If you're leading AI development in a Singapore public healthcare institution, you now have a regulatory pathway that didn't exist two years ago. The Health Sciences Authority (HSA) has finalized an exemption from manufacturer licensing and product registration requirements for selected AI-enabled Software as a Medical Device (AI-SaMD) developed by public healthcare entities [4]. This isn't a blanket sandbox—it's a tightly scoped pathway with specific eligibility criteria, and understanding the boundaries is critical before you commit engineering resources.

This post is for clinical AI teams, hospital CIOs, medical device regulatory leads, and healthtech founders in Singapore navigating the SaMD regulatory landscape.

Key takeaways

  • HSA's AI-SaMD exemption pathway applies only to public healthcare institutions developing AI-SaMD for internal use within their own facilities [4]
  • The exemption does not waive clinical validation, risk management, or post-market surveillance obligations—it streamlines administrative licensing, not safety requirements [4]
  • Singapore's broader AI governance framework (PDPC/IMDA Model AI Governance Framework) remains relevant for transparency, explainability, and human oversight even under the exemption [1]
  • Commercial deployment or use outside the developing institution still requires full HSA registration—this is not a path to market [4]
  • The pathway aligns with global adaptive AI/ML regulatory thinking (FDA's approach to continuously learning algorithms) but remains more conservative in scope [2]

What the HSA AI-SaMD exemption actually covers

The exemption responds to a practical problem: public healthcare institutions developing AI tools for internal clinical use faced the same regulatory burden as commercial medical device manufacturers, even when the software never left the hospital network [4].

Under the finalized pathway, eligible AI-SaMD developed by public healthcare entities can be exempted from:

  • Manufacturer licensing requirements
  • Product registration requirements

But—and this is critical—exemption does not mean deregulation. The HSA response to public consultation makes clear that institutions must still demonstrate:

  • Appropriate risk management processes
  • Clinical validation and performance monitoring
  • Adverse event reporting
  • Cybersecurity and data protection measures [4]

We've seen teams misinterpret "exemption" as "no oversight." That's a compliance failure waiting to happen. The exemption streamlines bureaucratic licensing; it does not reduce your obligation to prove safety and effectiveness.

Who qualifies—and who doesn't

Eligibility is narrow:

Eligible:
- Public healthcare institutions (restructured hospitals, national specialty centers, polyclinics under National Healthcare Group, SingHealth, National University Health System)
- AI-SaMD developed in-house or in collaboration with academic/research partners
- Software used exclusively within the developing institution's clinical environment
- Tools that do not involve commercial distribution or cross-institutional deployment at launch [4]

Not eligible:
- Private hospitals or clinics
- Commercial healthtech vendors (even if partnering with a public institution)
- AI-SaMD intended for multi-site deployment from day one
- Software that will be licensed or sold to other healthcare providers

If your roadmap includes eventual commercialization, plan for full HSA registration from the start. Retrofitting compliance is more expensive than building it in.

How this fits with Singapore's AI governance framework

The exemption pathway operates within Singapore's broader AI governance ecosystem. The Personal Data Protection Commission (PDPC) and Infocomm Media Development Authority (IMDA) Model AI Governance Framework [1] establishes principles for transparency, explainability, and human oversight that remain relevant even when HSA licensing is exempted.

In practice, this means:

  • Explainability requirements: Clinical users need to understand AI recommendations. The Model AI Governance Framework emphasizes interpretability and auditability [1], which aligns with clinical safety obligations under the exemption.
  • Human-in-the-loop: The framework's guidance on human oversight maps directly to clinical decision-making workflows. AI-SaMD under the exemption still requires clinician review and final decision authority [1].
  • Bias and fairness: The PDPC framework's focus on fairness testing is not optional—it's part of demonstrating that your AI-SaMD is safe across patient populations [1].

We treat the Model AI Governance Framework as a practical checklist, not a compliance checkbox. When HSA asks for risk management documentation, governance artifacts (model cards, bias audits, drift monitoring logs) become evidence of due diligence.

What the FDA's adaptive AI/ML approach tells us about the future

Singapore's pathway is more conservative than the FDA's proposed framework for continuously learning AI/ML-enabled SaMD, but the regulatory direction is similar [2]. The FDA envisions a "predetermined change control plan" that allows algorithm updates without new premarket submissions, provided the changes stay within a defined performance envelope [2].

HSA has not yet adopted this adaptive model for the exemption pathway. Currently, significant algorithm changes—retraining on new data, architecture modifications, expanded indications—likely trigger a new review, even under exemption [4].

For teams building AI-SaMD in Singapore public healthcare institutions, this means:

  • Version control discipline: Document every model version, training dataset, and performance metric. If HSA requests retrospective evidence of a change, you need an audit trail.
  • Change impact assessment: Establish internal thresholds for what constitutes a "significant" change. We use performance delta (>5% AUC shift), population shift (new demographic or clinical subgroup), and indication expansion as triggers for re-review.
  • Monitor global regulatory convergence: As FDA, UK MHRA, and EU MDR frameworks evolve toward adaptive AI/ML pathways, HSA may follow. Build systems that can adapt to more flexible change control in future.

Why this matters in Singapore and Asia

Singapore's public healthcare system is a testbed for clinical AI at scale. National Electronic Health Record (NEHR) integration, centralized data governance, and a tech-forward clinical culture create conditions for rapid AI deployment—but regulatory friction has historically slowed internal innovation.

The exemption pathway reduces time-to-deployment for hospital-developed AI tools, which matters for:

  • Operational AI: Bed management, patient flow, resource allocation tools that don't require external commercialization but need clinical integration.
  • Clinical decision support: Risk stratification, early warning systems, diagnostic aids developed by clinician-data scientist teams within institutions.
  • Research-to-practice translation: Academic medical centers can move from research prototypes to clinical pilots without full commercial device registration.

For the broader Asia-Pacific region, Singapore's approach may influence regulatory thinking in markets watching HSA as a reference (Malaysia, Thailand, Philippines). If the exemption pathway proves effective, we may see similar frameworks emerge regionally.

What to do next

  • Map your AI-SaMD portfolio to eligibility criteria: Identify which tools qualify for exemption vs. require full registration. Don't assume—confirm with HSA guidance documents [3] or pre-submission consultation.
  • Build governance infrastructure now: Even if you qualify for exemption, you need risk management, clinical validation, and post-market surveillance processes. Use the Model AI Governance Framework [1] as a starting template.
  • Establish change control protocols: Define what constitutes a significant algorithm change and document your rationale. This becomes your internal policy and external evidence if HSA asks.
  • Plan for commercialization from day one: If there's any chance your AI-SaMD will be used outside your institution, design for full HSA registration requirements. The exemption is not a stepping stone to market.
  • Engage HSA early: Use pre-submission meetings to clarify scope, risk classification, and evidence requirements. Regulatory dialogue is cheaper than post-development rework.

FAQ

Can a private hospital use AI-SaMD developed under the exemption by a public institution?

No. The exemption applies only to use within the developing public healthcare institution [4]. Cross-institutional deployment, even to another public hospital, requires full HSA registration.

Does the exemption apply to AI-SaMD developed by a commercial vendor for a public hospital?

No. The exemption is for AI-SaMD developed by the public healthcare institution itself, potentially in collaboration with academic or research partners, but not commercial vendors [4]. If a vendor is the legal manufacturer, full registration applies.

What happens if we want to commercialize an AI-SaMD initially developed under the exemption?

You must apply for full manufacturer licensing and product registration before any commercial distribution or use outside your institution [4]. Treat commercialization as a new regulatory pathway, not an extension of the exemption.

How does this exemption interact with PDPA and data protection requirements?

The exemption does not waive Personal Data Protection Act (PDPA) obligations. Patient data governance, consent, and security requirements remain in full force [1]. HSA expects cybersecurity and data protection measures as part of the exemption's risk management obligations [4].

Sources

[1] Personal Data Protection Commission Singapore. (2020). Model AI Governance Framework. https://www.pdpc.gov.sg/help-and-resources/2020/01/model-ai-governance-framework

[2] U.S. Food and Drug Administration. Artificial Intelligence and Machine Learning in Software as a Medical Device. https://www.fda.gov/medical-devices/software-medical-device-samd/artificial-intelligence-software-medical-device

[3] Health Sciences Authority Singapore. Guidance Documents for Medical Devices and Software Medical Devices. https://www.hsa.gov.sg/medical-devices/guidance-documents

[4] Health Sciences Authority Singapore. Response to Feedback from Public Consultation on the Proposed Exemption from Manufacturer's Licensing and Product Registration Requirements for Artificial Intelligence. https://www.hsa.gov.sg/announcements/response-to-feedback-from-public-consultation-on-the-proposed-exemption-from-manufacturer-s-licensing-and-product-registration-requirements-for-artificial-intelligence/