Australia TGA 2026 Guidance on AI Medical Software Regulation

Australia’s Therapeutic Goods Administration (TGA) has updated its guidance in 2026 on AI medical software, clarifying when AI and software-based medical devices fall under regulation. The guidance ensures manufacturers, developers, and sponsors understand safety, performance, and compliance requirements under the existing medical device framework. Companies can now align AI products with recognized standards, risk management, and cybersecurity best practices to meet TGA expectations efficiently.

Key Updates in TGA AI and Software Guidance

The TGA has released two complementary guidance pages:

1. Artificial intelligence (AI) and medical device software regulation – clarifies when AI qualifies as a medical device and regulatory obligations.

2. Standards for software-based medical devices – outlines internationally recognized standards to support compliance with safety, usability, and risk requirements.

The guidance emphasizes technology-agnostic, risk-based regulation, where AI or ML-based tools are regulated according to their intended medical purpose, not the technology itself.

When AI Software is Considered a Medical Device

AI falls under TGA regulation if it is intended to:

• Diagnose, prevent, monitor, predict, or treat disease or injury.

• Alleviate or compensate for injury or disability.

• Investigate anatomy or physiological processes.

• Support reproductive or other health-related functions.

Even software running on smartphones, cloud platforms, or medical devices must comply if it meets these criteria. Manufacturers must monitor intended use changes, ensuring regulatory alignment throughout the software lifecycle.

Standards and Compliance Requirements

TGA identifies key international standards to demonstrate compliance with Essential Principles:

• IEC 62304 – software lifecycle processes.

• ISO 14971 – risk management.

• IEC 62366-1 – usability engineering.

• ISO 13485 – quality management systems.

• Cybersecurity standards – IEC 80001, IEC 81001-5-1, ISO/IEC 29147/30111.

These standards help developers ensure clinical safety, performance, usability, and cybersecurity, supporting ARTG submissions.

Impact on Manufacturers and Sponsors

The guidance provides clear obligations:

• Submit AI medical software to the Australian Register of Therapeutic Goods (ARTG) before supply.

• Provide robust technical and clinical evidence.

• Continuously monitor software updates and usage.

Companies following these steps can reduce regulatory risk and streamline market entry while maintaining patient safety.

Cybersecurity and Risk Management

Cybersecurity is central to TGA’s compliance expectations. AI software manufacturers should implement recognized risk management frameworks and monitor for emerging threats. This ensures data security, patient safety, and regulatory compliance across the device lifecycle.

Action Steps for Compliance

1. Determine if your AI product is a medical device.

2. Check alignment with TGA guidance on intended use and risk classification.

3. Adopt relevant international standards for software development, usability, and cybersecurity.

4. Prepare documentation for ARTG submission and post-market monitoring.

Internal Links

• Learn more about TGA Australia Medical Device Registration & Approval

External Links

• TGA AI and Medical Device Software Guidance

• TGA Standards for Software-Based Medical Devices

‍