The technological advancement is now an integral part of healthcare and Artificial Intelligence (AI) algorithms, along with other AI-powered applications supporting medical professionals in clinical settings. AI and Machine Learning (ML)-based Software as a Medical Device (SaMD) aid medical practitioners in decision-making for better patient care. South Korea’s Ministry of Food and Drug Safety (MFDS) has guidelines to regulate and monitor the use of AI and Big Data based medical devices. The guidelines highlight the criteria for identification and classification of an AI-based SaMD, their review considerations, and the approval process.

According to the MFDS, whether an AI software is a medical device or not is determined based on its intended use, the hazard it can cause when it doesn’t work as intended and whether the software guarantees the clinical judgment of a medical professional. Further, the MFDS also states which medical software can fall into the category of medical devices and which do not. Here is a brief comparison.

Medical software that falls into the category of a medical device

Medical software that does not fall into the category of a medical device

  • Software that diagnoses, predicts, or monitors the possibility of diseases, including the existence of disease and condition, or treats diseases using clinical information.
  • Software that provides clinical information for diagnosis and treatment by analyzing the medical image, signal from in-vitro diagnostic medical device, and a pattern or signal from the signal acquisition system.
  • Software that supports administrative work of a medical institution.
  • Software intended for exercise, leisure activities, and general health care.
  • Software for education/research purposes
  • Software intended for managing medical records which are not related to treatment and diagnosis of diseases.
  • Software that provides a tool to organize and trace health or treatment information.


In South Korea, the classification criteria for AI algorithms are in line with medical device classification and are classified into four (04) risk classes. The manufacturers must submit technical specifications, including information on cloud server operating environment, cloud service type, security standard, etc. The technical specifications are validated based on the sensitivity, specificity, positive predictive value, negative predictive value, Receiver Operating Characteristic (ROC) curve, and Area Under the Curve (AUC) of the software device.

Manufacturers are also required to submit the ‘Document for Operating Principles’ specifying the diagnosis algorithm and the explanation of the cloud computing technology used in the device. Manufacturers must also submit the ‘Verification and Validation Report on the Software’ highlighting the test data collection information, test method, and the test standards. In cases where the information is transmitted via cloud computing technology, the manufacturers must ensure data privacy by establishing measures such as server access control, user authentication, and encryption for transmitting and saving medical information.

The AI medical device manufacturers must demonstrate their device is devoid of any cybersecurity vulnerabilities. The manufacturers must submit a “Software Verification and Validation” report. The report must include the test and verification process for the cybersecurity requirements, test results, and re-test results in case the software was changed during testing and verification. Manufacturers must submit documents on “Cybersecurity Risk Management” to record risk management activities and to minimize and prevent potential harm by identifying hazards related to cybersecurity throughout the total product’s life cycle of medical devices.

For the clinical validation of AI-based devices, manufacturers must perform either a prospective study or a retrospective study. The prospective studies involve evaluating the study subjects with respect to changes caused by predefined risk factors for a certain period. The retrospective study does not involve direct contact with study subjects but uses medical records involving medical images and vital signs. Clinical validation is important in order to determine the appropriate clinical trial method.

The applications for algorithms with no predicate devices must be accompanied by the clinical trial document. If a predicate is available, the clinical trial may be waived but would require equivalence comparison with approved predicates. The devices shall be compared for -

  • Intended use
  • The model used for machine learning
  • Characteristics of training data in the two products.
  • Input information for indication analysis
  • Essential technology elements to implement an algorithm
  • Training data
  • Output information for indication analysis

The AI algorithms play a key role in critical clinical decisions and inaccurate diagnosis, and the outcome may prove riskier for the patients. The efforts toward complying with the MFDS requirements might be challenging for the manufacturer. The manufacturers must start with  diligent Regulatory intelligence on the MFDS requirements for AI-based devices and understand the applicable requirements for the use case before planning for submission. This approach has time and again proved to reduce the cost and timeline risks associated with non-compliance.

How about your AI-based medical device? Is it falling in line with South Korean device regulations? Start the evaluation right now with a proven Regulatory expert.



Related Posts by Category