Software as a Medical Device (SaMD) has reshaped the technological, regulatory, and clinical landscape of modern healthcare. Yet regulatory approaches remain anchored to assumptions grounded in traditional medical devices: linear development, fixed performance characteristics, and predictable risk profiles. These assumptions no longer hold in an era of adaptive, data-driven, and continuously updating digital systems. This Perspective presents the Good Digital Medicine Practices (GDMP) framework as a structured proposal to harmonize global oversight of SaMD, including AI-enabled systems. GDMP articulates principles for continuous validation, algorithmic transparency, risk-proportionate lifecycle management, and international convergence. By providing an operational reference model grounded in real-world regulatory experience, GDMP seeks to advance a coherent, globally relevant foundation for safe, equitable, and trustworthy digital medicine.
Introduction
The integration of software into clinical care has evolved from peripheral decision support to fully independent therapeutic and diagnostic functions. Software as a Medical Device (SaMD), defined by the International Medical Device Regulators Forum (IMDRF) as software intended for one or more medical purposes without being embedded in hardware1, represents one of the most significant technological shifts in contemporary healthcare. SaMD is distinguished not only by its immateriality but by its inherent capacity for rapid evolution, scalability, and—in the case of artificial intelligence and machine learning (AI/ML)—its potential to modify performance over time.
Traditional regulatory frameworks were built on predictable development trajectories: products were validated pre-market, monitored post-market, and modified infrequently under defined change-management processes. SaMD disrupts this logic. Modern digital tools may alter their behavior through retraining, adaptation to shifting data distributions, or algorithmic recalibration; performance can drift across population subgroups; and safety signals may emerge from interactions with clinical workflows or external information systems. These dynamics create a continuously moving regulatory target and challenge the adequacy of static, event-based evaluation paradigms.
International efforts have attempted to address these limitations. The EU Medical Device Regulation (MDR 2017/745)2 strengthened evidence requirements but retained a fundamentally linear lifecycle model. FDA’s Quality System Regulation and internationally adopted standards such as ISO 134853 and IEC 623044 provide essential structural foundations but lack explicit mechanisms for managing adaptive algorithms. Even forward-looking initiatives—such as the FDA’s Digital Health Software Precertification Program5 and the IMDRF SaMD Clinical Evaluation guidance6—have yet to converge into a unified global framework capable of supporting continuous, real-world-aligned oversight.
These regulatory challenges mirror broader transformations in clinical practice driven by artificial intelligence, as highlighted by Topol7, Shortliffe and Sepúlveda8, and Jiang et al.9, who collectively underscore the need for governance models capable of ensuring transparency, accountability, and sustained clinical performance in AI-enabled systems.
This context underscores the need for a governance model that reflects the unique properties of digital medicine—its velocity, its dependence on data provenance, and its dynamic interaction with clinical environments.
Conceptual origin of GDMP
The present authors developed the Good Digital Medicine Practices (GDMP) framework through an iterative synthesis of regulatory science, software engineering principles, clinical validation paradigms, and comparative policy analysis. Its methodological underpinnings draw upon a Design Science tradition10, which supports the construction of conceptual artefacts intended to address complex socio-technical gaps. GDMP is not a regulatory standard but a reference structure intended to support harmonization efforts, inform policy development, and anticipate emerging governance challenges. The conceptual development of GDMP was also informed by recent scholarly contributions at the intersection of personalized medicine, artificial intelligence, and digital health transformation, including foundational work on personalized medicine and AI integration11 and recent developments in digital medicine governance and implementation frameworks12.
Why good digital medicine practices are needed
Evolving technological realities
SaMD increasingly behaves as a learning system, capable of recalibrating thresholds, updating internal logic, or incorporating new datasets. These characteristics enhance clinical potential but generate profound governance challenges. Unlike pharmaceuticals or traditional devices—whose properties are fixed and measurable—SaMD’s risk profile may change over time and across contexts, requiring mechanisms that can detect, interpret, and respond to such evolution.
Insufficiency of static validation
Pre-market assessment alone cannot ensure sustained safety or clinical utility. Performance drift may arise from shifts in population characteristics, modifications in clinical workflows, or integration with heterogeneous data systems. Such drift is often gradual, complex, and difficult to detect without continuous monitoring.
Transparency and explainability gaps
Algorithmic performance depends on training data quality, implementation context, update logic, and usage patterns. Documentation standards vary widely across developers, leaving regulators without consistent visibility into how models evolve—or how changes affect risk.
Global fragmentation
Regulatory systems are advancing at different rates and with different levers for adaptive oversight, creating complexity for developers and limiting the scalability of digital innovations. GDMP seeks to address this fragmentation by proposing a coherent, globally relevant governance model.
The GDMP framework
GDMP consists of five interdependent components that translate high-level regulatory objectives into practical operational mechanisms: Quality System Integration, Clinical Validation Protocols, Adaptive Algorithm Oversight, Real-World Performance Feedback, and a Global Convergence Layer. These components extend existing standards and regulatory instruments—including ISO 134853, IEC 623044, IMDRF SaMD principles1,6, and the FDA’s PCCP model13—by embedding mechanisms for adaptivity, traceability, and continuous performance oversight.
A comparative overview of how GDMP aligns with, extends, or fills gaps in current regulatory and standards frameworks—including ISO 13485, IEC 62304, IMDRF SaMD principles, and the FDA PCCP model—is provided in Table 1.
Integrating GDMP across the SaMD lifecycle
The GDMP lifecycle architecture, depicted in Fig. 1, connects the development, validation, deployment, monitoring, and update phases through dynamic feedback loops.
This schematic illustrates how the five interconnected components of Good Digital Medicine Practices—Quality System Integration, Clinical Validation Protocols, Adaptive Algorithm Oversight, Real-World Performance Feedback, and the Global Convergence Layer—map onto the SaMD lifecycle (design, validation, deployment, post-market operation, and iterative updates). Arrows denote feedback loops enabling continuous, risk-proportionate oversight informed by real-world evidence, safety signals, algorithmic drift, and usability insights. Quantitative triggers (e.g., calibration drift, AUROC decline, subgroup performance divergence) link observed performance changes to defined regulatory actions such as revalidation, enhanced monitoring, rollback, or labelling updates. The outer convergence layer reflects alignment with major international frameworks, supporting interoperability and harmonized governance.
Global perspectives: insights from international regulatory systems
Digital Medicine is inherently global: software crosses borders more rapidly than any clinical technology in history, and regulatory decisions made in one region increasingly influence expectations in another. Yet oversight models remain heterogeneous, shaped by institutional histories, national priorities, regulatory capacities, and technological maturity. Understanding these differences is essential for situating GDMP within a realistic international landscape.
Singapore: a regulatory laboratory for adaptive oversight
Singapore’s Health Sciences Authority (HSA) has emerged as a leading testbed for adaptive regulation. Its 2024 Change Management Program for ML-enabled SaMD14 offers one of the clearest articulations of how algorithm updates can be permitted within predefined boundaries, supported by evidence requirements and real-world monitoring obligations. Singapore’s approach demonstrates that smaller regulatory systems—when agile, well-resourced, and strategically oriented—can pioneer frameworks that larger jurisdictions later adapt. HSA’s guidance illustrates how adaptive oversight can be operationalized through transparent change categories, predefined update pathways, and regulator–developer alignment.
Japan: institutionalizing adaptivity through PACMP
Japan’s Pharmaceuticals and Medical Devices Agency (PMDA) formalized algorithmic change management through the Post-Approval Change Management Protocol (PACMP)15, supported by earlier regulatory foundations16 and detailed AI-SaMD reports17. PACMP creates a structured environment in which developers may negotiate, in advance, the conditions under which adaptive updates are permitted. Japan’s model is notable for its procedural clarity: updates are categorized, evidence requirements are predefined, and verification pathways are transparent. The subsequent 2022 report on AI-based SaMD reflects PMDA’s commitment to refining operational tools based on real-world implementation experience. Together, these elements demonstrate how adaptive oversight can be institutionalized within a large, highly structured regulatory system.
Brazil: Building scalable oversight in emerging markets
Brazil’s National Health Surveillance Agency (ANVISA) has made significant strides in establishing clear, risk-aligned pathways for SaMD regulation through RDC 657/202218 and RDC 751/202219. These frameworks create a foundation for transparent market entry, predictable classification, and structured post-market surveillance. Brazil’s experience is particularly relevant for emerging markets seeking to balance innovation with limited regulatory capacity. ANVISA’s emphasis on proportionate oversight and surveillance illustrates how GDMP principles can be adapted to resource-variable environments while maintaining a commitment to safety and accountability.
United States: from Pre-Cert to PCCP and beyond
The United States has undergone a conceptual transition in digital health oversight. After discontinuing the Digital Health Software Precertification Program, the FDA shifted attention toward the Predetermined Change Control Plan (PCCP)13 as a scalable mechanism for adaptive algorithm management. PCCP embodies many of the principles central to GDMP: transparency, predefined update boundaries, and continuous evidence generation. Importantly, FDA’s current trajectory reflects the recognition that adaptive oversight must be built into the regulatory architecture rather than layered on top of existing processes.
WHO: Embedding equity and ethical governance in global digital health
The World Health Organization’s Global Strategy on Digital Health20 and its guidances on the use of AI21,22 in health highlight dimensions of governance that are often underemphasized in national regulatory systems: equity, inclusiveness, transparency, and global capacity-building23. WHO’s frameworks stress that digital medicine must not exacerbate existing inequities or place disproportionate burdens on low-resource settings. These principles resonate strongly with GDMP’s convergence layer, which envisions a global governance ecosystem that is not merely harmonized, but also fair, accessible, and ethically grounded.
Toward a Coherent Global Regulatory Future
Although each jurisdiction pursues its own priorities, a set of shared themes is emerging across regulatory landscapes:
-
recognition of adaptive algorithms as a new regulatory object;
-
movement toward predefined change protocols;
-
increasing reliance on real-world evidence;
-
emphasis on transparency and documentation;
-
growing interest in global interoperability.
GDMP distills these themes into a unified conceptual model that can serve as a reference point for harmonization. Rather than imposing uniformity, GDMP offers a vocabulary, structure, and set of operational expectations that national authorities can adapt to their specific contexts while still contributing to a coherent global governance architecture.
Conclusion
Digital medicine is entering a phase defined by continuous evolution, increasing system complexity, and global interdependence. Regulatory systems must transition from static, product-centered paradigms to dynamic, evidence-driven governance models capable of addressing adaptivity, ensuring safety, and supporting equitable deployment across diverse populations and settings.
GDMP offers a framework for navigating this transformation. By articulating principles for continuous validation, transparent algorithmic oversight, risk-proportionate monitoring, real-world evidence integration, and international convergence, GDMP provides an operational scaffold for modern digital medicine governance.
Implementation will require investment in institutional capacity, common data standards, collaborative international frameworks, and shared ethical commitments. As digital medicine expands, governance must evolve accordingly—proactively, coherently, and with an unwavering focus on public trust and equity.
Data availability
No datasets were generated or analysed during the current study.
References
International Medical Device Regulators Forum (IMDRF). Software as a Medical Device (SaMD): Key Definitions. IMDRF/SaMD WG/N10FINAL. https://www.imdrf.org/working-groups/software-medical-device-samd 2013.
European Commission. Regulation (EU) 2017/745 on Medical Devices (MDR). Off. J. Eur. Union L117, 1–175 https://eur-lex.europa.eu/eli/reg/2017/745/oj (2017).
International Organization for Standardization. ISO 13485:2016 – Medical devices – Quality management systems – Requirements for regulatory purposes. https://www.iso.org/standard/59752.html
International Electrotechnical Commission. IEC 62304:2006+A1:2015+A2:2021 – Medical device software – Software life cycle processes. https://webstore.iec.ch/publication/2612
U.S. Food and Drug Administration. Developing a Software Precertification Program: A Working Model (v1.0). Digital Health Innovation Action Plan https://www.fda.gov/media/119722/download (2019).
U.S. Food and Drug Administration. Software as a Medical Device (SaMD): Clinical Evaluation – Guidance for Industry and FDA Staff https://www.fda.gov/regulatory-information/search-fda-guidance-documents/software-medical-device-samd-clinical-evaluation (2019).
Topol, E. J. High-performance medicine: the convergence of human and artificial intelligence. Nat. Med. 25, 44–56 (2019).
Shortliffe, E. H. & Sepúlveda, M. J. Clinical decision support in the era of artificial intelligence. JAMA 320, 2199–2200 (2018).
Jiang, F. et al. Artificial intelligence in healthcare: past, present and future. Stroke Vasc. Neurol. 2, 230–243 (2017).
Wieringa, R. J. Design Science Methodology for Information Systems and Software Engineering. Springer, Berlin (2014).
Cesario, A., D’Oria, M., Auffray, C. & Scambia, G. (eds.). Personalized Medicine Meets Artificial Intelligence. Springer https://doi.org/10.1007/978-3-031-32614-1 (2023).
Cesario, A., Gorini, M. & D’Amario, D. Digital Medicine Starter Guide. Springer ISBN 978-3-032-01271-5. https://link.springer.com/book/10.1007/978-3-032-01272-2 (2025).
U.S. Food and Drug Administration. Marketing Submission Recommendations for a Predetermined Change Control Plan for AI/ML-Enabled Device Software Functions. Final Guidance. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/predetermined-change-control-plan-ai-ml-enabled-device-software-functions (2024).
Health Sciences Authority (Singapore). Guidance on Change Management Program (CMP) for SaMD including ML-enabled SaMD https://www.hsa.gov.sg/medical-devices/guidance-documents (2024).
Pharmaceuticals and Medical Devices Agency (PMDA, Japan). Post-Approval Change Management Protocol (PACMP) https://www.pmda.go.jp/english/review-services/reviews/0002.html (2020).
Pharmaceuticals and Medical Devices Agency (PMDA, Japan). Regulatory Framework for Innovative Medical Devices (e.g., SaMD, AI) https://www.pmda.go.jp/english/safety/info-services/0003.html (2019).
Pharmaceuticals and Medical Devices Agency (PMDA, Japan). Report on AI-based Software as a Medical Device (SaMD) https://www.pmda.go.jp/files/000242043.pdf (2022).
Agência Nacional de Vigilância Sanitária (ANVISA). RDC 657/2022: Regulation of Software as a Medical Device 2022). https://www.gov.br/anvisa/pt-br/assuntos/regulamentacao/setores/saude-digital
Agência Nacional de Vigilância Sanitária (ANVISA). RDC 751/2022: Risk Classification and Surveillance Systems(effective 2023). https://www.in.gov.br/en/web/dou/-/resolucao-rdc-n-751-de-15-de-setembro-de-2022-429099794
World Health Organization. Global Strategy on Digital Health 2020–2025. Geneva: WHO https://www.who.int/publications/i/item/9789240020924 (2021).
World Health Organization. Ethics and Governance of Artificial Intelligence for Health: WHO Guidance. Geneva: WHO https://www.who.int/publications/i/item/9789240029200 (2021).
U.S. Food and Drug Administration. Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) Action Plan. FDA https://www.fda.gov/media/145022/download (2021).
International Council for Harmonisation (ICH). Integrated Addendum to ICH E6(R1): Guideline for Good Clinical Practice E6(R2) https://database.ich.org/sites/default/files/E6_R2_Addendum.pdf (2016).
Acknowledgements
The Authors acknowledge the contributions of the Italian Parliamentary Intergroup, under the leadership of Honorable Member of Parliament Dr. Simona Loizzo, MD, along with its Technical Scientific Committee, chaired by former Senator Engineer Franco Bruno. This committee supervised the development of legislative decree (Disegno di Legge - DDL) 1208C concerning “Sanità Digitale e Terapie Digitali” (Digital Health and Digital Therapeutics). It served as the platform where discussions fostered the emergence of ideas and proposals discussed in this commentary.
Author information
Authors and Affiliations
Contributions
A.C. ideated and drafted the initial manuscript; F.C. revised the manuscript and added contributions from the Industry perspective.
Corresponding authors
Ethics declarations
Competing interests
The authors declare no financial conflicts of interest. Alfredo Cesario serves as Chief Executive Officer of Gemelli Digital Medicine & Health and Digital Health Manager at Fondazione Policlinico Gemelli IRCCS. Federico Chinni is General Manager of UCB Italy and co-coordinator of the Digital & Connected HealthCare Group at Farmindustria. These affiliations are reported for transparency only and had no influence on the content of this work.
Additional information
Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
About this article
Cite this article
Cesario, A., Chinni, F. Toward global standards for SaMD: introducing a proposal for Good Digital Medicine Practices (GDMP). npj Digit. Med. 9, 226 (2026). https://doi.org/10.1038/s41746-026-02343-9
Received:
Accepted:
Published:
Version of record:
DOI: https://doi.org/10.1038/s41746-026-02343-9
