SaMD and medical device registration in 2025: EU, MDSAP, or USA

As we progress through 2025, the global regulatory environment for the registration of medical devices and Software as a Medical Device (SaMD) continues to evolve. Manufacturers must strategically evaluate which markets to prioritise for medical product registration and commercialisation, especially considering recent regulatory reforms, shifts in government policy, and market demands.

This article explores three major regulatory pathways—the European Union (EU), MDSAP countries, and the United States (FDA)—assessing their regulatory requirements, approval timelines, and market opportunities in 2025.

United States (FDA): A shifting landscape amid organisational changes

Regulatory overview:

The United States remains one of the largest and most lucrative medical device markets, traditionally known for its clear medical device registration regulatory pathways such as 510(k), De Novo, and PMA. SaMD manufacturers have typically benefited from the FDA’s support for digital health innovation, particularly under the Digital Health Innovation Action Plan (now incorporated into more traditional frameworks).

What’s changing in 2025:

• Under the current Trump administration, significant layoffs at the FDA have impacted review capacity, especially in the medical device and SaMD divisions.
• Despite political promises to streamline approvals, the reduced staffing has led to longer review times, inconsistent communication, and backlogs.
• Uncertainty in regulatory timelines is now a major challenge, particularly for novel, high-risk technologies like AI-based SaMD.

Key considerations:

• Review timelines for 510(k) and De Novo applications often exceed 12–18 months.
• High-risk SaMD and PMA devices may face even longer evaluation periods.
• Despite these challenges, the US market continues to offer high revenue potential, early adoption, and a developed reimbursement landscape for innovative products.

Best for:

Companies with robust regulatory teams, strong clinical evidence, and the ability to absorb potential delays. SaMD solutions focused on AI diagnostics, remote monitoring, and chronic disease management remain in high demand.

European Union (EU MDR): Complex but globally recognised

Regulatory overview:

• The European Union operates under MDR (2017/745) for medical devices and IVDR (2017/746) for IVDs.
• SaMD is considered a medical device when it serves a medical purpose, requiring compliance with Annex VIII classification rules, clinical evaluation reports (CER), and post-market surveillance (PMS).
• The EU Artificial Intelligence Act (AI Act), which classifies AI-enabled medical devices as high-risk AI systems, imposing additional certification, conformity assessment, and compliance requirements beyond the MDR CE marking. Key obligations include risk management, transparency, human oversight, data protection assessments, and registration in the EU AI database. The AI Act’s provisions are phased in, with most applying from August 2026 and specific medical device-related rules by August 2027.
• The Cybersecurity Resilience Act (CRA), which will impose stricter cybersecurity requirements on medical devices and software, complementing GDPR and MDR cybersecurity expectations, reflecting the EU’s focus on digital health security.
• The Medical Device Coordination Group (MDCG) guidance documents, which provide detailed clarifications on classification and qualification of medical device software (including SaMD), as well as cybersecurity considerations. For example, MDCG 2019-11 clarifies classification rules under Annex VIII MDR, emphasising that software driving or influencing a device takes the device’s classification, and independent software is classified on its own risk profile. MDCG also issues guidance on cybersecurity and clinical data requirements for SaMD.

What’s changing in 2025:

• Notified Body (NB) capacity remains limited, leading to significant delays in medical device registration.
• For Class IIa or higher SaMD, the approval process may take 18–24 months or more.
• GDPR, cybersecurity, and clinical data expectations are strictly enforced.

Key considerations:

• The CE mark remains globally respected and opens doors to non-EU markets like the Middle East, Southeast Asia, and Latin America.
• Achieving MDR compliance offers global credibility, but comes with increased costs, longer timelines, and greater regulatory oversight.

Best for:

Manufacturers aiming for long-term strategic market positioning, strong global brand credibility, and those with the resources and clinical data to meet MDR’s strict requirements.

MDSAP countries: Streamlined audits, local registrations

Regulatory overview:

The Medical Device Single Audit Program (MDSAP) enables a single QMS audit that satisfies regulatory requirements across five participating countries:

• 🇦🇺 Australia (TGA – Therapeutic Goods Administration)
• 🇯🇵 Japan (PMDA/MHLW – Pharmaceuticals and Medical Devices Agency / Ministry of Health)
• 🇧🇷 Brazil (ANVISA – National Health Surveillance Agency)
• 🇺🇸 United States (FDA – Food and Drug Administration)
• 🇨🇦 Canada (Health Canada) – Note: Not covered in this article as a standalone market

While the MDSAP program simplifies quality management compliance, each country still requires its own medical device registration and regulatory submissions.

What’s changing in 2025:

• MDSAP audits are based on ISO 13485:2016 and include country-specific requirements.
• Australia recognises EU MDR CE certification for many devices but applies its own risk-based SaMD classification rules, similar to the IMDRF model.
• Japan offers significant market potential, particularly for AI-based SaMD, but requires local representatives, language-specific submissions, and more complex regulatory navigation.
• Brazil (ANVISA) requires product registration with documentation in Portuguese and can involve lengthy timelines unless prioritised via expedited programs.

Key considerations:

• MDSAP helps streamline audit burden and improves regulatory transparency.
• For SaMD, Australia and Japan offer well-defined pathways, with Australia being more aligned with EU standards.
• Companies must still plan local market strategies, as each country has distinct timelines and documentation needs.

Best for:

Manufacturers seeking multi-country market entry with a centralised QMS audit, especially those looking to expand into Asia-Pacific or Latin American markets with validated and compliant systems.

Where should you go in 2025?

If you’re bringing an AI-powered SaMD or innovative medical device to market, the choice of entry should reflect both your regulatory readiness and your business priorities.

• MDSAP countries like Australia and Japan offer structured, transparent pathways and benefit from streamlined audits, making them attractive for global expansion strategies.
• The EU remains the gold standard for global credibility, but MDR compliance is time-consuming and resource-intensive.
• The United States, while lucrative, currently presents greater uncertainty, with longer timelines and internal staffing issues affecting regulatory efficiency.