When the FDA published its expanded Clinical Decision Support guidance in January 2026 alongside the updated wearables framework, my inbox filled up with the same question from product teams across our portfolio: "What do we actually need to do differently?" The answer, like most regulatory questions, is: it depends - but I can tell you exactly what it depends on.

I have spent the last three years building AI products that touch the FDA's regulatory surface - clinical documentation tools, patient risk stratification models, and diagnostic support features. This is my practical read of the January 2026 guidance package and what it means if you are building, not just reading about it.

Background: The Regulatory Space Before January 2026

The FDA's framework for software as a medical device (SaMD) has been evolving since the 21st Century Cures Act in 2016, which created the first statutory carve-out for certain clinical decision support tools. The 2022 CDS guidance document defined the four-prong test for determining whether a CDS tool was subject to FDA oversight. The De Novo and 510(k) pathways for AI/ML-based SaMD saw over 1,250 authorized devices by end of 2025 - up from roughly 500 in 2022.

But 2022 guidance was written before large language models were clinically deployed at scale. The January 2026 update is the FDA's first substantive attempt to address GenAI features specifically.

The January 2026 CDS Guidance Expansion: Key Changes

What Still Counts as Non-Device CDS (Deregulated)

The 2026 guidance preserved and clarified the four criteria from the 2022 framework for CDS tools that fall outside FDA oversight:

  1. Not intended to acquire, process, or analyze medical images, signals, or other physiological signals
  2. Intended to display, analyze, or print medical information about a patient or general population
  3. Intended for use by healthcare professionals
  4. The basis of the recommendation is transparent enough that a clinician can independently review it and does not rely on the software to make the clinical decision

Criterion 4 - the "transparency" prong - is where the 2026 guidance made the most meaningful change. The FDA clarified that for AI-generated recommendations, transparency requires more than showing an output. The clinician must be able to understand the reasoning basis well enough to meaningfully override it. A black-box clinical recommendation with a confidence score does not meet this bar. A recommendation that cites specific evidence, risk factors, or clinical parameters the clinician can verify does meet it.

This is a significant practical change. It means explainability is no longer just a nice-to-have for clinical AI tools - it is the factor that determines whether you need 510(k) clearance.

What the Guidance Added for GenAI Features

The January 2026 document added a new annex specifically addressing LLM-based clinical features. The key provisions:

  • Locked vs. adaptive models: The FDA confirmed that LLM-based tools with fixed weights used at inference time are treated similarly to locked algorithm SaMD. Tools that update weights based on real-world use are adaptive and require a predetermined change control plan (PCCP).
  • RAG-based systems: A new category was clarified - tools that combine a locked LLM with a retrieval corpus that updates (e.g., pulling from an EHR or updated clinical guidelines) are treated differently from the underlying model alone. The retrieval corpus update cadence triggers change control review requirements depending on clinical significance.
  • Foundation model reliance: If your product relies on a third-party foundation model (GPT-4o, Claude, Gemini), you are responsible for validating performance on your intended use - you cannot rely solely on the model provider's documentation. This codifies what most sophisticated teams were already doing but formalizes the burden.

Ambient AI and Documentation Tools

Ambient clinical documentation - AI scribe tools that transcribe and structure patient encounters - got significant clarification. The FDA confirmed that tools functioning solely as documentation assistants, where the clinician reviews and approves all clinical content before it enters the EHR, remain outside the device definition. The line is: if the AI writes the note and a human approves it before any clinical action, it is documentation software. If the AI's output directly populates a treatment plan or medication order without a human review step, it is CDS subject to oversight.

This matters for every healthcare AI company building on top of ambient scribe infrastructure. The review step is not optional from a regulatory standpoint - and that review step must be meaningful, not a checkbox.

The Wearables Guidance Update

The wearables-specific guidance, published alongside the CDS document, addressed AI features built on consumer wearable data. The key clarification: consumer wearables with AI features that provide general wellness recommendations remain outside FDA purview. But the same device providing specific diagnostic outputs ("your heart rhythm pattern is consistent with atrial fibrillation") requires 510(k) clearance regardless of whether it is positioned as a consumer product.

The Apple Watch AF detection precedent from 2018 still holds, but the 2026 guidance sharpened the language around population targeting. A feature that says "you may want to discuss your activity patterns with your doctor" is wellness. A feature that says "your glucose trend suggests insulin resistance" is medical - even if it is on a consumer device, even if it is free, even if it is opt-in.

For product teams building AI features on wearable data streams: run your output language through the wellness/medical test before launch, not during legal review. If a clinician reading the output would take a specific clinical action based on it, it needs a regulatory pathway.

The EMA and FDA Joint Principles

Quietly released alongside the January 2026 FDA guidance was a joint statement with the EMA (European Medicines Agency) on shared principles for AI in medical devices. This is the first formal alignment document between the two agencies, and its practical implication is significant: if you design for FDA clearance with these principles in mind, you are largely designing for EMA compliance simultaneously.

The five joint principles:

  1. Human oversight: AI systems must be designed to support rather than replace clinical judgment. Override mechanisms must be accessible and visible.
  2. Transparency and explainability: The basis for AI recommendations must be reviewable by clinicians with the relevant expertise.
  3. Robustness and accuracy: Performance must be validated across the intended use population, including demographic subgroups, with published performance statistics.
  4. Bias monitoring: Post-market surveillance must include monitoring for differential performance across demographic groups.
  5. Security and privacy: Data handling must meet jurisdiction-specific standards; adversarial robustness must be considered for high-stakes clinical tools.

These principles read like good engineering practice because they are. The alignment with the EU AI Act's risk tier framework (high-risk AI systems in healthcare require conformity assessment) means regulatory compliance and ethical AI design are converging. Build for the principles and the regulatory paperwork becomes easier.

The 1,250+ Authorized AI Devices: What the Number Tells You

The FDA's count of over 1,250 AI/ML-enabled authorized medical devices by end of 2025 is frequently cited. What matters more than the number is the distribution. The majority of authorized devices are in radiology (roughly 75% of authorizations), with cardiology and ophthalmology making up most of the remainder. Clinical text AI - the domain where LLMs are being deployed most aggressively - remains a small fraction of authorized devices.

This means two things for product teams. First, the FDA has deep experience reviewing AI in medical imaging and less experience reviewing LLM-based clinical text tools - expect more uncertainty and longer review cycles for novel GenAI applications. Second, the radiology precedents (particularly around algorithm transparency and demographic performance validation) are the best signal for what reviewers will look for in other domains.

Practical Implications for Product Teams

If you are building a clinical documentation tool

The ambient scribe market is effectively deregulated as long as the human review step is genuine and documented. Focus your compliance work on HIPAA data handling, the BAA with your LLM provider, and ensuring the review UI makes meaningful review possible (not just technically available). The FDA's concern is not the existence of the review step - it is whether it is designed to be skipped.

If you are building a clinical decision support tool

Run the four-prong test on every feature. For each AI recommendation the product surfaces, ask: can a clinician understand why this recommendation was made, and could they independently verify the basis? If yes, you are likely outside FDA oversight. If no, you need a regulatory strategy before launch, not after.

If you are using a third-party foundation model

Document your validation work. The FDA is not asking you to retrain GPT-4o. They are asking you to show that you tested your specific application on your specific intended use population and the performance is what you claim. Keep your evaluation datasets, your testing protocols, and your performance statistics. This documentation is your regulatory asset.

If you are planning international expansion

The FDA/EMA joint principles give you a design checklist that covers both jurisdictions. Build to those principles from the start. Adding explainability, audit logging, and demographic performance monitoring retroactively is expensive. Designing for them upfront is not.

What Has Not Changed

A few things the January 2026 guidance did not change, despite speculation:

  • The basic framework for determining device vs. non-device CDS is the same four-prong test from 2022.
  • The De Novo and 510(k) pathways for AI SaMD are unchanged - no new streamlined pathway for LLM-based tools was created.
  • HIPAA requirements for PHI handling in AI systems are unchanged - the guidance is silent on HIPAA because it does not govern it.
  • The SaMD Action Plan framework from 2021 remains the operative document for how FDA thinks about iterative AI model updates.

Regulatory change is slower than the technology it is trying to govern. The January 2026 guidance is a meaningful update, but it is an incremental clarification, not a transformation. The teams that have been building with regulatory awareness for the last three years are not starting over. The teams that have been ignoring regulatory risk and hoping for clarity now have more clarity - and less runway to catch up.

Related posts