Regulation and policy

What a Regulatory Submission for a Medical Product Actually Contains

A regulatory submission is the organized argument that a medical product is safe enough, works as claimed, and can be used correctly. It is built from four linked parts: a precise statement of intended use, evidence of safety and performance, a documented risk-management process, and labeling that tells people how to use it.

What goes into a regulatory submission for a medical product?

A regulatory submission is the organized argument that a medical product is safe enough, works as claimed, and can be used correctly. It is built from four linked parts: a precise statement of intended use, evidence of safety and performance, a documented risk-management process, and labeling that tells people how to use it. Each part answers a different question a reviewer must ask before patients are exposed to it. The file is not paperwork wrapped around a finished device. It is the reasoning that the device has earned its place. This article is general education, not medical or legal advice, and any specific product needs a qualified assessment of its own.

I trained for this work through a Medical Device Regulations training from KTH Royal Institute of Technology and FDA Clinical Investigator training. The habit it left me with is simple. Read any submission by asking what claim it makes and whether the evidence reaches that claim.

Intended use sets the boundaries of everything else

The first thing a submission must do is say exactly what the product is for. Intended use names the medical purpose, the patients, the setting, and the user. It is the difference between a tool that screens healthy adults and one that confirms a diagnosis in a hospital, even when the underlying technology is identical.

This statement matters because every later part of the file is measured against it. A claim to detect a condition demands evidence in the people who have that condition, gathered where the tool will be used. Widen the intended use and you widen the evidence you owe. Narrow it and the burden shrinks, but so does what you are permitted to say.

The quiet danger lives in the gap between what a product is studied for and what it is sold for. A model validated on one population, then marketed for everyone, makes a claim its evidence does not support. Intended use closes that gap.

Evidence of safety and performance is the heart of the file

Once the claim is fixed, the submission has to show the product meets it. Safety evidence asks whether the product can hurt someone and how often. Performance evidence asks whether it does the job it claims, measured against a fair standard rather than against hope.

For a physical device, that evidence might include bench testing, biocompatibility, and electrical safety, then clinical data showing it performs in real patients. For software that informs a clinical decision, performance is itself the central claim, so it has to be measured on representative data and reported honestly, including where the tool is weakest. A number that looks strong on a tidy test set can sag in a messy clinic, and a careful file says so.

The strength of evidence should scale with the consequence of being wrong. A low-risk product can rest on lighter data. A tool that steers diagnosis or treatment cannot, because an error there reaches the patient directly. In a meta-analysis I co-authored in Diabetes Care on ethnic differences in insulin sensitivity and response, the lesson that stayed with me was that an effect measured in one group may not transfer cleanly to another. A submission that ignores that overstates what it knows.

Risk management forces you to imagine failure before it happens

A good submission does not only show what goes right. It documents a structured search for what could go wrong. Risk management means listing the ways a product can fail or be misused, judging how likely and how serious each is, then reducing those risks as far as is reasonable.

The order of that reduction is itself a safety principle. The strongest move is to design the hazard out of the product. The next is to build in protections or alarms. Only when neither is enough do you fall back on a warning in the instructions, because a warning depends on a busy human reading and remembering it. A file that leans on warnings where a design fix was possible is weaker than it looks.

What I find honest about this part is that it is never finished. Risk management continues after launch, through surveillance that feeds real-world problems back into the product. A submission shows the plan for that loop, because some failure modes only appear once a product meets the full variety of patients.

Labeling turns a safe design into safe use

The last part is the one patients and clinicians actually touch. Labeling is everything that tells a user how to use the product correctly: the intended use, the instructions, the warnings, the contraindications, and the plain limits of what it can do.

Labeling is where the whole file becomes operational. A device can be well designed and well studied and still cause harm if its instructions are unclear, if a warning is buried, or if it is used outside the population it was tested in. Good labeling does not claim more than the studies showed, and it states the boundaries that intended use defined.

For tools that learn from data, labeling carries an extra duty of honesty about scope. Telling a clinician which patients a model was validated on, and where its confidence drops, is not a disclaimer to hide behind. It is what a thoughtful user needs to decide when to trust the tool and when to set it aside.

Why the structure itself protects patients

Step back and the four parts form a single chain of accountability. Intended use states the claim. Evidence tests it. Risk management hunts for the ways it could still hurt someone. Labeling carries all of that to the person at the point of care. Pull out any link and the protection weakens.

I have seen this logic from the development side as well as the regulatory one, including work in global drug development and on EASY Diabetes, a decision-support tool whose trial was registered as EASY-1 (NCT03258268). The discipline a submission demands is the discipline that makes a product good. Defining the claim, proving it, stress-testing it, and explaining it are not hurdles before real work. They are the work.

So when a medical product reaches a clinic carrying a thick file behind it, that file is not bureaucracy. It is a structured way of earning trust in advance, from people the patient will never meet. Whether a specific product is right for you is a question for a qualified clinician who knows your history. The submission only earns it a place in that conversation.

References and sources

  1. ISO 14971 Risk Management for Medical Devices
  2. Clinical Evidence for High-Risk Medical Devices in Regulatory Approval
  3. AI Software as a Medical Device Regulation, Risk Management and Clinical Evaluation

How this was researched. This explainer is built from the primary sources listed above and reflects Dr. Tojjar's own critical appraisal of that evidence. It explains and evaluates research and does not provide medical care.

This article is for general education and is not medical or professional advice. For guidance about your own health, talk with a qualified clinician.

Cite this article

Tojjar, D. (2024). What a Regulatory Submission for a Medical Product Actually Contains. Dr. Damon Tojjar. https://readingtheevidence.org/articles/what-a-regulatory-submission-contains/

Back to all insights