Medical Device Regulation 101: How to Prepare for (and Survive) FDA Approval
For many innovators building their first medical device or software product, the regulatory system can feel confusing, slow, and intimidating. Most founders begin with the same basic questions: What pathway should my product follow? How long will it take? What documents do we actually need? And how early should we start preparing?
This guide gives you a clear overview of how FDA evaluates medical devices, how risk classification works, which pathways exist, and what practical steps you should take during early development. Whether you are building a hardware device, a cloud-connected tool, or Software as a Medical Device (SaMD), the principles below form the foundation of a successful regulatory strategy.
1. Understanding Intended Use and Risk Classification
Your device’s regulatory journey starts with a single sentence: your intended use statement. This brief description of what your product does and who it is for influences everything that follows, from risk classification to required evidence.
FDA evaluates risk by considering the severity of harm that could result if the device fails or is used incorrectly. ISO 14971, the global standard for medical device risk management, provides the framework most teams follow to classify hazards, estimate their severity, and determine controls. The output of this analysis feeds directly into device classification:
Class I: Low risk products such as simple manual tools
Class II: Moderate risk products including most diagnostic and monitoring technologies
Class III: High risk devices that directly support or sustain life, or make critical clinical decisions
For SaMD, risk is tied to the role the software plays in clinical care. Software that simply informs a clinician tends to fall lower on the spectrum. Software that drives or automates a diagnosis tends to fall higher.
This early classification step shapes the rest of your journey, so it is important to get it right.
2. The Three Main FDA Pathways and Their Timelines
Once risk is understood, your product fits into one of three major FDA pathways. Each pathway has different expectations, timelines, and documentation requirements.
510(k) Premarket Notification (Most Common, Fastest)
A 510(k) is used for moderate risk devices that can demonstrate substantial equivalence to a device already on the market. FDA’s review goal is 90 days, although real timelines extend to 6 to 9 months once questions and updates are included.
De Novo Classification (For Novel, Low to Moderate Risk Products)
If no predicate exists, but the device is still low to moderate risk, the De Novo pathway allows companies to create a new classification. FDA’s review goal is 150 days, with most real-world reviews taking 8 to 12 months.
Premarket Approval (PMA) for High Risk Devices
PMA is the most demanding pathway. It requires robust scientific and clinical evidence, a full quality system review, and often an advisory panel meeting. FDA’s statutory timeline is 180 days, but full PMA cycles often extend beyond a year.
The important takeaway is that the more innovative the product, the longer and more complex the pathway tends to be.
3. Why Innovation Is Often “Punished” in Regulatory Pathways
FDA’s reliance on substantial equivalence means that companies with novel technology frequently face longer timelines.
If your device is truly unique and no predicate device exists, it cannot go through the 510(k) pathway, even if it is low risk. That means:
You lose access to the fastest clearance route
You face more rigorous evidence requirements
Your review includes more back-and-forth with FDA
Timelines stretch significantly
This is why it is often said that the regulatory system rewards incremental improvements and slows down transformative innovation.
This is not a reason to avoid building novel technology. It simply means you should understand the regulatory consequences and plan accordingly.
4. Why a 510(k) Strategy Is Often Recommended for Innovators
For early-stage MedTech and SaMD companies, the 510(k) pathway has several advantages:
It is the fastest route to market
It typically requires less evidence than De Novo or PMA
It offers more predictable timelines
It creates fewer barriers for fundraising and commercialization
Because of its efficiency, many startups adjust their product strategy to fit a predicate device. This can involve:
Narrowing the initial intended use
Aligning product claims with an existing device
Launching a “Version 1” that mirrors a cleared predicate, then expanding later
Prioritizing features that support regulatory similarity
A 510(k) strategy does not reduce innovation. It simply ensures that innovation is sequenced in a way that aligns with regulatory realities.
5. Build Your Quality Management Processes Early
Quality is not something you add at the end of development. FDA expects manufacturers to follow quality system principles throughout the product lifecycle.
ISO 13485 is the global standard most teams use to structure their quality management system (QMS). It defines how you handle:
Design controls
Risk management
Document management
Verification and validation
Supplier management
Complaint handling and postmarket surveillance
For startups, the QMS does not need to be heavy or expensive. It needs to be functional, traceable, and appropriate for your stage of development.
Investors and regulators both expect you to have this foundation in place long before your submission.
6. Additional Standards to Consider for SaMD
Software products must follow additional standards that are specific to digital health and artificial intelligence. The most common include:
IEC 62304: The software lifecycle standard, covering design, coding, testing, maintenance, and change control
ISO 14971: Risk management, including software-specific failure analysis
ISO 27001 and FDA cybersecurity expectations: Security controls, threat modeling, and secure development
ISO 42001: The new management system standard for AI governance, especially relevant for machine learning products
IEC 62366: Usability and human factors engineering
These standards help demonstrate that your software is safe, reliable, and well controlled, which is extremely important for regulators reviewing SaMD or AI products.
7. The First Hurdle Before Submission: Your QMS Audit
Before many companies can submit to FDA or enter markets like Canada or Europe, they must undergo a QMS audit to demonstrate compliance with ISO 13485. This audit is performed by a recognized auditing organization such as UL, BSI, TUV SUD, or Intertek.
During this process, auditors verify that:
Your documentation meets ISO 13485
Your design controls are traceable
Your risk files are complete
Your software development process matches IEC 62304
Your quality system is being followed, not just written down
While this can sound intimidating, startups who prepare early usually pass without major issues.
8. You Do Not Need Expensive QMS Software to Get Started
Many early-stage companies believe they need enterprise QMS software before they can begin their regulatory journey. This is not true.
For your first submission, you primarily need:
A clear regulatory strategy
Well organized documentation
Basic quality processes
A partner who can teach you what matters and what does not
Software can help later, especially once you scale or approach multiple markets, but it is not required at the beginning. What you need first is clarity and structure, not complexity.
Final Thoughts
Regulatory approval can feel overwhelming at first, but once you understand how intended use, risk, pathways, and quality systems fit together, the process becomes far more manageable. Early planning gives innovators more control, reduces rework, and shortens time to market.
If your team is building its first medical device or SaMD product, Unigen can help you map your pathway, establish lightweight quality processes, prepare your documentation, and move forward with confidence. Contact us for an introductory chat.