logo

QA/RA Consulting, Auditing & Training

logo

Let's get started

Why FDA Inspections Feel Different Now: Part II – SaMD, IEC 62304, and AI Enabled Devices

In Part I, we explored why FDA inspections feel different under QMSR: inspectors are following risk, connecting information across the product lifecycle, and evaluating how quality systems actually function in practice. For software-driven products, those same shifts are even more apparent. When the device is software—or relies heavily on software—FDA’s focus extends beyond procedures and documentation to how software risks, changes, and performance are managed throughout the lifecycle.

1. FDA is evaluating software systems – not just documents – end to end

For SaMD and software‑heavy devices, QMSR reinforced something FDA already believed: software is never “done” at release. Inspections now follow how software is designed, changed, deployed, monitored, and corrected across the full lifecycle.

That aligns directly with:

  • IEC 62304 lifecycle expectations
  • IEC 82304‑1 system‑level integration
  • FDA’s total product lifecycle view for software and AI
ELIQUENT “IQ” insight: FDA is looking at how your software lifecycle behaves in the real world, not just how it’s described on paper.

2. Risk management now drives the inspection for software

Under QMSR’s risk‑based inspection model, FDA investigators increasingly use the following to decide which parts of your system will be scrutinized the most:

  • Software risk classification
  • Hazard analysis and software of unknown provenance (SOUP) assessments
  • Change history and post‑market signals

For SaMD teams, this maps cleanly to IEC 62304, but FDA now expects risk management to actively shape decisions, not simply document severity levels.

ELIQUENT “IQ” insight: Your software risk files don’t only justify compliance; they now guide the inspection itself.

3. IEC 62304 compliance is necessary – but no longer sufficient by itself

Many software teams are strong on IEC 62304 task completion (plans, traceability, verification), but FDA inspections under QMSR are:

  • Testing integration with the broader QMS (ISO 13485)
  • Looking at how software signals feed CAPA, change control, and management review
  • Evaluating whether software risk is addressed at the system level, per IEC 82304‑1
ELIQUENT “IQ” insight: IEC 62304 shows that your software process works; FDA now wants to see how it works inside the quality system.

4. For AI/ML SaMD, inspections focus on control, not the math

FDA has been very consistent: QMSR does not regulate algorithms directly. Instead, inspections ask:

  • Is the AI model lifecycle controlled?
  • Can you reconstruct what version was in the field, and why?
  • Are updates governed through defined change control and risk review?

This focus mirrors FDA’s AI/ML guidance emphasizing total product lifecycle management, not one‑time validation.

ELIQUENT “IQ” insight: FDA isn’t auditing your model architecture, they’re auditing your ability to control and explain it.

5. Change control is the pressure point for software companies

For SaMD and AI‑enabled devices, inspections often feel more intense because:

  • Software changes occur frequently
  • Many teams rely on Agile or continuous improvement models
  • FDA now explicitly evaluates how software changes are assessed, approved, and monitored

QMSR makes change control a core inspection area, not a supporting function.

ELIQUENT “IQ” insight: If you update software quickly, FDA wants to be confident that you’re also updating safely and consistently.

6. Post market software data matters more than ever

Under QMSR, FDA expects SaMD manufacturers to actively use the following as inputs to risk management and future changes:

  • Complaints
  • Performance metrics
  • Drift or degradation signals (for AI)
  • Cybersecurity and real‑world use data

This expectation ties together:

  • IEC 62304 maintenance activities
  • IEC 82304‑1 system monitoring
  • FDA’s AI and cybersecurity lifecycle approach
ELIQUENT “IQ” insight: For software, post market data is no longer just surveillance, it’s evidence of control.

7. Management oversight is especially visible for software and AI

FDA inspections now consistently probe:

  • Who approves software risk decisions?
  • Who owns benefit‑risk tradeoffs for updates?
  • How does leadership know when software performance changes matter?

This is particularly relevant for AI and SaMD, for which technical teams historically made many decisions informally.

ELIQUENT “IQ” insight: FDA wants software quality decisions to be intentional, not implicit.

As a final note: QMSR didn’t change how good software is built – it changed how clearly software decisions must be controllable, explainable, and repeatable under inspection.

Be sure to check out Part I of this blog post, which focuses on FDA inspections in general!

 

How ELIQUENT Supports QMSR Inspection Readiness

ELIQUENT helps manufacturers respond to FDA’s QMSR inspection approach through:

Reach out to ELIQUENT Life Sciences to learn how we can help you act on these early QMSR enforcement signals.

Our team is here to help. Contact us online
or
Get answers right now. Call

US Office Washington DC

1.800.472.6477

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.