IMDRF is the global forum harmonizing medical device regulations across major markets (FDA, MHRA, Health Canada, EU). On Jan, 2025, IMDRF finalized N88 (10 Good Machine Learning Practice principles for AI/ML devices) and N81 (characterization considerations for medical-device software and software-specific risk). IMDRF documents guide—but don’t replace—jurisdictional rules; adoption timing varies by regulator.

This guide covers everything you need to know about IMDRF's impact on AI medical devices, SaMD regulation, and how to implement their frameworks before your competition.

What Is IMDRF and Why Should You Care?

The International Medical Device Regulators Forum brings together the world's major medical device regulators to harmonize requirements globally. IMDRF Management Committee regulators include Australia, Brazil, Canada, China, the EU, Japan, Russia, Singapore, South Korea, Switzerland, the UK, and the US FDA.

Here's why IMDRF matters for your business: IMDRF documents are non-binding but highly influential. Regulators often reference or align with them over time — this means IMDRF guidance gives you a preview of future regulatory requirements across multiple markets.

IMDRF's January 2025 AI Breakthrough

In January 2025, IMDRF released two critical documents that will reshape AI medical device regulation:

  1. IMDRF/AIML WG/N88 FINAL:2025 - Good Machine Learning Practice (GMLP) principles
  2. IMDRF/SaMD WG/N81 FINAL:2025 - Characterization Considerations for Medical Device Software and Software-Specific Risk

The bottom line: These aren't just guidance documents. They're the roadmap that global regulators will use to evaluate AI medical devices. Companies implementing these frameworks now will have significant competitive advantages.

What Are IMDRF's 10 Good Machine Learning Practice Principles?

IMDRF N88 (2025) sets out 10 GMLP principles that AI medical device manufacturers must follow. These principles are already aligned with FDA, MHRA, and Health Canada, meaning implementation prepares you for multiple regulatory submissions.

The 10 GMLP Principles:

1. Multidisciplinary expertise across the TPLC.

Keep clinical, data science, engineering, RA/QA, and human-factors experts engaged from concept through post-market.

2. Good Software Engineering and Security Practices

Run a secure SDLC (config/version control, code review, threat modeling, reproducible builds, secure release).

3. Use Representative Participants & Datasets

Make data and study populations match the intended patients, setting, devices, and real-world variability.

4. Ensure Train/Test Independence

Prevent data leakage with strict separation of training/validation/test sets; lock test sets before tuning.

5. Use Fit-for-purpose Reference Datasets

Use benchmarks/ground truth with clear provenance, best-available methods, strong labeling quality, and versioning.

6. Model Design Reflects Intended Use & Available Data.

Align architecture/features with indications, inputs, workflow, and data quality/volume.

7. Focus Is Placed on the Performance of the Human-AI Team

Design UI, alerts, and mitigations that improve clinician+AI outcomes; validate teamwork, not just the model.

8. Clinically Relevant Testing

Demonstrate performance under realistic conditions (multi-site/device, protocol variability, noise, expected distribution shift).

9. Users Are Provided Clear, Essential Information

Provide intended use/users, inputs & acceptable ranges, performance (including subgroups), limitations, and warnings.

10. Post-deployment Monitoring & Retaining Risk Mangement

Track drift/bias/failure modes, define update triggers, and manage changes under QMS (e.g., via PCCP where applicable).

How Does IMDRF's Software Risk Framework Work?

The N81 document provides the most comprehensive software risk characterization framework ever published by IMDRF. This framework expands beyond traditional SaMD to include all medical device software, including embedded software.

Key Risk CharacterizationCategories:

Medical Problem and Objective

  • Medical purpose (diagnosis, treatment, monitoring, prevention)
  • Intended disease or condition severity
  • Target patient population characteristics

Context of Use

  • Intended user type and expertise level
  • Use environment (clinical vs. home use)
  • Timing within healthcare workflow
  • Role in clinical decision-making

Software Function and Use

  • Output type (clinical interpretation, workflow recommendation, data processing)
  • Input sources and data dependencies
  • Degree of autonomy (autonomous, supervised, non-autonomous)
  • Explainability and transparency level

Change Management

  • Learning and update mechanisms
  • Domain-specific implementation requirements
  • Distribution and installation infrastructure

Critical Risk Assessment Questions

The framework includes specific questions manufacturers must address:

  • Clinical Impact: Could software output lead to death, irreversible harm, or serious deterioration?
  • Workflow Integration: Does the software create single points of failure in clinical processes?
  • User Dependency: Can intended users understand and appropriately act on software outputs?
  • Data Quality: Are input sources reliable and representative of intended use populations?

What This Means for Different Medical Device Types

AI-Powered Diagnostic Software

High-Risk Considerations:

  • Autonomous diagnostic decisions without clinical oversight
  • Use in critical or emergency care settings
  • Complex algorithms with limited explainability

Implementation Strategy:

Software as a Medical Device (SaMD)

Key Requirements:

  • Comprehensive intended use statements
  • Clear output type classification
  • Appropriate user training and support

Regulatory Pathway Impact:

  • Better-characterized software may qualify for streamlined review
  • Poor characterization leads to additional regulatory questions and delays

AI-Enhanced Medical Devices

Integration Challenges:

  • Software risk must be evaluated within overall device risk
  • Consider interactions between AI components and hardware
  • Address cybersecurity and data privacy requirements

How to Implement IMDRF Frameworks in Your Organization

Phase 1: Assessment (Month 1)

Evaluate Current State:

  • Review existing products against GMLP principles
  • Identify gaps in documentation and processes
  • Assess team expertise and training needs

Key Deliverables:

  • Gap analysis report
  • Implementation roadmap
  • Resource allocation plan

Phase 2: Foundation Building (Months 2-4)

Establish Core Capabilities:

  • Implement data management frameworks
  • Develop risk characterization templates
  • Create multidisciplinary team structures

Critical Success Factors:

  • Executive leadership commitment
  • Cross-functional collaboration
  • Adequate resource allocation

Phase 3: Integration and Validation (Months 5-8)

Integrate into Development Processes:

  • Update design controls and procedures
  • Implement continuous monitoring systems
  • Validate framework effectiveness

Measurement and Monitoring:

Regional Implementation Differences

United States (FDA)

Current Status: FDA guidance closely aligns with IMDRF GMLP principles

Implementation Timeline: No fixed adoption date.

Key Considerations: Focus on predetermined change control plans for AI/ML updates

United Kingdom (MHRA)

Current Status: MHRA is moving to IMDRF-aligned SaMD risk categorization as part of its regulatory refresh

Unique Advantage: Some low-risk Class I AI/ML devices may qualify for self-certification

Implementation Timeline: Phased implementation underway

European Union

Additional Requirements: EU AI Act compliance for high-risk medical AI applications

Timeline: Coordinate IMDRF implementation with AI Act requirements

Key Difference: More stringent transparency and explainability requirements

Canada (Health Canada)

Alignment Level: High alignment with IMDRF principles

Focus Areas: Emphasis on clinical validation and post-market surveillance

Implementation: Final MLMD guidance is in effect; integrate with standard device licensing pathways.

Common Implementation Mistakes to Avoid

Technical Implementation Errors

Inadequate Data Documentation

  • Failing to document training data sources and characteristics
  • Insufficient data version control
  • Poor handling of bias and representativeness issues

Weak Risk Characterization

  • Generic risk assessments that don't address software-specific hazards
  • Insufficient consideration of clinical workflow integration
  • Overlooking indirect harms and failure modes

Organizational Mistakes

Siloed Implementation

  • Treating IMDRF compliance as purely regulatory requirement
  • Failing to integrate with product development processes
  • Inadequate cross-functional team involvement

Resource Underestimation

  • Insufficient budget allocation for implementation
  • Unrealistic timeline expectations
  • Inadequate training and capability building

Future Outlook and Recommendations

Global Harmonization Acceleration

AI-Specific Developments

  • More detailed guidance on specific AI/ML applications
  • Enhanced requirements for bias detection and mitigation
  • Stronger emphasis on clinical validation and utility

Strategic Recommendations

For Startups:

For Established Companies:

  • Conduct comprehensive gap analysis of existing products
  • Prioritize implementation for products entering new markets
  • Consider framework adoption for competitive advantage

For Regulatory Professionals:

  • Develop expertise in IMDRF frameworks before peers
  • Build relationships with global regulatory consultants
  • Stay current with implementation guidance from member regulators

The Fastest Path to Market

No more guesswork. Move from research to a defendable FDA strategy, faster. Backed by FDA sources. Teams report 12 hours saved weekly.

Screenshot 2026-05-14 at 3.41.08 AM

Frequently Asked Questions

When will IMDRF guidance become mandatory?

IMDRF guidance isn't directly mandatory, but member regulators typically adopt similar requirements within 1-2 years. Companies should implement frameworks now to prepare for future requirements.

Do IMDRF frameworks apply to all software medical devices?

The N81 framework applies to all medical device software, including SaMD and embedded software. The N88 AI guidance applies specifically to ML-enabled medical devices.

How does IMDRF guidance differ from existing FDA requirements?

IMDRF guidance is closely aligned with current FDA requirements but provides more detailed implementation guidance and international perspective.

Can small companies realistically implement these frameworks?

Yes, but implementation should be scaled appropriately. Focus on core principles most relevant to your products and build capabilities gradually.

What's the biggest mistake companies make with IMDRF implementation?

Treating it as a checkbox compliance exercise rather than integrating frameworks into product development processes from the beginning.

Up nextSaMD & AI Track
Chapter 3 of 6

IEC 62304 software lifecycle

Aligning software lifecycle with ISO 14971 risk in one coherent SaMD program.

IEC 62304 + ISO 14971 for SaMD: How to Integrate Lifecycle & Risk~8 min read →