← Standards library
FDA 524B Clause RTA policy — effective 1 October 2023
Refuse to Accept enforcement for cyber device submissions
FDA Refuse to Accept Policy (Section 524B)
Since 1 October 2023, the FDA's Refuse to Accept policy lets it decline to review a cyber-device premarket submission that is missing required Section 524B cybersecurity content — rather than working through the gaps as deficiencies mid-review. This makes the cybersecurity package a gate, not a graded section: a submission with no SBOM or no threat model can be bounced at the door, restarting the clock. It applies across the 510(k), PMA, and De Novo pathways.
Where Forge applies this
Verified against the primary source. Standards are periodically revised — always confirm the current text.