FDA 510(k) and De Novo Pathway for Autonomous Medical Devices

Regulatory Framework

Section 510(k) of the Federal Food, Drug, and Cosmetic Act, implemented through 21 CFR Part 807 Subpart E, requires that a manufacturer demonstrate substantial equivalence to a legally marketed predicate device before introducing a Class II device into commerce. The substantial-equivalence determination compares intended use and technological characteristics, and where technological characteristics differ, the submission must establish that the differences do not raise different questions of safety and effectiveness. For autonomous medical devices, the predicate selection problem is acute because earlier cleared devices rarely embody the closed-loop decision behavior that modern AI-enabled instruments exhibit. The Q-Submission program (Q-Sub) gives sponsors a mechanism to align with the Agency on predicate adequacy and special-control content before formal submission, and is increasingly the entry point for AI-driven products.

The De Novo classification process, codified at 21 CFR Part 860 Subpart D, addresses the situation where no suitable predicate exists but the device presents low-to-moderate risk that can be controlled through general and special controls. A successful De Novo grant produces a new classification regulation, and subsequent devices of that generic type can then come to market via 510(k) by reference to the new classification. Special controls established through De Novo often dictate the architectural shape of the entire device family, since they specify performance testing, labeling, software documentation, cybersecurity, and post-market study commitments that downstream entrants must mirror. Where an autonomous device confers a clinically significant advantage over existing alternatives for a serious or life-threatening condition, the Breakthrough Device Designation program offers expedited interaction, but does not relax the underlying clearance evidentiary burden.

Cross-cutting both pathways is the FDA Quality System Regulation at 21 CFR Part 820, which the Agency has harmonized with ISO 13485:2016 under the Quality Management System Regulation (QMSR) final rule with a February 2026 compliance date. QMSR retains design control, risk management, corrective and preventive action, and complaint-handling obligations, but explicitly incorporates ISO 13485 by reference. For software-driven autonomous devices, design controls under QMSR intersect IEC 62304 lifecycle obligations and the Agency's Predetermined Change Control Plan (PCCP) framework, the latter of which specifically anticipates post-clearance modifications to AI behavior. Each of these instruments places weight on the device's ability to produce reproducible, defensible accounts of what it did and why.

Architectural Requirement

Premarket clearance of an autonomous medical device requires more than a procedural attestation that the manufacturer followed its own SOPs. The Agency's review staff must be able to reason about the device's behavior in adversarial scenarios, near-miss events, and out-of-distribution clinical inputs, which means the device's actuation surface must be inspectable as an architectural fact. A submission that frames autonomy as a black-box output overlaid with human review will struggle against modern reviewer expectations, particularly where the device participates in time-critical loops where deferral to a clinician is not feasible. The structural question is whether each output the device produces carries with it a recoverable record of the decision mode, the harm class, and the reversibility envelope under which it issued.

Special controls and labeling commitments routinely require that the device "fail safely," "communicate uncertainty," and "support clinician override," but these phrases only carry regulatory weight when they correspond to discrete, testable architectural states. A graduated-actuation architecture provides that correspondence: every actuation is selected from a defined ladder, every selection is logged with the antecedent evidence, and every actuation has a defined reversal pathway. Post-market surveillance under 21 CFR Part 803 (Medical Device Reporting) further depends on the device producing structured incident records that can support causal reconstruction by both the manufacturer and the Agency. Without architectural support, MDR obligations devolve into manual log-mining exercises that cannot keep pace with deployment scale.

Why Procedural Compliance Fails

Procedural compliance treats clearance as a documentary exercise: design history files, traceability matrices, validation reports, and risk-management files are prepared, indexed, and submitted, with the implicit assumption that runtime conformance follows from process conformance. For static devices this approximation has held, because the gap between specified behavior and observed behavior is small and amenable to bench testing. Autonomous devices break the approximation, because their behavior is conditioned on input distributions that drift, on patient-specific physiology that no bench fixture reproduces, and on closed-loop interactions whose downstream effects are not observable at the moment of actuation. A procedural submission can describe the intended actuation policy without ever proving that the deployed device enforces it.

The asymmetry surfaces sharply during MDR investigations and 21 CFR 806 corrections-and-removals analyses, where the manufacturer must reconstruct what the device did, why it did it, and whether the same conditions could recur. Procedural artifacts cannot answer those questions; only structurally produced runtime records can. A second failure mode arises during PCCP authoring: the Agency expects a sponsor to specify in advance the modification protocol, the change classes, and the verification methods that will gate post-clearance updates, and absent an architectural primitive that distinguishes actuation modes, the modification protocol cannot articulate what it actually controls. Sponsors who present PCCPs grounded only in process language tend to receive deficiency letters demanding architectural specificity.

What the Governed-Actuation Primitive Provides

Governed actuation is a structural primitive that decomposes every device action into a four-mode ladder: continue, defer, refuse, and partial. Continue corresponds to full autonomous execution where evidence is sufficient and reversibility is acceptable; defer transfers the decision to a clinician with a structured packet describing why deferral was selected; refuse halts the action and emits a refusal record; partial executes a bounded sub-action while flagging the residual for human resolution. Mode selection is not a heuristic but the output of an evidence-and-harm calculation that is recorded alongside the action, so that any subsequent reviewer can reconstruct the decision under the same inputs.

Harm minimization operates as a constraint on mode selection rather than as a post-hoc audit. The primitive evaluates the harm class of each candidate actuation against the patient's contemporaneous state and the device's reversibility model, and refuses to select continue where the joint expectation exceeds the labeled risk envelope. Post-actuation verification closes the loop: after every continue or partial action, the device collects a structured verification signal that confirms the action's effect matches the predicted effect, and a verification miss escalates the next decision into defer or refuse mode. Reversibility evaluation, finally, is a precondition rather than a postcondition, with each candidate action carrying a reversibility classification that bounds the modes available to the policy. Together these four elements compose into the kind of architectural account that 510(k), De Novo, and PCCP review increasingly require.

Compliance Mapping

Mapping governed actuation to FDA submission elements proceeds element by element. Substantial-equivalence narratives in 510(k) submissions can cite the actuation-mode ladder as the technological characteristic that controls the safety and effectiveness questions raised by autonomy, allowing the sponsor to argue that differences from the predicate are bounded by structural means. De Novo special controls drafted around the primitive can specify mode-selection criteria, verification signals, and reversibility classes as testable requirements, producing a classification regulation that scales to subsequent entrants. Risk-management files compliant with ISO 14971 can ingest harm-class outputs directly, eliminating the translation layer between hazard analysis and runtime behavior.

For PCCPs, the primitive provides a natural language for change classes: a proposed modification can be characterized as expanding the continue envelope, tightening the refuse envelope, refining the verification signal, or extending the reversibility model, and each class admits a defined verification protocol. MDR and 21 CFR 803 reporting obligations are satisfied by replaying the actuation record, including the selected mode, the antecedent evidence, the verification result, and the reversal pathway invoked, which dramatically reduces the cost of root-cause analysis. QMSR design controls under 21 CFR 820.30, harmonized with ISO 13485, attach cleanly to the primitive because each architectural element corresponds to a verifiable design output. Cybersecurity expectations from the FDA premarket cybersecurity guidance also benefit, because the actuation log is itself an integrity-protected artifact suitable for SBOM-linked incident response.

Adoption Pathway

Sponsors preparing an autonomous-device submission can adopt governed actuation incrementally. The first step is to characterize the existing decision surface and re-express it in the four-mode ladder, which typically reveals that current "human-in-the-loop" claims correspond to a coarse defer mode without structured packets or harm bounds. The second step is to instrument the device to emit per-action records containing the mode, evidence, harm class, verification result, and reversibility classification, which immediately upgrades the quality of design verification artifacts. The third step is to redraft the risk-management file and the special-controls proposal around the structural elements, which converts procedural claims into testable architectural requirements.

Engagement with the Agency through the Q-Sub program is the natural fourth step, because the primitive provides a concrete object for pre-submission discussion that reviewers can evaluate against the substantial-equivalence and special-controls frameworks. Sponsors targeting Breakthrough Device Designation gain a particular advantage, because the designation criteria emphasize meaningful advantages over alternatives, and a structurally defensible actuation surface is itself such an advantage when compared to predicates that lack one. Finally, sponsors who anticipate post-clearance learning should draft their PCCPs in primitive-native language from the outset, because retrofitting a procedural PCCP to architectural reality after clearance is significantly costlier than authoring the PCCP correctly during the original submission.