Close this search box.

HSA Guidance on Life Cycle Approach for Software Medical Devices: Overview | HSA

The article provides a general overview of the regulatory requirements for software medical devices intended to be marketed and used in Singapore.

HSA Guidance on Labeling for Medical Devices: Implantable Devices and IVDs

Table of content

The Health Sciences Authority (HSA), a Singapore’s regulatory agency in the sphere of healthcare products, has published a guidance document dedicated to software medical devices in the context of a life cycle approach.

The document provides an overview of the applicable regulatory requirements, as well as additional clarifications and recommendations to be taken into consideration by medical device manufacturers (software developers) in order to ensure compliance thereto.

At the same time, the authority reserves the right to make changes to the guidance and recommendations provided therein, should such changes be reasonably necessary to reflect corresponding amendments to the underlying legislation. 

In the evolving landscape of healthcare technology, software has emerged as one of the key aspects of the functionality and innovation of medical devices. The present guidance describes in detail a Total Product Life Cycle (TPLC) approach, ensuring the proper management and oversight of such devices from inception to post-market activities.


The integration of software into medical devices has revolutionized the healthcare industry, enabling advancements in diagnostics, patient monitoring, and treatment methodologies.

The implementation of Artificial Intelligence (AI) and the Internet of Things (IoT) has further expanded this field into new territories, presenting unique challenges in cybersecurity and interoperability.

In response, the HSA encourages the parties involved to follow a TPLC approach, emphasizing the importance of a comprehensive management strategy that covers, inter alia, such components as requirement management, risk assessment, software verification and validation, change management, traceability, and other critical aspects through the life span of the software.

FDA on assessing credibility of computational modelling2


The primary aim of these guidelines is to provide an overview of the existing regulatory landscape for software medical devices, guiding manufacturers through the entire lifecycle of product development, from initial conception to post-market surveillance within the Singaporean context.

It is also important to mention that these guidelines serve as a reflection of the HSA’s current position regarding the matter, intended to inform rather than impose new regulatory burdens on stakeholders.

This document targets a wide range of stakeholders within the context of software medical devices, including developers, manufacturers, and suppliers operating within Singapore. It serves as a comprehensive resource for entities navigating the regulatory environment of healthcare technology when it comes to the software used when providing medical care or in the clinical decision-making process.


Applicable to a broad range of software solutions intended for medical use, the guidelines cover software in various formats, including but not limited to embedded systems in medical devices, standalone software, mobile applications, and web-based platforms.

This approach ensures that all forms of software medical devices, irrespective of their deployment model or technological underpinnings, are regulated under a unified framework as set forth under the relevant legislation.


In order to assist the parties involved in interpreting the relevant regulatory provisions and following the requirements set forth therein, the document also contains a glossary of key terms and definitions that provides clarity on key concepts within the regulatory framework, including definitions for AI, AI-Medical Devices (AI-MD), clinical evaluation, cybersecurity, and more. These definitions establish a common language for stakeholders to discuss and understand the regulatory requirements and processes.

Regulatory Framework Overview

The guidelines presented by the HSA are structured to navigate stakeholders through the complex landscape of software medical device development and management.

The relevant section of the document outlines the foundational elements of the regulatory framework, emphasizing the TPLC approach and its implications for quality management, pre-market registration, licensing, and post-market surveillance.

Quality Management System (QMS)

According to the guidance, the implementation of a robust QMS is vitally important for ensuring that software medical devices meet the strict requirements for safety and efficacy.

The guidelines specify the elements of a QMS that are essential for the development, production, and continuous improvement of medical devices, aligning with international standards and best practices.

Pre-market Product Registration Requirements

Before entering the Singapore market, software medical devices must undergo a comprehensive registration process. This process involves the assessment of technical documentation, clinical data, and other relevant information to demonstrate compliance with regulatory standards.

The guidelines provide a detailed roadmap for navigating the registration process, highlighting the critical steps and documentation required for approval.

Dealer’s Licensing Requirements

In accordance with the applicable regulatory requirements, medical device manufacturers and suppliers of software medical devices must obtain appropriate licenses to operate within Singapore.

The guidelines outline the licensing process, detailing the criteria for eligibility, the application procedure, and the responsibilities of licensed entities in maintaining compliance with regulatory standards.

Change Notification

To maintain regulatory compliance, manufacturers and suppliers are required to notify the HSA of any significant changes to their software medical devices. The guidelines specify the types of changes that warrant notification, the process for submitting change notifications, and the implications of such changes on product registration and licensing.

Post-market Management

The authority additionally mentions that the actual responsibilities of manufacturers and suppliers extend beyond the market introduction of their products. The guidelines emphasize the importance of ongoing surveillance and management of software medical devices to address any emerging issues, ensure continued compliance with regulatory standards, and uphold the safety and efficacy of the devices.

Cybersecurity and Artificial Intelligence

In the digital age, cybersecurity is a critical aspect of software medical device regulation.

The guidelines detail the cybersecurity measures that manufacturers must implement to protect patient data and ensure the integrity and availability of their devices. These measures include vulnerability assessments, incident response plans, and regular security updates.

The integration of AI into medical devices presents unique regulatory challenges. The guidelines address these challenges, offering guidance on the development, validation, and management of AI-enabled medical devices.


In summary, the present HSA guidance provides a comprehensive overview of the regulatory framework for software medical devices based on the relevant legislation. The document highlights the key points to be taken into consideration by medical device manufacturers (software developers) in order to ensure their products are compliant with any and all requirements and standards, thus ensuring their safety and proper performance when used for the intended purpose.

How Can RegDesk Help?

RegDesk is a holistic Regulatory Information Management System that provides medical device and pharma companies with regulatory intelligence for over 120 markets worldwide. It can help you prepare and publish global applications, manage standards, run change assessments, and obtain real-time alerts on regulatory changes through a centralized platform. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Global expansion has never been this simple.


Want to know more about our solutions? Speak to a RegDesk Expert today!