Skip to main content
    MedTech Cyber Tips
    The Ultimate Guide
    Updates
    FDA

    PCCPs and cybersecurity: what changes when your AI model updates itself

    FDA's Predetermined Change Control Plans let AI/ML devices ship updates without a new submission - but the cyber risk surface moves with every retrain. Here's how to scope a PCCP that doesn't quietly invalidate your 524B package.

    Reviewed by ·Published ·Last reviewed July 2026

    Predetermined Change Control Plans (PCCPs) are now the default vehicle for shipping AI/ML model updates post-clearance. The cybersecurity catch: every model update is also a software update, and every software update can shift your SBOM, your threat model, and your attack surface.

    Three things to put in your PCCP narrative if your device is a 'cyber device' under §524B:

    1. A scoped statement of which cybersecurity controls are inside the PCCP envelope (typically: none - model retraining alone should not change auth, crypto, or transport).

    2. A trigger that pulls a change back into a new submission if a retrain requires new data sources, new APIs, or new ML-serving infrastructure.

    3. SBOM regeneration as a release gate, so each PCCP-eligible update still produces a fresh SBOM and VEX for ongoing postmarket monitoring.

    The pattern reviewers reward: a PCCP that explicitly excludes cyber-relevant components from autonomous change, with a clean handoff back to the 524B process when the line is crossed.

    More updates