Classifies software for optical camera-based measurement of pulse rate, heart rate, breathing rate, and/or respiratory rate into the U.S. Food and Drug Administration's class II, requiring special controls. Those controls require comprehensive hazard analysis and risk assessment; clinical testing data demonstrating the software's efficacy; a usability assessment; and detailed product labeling.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding federal regulation from the Code of Federal Regulations (CFR) with mandatory requirements and enforcement mechanisms through the FDA.
The document has good coverage of approximately 3-4 subdomains, with strong focus on AI system safety and robustness (7.3), lack of transparency (7.4), and human-computer interaction risks related to overreliance (5.1). Coverage is concentrated in technical safety, validation requirements, and user interaction domains.
The regulation primarily governs the Health Care and Social Assistance sector, specifically medical device manufacturers developing AI-based vital sign monitoring software. It also has implications for the Information sector (software developers) and Scientific Research and Development Services (clinical testing).
The document comprehensively covers verification and validation, deployment, and operation/monitoring stages. It requires extensive testing, clinical validation, and ongoing cybersecurity management. The regulation also addresses design considerations through hazard analysis requirements and hardware specifications.
The document explicitly covers AI software and algorithms for medical device applications. It addresses software-based systems that analyze video data to estimate vital signs. The regulation does not mention frontier AI, general purpose AI, foundation models, or compute thresholds, as it is focused on a specific medical device application.
Food and Drug Administration (FDA)
The document is a federal regulation issued by the FDA, as indicated by the citation '21 CFR § 870.2785' and the authority statement identifying the Food and Drug Administration.
Food and Drug Administration (FDA)
The FDA has enforcement authority over medical devices through its regulatory framework. The regulation establishes Class II special controls that the FDA enforces through pre-market clearance and post-market surveillance.
Food and Drug Administration (FDA)
The FDA monitors compliance through review of software documentation, clinical data, and post-market surveillance. The regulation requires ongoing cybersecurity vulnerability management, indicating continuous monitoring obligations.
The regulation applies to manufacturers and developers of software-based medical devices that use optical camera-based measurement algorithms. These entities must comply with special controls including software validation, clinical testing, and labeling requirements.
6 subdomains (3 Good, 3 Minimal)