Your AI model has 99% sensitivity, solid validation, and a great data set. And yet, the FDA just sent you a deficiency letter. It's not because your numbers are wrong. It's because you can't explain them in a way a clinician can trust and act on. This is the new reality for AI/ML device submissions.
What the Public Information Reports
The dialogue in the industry reveals a clear shift in the FDA's focus. Reviewers are moving beyond asking 'How precise is the AI?' to a much tougher question: 'Can you describe what this AI does and justify a clinician’s ability to rely on its results?' High performance is now just the table stakes; it's no longer the entire game.
This isn't based on a single new guidance document titled 'Explainability.' Instead, as the analysis points out, it's the combined weight of several key documents. The Good Machine Learning Practice (GMLP) principles, the Predetermined Change Control Plan (PCCP) guidance, and IMDRF N41 on clinical evaluation together create an effective explainability standard. The message is clear: transparency is a foundational requirement, not a nice to have.
What Could Cause This Type of Failure
Submissions are failing because development teams often treat explainability as a documentation task to be handled at the end of a project, rather than a core design principle from the start. A team might present a beautiful model architecture and impressive metrics but offer only a single sentence about using SHAP values for explainability. That's no longer enough.
The core of the issue is a failure to bridge the gap between data science and clinical practice. A model's output, without context, is just a number. The FDA needs to see a documented chain of logic connecting the input data to the final result, an analysis of how the model performs on different patient subgroups, and a clear understanding of its limitations.
This gap often leads to a lengthy and expensive remediation process, sometimes lasting 6 to 12 months, as teams scramble to generate the evidence the FDA is asking for. The problem isn't the model's performance; it's the lack of a documented, transparent, and clinically relevant narrative explaining how that performance is achieved and where it might falter.
Regulatory & Standards Context
The shift to the Quality Management System Regulation (QMSR), which aligns 21 CFR Part 820 with ISO 13485, adds another layer here. This has real, practical implications. Your AI's traceability and explainability records can't just live in a GitHub repo or a technical whitepaper anymore. They must be integrated into your formal QMS.
Specifically, things like data origin documentation, algorithm version control, a clear description of your training and validation datasets (including demographics), and subgroup performance analyses are now quality records. They need to be managed with the same rigor as any other design history file component. If an auditor asks you to trace an output back to the data that generated it, you need a QMS-compliant paper trail.
Design Playbook - Learning from the Event
Check: Can you write an Algorithm Description Document in plain English? This document should explain your model's function, training, and validation process to a clinician, not just a data scientist. It must detail the demographic makeup of your training data, how you controlled for quality, and how known biases were addressed. Simply referencing a published paper won't cut it.
Audit: Is your model traceability part of your official QMS? You need to prove that your data lineage, algorithm version history, and validation records are under formal design controls. This isn't just a technical file. Ensure these records integrate with your existing QMS to meet the new QMSR expectations and survive an audit.
Check: Have you defined and validated your human oversight model? What is the exact workflow when a clinician disagrees with the AI's output? How is the AI's performance monitored in the field? GMLP principles require that clinical experts are involved during the AI's development, not just as reviewers at the end. You need to document this interaction model.
Audit: Does your FMEA address risks from misunderstood or misinterpreted AI outputs? The risk isn't just that the AI is wrong; it's that a correct output is used incorrectly by a clinician. Your risk analysis must include failure modes related to comprehensibility. This means running human factors studies on how users interpret the UI, confidence scores, and displayed limitations.