{{ phone }} {{ location }}

Emergo by UL logo


FDA Adds UL 2900 for Medical Device Cybersecurity to List of Recognized Standards

Regulatory Updates | Digital Health Products


  • The US FDA has now officially recognized the UL 2900 cybersecurity standard for medical devices.
  • UL 2900-1 covers general cybersecurity requirements for network-connectable devices.
  • FDA medical device applicants may now declare conformity to UL 2900-1 in order to address cybersecurity requirements as part of their US market registration.

US FDA recognizes UL 2900 standard for medical device cybersecurity 2017US medical device regulators have officially included a new cybersecurity standard from UL to their list of recognized standards for use in premarket reviews.

The UL standard, now published in the US Federal Register, is UL 2900-1 Ed. 1 2017, Standard for Software Cybersecurity Network-Connectable Products, Part I: General Requirements. The standard covers evaluations and tests of network-connectable devices in terms of vulnerabilities, malware and software weaknesses.

As Emergo previously reported, UL 2900-1 was developed to enable US medical device market registrants to demonstrate that their products meet pre- and post-market cybersecurity requirements found in FDA guidance. Now, FDA registrants may declare conformity to UL 2900-1 in order to address cybersecurity issues related to US market access.

Related FDA and cybersecurity information from Emergo

  • US FDA 510(k) consulting support for medical device companies
  • Medical device design, process and software validation support
  • Regulatory consulting support for mobile medical and telehealth apps
  • Webinar: Mapping cybersecurity standards to FDA guidance

Related News

UL 2900 Cybersecurity Standards Set for FDA Adoption

Final US FDA Guidance on Post-market Cybersecurity Risk Management

Questions? Request more information from our specialists


Learn how we can help you in the United States


Stay up-to-date on the latest RA/QA medical device news