Good Machine Learning Practice (GMLP): What It Is & Who Must Follow It

Good Machine-Learning Practice (GMLP) = ten regulator-endorsed principles for AI/ML medical devices, covering data, design, validation, human-AI use, transparency, and post-market monitoring. First published by FDA/Health Canada/MHRA and finalized by IMDRF in 2025, they’re nonbinding but widely expected in submissions and lifecycle docs for AI-enabled device software.

Any SaMD or AI/ML-enabled medical device must adhere to GMLP; adjacent digital-health tools should adopt them for quality and future compliance preparedness.

What Are GMLP & Where They Come From

The FDA released its first GMLP discussion paper in January 2023, updated in October 2024, to bring structure and predictability to AI/ML-based medical devices.

GMLP draws on international standards (notably IMDRF’s AI-enabled Device Software Functions N41 guidance) and is now reflected in premarket reviews (510(k), De Novo, PMA).

At its core, GMLP is about proving your ML system is:

• Built on high-quality, traceable data.

• Designed transparently and robustly.

• Continuously monitored and updated with documented change control.

The Ten Core GMLP Principles

1. Multi-Disciplinary Expertise Is Leveraged Throughout the Total Product Life Cycle

   
   

   In-depth understanding of the model’s integration into clinical workflow, intended benefits, and associated patient risks ensures AI/ML-enabled devices are safe, effective, and address meaningful clinical needs over the device lifecycle.

   
   

2. Good Software Engineering and Security Practices Are Implemented

   
   

   Model design incorporates robust software engineering, data quality assurance, data management, cybersecurity, and methodical risk management to ensure data authenticity, integrity, and secure implementation.

   
   

3. Clinical Study Participants and Data Sets Are Representative of the Intended Patient Population

   
   

   Data collection protocols ensure that characteristics such as age, sex, race, and ethnicity of the intended population are adequately represented to manage bias and promote generalizable performance.

   
   

4. Training Data Sets Are Independent of Test Sets

   
   

   Training and test datasets are selected to be appropriately independent, considering all potential dependencies (patient, acquisition, site factors) to assure unbiased evaluation.

   
   

5. Selected Reference Datasets Are Based Upon Best Available Methods

   
   

   Reference datasets are developed using accepted best methods to ensure clinically relevant, well-characterized data, and limitations of references are understood; accepted reference datasets are used to promote robustness and generalizability.

   
   

6. Model Design Is Tailored to the Available Data and Reflects the Intended Use of the Device

   
   

   Model design suits the data and mitigates risks such as overfitting and performance degradation; clinical benefits and risks inform meaningful performance goals aligned with intended use.

   
   

7. Focus Is Placed on the Performance of the Human-AI Team

   
   

   Emphasis on how the AI system interacts with human users to ensure safe and effective clinical decision-making.

   
   

8. Testing Demonstrates Device Performance during Clinically Relevant Conditions

   
   

   Testing protocols simulate real-world clinical conditions to validate device performance and safety.

   
   

9. Users Are Provided Clear, Essential Information

   
   

   Users receive transparent, understandable information about the AI/ML device’s capabilities, limitations, and appropriate use.

   
   

10. Deployed Models Are Monitored for Performance and Re-training Risks are Managed

    
    

    Continuous monitoring of model performance in the field is conducted, with managed processes for retraining and mitigating risks from model updates.

Who Must Follow GMLP?

Primary Audience:

• Medical device manufacturers developing AI/ML-enabled medical devices (Software as a Medical Device - SaMD).

  
  

Why Follow GMLP?

• Ensure safety, effectiveness, and quality throughout the device lifecycle.

• Meet regulatory expectations (FDA, Health Canada, MHRA) during premarket (510(k), De Novo, PMA) and postmarket phases.

The Fastest Path to Market

No more guesswork. Move from research to a defendable FDA strategy, faster. Backed by FDA sources. Teams report 12 hours saved weekly.

• FDA Product Code Finder, find your code in minutes.

• 510(k) Predicate Intelligence, see likely predicates with 510(k) links.

• Risk and Recalls, scan MAUDE and recall patterns.

• FDA Tests and Standards, map required tests from your code.

• Regulatory Strategy Workspace, pull it into a defendable plan.

👉 Start free at complizen.ai

FAQ

Are GMLP mandatory for 510(k) submissions?

Yes. ML/AI components in SaMD require adherence to GMLP as part of the eSTAR DSF & AI/ML module.

How do GMLP align with ISO 14971?

GMLP’s risk management principle integrates directly with ISO 14971 hazard analysis and control processes.

Can wellness apps use GMLP?

While not mandatory, adopting GMLP improves quality and prepares your app for future FDA oversight if clinical claims are added.