FDA's Digital Health Center of Excellence: What It Means for Medical Device Developers in 2026

FDA's Digital Health Center of Excellence: What It Means for Medical Device Developers

If you're building software as a medical device (SaMD), an AI-powered diagnostic tool, or any connected health product, the FDA's Digital Health Center of Excellence (DHCoE) is one of the most consequential organizational structures you'll interact with—whether you realize it or not. Yet many founders and regulatory professionals treat it as background noise rather than a strategic asset.

That's a mistake. Understanding how DHCoE operates, what frameworks it governs, and how it interfaces with your premarket submission can meaningfully accelerate your path to clearance or approval—and help you avoid costly missteps.

What Is the Digital Health Center of Excellence?

Established in September 2020 under the 21st Century Cures Act, FDA's DHCoE sits within the Center for Devices and Radiological Health (CDRH) and serves as the agency's centralized hub for digital health policy, review expertise, and stakeholder engagement. It was designed to bring consistency to a regulatory landscape that had grown fragmented as digital health products proliferated faster than guidance could be written.

DHCoE's mandate covers a broad and growing scope:

• Software as a Medical Device (SaMD) subject to FDA oversight under 21 CFR Part 880 and related product codes
• Artificial intelligence and machine learning (AI/ML)-based devices, including those with adaptive algorithms
• Cybersecurity requirements for connected devices under 21 CFR 880 and Section 524B of the FD&C Act (added by the Consolidated Appropriations Act of 2023)
• Digital health policy including the Software Functions Guidance (2019) and the Clinical Decision Support guidance finalized in 2022
• The Predetermined Change Control Plan (PCCP) framework for AI/ML SaMD introduced in FDA's 2023 draft guidance

DHCoE doesn't replace traditional review divisions—your 510(k) or De Novo request still routes through the appropriate CDRH office—but it serves as a cross-cutting resource that reviewers and policy staff consult when digital health questions arise.

Why It Matters for Your Submission Strategy

The practical implication for developers is this: FDA's digital health expectations are no longer siloed or inconsistently applied. DHCoE has driven standardization, which is good for sophisticated teams who understand the frameworks and genuinely challenging for those who don't.

Several specific areas deserve close attention:

1. The AI/ML Action Plan and Predetermined Change Control Plans

FDA's 2021 AI/ML Action Plan signaled the agency's intent to build a durable regulatory framework for adaptive algorithms. The 2023 draft guidance on PCCPs operationalized that intent. If your device uses a machine learning model that will retrain post-market—even on expanded datasets—you likely need a PCCP as part of your premarket submission. Submitting without one, or with one that lacks the specificity FDA now expects, is one of the leading causes of AI/ML SaMD deficiency letters. A well-constructed PCCP defines the types of changes, the associated modification protocols, and the performance boundary conditions under which changes remain within the cleared indications.

2. Cybersecurity as a Premarket Requirement, Not an Afterthought

Section 524B of the FD&C Act, effective March 2023, gave FDA explicit authority to refuse acceptance of submissions that fail to include a cybersecurity plan. This means your 510(k), PMA, or De Novo request must now include a Software Bill of Materials (SBOM), a documented threat modeling process (STRIDE or equivalent), and a post-market monitoring and patching plan aligned with FDA's 2023 cybersecurity guidance. DHCoE has been instrumental in defining these expectations, and reviewers are applying them consistently. Gaps here generate holds, not just deficiency letters.

3. Clinical Decision Support—Know Your Risk Category

The 2022 Clinical Decision Support (CDS) guidance clarified which software functions FDA intends to regulate versus which fall outside its enforcement discretion under 21st Century Cures. The line between non-device CDS and regulated SaMD turns on whether a clinician can independently review the basis for a recommendation. If your algorithm obscures its reasoning or acts autonomously in a clinical workflow, expect scrutiny. Misclassifying your product as non-device CDS when it meets the SaMD definition under IMDRF guidance is a risk that DHCoE-trained reviewers are specifically equipped to identify.

How to Engage DHCoE Proactively

DHCoE offers several formal engagement pathways that are underutilized by smaller developers:

• Q-Submissions (Pre-Submissions): Request a pre-Sub meeting to get written FDA feedback on your regulatory strategy, classification rationale, or PCCP structure before you file. This is the single highest-ROI regulatory activity for digital health developers.
• Digital Health Advisory Committee: Public meetings provide insight into how FDA is thinking about emerging issues—valuable intelligence for your regulatory roadmap.
• CDRH Learn and Webinars: DHCoE regularly publishes educational resources that reflect current reviewer expectations, not just published guidance.

What This Means for Your Regulatory Roadmap

The existence of a centralized digital health authority at FDA is ultimately a positive development for the industry—it reduces ambiguity and creates a more predictable regulatory environment. But that predictability only benefits developers who have done the work to understand the frameworks. A 510(k) for an AI-powered device that was prepared without accounting for PCCP requirements, cybersecurity Section 524B obligations, and the SaMD risk classification framework won't just get deficiencies—it risks an RTOR (Refuse to Accept) decision before substantive review even begins.

The regulatory bar for digital health products has risen. The window for submitting under-engineered dossiers and hoping for the best has closed.

Ready to Build a Digital Health Regulatory Strategy That Holds Up?

At ADB Consulting & CRO Inc., we specialize in helping SaMD developers, AI/ML device companies, and connected health startups navigate FDA's digital health framework—from initial classification analysis through Pre-Sub preparation, submission writing, and deficiency response. Andre Butler and the ADB team bring hands-on CDRH experience to every engagement, so you're not getting generic regulatory theory—you're getting a defensible strategy built for your specific product and risk profile.

Book your free discovery call today at adbccro.com and find out exactly where your digital health submission stands—and what it will take to get it across the finish line.