← Standards library

FDA 524B Clause RTA policy — effective 1 October 2023

Refuse to Accept enforcement for cyber device submissions

FDA Refuse to Accept Policy (Section 524B)

Since 1 October 2023, the FDA's Refuse to Accept policy lets it decline to review a cyber-device premarket submission that is missing required Section 524B cybersecurity content — rather than working through the gaps as deficiencies mid-review. This makes the cybersecurity package a gate, not a graded section: a submission with no SBOM or no threat model can be bounced at the door, restarting the clock. It applies across the 510(k), PMA, and De Novo pathways.

Where Forge applies this

Verified against the primary source. Standards are periodically revised — always confirm the current text.