Cyber guidance
FDA 524B
FDA Final Guidance (Feb 2026).
MFDS
MFDS Cybersecurity Review Guideline (rev 2024).
Takeaway
Same principles; MFDS adds an AI/ML-specific addendum.
Head to head
FDA 524Bvs MFDS
United States and South Korea medical-device cybersecurity, compared.
Last updated ·
Bottom line
MFDS's 2024 cybersecurity notification is broadly aligned to FDA §524B at the principles level — same lifecycle expectations, same threat-model and SBOM logic. Plan on ~65% reuse: the real costs are Korean-language documentation, a Korean Licence Holder (KLH), K-GMP audit, and the 5-year periodic review unique to Korea.
Who this is for · US-cleared sponsors planning a Korean MFDS submission.
Where they differ
SBOM
FDA 524B
Mandatory (machine-readable).
MFDS
Recommended; aligns to IMDRF N60.
Takeaway
Single CycloneDX file works for both filings.
QMS
FDA 524B
QMSR (ISO 13485:2016).
MFDS
K-GMP audit (separate from MDSAP).
Takeaway
K-GMP is Korea-specific; MDSAP is not accepted.
Periodic review
FDA 524B
None.
MFDS
5-year re-evaluation required.
Takeaway
Budget for a recurring cyber-evidence refresh every 5 years.
Full profile
United States
FDA Premarket Cybersecurity Guidance & FD&C §524B
Open profileFull profile
South Korea
Cybersecurity Review Guideline for Medical Devices
Open profileFrequently asked
Does MFDS accept FDA clearance?
Not as a substitute. MFDS runs its own review and requires Korean-language documentation, K-GMP audit, and a Korean Licence Holder. FDA evidence accelerates the technical review but doesn't shortcut the regulatory pathway.
What's special about MFDS AI/ML expectations?
MFDS's 2023 AI/ML addendum requires a change-control plan in the submission — similar in spirit to FDA's Predetermined Change Control Plan but with Korean-specific labelling for AI-driven outputs.