Submission Pathway Selector
Five questions → 510(k), De Novo, or PMA recommendation, with the cybersecurity evidence delta for each pathway under the FDA's Feb 3, 2026 final premarket guidance.
Reviewed by
Christian Espinosa
Founder & CEO, Blue Goat Cyber
Is there a legally marketed predicate device with similar intended use and technological characteristics?
What is the device's risk class / probable level of patient harm?
Does the device introduce a new technological feature without a precedent (e.g. new modality, new biological interface, new AI claim)?
What clinical evidence will support safety and effectiveness?
What is the device's connectivity and software profile?
Is this a combination product or will it require an IDE for the clinical study?
If AI/ML is in scope: do you plan to ship adaptive updates after clearance?
What you'll see after you submit
Answers → pathway recommendation + cybersecurity delta per route
- Primary recommendation (510(k), De Novo, or PMA) with a plain-English rationale.
- Alternates listed when the call is close, so you walk into a Pre-Sub with options.
- Per-pathway cybersecurity evidence delta - what's identical and what's different.
- JSON export to hand to regulatory affairs.
Common misconceptions
What teams usually get wrong
-
Myth: Cyber evidence is the same for 510(k) and PMA.
Reality: The artifacts are largely the same; the depth, validation rigor, and Q-Sub interaction differ. PMA reviewers go deeper on threat-model traceability and clinical-risk linkage.
-
Myth: De Novo means lighter cyber than 510(k).
Reality: De Novo establishes a new classification - the FDA often sets the cyber bar high precisely because there's no predicate. Expect the full §524B package.
-
Myth: Pathway is purely a regulatory decision; product security can wait.
Reality: Pathway choice changes the Pre-Sub strategy for cybersecurity. Engage product security before pathway is locked.
References & further reading
Primary sources behind this tool
Recent regulatory + supply-chain activity
Tracked signals that change what reviewers expect. Items move on as new ones land.
Build the cyber evidence.
Section 524B Applicability Checker
Confirm the cyber-device trigger before scoping the submission.
Read Section 524B Applicability CheckereSTAR Cybersecurity Checklist
Sixteen artifacts reviewers look for, mapped to eSTAR.
Read eSTAR Cybersecurity ChecklistFDA premarket cybersecurity services
End-to-end SPDF + submission package.
Read FDA premarket cybersecurity services