Singapore continues to assert itself as a regional leader in medical device regulation, innovation, and cybersecurity preparedness. Over the past year, the Health Sciences Authority (HSA), along with other regulatory and policy bodies in Singapore, introduced and revised several key platforms governing the lifecycle of medical devices. These changes reflect the city-state’s broader strategy to create a robust yet agile regulatory environment that supports rapid technological advances, especially in the domains of artificial intelligence (AI), cybersecurity, and Software as a Medical Device (SaMD). This article summarizes the most recent developments and regulatory initiatives affecting medical device registration and oversight in Singapore as of mid-2025.
Advancing AI in Healthcare: Strategy, Governance, and Ethics
One of the most prominent themes in Singapore’s recent regulatory agenda is the integration of AI into healthcare delivery. Under the National AI Strategy 2.0, Singapore has articulated a clear vision for the responsible and ethical use of AI in the healthcare sector. Accompanying this national strategy is a new set of AI in Healthcare Guidelines, which emphasize transparency in algorithmic decision-making, reproducibility of outcomes, and fairness in data usage. These principles are designed to mitigate concerns over bias, privacy, and accountability in AI-enabled medical devices.
To support developers and manufacturers, Singapore promotes the use of the AI Verify Toolkit, a government-endorsed tool that allows benchmarking of AI systems against internationally accepted standards. This toolkit helps manufacturers design and submit AI-driven medical devices with greater confidence in regulatory acceptance.
Singapore’s guidelines align with broader regional developments, such as Malaysia’s AI Code of Ethics and India’s guidance on responsible platform behavior, both of which similarly address fairness, data protection, and system accountability. Together, these frameworks suggest increasing regional harmonization in the regulation of medical AI systems.
Strengthening Cybersecurity for Medical Devices
As cyber threats targeting the healthcare sector become more sophisticated, Singapore has taken a proactive approach by introducing multiple initiatives to strengthen medical device cybersecurity. One major development is the Cybersecurity Labelling Scheme for Medical Devices, launched in October 2024. Developed by the Cyber Security Agency of Singapore (CSA) in collaboration with the Ministry of Health and other agencies, the scheme evaluates and labels internet-connected medical devices based on four levels of cybersecurity robustness.
The scheme applies to devices that process sensitive health data or interface with external networks, such as pacemakers, insulin pumps, and neurological diagnostic tools. During a nine-month trial phase, 47 devices were evaluated, and several manufacturers, including TIIM Healthcare, received Level 1 certification for products like aiTriage, which uses Bluetooth connectivity.
Labels issued under this scheme are valid for up to three years and are intended to incentivize manufacturers to improve security controls. By making cybersecurity performance transparent to healthcare providers and end-users, Singapore is enhancing trust and accountability in the medical device ecosystem.
In parallel, the Medical Devices Cluster (MDC) of Singapore released a draft Best Practice Guide on Medical Device Cybersecurity in March 2025 and solicited public feedback through May 13, 2025. This guide takes a Total Product Life Cycle (TPLC) approach to cybersecurity, advising manufacturers on incorporating security measures during product design and maintaining robust support and mitigation strategies in the post-market phase, especially for aging or legacy devices.
A Revised Change Management Program for SaMD Products
Another significant regulatory update involves the Change Management Program (CMP) for SaMD products. Recognizing the unique challenges posed by software-based medical devices, particularly those incorporating machine learning, HSA introduced a pilot CMP framework in 2024 and revised it in early 2025 based on industry feedback.
The revised CMP includes machine learning-enabled SaMDs within its scope, marking a pivotal acknowledgment of the dynamic and adaptive nature of AI software. The new guidance promotes a risk-based classification of post-market changes, simplifying documentation for low-risk (minor) changes while still enforcing rigorous evaluation for major changes that impact device safety or intended use.
A core feature of the CMP is its Pre-Specified Change (PSC) pathway, which allows manufacturers to anticipate routine updates and include supporting documentation in advance. If accepted into the CMP, future versions of related SaMD products developed under the same Quality Management System (QMS) can reference previously submitted documents, which streamlines the review process.
In addition, the HSA encourages pre-submission consultations between manufacturers and regulators. This engagement fosters a more collaborative environment, reduces administrative bottlenecks, and ensures that expectations are aligned before any formal application is filed.
Facilitating Approval of Next-Generation Medical Devices
In July 2024, the HSA released a guideline to expedite the approval of next-generation medical devices, which often build on the design and clinical performance of previously registered products. Traditionally, such devices, despite being derivatives, would need to go through the full registration route since they could not qualify for Singapore’s Change Notification process due to rebranding or updated labeling.
The new guideline allows Class B, C, and D general medical devices (excluding drug-device combinations) to leverage validation data from predecessor devices, provided they share identical characteristics related to biocompatibility, sterilization, shelf-life, and product type. For in-vitro diagnostics (IVDs), similarities in formulation, intended use, storage conditions, and testing methods are required.
Importantly, the previous and next-generation devices must have the same product owner and registrant, and the registered predecessor device must be listed on the Singapore Medical Device Register (SMDR) at the time of submission.
Manufacturers must submit a complete dossier through the MEDICS platform, including a dedicated “NEXTGEN MD” form. Failure to provide comprehensive supporting data may result in the device being routed through the standard FULL evaluation path.
Conclusion
These regulatory updates represent more than procedural changes—they signify Singapore’s strategic positioning as a pro-innovation but safety-first hub for medical technology in Asia. By adopting agile pathways for AI and software-based medical devices, reinforcing cybersecurity norms, and offering clearer routes for approval of improved technologies, the HSA and its affiliated agencies are modernizing the medical device registration framework to match current and future market needs.
For manufacturers, this creates a more predictable and supportive regulatory environment where risk-based flexibility and stakeholder engagement are key themes. However, compliance still demands careful attention to documentation, pre-submission planning, and quality assurance processes across the product lifecycle.
Written by: Ames Gross – President and Founder, Pacific Bridge Medical (PBM)
Mr. Gross founded PBM in 1988 and has helped hundreds of medical companies with regulatory and business development issues in Asia. He is recognized nationally and internationally as a leader in the Asian medical markets. Mr. Gross has a BA degree, Phi Beta Kappa, from the University of Pennsylvania and an MBA from Columbia University.