Comment on page
What if I already submitted my cyber device?
As provided by the Omnibus, the cybersecurity requirements do not apply to an application or submission submitted to the Food and Drug Administration (FDA) before March 29, 2023. If a cyber device was previously authorized, and the manufacturer is making a change to the device that requires premarket review by the agency, the law would apply for the new premarket submission.
Medcrypt expert tip:
There are some exceptions that you should be aware of: 1) If there is a change to your device that warrants a new pre-market submission (510(k)) or if you have a Class III device, almost all changes must be reviewed. If those changes are not reviewed, all changes must still be reported annually. 2) Post-market requirements for risk management all apply from a Quality System perspective. If you don't follow the guidance in how you manage risk, we strongly suggest that you should. Regardless, you still are required per 820 and 806 (corrections and removals) to deal with post-market issues, to which the post-market guidance applies.