Key Pitfalls & Best Practices for AI/ML-Enabled SaMD / SiMD Under Current FDA Thinking
Artificial intelligence and machine learning (AI/ML) are increasingly embedded in medical-device software, bringing promising opportunities for better diagnostics, monitoring, personalization and outcomes. However, the same adaptive-data, algorithm-driven approach that makes AI/ML compelling also introduces unique risks and regulatory considerations, especially in the premarket context for SaMD/SiMD. As manufacturers seek to bring AI/ML-enabled devices to market, training the underlying model(s) properly — and documenting that training — has become a critical differentiator.
At Rook Quality Systems (Rook), leveraging our teams’ subject-matter expertise, we have observed several training-phase traps and regulatory “watch-points” that device makers must address to move smoothly from concept to cleared or approved product. In this blog, we highlight the top issues to watch out for when training your model(s) in the premarket phase and align them with the latest FDA guidance and trends.
First, to set the stage: the FDA has published several key documents in the past year that sharpen its expectations for AI/ML-enabled medical devices:
In January 2025, the FDA issued the draft guidance titled “Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations” (Docket FDA-2024-D-4488). This guidance walks through what manufacturers should include in marketing submissions for devices that include AI-enabled software functions, with a strong emphasis on the total product lifecycle (TPLC).
The FDA’s website explicitly states that the “traditional paradigm … was not designed for adaptive artificial intelligence and machine learning technologies” and points to the need for a TPLC regulatory approach.
The agency also maintains a resource list of authorized AI-enabled medical devices, highlighting transparency and traceability for real-world AI/ML devices.
Prior to this, the FDA had published its Good Machine Learning Practice (GMLP) for Medical Device Development: Guiding Principles document, setting out 10 core principles around how to design, develop, validate, and monitor ML-enabled devices.
Against this backdrop, training becomes more than just a “model gets data, builds weights, we test it” exercise. It becomes a regulated activity, with requirements for documentation, bias analysis, monitoring, version control, change-management planning (such as a Predetermined Change Control Plan, or PCCP), and alignment to declared model performance. If any of those links break, pre-market review may stall, or worse, your cleared product may face post-market issues.
Here are six key areas device makers should focus on during the training phase of an AI/ML device, each tied to both regulatory expectations and practical insights from Rook’s subject matter experts.
Engage early and often with the FDA.
The agency repeatedly emphasizes early engagement for AI/ML-enabled devices. The January 2025 draft guidance “encourages sponsors to engage with the agency early and often.”
Treat training as part of your clinical claim narrative.
Model training isn’t just a “data science step” — it is the backbone of your validation, safety, and effectiveness story. Present your training approach in your submission (and internal review) with full transparency.
Plan for real-world feedback and deployment complexity.
Even the best training cannot capture all real-world variability (site differences, patient population shift, device drift). By building in monitoring and update plans, you reveal maturity and forethought.
Don’t underestimate “explainability” and user-workflow integration.
The FDA’s transparency principles for ML-enabled medical devices emphasize that users (clinicians, patients) should be provided appropriate information, including logic or explainability to the extent practicable. For training, this means you should think about how the model’s outputs will integrate into the workflow, how you validated that integration, and how you document explanations of key outputs (or limitations).
Bias and equity are first-order risks.
If you have a high-performing model in a narrow dataset but haven’t tested for demographic splits, you may get flagged. Better to document known limitations and mitigation strategy upfront than have the agency ask for supplemental data later.
Prepare change control for the long haul.
AI/ML models evolve. If you don't plan for how you will update, monitor and control those updates, you risk either lots of regulatory submissions or performance drift. A well-structured PCCP (or roadmap) differentiates you.
Make training reproducible and auditable.
Version-control, datasets, seed values, random splits, hyper-parameter logs — these all matter. If you train “offline” without traceability, you’ll back yourself into a corner when someone asks “which model was cleared?” or “what has changed since training?”
Focus on robustness, not just accuracy.
Training certain convenient data is easy. Making sure the model will hold up under “messier” real-world conditions is harder, and regulators will expect you to have thought about edge cases, signal noise, device variability, site workflow differences, sample bias, and potential drift.
For manufacturers of SaMD/SiMD with AI/ML-enabled functions, the model-training phase is no longer a “backend” afterthought, it is a regulatory, quality-system, clinical-claim, and lifecycle-management cornerstone. The FDA’s evolving guidance reflects this: from a static pre-market model to a total product lifecycle mindset that anticipates updates, monitors real-world performance, requires transparency, and demands documentation and traceability.
By proactively addressing the six watch-points we’ve outlined, data lineage and splits, architecture/logic linkage, bias/subgroup performance, locked vs adaptive model strategy, monitoring/feedback loops, and documentation/change control, you position your device program not just for premarket clearance or approval but for long-term success in the field.
At Rook, we believe that the companies that win in this space will treat model training like a first-class regulated activity — structured, documented, auditable, and aligned to lifecycle outcomes. If you’d like to learn more or walk through your training-phase strategy for AI/ML-enabled devices, we’re here to help.