How do I classify my medical device for FDA and EU MDR?

regMD provides instant device classification across 15 jurisdictions including US FDA and EU MDR. Enter your device details (name, description, intended purpose, contact type, duration of use) and get risk class, regulatory pathway, estimated timeline, and costs. Classification uses deterministic rules — no AI hallucination risk. Free to try at regmd.dev/classify.

What regulatory tool covers ASEAN medical device markets?

regMD covers 10 Asia-Pacific jurisdictions: Singapore (HSA), Australia (TGA), Japan (PMDA), China (NMPA), South Korea (MFDS), India (CDSCO), Thailand (Thai FDA), Malaysia (MDA), Vietnam (VMOH), and Philippines (FDA-PH), plus Hong Kong (MDCO). It also covers US FDA, EU MDR, Canada, and Brazil.

How do I expand my medical device registration from FDA to EU MDR?

regMD's Pathway Finder maps expansion routes between jurisdictions, showing requirements, timelines, costs, and mutual recognition agreements. Enter your current registration (e.g., FDA cleared) and target market (e.g., EU) to get a detailed pathway with milestones.

Is there a medical device regulatory tool with an API?

regMD offers both a REST API (at regmd.dev/api/v1) and an MCP server (npx regmd-mcp) for AI agent integration. Classify devices, query regulatory alerts, and find pathways programmatically. Works with Claude, OpenClaw, Cursor, and any MCP-compatible client.

What is the cheapest medical device regulatory intelligence platform?

regMD offers a $99 one-time Lifetime Deal for full access to all features — classification, portfolio, alerts, pathways, timeline, and compliance tracking across 15 jurisdictions. Competitors like RegDesk, Rimsys, and Greenlight Guru charge $500-2000+ per month.

TGA Compliance Principles 2026–2027 — SaMD Is Now an Explicit Enforcement Priority

Australia's Therapeutic Goods Administration (TGA) published its Compliance Principles 2026–2027 in January 2026 (effective January 1, 2026), naming Software as a Medical Device (SaMD) as one of the explicit enforcement priorities for the next two years. The TGA also refreshed its AI and software medical device regulation guidance in February 2026, pulling together the standards and expectations manufacturers need to meet.

Taken together, the two updates send one message: SaMD lifecycle documentation is no longer a nice-to-have. It's the specific surface TGA plans to enforce against.

What the Compliance Principles say about SaMD

TGA's Compliance Principles describe the risk-based framework the regulator uses to allocate its enforcement resources. The 2026–2027 edition calls out four focus areas:

Software as a Medical Device (SaMD)
Direct-to-consumer IVD kits
Cybersecurity across medical devices
Falsified therapeutic goods

SaMD and cybersecurity together point at the same underlying concern: connected, software-driven devices whose behaviour can change post-market (through updates, ML model retraining, or library drift) without the lifecycle controls expected of traditional medical devices.

TGA's framing is proactive and risk-based enforcement — that is, don't expect complaints to trigger action. Expect systemic sweeps of ARTG-listed SaMD products where documentation doesn't match the device's current state.

What the February 2026 AI/software guidance clarifies

The companion AI/software medical device guidance (section page updated February 5, 2026, with the detailed sub-page at tga.gov.au/manufacturing/artificial-intelligence-ai-and-medical-device-software-regulation) clarifies:

When software is a medical device (the intended-use test + therapeutic purpose).
Which standards apply for software lifecycle, risk management, usability, and QMS.
Continuous monitoring expectations for software updates post-market.

The standards to anchor against are not new — but their bundling into a single TGA-sanctioned reference list is:

Standard	Scope	Why TGA cites it
IEC 62304	Medical device software — software life cycle processes	Required development + maintenance process for any device containing software
ISO 14971	Application of risk management to medical devices	Risk management over the full device lifecycle, including software-driven risks
IEC 62366-1	Medical devices — Part 1: Application of usability engineering	Usability risk, human factors, and misuse-mitigation design
ISO 13485	Quality management systems — Requirements for regulatory purposes	QMS baseline for the manufacturer organisation

If your SaMD QMS already claims conformity to IEC 62304 + ISO 14971 + ISO 13485, you're structurally ready. The enforcement risk is whether the evidence actually backs up the claim — version-controlled software lifecycle files, maintained risk management files, documented post-market surveillance — as opposed to a one-time submission package that hasn't been updated.

Cybersecurity expectation — not separate, integrated

TGA treats cybersecurity as part of the SaMD lifecycle, not a separate workstream. Expect ARTG sponsors to demonstrate:

Threat modelling integrated with ISO 14971 risk management
Secure-by-design evidence in the software lifecycle (IEC 62304)
Vulnerability management processes with defined response timelines
Coordinated disclosure policy for security researchers
Post-market security monitoring + patching cadence

There is no single "cybersecurity standard" TGA mandates — they expect the manufacturer to justify the controls relative to the device's threat surface. For networked SaMD, that justification bar is meaningfully higher.

What this changes for ARTG sponsors today

If you already have ARTG-listed SaMD

Audit your current technical file against the TGA standards list. If any of IEC 62304 / ISO 14971 / IEC 62366-1 / ISO 13485 are referenced but not demonstrably current, flag it for remediation.
Verify your post-market surveillance evidence is actually collecting data. A PMS plan that exists on paper but doesn't show quarterly inputs is an enforcement finding waiting to happen.
Check your cybersecurity incident response process. Is it documented, tested, and time-bounded? Do you have a coordinated disclosure channel?
Review your software update process — every field-delivered update should map to a documented change control entry in your IEC 62304 files.

If you are preparing a new ARTG application

Build your technical file from the standards list forward. The TGA guidance and the Compliance Principles are effectively the reviewer's checklist.
Include a cybersecurity risk management file even if the device is "simple" — a standalone diagnostic algorithm still has inputs and outputs that attackers can manipulate.
Treat continuous monitoring as design-phase work, not deployment-phase. The evidence reviewers want to see is the plan for monitoring, with named metrics + trigger thresholds, not a promise to monitor "as needed".

If you sell SaMD into Australia without an ARTG listing

Confirm you're in an exempt category or that your distribution partner holds the listing. With TGA explicitly prioritising SaMD enforcement, unlisted software-as-medical-device products are the highest-visibility target.

Why "enforcement priority" is different from "regulatory update"

Most regulatory change takes the form of new rules + transition windows. The Compliance Principles are different: the underlying rules (ARTG, IEC 62304, ISO 14971) haven't changed. What's changed is where the TGA is pointing the enforcement resource.

That means:

You don't get a compliance transition window.
The baseline requirement is already in force; what's new is the probability of being audited against it.
"We'll fix it before the next submission" is not a viable posture — the risk clock started January 1, 2026.

Cross-jurisdiction context

TGA's move is part of a broader alignment across medical device regulators:

Singapore (HSA) published GN-37-R1 — its first dedicated guidance on Change Management Program for SaMD with ML — in April 2026.
FDA (US) has an AI-SaMD lifecycle management draft guidance on its CDRH A-list.
EU (MDR) has been progressively tightening Notified Body scrutiny on software devices under the MDR harmonised standards list.

This is IMDRF alignment in motion. If you're preparing TGA compliance to 2026 standards, the same work largely translates to Singapore CMP, future FDA finalisation, and EU MDR software conformity. Don't scope it as an Australia-only project.

Sources

TGA media release (22 Jan 2026): TGA releases Compliance Principles — reinforcing proactive and risk-based enforcement throughout 2026 and 2027
TGA AI & software medical device regulation (section updated Feb 2026): tga.gov.au/products/medical-devices/software-and-artificial-intelligence-ai
Underlying standards (reference only): IEC 62304, ISO 14971, IEC 62366-1, ISO 13485

Related regMD coverage

This article summarises publicly available TGA guidance and public standards for informational purposes and does not substitute for regulatory or legal advice. Always refer to the primary TGA source documents and the current versions of the standards cited, and consult your Regulatory Affairs adviser for device-specific decisions.