On 7 January 2025, the Food and Drug Administration (FDA) opened a public consultation on its draft Guidance for Industry and FDA Staff regarding the cybersecurity regulations for Artificial Intelligence-Enabled Device Software Functions until 7 April 2025. The draft guidance sets out a series of recommendations concerning the lifecycle management and marketing submissions for AI-enabled medical devices. The recommendations focus on transparency, risk assessment and cybersecurity. These include the management of threats such as data poisoning, model evasion, and data leakage, which have the potential to compromise device performance and user trust. The guidance emphasises that sponsors are obligated to submit detailed cybersecurity risk management reports, conduct penetration and fuzz testing, and articulate controls for access, encryption, and data anonymisation. The guidance underscores the significance of measures such as anomaly detection, adversarial training, and differential privacy to mitigate potential vulnerabilities.
Original source