Pick the right route

Submission Pathway Selector

Five questions → 510(k), De Novo, or PMA recommendation, with the cybersecurity evidence delta for each pathway under the FDA's Feb 3, 2026 final premarket guidance.

Reviewed by

Christian Espinosa

Founder & CEO, Blue Goat Cyber

Last reviewed June 29, 2026

Device / product line

Is there a legally marketed predicate device with similar intended use and technological characteristics?

What is the device's risk class / probable level of patient harm?

Does the device introduce a new technological feature without a precedent (e.g. new modality, new biological interface, new AI claim)?

What clinical evidence will support safety and effectiveness?

What is the device's connectivity and software profile?

Is this a combination product or will it require an IDE for the clinical study?

If AI/ML is in scope: do you plan to ship adaptive updates after clearance?

What you'll see after you submit

Answers → pathway recommendation + cybersecurity delta per route

Primary recommendation (510(k), De Novo, or PMA) with a plain-English rationale.
Alternates listed when the call is close, so you walk into a Pre-Sub with options.
Per-pathway cybersecurity evidence delta - what's identical and what's different.
JSON export to hand to regulatory affairs.

Common misconceptions

What teams usually get wrong

Myth: Cyber evidence is the same for 510(k) and PMA.

Reality: The artifacts are largely the same; the depth, validation rigor, and Q-Sub interaction differ. PMA reviewers go deeper on threat-model traceability and clinical-risk linkage.
Myth: De Novo means lighter cyber than 510(k).

Reality: De Novo establishes a new classification - the FDA often sets the cyber bar high precisely because there's no predicate. Expect the full §524B package.
Myth: Pathway is purely a regulatory decision; product security can wait.

Reality: Pathway choice changes the Pre-Sub strategy for cybersecurity. Engage product security before pathway is locked.