The FDA is being pushed to apply clinical laboratory validation standards to AI in medical devices. If you're building AI workflows in this space, that changes the math on what 'ready to deploy' actually means.
The Association for Diagnostics & Laboratory Medicine just sent the FDA a letter with a clear message: treat AI in medical devices the way clinical labs treat test validation — rigorously, systematically, and with documented proof of performance before anything touches patient care.
That's not a radical ask. That's how laboratory medicine has operated for decades. But it has serious implications for every medical device company that has been treating AI deployment like a software rollout.
Those two things are not the same. And regulators are starting to formalize that distinction.
Strip away the policy language and the request is straightforward: before an AI tool is used in clinical laboratory testing, it should go through the same kind of validation process that laboratory tests themselves go through — characterize performance, document it, verify safety, then deploy.
ADLM also wants clinical laboratorians in the loop when AI is being used to order or interpret laboratory tests. Not just as end users. As active participants in oversight.
Those two asks — robust pre-deployment validation and domain expert oversight — are going to become baseline expectations. The question is whether your AI program is built to meet them or whether you've been assuming you'd figure that out later.
Later is arriving.
Here's the friction point most mid-market medical device companies hit: they have AI tools that demonstrably perform well in controlled conditions. The model accuracy looks good. The vendor has a strong deck. Leadership is excited.
But clinical validation is a different discipline than model evaluation. It asks different questions.
Most AI vendors can answer the first question reasonably well. Almost none of them help you answer the last three. And the last three are exactly what a regulatory auditor — or a plaintiff's attorney — is going to focus on.
The pattern ADLM is recommending — borrow validation rigor from an adjacent domain that already has it figured out — is the right instinct for any regulated industry deploying AI.
Financial services has model risk management frameworks (SR 11-7, anyone?). Manufacturing has process validation protocols. Legal and professional services have professional responsibility standards that don't disappear because an AI drafted the document.
What all of these have in common: the regulatory framework predates AI, but it doesn't exempt AI. The obligation to demonstrate that a system performs reliably and safely doesn't change because the system learned its behavior from data rather than being explicitly programmed.
The companies getting this right are the ones applying pre-existing validation logic to new AI tools — not waiting for bespoke AI regulations to tell them what to do.
If you're a medical device operator or you're building AI workflows in any regulated environment, here's the practical framework:
1. Audit what you've already deployed. If you have AI tools live in clinical or regulated workflows, document what validation was done before go-live. If the answer is 'we ran some tests and the vendor said it was fine,' that's a gap you want to close on your own terms before someone else finds it.
2. Build domain experts into your AI governance process — before deployment. ADLM's call for clinical laboratorians to be in the oversight loop isn't bureaucratic box-checking. It's how you catch the failure modes that data scientists don't see. Your equivalent — whoever understands the domain deeply — needs a formal role in AI sign-off.
3. Separate 'it performs well' from 'it's validated for use.' Create a clear internal standard for what validation means in your context. What documentation is required? What performance thresholds must be met across which populations? What's the change control trigger when the model is updated? Write this down before a regulator asks you to.
4. Treat AI validation as a continuous obligation, not a one-time gate. Clinical lab validation doesn't end at deployment. Performance is monitored, anomalies are investigated, and revalidation is triggered by defined conditions. Your AI program needs the same discipline.
The companies that build this infrastructure now will be in a defensible position when the FDA finalizes its framework. The companies that don't will be retrofitting compliance under pressure — which is expensive, disruptive, and usually visible to everyone who matters.
The FDA's direction is clear. The question is whether your AI program is being built to meet it or built to explain later why it didn't.
Dealing with a similar challenge?
We work with mid-market companies in regulated industries to build AI workflows that actually hold up.
Let's TalkSean Cummings
Founder of Laminar Flow Analytics. Specializes in AI workflow automation for regulated industries — medical device, financial services, and complex logistics operations.