Mandatory Application of ISO/IEC 42001:2023 for KGMP Certification under the Digital Medical Products Act
|
Following the implementation of the Digital Medical Products Act, the quality system requirements of ISO/IEC 42001:2023 are being reviewed for mandatory application in addition to ISO 13485:2016 during the recent KGMP certification for digital medical devices applying AI/ML technology. For reference, ISO 42001:2023 is an international standard that requires organizations to have appropriate governance (ethics, legal responsibility, technical control, etc.) throughout the entire process of developing, operating, and managing artificial intelligence (AI) systems. It is applicable to all industries that design, develop, provide, and use AI, in addition to the medical device industry.
|
For this reason, the United States (FDA) and Europe (MDR) have not yet incorporated ISO/IEC 42001:2023 as a mandatory requirement (e.g., Recognized Consensus Standard or Harmonized Standard) for medical devices. Nevertheless, the Korean Ministry of Food and Drug Safety (MFDS) is reviewing whether to apply this standard during KGMP certification audits to become the first in the world to mandatorily apply it to domestic and foreign medical device companies that apply AI/ML technology. For reference, there have been some domestic and foreign manufacturers certified for only ISO/IEC 42001:2023 separately by a specific certification body, similar to ISO 9001.
|
Furthermore, the difficulty in implementing ISO/IEC 42001 requirements lies in the need to link various legal frameworks and guidelines—such as the Medical Devices Act, Digital Medical Products Act, Information and Communications Act, Personal Information Protection Act, and AI Ethics Guidelines—when establishing a quality management system. It also involves incorporating new elements such as AI quality policies and ethical principles, management of data bias and traceability, and securing specialized personnel and infrastructure into existing quality systems for medical devices.
|
For this reason, the MFDS and the National Institute of Medical Device Safety Information (NIDS) announced they would develop specific methods for integrating ISO/IEC 42001 into the medical device quality system by the end of 2025 and release them as guidelines. (Source: Digital Medical Device Public Briefing Session by NIDS, July 9, 2025)
|
Accordingly, MDREX has compiled and is sharing the attached reference material to help domestic and overseas manufacturers incorporate the requirements of ISO/IEC 42001:2023 into ISO 13485:2016-based quality systems before the official guidelines are issued. Please use this document for reference only until the official MFDS guidance is released.
|
If you have any questions or require customized consulting, please do not hesitate to contact us.
|
|
