Good Machine Learning Practice (GMLP): An Essential Guide for Medical Device Manufacturers in 2025
Share this article
In October 2021, the U.S. FDA, Health Canada, and the UK’s Medicines and Healthcare products Regulatory Agency (MHRA) introduced Good Machine Learning Practice (GMLP).
GMLP establishes principles to guide the development, deployment, and monitoring of medical devices using AI/ML. The framework addresses the unique challenges AI/ML brings to healthcare, helping ensure these devices are safe, effective, and ethically sound.
See How Atlan Simplifies Data Governance – Start Product Tour
This article outlines the core principles of GMLP and its implications for medical device manufacturers.
Table of Contents #
- What is Good Machine Learning Practice (GMLP)?
- What are the 10 guiding principles of GMLP?
- Why was GMLP introduced?
- What happens if you violate GMLP?
- What are the benefits of adopting GMLP?
- What is the impact of GMLP on the medical device manufacturing industry?
- What makes you, as an organization, GMLP compliant?
- Bottom line
- GMLP: Related reads
What is Good Machine Learning Practice (GMLP)? #
Good Machine Learning Practice (GMLP) is a set of guidelines and best practices designed to ensure that AI and ML models used in medical devices are developed, validated, and maintained to the highest standards of quality, safety, and performance.
GMLP covers critical aspects of machine learning model development, including data quality, transparency, interpretability, robustness, and accountability. By adhering to GMLP, developers can ensure that their models are designed to work safely and effectively, even as they evolve or learn from new data.
What are the 10 guiding principles of GMLP? #
The following principles form the foundation of GMLP, promoting reliable, ethically sound AI/ML in healthcare:
- Multi-disciplinary expertise is leveraged throughout the total product life cycle: Medical device manufacturers should involve experts across data science, clinical practice, and regulatory affairs throughout the device lifecycle. This approach helps integrate models into clinical workflows, addressing both intended benefits and potential patient risks.
- Good software engineering and security practices are implemented: GMLP requires paying attention to the “fundamentals” – good software engineering practices, data quality assurance, data management, and robust cybersecurity practices.
- Clinical study participants and data sets are representative of the intended patient population: Training data should be representative of the intended patient demographics (e.g., age, gender, ethnicity) to reduce bias and enable generalizable model performance.
- Training data sets are independent of test sets: GMLP mandates independent training and test datasets, avoiding any dependencies that could skew results. This ensures that the model’s performance reflects real-world conditions and remains unbiased.
- Selected reference datasets are based upon best available methods: GMLP recommends using established methods for developing reference datasets, thereby ensuring only clinically relevant and well-characterized datasets are collected. Accepted reference datasets help ensure data accuracy, making model outputs more reliable across diverse patient groups.
- Model design is tailored to the available data and reflects the intended use of the device: Model design should align with available data and the device’s intended function, minimizing risks like overfitting and performance degradation. Model design must also consider patient demographics, device inputs, and clinical use conditions.
- Focus is placed on the performance of the human-AI team: When a “human-in-the-loop” approach is used, GMLP emphasizes the performance of the combined Human-AI team, rather than just the model in isolation. This ensures that model outputs are understandable to users and effective in clinical decision-making.
- Testing demonstrates device performance during clinically relevant conditions: Rigorous testing under clinically relevant conditions validates the device’s effectiveness for its intended purpose. Testing should consider factors like patient subgroups, clinical settings, and interaction with the Human-AI team.
- Users are provided clear, essential information: GMLP promotes transparency by ensuring users have clear, relevant information on the device’s purpose, usage instructions, known limitations, and integration within workflows. Users should also have channels to report concerns.
- Deployed models are monitored for performance and re-training risks are managed: Post-deployment, models should be monitored to maintain or improve safety and performance. GMLP requires controls to manage re-training risks, such as overfitting and data drift, ensuring models continue to operate reliably in real-world settings.
Why was GMLP introduced? #
The integration of AI/ML into medical devices brings new challenges, including data bias, model interpretability, and potential risks to patient safety.
AI/ML models, particularly deep learning algorithms, can be complex and operate as “black boxes,” making it difficult to interpret how they arrive at certain decisions. Their performance depends on the quality of training data, and inadequate or biased data can lead to inaccurate or unfair outcomes.
Also, read →Is your data AI-ready? Here’s what you need to know
These challenges are amplified by the adaptive nature of AI/ML algorithms, which can change over time as they learn from new data. Unlike traditional medical devices with fixed specifications, AI/ML-driven devices may produce variable results depending on the data they encounter.
Additionally, existing regulations aren’t fully equipped to address the nuances of AI/ML technologies.
By establishing GMLP, the FDA, Health Canada, and MHRA aim to address these challenges by providing clear guidance to developers and manufacturers, ensuring that AI/ML-based medical devices adhere to high standards of quality and safety.
What are the consequences of GMLP non-compliance? #
Violating GMLP principles can have serious consequences for manufacturers:
- Regulatory actions: Regulatory agencies like the FDA, Health Canada, and MHRA have the authority to enforce compliance. Violations can lead to warning letters, fines, or injunctions against marketing the device.
- Product recalls: Devices found to be unsafe or ineffective due to GMLP violations may be subject to mandatory recalls.
- Legal liabilities: Manufacturers may face lawsuits from patients or healthcare providers harmed by devices that failed to adhere to GMLP standards.
- Market withdrawal: In severe cases, manufacturers may be required to withdraw their product from the market entirely.
- Loss of trust: Non-compliance can erode trust among regulators, healthcare providers, and patients, impacting the brand’s reputation and market share.
What are the benefits of adopting GMLP? #
GMLP isn’t just a regulatory framework. It is also a tool for building trust in AI/ML-powered medical devices. As healthcare providers and patients increasingly interact with AI/ML technologies, trust will play a vital role in the acceptance and successful adoption of these innovations.
By focusing on transparency, safety, and ethical considerations, GMLP encourages manufacturers to prioritize patient well-being, fostering public confidence in AI-driven healthcare solutions.
For manufacturers, adopting GMLP means embracing responsible AI practices, which can enhance their reputation and position them as leaders in safe and ethical AI applications in healthcare.
What is the impact of GMLP on the medical device manufacturing industry? #
The introduction of GMLP has significant implications for medical device manufacturers using AI/ML in their products, such as:
- Increased scrutiny on data quality, governance, and diversity to reduce bias and improve model accuracy
- More detailed documentation and transparency requirements that cover every aspect of the model’s lifecycle
- Continuous monitoring and maintenance of AI/ML models to regularly track model performance, spot anomalies, and make updates as needed
- Focus on a hybrid approach to AI, integrating human oversight at critical decision points
- Enhanced risk management and safety protocols to ensure patient safety and regulatory compliance
What makes you, as an organization, GMLP compliant? #
To achieve GMLP compliance, organizations should:
- Uphold ethical standards in AI/ML development, including patient privacy protection, fairness, and accountability
- Set up multi-disciplinary teams to provide oversight throughout the product lifecycle
- Prioritize data integrity, quality, and transparency
- Maintain thorough documentation of data sources, model design, training procedures, validation results, and risk assessments
- Use explainable AI techniques where possible so that model functionality can be understood by stakeholders
- Design systems that allow data stewards to interpret and, if necessary, override AI/ML outputs, ensuring patient safety remains paramount
- Identify and mitigate risks related to data, security, and model integrity through structured risk assessment practices
- Maintain open communication with regulators, seeking guidance when needed and demonstrating a collaborative approach to compliance
By integrating these practices, organizations can align with GMLP principles and ensure safe and ethical AI/ML development in healthcare.
Bottom line #
Good Machine Learning Practice (GMLP), developed by the FDA, Health Canada, and MHRA, establishes a globally recognized framework for the safe and ethical use of AI/ML in medical devices. These 10 principles guide manufacturers in data management, transparency, monitoring, and risk management, ensuring that AI-driven devices are safe, effective, and trustworthy.
For manufacturers, adhering to GMLP helps in establishing responsible AI practices, strengthening regulatory compliance, and building a solid foundation for future innovations in healthcare.
GMLP: Related reads #
- BCBS 239 2025: Principles for Effective Risk Data Management and Reporting
- Data Governance for Asset Management Firms in 2024
- Data Quality Explained: Causes, Detection, and Fixes
- What is Data Governance? Its Importance & Principles
- Data Governance and Compliance: Act of Checks & Balances
- Data Governance Framework — Guide, Examples, Template
- Data Compliance Management in 2024
- BCBS 239 Compliance: What Banks Need to Know in 2025
- BCBS 239 Data Governance: What Banks Need to Know in 2025
- BCBS 239 Data Lineage: What Banks Need to Know in 2025
- HIPAA Compliance: Key Components, Rules & Standards
- CCPA Compliance: 7 Requirements to Become CCPA Compliant
- CCPA Compliance Checklist: 9 Points to Be Considered
- How to Comply With GDPR? 7 Requirements to Know!
- Benefits of GDPR Compliance: Protect Your Data and Business in 2024
- IDMP Compliance: It’s Key Elements, Requirements & Benefits
- Data Governance for Banking: Core Challenges, Business Benefits, and Essential Capabilities in 2024
- Data Governance Maturity Model: A Roadmap to Optimizing Your Data Initiatives and Driving Business Value
- Data Quality Explained: Causes, Detection, and Fixes
- What is Data Governance? Its Importance & Principles
- Data Governance and Compliance: Act of Checks & Balances
- Data Governance Framework — Guide, Examples, Template
- Data Governance in Manufacturing
- Data Compliance Management in Healthcare
- Data Compliance Management in Hospitality
Share this article