IMDRF categorizes SaMD risk (I–IV) by crossing significance of information (inform, drive, treat/diagnose) with the condition’s seriousness (non-serious, serious, critical). IV = treat/diagnose critical; I = inform serious/non-serious. These categories guide evidence rigor—not U.S. device class. FDA review depends on FDA classification/product code (many Class I exempt; Class II 510(k); novel De Novo; high-risk PMA).
Why SaMD Risk Categories Matter
If you’re building medical software, understanding risk categorization isn’t optional—it’s the starting line.
Yet many teams confuse the IMDRF’s I–IV system with the FDA’s Class I–III device classification. They’re related—but not interchangeable. This confusion leads to:
- Wrong assumptions about whether 510(k) is needed
- Missed regulatory deadlines
- Unnecessary overregulation (or worse—underregulation)
Let’s clear it up.
IMDRF’s SaMD Risk Framework Explained
The International Medical Device Regulators Forum (IMDRF) created the SaMD risk framework (N41) to help regulators around the world evaluate medical software consistently.
It sorts software into four categories (I–IV) based on:
- The significance of the information provided by the software (Inform → Drive → Diagnose/Treat)
- The state of the healthcare condition it addresses (Non-serious → Serious → Critical)
This framework is widely adopted—not just by the FDA, but also in the EU, Japan, Australia, and Canada.
Understanding the Four SaMD Categories
Here’s what each category means:
Category I — “Inform”
- Software informs clinical management
- Low-risk context (e.g., mild acne, general wellness)
Category II — “Drive”
- Software influences decisions
- Used in non-critical or moderate conditions
Category III — “Diagnose”
- Supports diagnosis or staging of serious conditions
- Used to guide treatment decisions
Category IV — “Treat / Critical”
- Software treats or directly manages life-threatening conditions
- Highest consequence if it malfunctionsMapping IMDRF Categories to FDA Device Classes
This is where things get tricky.
The FDA doesn’t officially “translate” IMDRF categories into Class I/II/III. But in practice, this is how things tend to map:
Category I → FDA Class I
- Most exempt from premarket review
- May fall under enforcement discretion
- Example: a stress-level tracker using survey data
Category II–III → FDA Class II
- Often require 510(k) or De Novo submissions
- Example: software that flags early signs of diabetic retinopathy
Category IV → FDA Class III
- Require PMA (Premarket Approval)
- Often need clinical trials or real-world evidence
- Example: adaptive software that personalizes chemotherapy regimens
Which Categories Trigger FDA Review?
Here’s the general rule of thumb:
Category I
✅ Often exempt
⚠️ But don’t assume—check intended use carefully
📝 May still need listing or enforcement policy analysis
Category II & III
🚩 Typically require 510(k)
🧪 May need performance or clinical validation
Category IV
🔒 Requires PMA
📊 Extensive safety, efficacy, and risk documentation expected
Note: FDA exceptions exist. Always verify with a regulatory expert—or use Complizen to guide you.
The Fastest Path to Market
No more guesswork. Move from research to a defendable FDA strategy, faster. Backed by FDA sources. Teams report 12 hours saved weekly.
FAQs
Q: What’s the difference between IMDRF and Rule 11 (EU MDR)?
Rule 11 is a software-specific risk rule under EU MDR. IMDRF is a global framework. Many Notified Bodies use both to cross-reference decisions.
Q: Do SaMD risk categories apply under EU MDR?
They’re not official in the EU—but they're widely referenced by regulators, notified bodies, and guidance bodies when evaluating software claims.
Q: Does the FDA ignore Category I?
Not always. FDA may exercise enforcement discretion, but if your app sounds remotely diagnostic or therapeutic, you’ll still need to clarify classification.