Introduction to IEC 62304
IEC 62304 is a key international standard for the lifecycle processes of medical device software. It outlines the necessary processes for software development, maintenance, and risk management. Originally published in 2006, IEC 62304 has provided guidance to manufacturers, ensuring that software used in medical devices is safe, effective, and in compliance with global regulations. With technological advancements and the rise of AI and machine learning in healthcare, this standard is being updated to keep pace with industry changes and enhance safety protocols.
The update to IEC 62304 is essential for ensuring that software used in healthcare, particularly in Software as a Medical Device (SaMD) and AI-driven health products, meets current and future regulatory expectations. It is vital for those involved in digital health, regulatory compliance, or software development to understand these changes and how they could affect their practices.
What’s Changing in IEC 62304?
The updated IEC 62304 standard will apply to:
- Software that’s part of a medical device
- Software embedded in health hardware
- Software as a Medical Device (SaMD)
- Software-only products for health management or care delivery
- Health software powered by AI and machine learning
These changes reflect the increasing role of advanced technologies like AI, which are now integrated into many healthcare solutions. The standard is being updated to address the unique risks and challenges these technologies present, ensuring that medical software remains safe and reliable.
New Software Process Rigor Levels:
One of the key updates is the introduction of Software Process Rigor Levels, replacing the previous safety classification system. This shift aims to simplify the software classification process while ensuring that appropriate levels of scrutiny are applied depending on the safety risks posed by the software.
Here’s how the new system breaks down:
| Safety Classification | Rigor Level |
| Class A | Low |
| Class B & C | High |
This new classification system helps streamline risk management, making it clearer whether the software contributes to hazardous situations, and enhancing product safety.
Other Notable Updates
1. Software Development Process Changes
There will be key revisions to the Software Development Plan, Software Requirements Analysis, and Software Architecture Design sections. These changes will enhance clarity and consistency in the software development lifecycle, ensuring that developers have a clear framework to follow when designing and testing medical software.
2. Risk Management Updates
Aligned with the new Software Process Rigor Levels, the risk management updates aim to simplify the classification of software and its associated risks. By clarifying the risk classification process, the standard ensures that organisations can more easily assess whether their software poses any risks to patient safety and determine the necessary mitigations.
3. Maintenance Updates
The definitions surrounding software maintenance have been updated to reflect the evolving nature of software lifecycle management. These updates will help organisations better monitor, update, and manage their products throughout their lifecycle, ensuring that software remains safe and effective even after initial release.
4. General Requirements Adjustments
IEC 62304 is not a product-level standard, so the Quality System general requirements will be removed. These quality aspects should instead be handled within the broader quality system the manufacturer applies to their products, allowing for more focused and effective quality management.
5. Modifications for Legacy Software
For legacy software, updates to IEC 62304 will now be handled through an informative annex. Manufacturers will need to assess the impact of any changes or updates to legacy software by reviewing the software development plan and ensuring compliance with the new guidelines.
The Impact of AI and Machine Learning in Healthcare Software
Artificial intelligence and machine learning have transformed the healthcare sector, offering solutions that were once unimaginable. These technologies power everything from diagnostic tools to personalised treatment recommendations. However, with these innovations come new risks, especially in software used in medical devices or as standalone health solutions.
The updated IEC 62304 addresses these risks by including specific provisions for software that incorporates AI and ML. These provisions ensure that such software is subject to rigorous development and testing procedures, while also providing guidance on how to assess risks associated with AI-driven healthcare solutions. By introducing clearer requirements for AI-powered software, the update to IEC 62304 ensures that safety and performance are maintained in an evolving technological landscape.
Practical Steps for Compliance
As digital health and AI-powered software continue to evolve, it’s important for companies to review their current processes and prepare for the upcoming updates to IEC 62304. Here are some practical steps to ensure you’re on track for compliance:
- Review Your Software Development Processes
Ensure that your Software Development Plan, Software Requirements Analysis, and Software Architecture Design are aligned with the updated standard. Revise your internal documentation to reflect the new guidelines, especially in areas such as risk management and safety classification. - Evaluate AI and ML Impact
If your software uses AI or machine learning, assess how these technologies impact your product’s risk profile. Implement testing and validation procedures that align with the new regulations for AI-driven software. - Prepare for Legacy Software Updates
Review any legacy software that may be impacted by the update. Ensure that any changes are thoroughly assessed, and update your software development plan to reflect these modifications.
Stay Informed of Key Dates
Keep track of important milestones, including the comment resolution date, approval start date, and publication date. Staying informed will help you prepare for the final release of the updated standard.
Key Dates to Watch
Here are the key milestones for the updated IEC 62304 standard:
- Public commentary period has ended
- Comment resolution start date: 20 March 2026
- Approval start date: 22 May 2026
- Publication start date: 12 August 2026
By familiarising yourself with these dates, you can ensure your processes are in line with the updates as they come into effect.
Source: British Standards Institution – Project
Conclusion
The upcoming updates to IEC 62304 represent a significant evolution in the regulation of software used in medical devices and health management solutions. Whether your software is part of a medical device, a standalone health solution, or driven by AI and machine learning, these changes will help ensure that your products remain safe, effective, and compliant with the latest regulations.
Now is the time to review your development processes, risk management practices, and legacy software to ensure you’re ready for the 2026 changes. Staying ahead of these updates will not only help with compliance but will also ensure that you’re prepared to meet the demands of an ever-evolving regulatory landscape in digital health.
Contact us today to ensure that you stay compliant with the upcoming 2026 changes.
