IMDRF N93 Technical Framework for Artificial Intelligence Life Cycle Management
By Mitch on Friday, 10 July 2026, 13:54 - Misc - Permalink
The International Medical Device Regulators Forum (IMDRF) published a draft version of their guide on artificial intelligence lifecycle management for medical devices.
Introduction
This document has the goal to cover the whole lifecycle of a medical device incorporating AI (MDAI). It is based on the 10 IMDRF Good Machine Learning Principles (GMLP) published early 2025.
We can see here two improvements in this draft guide:
- 10 GMLP possible to fit in a one-pager, versus a document 40 pages long. This new document offers a better understanding of activities, tasks and deliverables related to MDAI lifecycle,
- The FDA guidance on AI enabled functions stayed a bit lonely up to now. It was the only relevant source of information. This new document offers a view from different stakeholders.
Fortunately, the FDA guidance, the 10 IMDRF GMLP and this new IMDRF document are coherent. The latest compliments the first two ones. Compared to the FDA guidance, it confirms the processes to implement throughout the lifecycle, and documentation to provide to demonstrate the safety and performance of a MDAI.
The FDA guidance isn't any more alone. Manufacturers could have had doubts relying only on the FDA recommendations to implement their processes, while their products were to be sold outside the US. This is no more the case.
Manufacturers can make use of both the IMDRF and FDA guides to implement processes, fitting regulatory expectations, not only of FDA, but also of other IMDRF members. And by extension, expectations of other regulatory authorities worldwide, possibly with different documentary structure. But without change in their content.
Purpose and scope
We retrieve in this document the same principles are those pinpointed by the FDA or, for example, the EU AI Act: providing secure, safe, ethical, and effective MDAI throughout their lifecycle.
Even though these principles are also applicable to classical MDSW, they are exacerbated by the use of AI/ML technologies, and require specific provisions and documentation. We also retrieve the same secondary objectives, used to meet the main objectives listed above:
- Trustworthiness,
- Explainability,
- Interpretability.
Universal concepts
Likewise, we retrieve the concepts also found in the FDA guidance.
A QMS covering the MDAI lifecycle
Nothing new here. Reference is made to ISO 13485. Even though one may argue that this standard in its current version lacks provisions on data management.
It should be noted that IEC 62304 isn't referenced here. Even though many people place high expectations in the 2nd edition, don't expect too much about AI in IEC 62304 until you've seen the soon to be published draft text.
Risk management
Nothing new here either. Reference is made to ISO 14971. Some types AI-related risks addressed are already present in the FDA guidance. Maybe the risks related to general-purpose SOUP models weren't so well pinpointed by the FDA guidance. The FDA guidance is a bit "old", compared to the recent and sheer increase of use of such models in the healthcare sector, especially generative models.
Note: ISO 24971-2 isn't referenced in this document. But this draft was published before final version on ISO 24971-2, itself published in June 2026.
Human oversight
The FDA guidance doesn't contain explicit human oversight recommendations. It sticks to human factors to assess device - human interactions and critical tasks.
Human oversight first appeared officially in the EU AI Act in 20226. The IMDRF document reuses it as an "essential" behaviour throughout the MDAI lifecycle. Compared to the EU AI Act, the IMDRF document sheds a new light on human oversight, focused on medical devices.
Especially, it insists on clinical expertise and clinical involvement, and the benefits of human oversight as a source of information for post-market monitoring.
Cybersecurity
The IMDRF points to specific cybersecurity characteristics of MDAI. A subject we reviewed in this article.
Lifecycle steps
The document continues with explaining what is expected from manufacturers in each step of the lifecycle. Rather than summarizing this part or converting it to a TODO list (your LLM does it better than me), here are some comments taken here and there in the document:
- Planning and design:
- "selection of the appropriate model up front may streamline the risk control process": the document insists on the importance of choosing the right model. We can draw a link with the need of scientific validity of the medical device found in the IMDRF SaMD clinical evaluation ,guide. A proven scientific validity can help choosing the right model.
- Data collection and management:
- The document references IEC 5259-4, but not IEC 63621, which was published a few days after,
- It contains a section about synthetic / simulated data, a bit more articulate than what the FDA guidance has up to now,
- It contains a section on adaptive models, something once again not present in the FDA guidance,
- Last, it contains a section on data cleaning process and automated procedures, more articulate than the FDA guidance.
- Model building and tuning:
- The section about Leveraging general-purpose and off-the-shelf models is worth reading, something as already said above getting more important in the way MDAI are designed.
- Verification and Validation:
- The main info is this part is The model's outputs will have a significant influence on the approach used in the V&V process, especially on the clinical validation of the device,
- It also makes a clear distinction between the V&V activities related to the model and V&V activities related to the AI-enabled medical device. This is actually a best practice to test the model alone, or the pipeline alone, before it is integrated in the device. A step that can be likened to analytical validation of the device. Then to test the model integrated in the device. A step that can be likened to clinical validation of the device.
- Deployment:
- This section highlights considerations that are unique to (...) MDAI. Especially, the different failure modes than other medical devices, data drift, performance degradation and plans to reuse real-world data,
- It also leverages Predetermined Change Control Plans (PCCP), as of today accepted by the FDA but not necessarily by Notified Bodies.
- Operations and monitoring:
- The document fosters the use of automated processes to monitor AI models, and the generation and interpretation of logs. These are tools allowing the continuous monitoring of the MDAI.
- Real-world performance evaluation:
- In EU MDR terms, this section means Post-market clinical follow-up,
- This section focuses on defining and monitoring device performance indicators than can be likened to clinical evaluation.
- Sunsetting:
- Just think of it, like other SaMD.
Transparency and labelling
This document reaffirms the recommendations of the FDA on Instructions for Use and Labelling for transparency. One notable difference: the FDA explicitly recommends the use of Model Cards to summarize the technical characteristics and limitations of the device. A tool presented by the IMDR as optional.
Conclusion
The IMDRF and FDA guides share the same principles. IMDRF guidance is a bit more up-to-date compared to the FDA guidance. You will not find concepts related to general-purpose models, generative AI, and human oversight in the FDA guidance in its current draft status.
Rely on the IMDRF guidance for such topics, even though it is draft. You can also wait for an updated version of the FDA guidance, no doubt that the final version of the FDA guidance will address these issues. Currently, the FDA guidance is in the B-List for 2026. Meaning that the final version may be deferred to 2027. Likewise, the IMDRF doesn't communicate on a date of publication of this document.
State of the art is being built.
