 2026-05-14 at 3.41.08 AM

FAQ

Are GMLP mandatory for 510(k) submissions?

Yes. ML/AI components in SaMD require adherence to GMLP as part of the eSTAR DSF & AI/ML module.

How do GMLP align with ISO 14971?

GMLP’s risk management principle integrates directly with ISO 14971 hazard analysis and control processes.

Can wellness apps use GMLP?

While not mandatory, adopting GMLP improves quality and prepares your app for future FDA oversight if clinical claims are added.