Lifecycle expectation
FDA 524B
SPDF under QMSR.
PMDA
PMDA guidance + JIS T 81001-5-1 alignment.
Takeaway
Identical content, mapped to Japan-specific standards.
Head to head
FDA 524Bvs PMDA
United States and Japan medical-device cybersecurity, compared.
Last updated ·
Bottom line
PMDA's 2024 cybersecurity guidance is the closest international mirror of FDA §524B — same SPDF logic, same SBOM expectation, same lifecycle commitments. The differences are language (Japanese-language IFU/labelling and a Japanese MAH), QMS overlay (PMD Act + Ordinance 169), and the use of JIRA / IMDRF N60 as the harmonisation anchor.
Who this is for · US-cleared sponsors planning Shonin or third-party certification in Japan.
Where they differ
SBOM
FDA 524B
Mandatory machine-readable.
PMDA
Mandatory under 2024 PMDA notification.
Takeaway
One CycloneDX file covers both.
Local rep
FDA 524B
U.S. agent for foreign manufacturers.
PMDA
Marketing Authorisation Holder (MAH) in Japan.
Takeaway
MAH must hold the technical documentation including your cyber file.
Language
FDA 524B
English.
PMDA
Japanese IFU and labelling mandatory.
Takeaway
Translation cost is the predictable extra line item.
Full profile
United States
FDA Premarket Cybersecurity Guidance & FD&C §524B
Open profileFull profile
Japan
PMSD Act + MHLW Cybersecurity Notifications (2023–24)
Open profileFrequently asked
How much of my FDA package is reusable in Japan?
Roughly 85%. The threat model, SBOM, security risk analysis, and pen-test report transfer directly. You'll add Japanese-language summaries, MAH attestations, and JIS T 81001-5-1 conformity references.
Does PMDA accept FDA clearance as a shortcut?
No — Japan requires its own Shonin approval or third-party certification. But cybersecurity evidence travels well, and PMDA reviewers explicitly cite FDA alignment as a maturity signal.