MedTech Connect logo MedTech Connect

Regulatory Due Diligence 101

Ery Anguiano, Founder and Principal Regulatory Consultant of Apsis Consulting Group

Recorded Thursday January 8, 2026

Note: This is an edited transcript from the MedTech Summit talk Ery presented on January 8, 2026.*

Ery's Regulatory Due Diligence 101 Slides.

Ery's Regulatory Due Diligence Rubric Spreadsheet.

Introduction

Thank you, everybody, for attending today. We're going to be discussing a topic that doesn't always get a whole lot of view, or insight, or eyeballs on it. However, it's something that I am personally passionate about, and the team that I put together, the team that we've worked with, have found some opportunities for improvement over the course of working with 50-plus startups over the years.

First things first, just a quick introduction. My name is Ery Anguiano. I am the founder and principal consultant of Apsis Consulting Group. We are a small boutique consulting firm specializing in regulatory affairs for medtech devices, specifically in the U.S. market, so U.S. FDA. I personally come from an engineering background, and 16-plus years of specialized support in regulatory strategy. I've worked with large-scale manufacturers early in my career, in the quality sphere, product development, materials analysis, and material support. In the last 10 years or so I have been focused more on regulatory strategy for medtech startups and digital health startups.

Currently, I also work with federally funded innovation programs such as ARPA-H and NIH's NHLBI Catalyze program. These are accelerator programs designed to help new and advancing medtech technology to pass appropriately and accelerate their development and go to market. That's a little bit about myself. There's three of us total in the firm—a former FDA regulator, as well as a medical doctor. And between the three of us, we bring about 50 years of experience in medical devices.

What We're Going to Talk About Today

So what are we gonna be talking about today? Well, today, we're going to take a look at regulatory due diligence. Specifically, due diligence itself, from an investment perspective with medtech companies, does receive a considerable amount of attention and effort. But regulatory due diligence—in our conversations with investors, we found that many admit that they don't really give the attention necessary to analyzing regulatory diligence. Many times, they'll take the startup's word for it. And not that necessarily that's a bad thing, but there are blind spots that occur that we've seen repeatedly over the course of investment decisions that could have been avoided. And we're going to look at some specific case studies to look at what those blind spots look like, what the potential outcome can be from overlooking regulatory diligence.

A couple of items that we'll be talking about specifically: What does regulatory diligence mean? So, predict the likely FDA path of your device. How do we do that? We'll be analyzing how to look at claims, how to look at intended use, and get an early estimation of the regulatory burden for your device.

Also, what does the evidence architecture look like for the startup's evidence plan? And what does that mean? So, what is the evidence burden that will be required to bring this device to market? And how does that evidence burden relate to the runway that they need, the capital investments that they need, and how can you protect your investment specifically?

We'll look at how to spot claim drift early. Some of the examples that we'll look at today are companies that entered unauthorized markets through subtle claim expansions, or understanding of wellness versus treatment, and we'll learn some lessons from that as well. And like I said, we'll look at some real failures and some decisions that were made, but we'll analyze it in the context of risk analysis. How does understanding the regulatory risk that your particular device has, your particular investment target has—how can you make decisions around that risk that protect the value of the company?

The Venture Capital Landscape

First things first, a little bit of information in terms of venture capital and how it relates to our topic here. So the venture capital is real, of course. This report from JPMorgan just came out yesterday, so I was able to update my numbers here so we have the latest and greatest for 2025. (For more on current medtech investment trends, see MedTech Venture, Partnership, and M&A Trends Through Q2 2025.)

So in 2025, $11.3 billion were deployed into medtech. You can see the trend line there over the course of the last 5 years. And although the general trend is down, there's still significant capital being deployed globally. More than 323 deals. Between Seed and Series A VC deal activity, 113, with a total value of $1.9 billion. If you were to average it out—and maybe average isn't the best metric here—but average certainly gives us an understanding of where we lie. $16 million from an average check between Seed and Series A. So significant capital gets deployed at a single point of time during these investment decisions. So how do you protect those decisions, and where is that capital being deployed?

A particular shift in 2025, based on that same JPMorgan assessment and others that have come out recently, shows that a lot of the capital this year—or last year, I should say—65% in essence, went to Series B and later-stage companies. So what does that mean exactly? Well, I'm not an investor, but this really shows, or you can make the assumption here, that a lot of capital is being spent on players that are a surer bet. Less risk, or more risk-averse investments. $9.3 billion of those were Series B or later stages. A Series B company tends to be fairly mature in terms of a device, in terms of a product pipeline. And therefore is less risk, considerably. 70% of the investment rounds were Series B or later.

So that gives us an understanding of—although a good 30% are earlier—how do you protect those earlier investments? And if what you're looking for as an investor is that less risk, higher potential for reward analysis, how do you manage that risk from earlier-stage companies? (For insights on navigating this challenging investment climate, see Fundraising in a Difficult Capital Raising Environment.)

Taking a look at some earlier-stage companies, like we mentioned before, $1.9 billion of that went to Seed and Series A investment rounds. The median round from our best available sources is $3.5 million. And approximately 118 hours per investment decision go into investment in VC diligence time. So it's a considerable amount of diligence.

So keeping that in mind, allocating 0.5% to 2% of the check size to diligence, and specifically a portion of that to regulatory diligence, seems like a pretty cheap insurance to me. What do you get from looking at that cheap insurance, so to speak? We'll look at that later—what sort of return you can get from that cheap insurance. But in general, the early rounds are big enough so that they warrant some protection of your investment capital.

What Is Regulatory Due Diligence?

First, let's analyze what do we mean by regulatory due diligence? So, regulatory due diligence 101, as we're kind of framing this discussion, refers to the investor skill of predicting the medtech product's likely U.S. FDA regulatory path. Of course, that can be expanded into other territories as well, but analyzing what is the likely path, what is the likely timeline, and what is the likely commercialization pathway and opportunity for a particular target.

It involves analyzing all of the aspects that go into marketing to that first customer, which is the FDA. If you're in the medical device realm, if you don't get past that FDA hurdle when required, you can't sell. So how do you protect your investment so that all the obstacles are minimized to the point where you feel comfortable making an investment? (For more on communicating with stakeholders at every level, see The Three Overlooked Seeds of Innovation Adoption DNA.)

But first, let's look at what's in scope of our discussion today and what's out of scope. We understand that regulatory due diligence—or VC diligence in general—encompasses a wide array of different topics, different analyses. And as an investor, you're no doubt an expert in analyzing even the intangibles that go into a founder, a founder team, an idea.

So what's out of scope is the TAM, SAM, SOM, segmentation, positioning. Reimbursement is a big part of the discussion in general diligence, but we're not going to be discussing that today. Those warrant their own webinar series. As well as financial modeling, valuation, term sheets—that's all out of scope.

What is in scope is the primary ingredients to be able to go to market and, like I said, pass your first customer, which is the FDA. So what do your claims look like? What's your intended use? What is the intended marketing language that you're going to frame around that device? What does your pathway look like? Are you a Class 1, a Class 2, Class 3? Which of the most common pathways will you use? What does that mean for your overall runway and capital investment needs? And what does your evidence plan look like? Specifically, what does the target's evidence plan look like? Is it fully baked out? Have they considered the items that they need to consider? Or are there some pretty heavy blind spots that they haven't considered yet? We'll be looking at that specifically.

Just a note that there are other paradigms in investment diligence that are all equally important. But we won't be talking about those today. We understand that regulatory diligence is one portion of that overall diligence that needs to be done during an investment decision. However, we'll see that regulatory diligence can be a make-or-break switch for your target's overall success.

Common Myths and Assumptions

So what are some common myths and assumptions that we see on a day-to-day basis regarding regulatory that create uncertainty and destroy value?

One of the myths—and we'll go into it in a little bit of detail based on what we've seen in the last couple of days from the FDA—but the wellness exemption. We'll see a couple of examples of companies that have made wrong decisions in terms of wellness, and have thought that disclaimers in general can keep you within that realm and outside of the FDA's purview. But we'll see how you really have to challenge those claims and understand the exact verbiage and wording that you need to look at for that to be true.

Some companies that we've seen—not just in our examples today, but in general—plan to have a launch of a product. And they say, well, we'll figure out FDA later. In many cases, they wrongly assume that their device is not a medical device and does not require FDA clearance. That is a big myth. That can destroy value, can cost a lot of money to remediate, and cost a lot of time.

Another myth: 510(k) is the default pathway. Sometimes 510(k) is not your best pathway. But understanding the risks involved in the timeline and the opportunities from a business standpoint and from a regulatory standpoint of your other options, I think is a necessary diligence question that should be answered.

Other times, we meet with founders that are clinicians, specialists, medical doctors that are world-class in their field. And before we even speak to them, they've already conducted significant pilot data, a significant amount of studies, they've sunk a lot of money into these clinical studies. But the way the clinical studies were designed, they can't be used for submission. So what happens? In some cases, they have to repeat clinical studies because they didn't design those correctly with the FDA in mind to begin with. These are common assumptions that we see, and these all destroy value. So having an early question to what a startup is looking at for these specific items is something that can protect your investment long-term.

The Diligence Process

So what does the diligence look like? Everybody, all regulatory professionals have a different flavor of how they perform regulatory diligence, but this is the spine that we've worked with and have seen some great results. In general, everybody must do something like this.

We look at the claims and the intended use of the device, first of all. Those claims and intended use—sometimes you have different opportunities within that. Within the claims and intended use, they lead to different classifications and different pathways. We'll take a look at more of that a little bit later.

Those different classifications and different pathways have different evidence burdens. Some minute, some extraordinary. So depending on what you claim, you can have a very quick path to market, or a very difficult, turbulent, and expensive path to market.

It's necessary to look at your design controls—how the startup or the target is understanding and approaching design—and then what are they thinking in terms of their marketing?

I can't tell you how many times I've seen startups that make some fantastic claims because of their belief in their technology, and that's fantastic. But the claims that they're making to investors early on—those aren't reasonable, or they have such long lead times, or such a difficult pathway, that they're probably not the best first product for that startup. Understanding that can give investors a huge leg up when they're making these decisions. (For more on aligning product claims with customer needs, see Designing for MedTech.)

Why Claims Are Important

So, why are claims important? Step one. What a startup claims in their marketing language, in their intended use, in their indications for use—not only is it a legal construct, they are legally required, they're held to certain legal requirements based on their indications for use, based on what the intended use is. But also, it crafts the marketing language that you can draw around that.

What can you say, what can you not say? Marketing claims are dealt with very, very seriously from an FDA's perspective. The FDA looks at what is your—what is the device's intent, and what are the users going to understand from your marketing language? And if that marketing language puts users or patients at risk, then the FDA can have problems. And that's when you result in warning letters, or additional information requests. All of that goes into your intended use and marketing claims.

Pathways: 510(k), De Novo, and PMA

Let's take a look at the different pathway discussions. This is a little cheat sheet for you seasoned investors and founders. This is remedial, but it's good always to level set.

510(k) pathway, of course, is an easier, much desired regulatory pathway by many. Because it provides a quicker path to market. You are essentially demonstrating equivalence to an already marketed device, therefore your risk profile is equal, and FDA tends to move those applications forward fairly quickly, as long as you meet the required benchmarks.

De novo—when you have no predicate that you can go off of. Meaning, your intended use is different to any existing marketed medical device, or your technology is such that different questions of safety and efficacy arise because of your device. Then a de novo pathway is likely going to be required. That tends to be for low and moderate risk devices, but the pathway is a little bit longer. And understanding what that pathway looks like, and what the time looks like, and what the capital requirements look like, is something that an investor should know.

Lastly, for high-risk devices, life-sustaining implantables, the PMA process. It's something that many try to avoid. Sometimes they can't be avoided, just nature of the device that you've designed. But understanding what that process looks like, and equally, timeline, capital requirements, is something that should be on the board from an investment perspective.

The Claim Ladder and Risk

Let's take a look at another way to view how claims relate to this pathway and classification. A very similar, or the same technology, can have different levels of risk from the FDA standpoint.

A certain technology, for example, that measures oxygenation for a fitness device—could be a wellness device. You're measuring oxygen saturation. But you're doing it in the context of fitness and wellness overall, not for medical reasons.

But when that oxygenation includes now alarms, you're monitoring with a medical intent. You're triaging. You're making high-risk decisions, like a diagnosis or a clinical decision.

The ladder of claims increases your risk, depending on what exactly you claim. And as we mentioned, that feeds directly into the pathway, and directly into the evidence burden, capital requirements, and the timeline, even if it's the exact same device, even if it's from a technological standpoint, if it looks like the same device.

So it's easy to drift when you're drafting marketing language, but you want to always keep in mind where exactly you are on the risk claim ladder here.

Product Roadmapping

For this reason, I am a big fan of what is normally called product roadmapping. So, understanding the different products that can result from the same implementation of the technology, just based on different claims, different alerts, different diagnoses, different wordings that come from that same device.

Some of the startups that we've supported have some fantastic AI automation, life-sustaining opportunity. They can provide oxygen, they can auto-titrate, they can use AI to alert, notify, provide decisions. The technology is very impressive.

But many of our startups that we've worked with start with a more simple product for your market entry, sometimes a monitoring product, for example. Why is that important? There's a lot of factors that go into that, but timeline is one. Capital requirements is another. Many utilize the capital to work through the manufacturing issues for the device, first of all, sell it, put it in people's hands, obtain information, gather information, real-world data. That real-world data then goes into a version 2 or a version 3 device that progressively have a higher claim status, a higher risk status based on the claims.

So one device could be monitoring. The technology could be used for monitoring. Then, you can put alerts, thresholds, notifications. That tends to be a higher risk endeavor. And it has higher evidence burdens. Then, depending on the available data that you've collected over V1 and V2, many times the same technology can be used to make a diagnostic decision, or as a diagnostic aid. Obviously, the risk goes up, but the foundation of V1 and V2, the data that you've collected, allows you to easily make that jump, and to initiate that product through a different pathway.

This has been a ladder that has worked well for many startups and continues to be used, and this is something that we definitely promote and propose when the technology can be used for different claims and for different end uses at the end of the day. (For more on strategic pivoting, see Adapt to Thrive: The Role of Pivoting in Startups.)

But understanding your product roadmap is something from an investment standpoint that allows you to see what is realistic. Is V3 realistic in 18 months, or is V1 realistic in 12 months? Understanding what those requirements are, how difficult or how easy it is to get through the FDA, will allow you to make a better decision from an investment standpoint and truly understand your risk.

What's Reasonable to Expect at Each Stage

So what's reasonable to expect from a startup, now that we've discussed a little bit of diligence? Obviously, the maturity of the startup has a lot to do with the expectations that you would have from a regulatory diligence standpoint. Pre-Seed, Seed, Series A—they're different maturities from a startup perspective. And as we noticed at the beginning of our discussion, a lot of investment money is going into startups that are mature, that have de-risked a lot of those early phases, early stages.

Pre-Seed, Seed, and Series A obviously carry more risks, but if you understand and do the diligence appropriately, maybe you can mitigate a lot of those risks, or help your target mitigate those risks as well.

Pre-Seed: If you've locked your claim boundaries and understand the technology, even if it's not fully well designed, if it's not complete, you don't know exactly the type of validation data you'll need, you don't know exactly the performance it'll be—but understanding your claim boundaries, the general path that you'll need to take, the different opportunities within the FDA pathways that you may have, that's a good indication that they've done their regulatory homework.

Seed level: You should be looking at an established, credible pathway, an evidence plan. What evidence do you need to establish that pathway? And what are your labeling claims? What are your marketing claims? What can you realistically claim based on the plan that you've developed? And how long should that take? Those are reasonable questions to ask at that level.

Series A: Many Series A companies already have validated and submitted and approved, or cleared, their first one or two devices. Maybe it's a V1 version of the technology they've implemented. So the level of maturity and regulatory understanding should be a lot higher. Your quality management system should be operating, and the expectations and roadmapping from that regulatory team should be well developed.

So different expectations for different maturity of companies is something that you should factor in as well.

Levels of Diligence: Snapshot vs. Deep Dive

So with that in mind, something that we do, and we've found very, very helpful, is to really limit the level of diligence for depending on the maturity of the target or the startup.

Sometimes you just need a snapshot. We've developed our own internal AI agent that helps us do a snapshot within 24 hours. What do you get there, or what should you see from a snapshot perspective for very early-stage companies? You should have a good understanding of what your claims can be, what they shouldn't be. You should have a good hypothesis on your pathway. You should have risks identified. What are some potential risks?

What are those risks? Well, you should know at that point whether you'll need to perform a clinical study or not. Clinical studies can range between $1 to $4 million, so that's a huge capital investment that you should know early on, based on your claims. And you should have a good understanding of the regulatory landscape. How are your competitors regulated? What have they had to do? And how does your device compare to them? That's something we can do fairly quickly.

Core and deeper diligence are for more mature companies. And where you need a really substantive understanding of what your roadmap is, what your evidence plan is, and how does that relate to the pathway and the capital investment that you'll need to make.

When do you need deeper diligence? Well, like I said, Series A and plus. Or situations where you have high risk—you should really do some deep diligence.

An example of a scenario where you should look at manufacturability: one particular startup was using uranium from decommissioned bombs for their development of their device. Supply chain problem became a terminal problem for this company. There's only a limited amount of material you can use from decommissioned bombs for this particular device. So you had a supply problem that was encompassed in manufacturing. The regulatory pathway was fine, the timeline was effective, the clinical plan was well established, but you were looking at an operational problem. So those are the instances where you really—where you have a high degree of risk or high expectations from a company where you should be looking deeper for these types of issues.

Hidden Evidence Gaps

Why would you need some additional, or deeper diligence? Well, there's a lot of areas that, if you do not have a robust evidence plan, can result in very extended delays.

For example, if you've correctly identified your pathway, you've correctly identified your claims, you know exactly where you want to be, but you haven't built the evidence plan that the FDA is expecting:

So in this scenario, you would need some deeper diligence.

FDA Review Clock vs. Reality

Another item to consider in your roadmap and in your timeline is the FDA review clock versus reality. So as we know, the 510(k) program, from the FDA's perspective, has a timeline of 90 days, and the de novo program of 150 days. But I did a quick analysis of just 2025, and the median review time for a 510(k) was 126 days. The median review time of a de novo was almost 300 days.

So having realistic timelines and validating your target's timelines with reality is something that can help you appropriately use your investment capital.

What is the delay, usually? We mentioned at the beginning, AI holds. So when you haven't correctly anticipated the data or the evidence burden from the FDA, that can result in significant halts. And that's where your timeline and your runway start to become a huge factor.

Scoring Regulatory Risk

So how do you factor everything in? It's good to have a good scoring rubric to prioritize your regulatory risk. Something that we've done is we've developed a rubric scoring based on some of the standard approaches of regulatory diligence and factoring in all of the near-misses, or sometimes complete misses that we've seen with our clients. Like I said, with over 50 startups that we've worked together, and 50-plus years of combined experience, we've seen quite a bit of failures.

So this doesn't have to be your particular prioritization or scoring rubric, but this is something that we found very helpful. We look at the severity of the risk, and we use a risk-based approach for this. How much risk or how much value can be destroyed if this risk materializes? For example, how much value is destroyed if the FDA disagrees with your pathway? You're not 510(k), you're a de novo. How much value is destroyed? Well, it's fairly easy to understand the amount of time that you've just added to your timeline, and it's not too hard to estimate how much additional capital requirements you'll need, based on just that one decision. So that's good to score.

Another item is, what is the likelihood of enforcement? There are some guidelines and procedures that the FDA has utilized for many years, and there are some recent guidelines that we'll talk a little bit more about a little later, in particular to the wellness guidance. So, what is the likelihood that this will result in an AI hold, or possible enforcement action? That's good to score as well.

And what is the opportunity cost? Time, cash, what is the fixed cost of this risk materializing? These are some of the factors that we utilize when providing a risk scoring for regulatory diligence.

Case Studies

So let's look at some examples now. And let's dig in a little bit and see what the result is of poor regulatory diligence, or performing poor regulatory diligence, and let's look at some case studies as well.

Red Flag #1: Selling First Without Understanding the Regulatory Implications

The first red flag: selling first without understanding the regulatory implications.

Disclaimers rarely get you out of enforcement from an FDA's perspective. With the updated wellness guidance that just came out this week, there's some more leeway. But you can't just disclaim everything. Even now, with the updated guidelines. Entering unauthorized markets without fully understanding the regulatory implications—that is a huge risk.

Owlet Smart Sock

Our first case—and the case studies that we'll be analyzing today are publicly available information. We decided to use that versus past or current clients that we work with. But the same scenarios that you'll see here are the same scenarios that happen at Seed level, Series A, and these companies, although more mature, you should have seen these regulatory red flags coming even more so.

So the Owlet Smart Sock started distribution in 2021. They very quickly received a warning letter from the FDA saying that they are marketing a device without the appropriate clearance. This is a sock that is used mainly for newborns, and I can tell you because I've used it myself—used for newborns, and it's used to track the oxygen, the oxygenation of the blood, as well as heart rate. And when those become alarming, or beyond certain thresholds, it alarms the parent, it alarms your phone to notify you that there could be something wrong with your baby's breathing.

Without a doubt, very important device. I own it, we've used it, very fantastic device. But it wasn't cleared through the FDA. So of course, they received a warning letter. Sales were halted. According to SEC filings, they had to take a $23 million contract revenue adjustment just to account for all of the returns that had to be made. And it took them about 2 years to get a de novo authorization for the Dream Sock.

So—time, money consequence, reputational hit. Why? Because they didn't perform the regulatory diligence truly understanding the FDA's expectations.

Now, does this mean that the regulatory team in-house didn't look at this? Well, we don't know. I can't tell you that for certain. But what I can tell you is that there are instances where the regulatory team can make a recommendation. But sometimes the founding team, or the C-suite, may not accept it. From an investment standpoint, if you have an independent review of this type of risk, it can save you from making decisions that—maybe in this case, it wouldn't have affected the investment decision, but regardless, it should have been an easy red flag to catch. Especially understanding the wellness FDA guidance at the time.

What would we have done to mitigate this particular device? We would have recommended a pre-submission, an initial dialogue with the FDA to understand their expectations, and you would have saved yourself a two-year gap in sales of your first and foremost product.

Red Flag #2: Non-Medical Services Extending into Medical Territory

Another red flag that we've seen are non-medical services, non-medical companies, extending operations into potentially medical territory. So what happens there is that you're completely missing a regulatory team, regulatory structure. Your claims can change overnight. And from an investor focus, you should be looking for some sort of regulatory strategy memo for this particular device.

23andMe

Let's look at this in a little bit more detail. This is the case of 23andMe. 23andMe, as we understand, providing genetic testing meant initially for ancestry reports, raw data, but they expanded their offerings into genetic tests that gave you an indication of your propensity to develop certain diseases. Fantastic product. Works amazingly. But they didn't market—they marketed without FDA clearance or approval. So again, they received a warning letter.

We don't have an understanding of the business impact or the scope. But what we can see from the public record is that it was a 2-year duration between warning letter and first market clearance.

What happened here? Company that wasn't used to performing medical assessment, regulatory assessments, per the FDA lens. Claimed or drifted their claims into higher risk, into a higher risk category with different products, and didn't do that diligence appropriately.

We've seen this time and time again from, specifically, a lot of companies that are used to, or digital companies that are coming from the Silicon Valley space, from the IT space, the tech space. Jumping into medical devices or things that could become medical devices, and carry a higher risk, and not doing that diligence correctly.

Again, we would have done a complete analysis here—would have saved yourself two years of lost sales.

Red Flag #3: When Claims Exceed the Evidence

Red flag number 3: when claims exceed device—or when claims exceed the evidence that you have.

Blood Pressure Insights (Whoop)

I had this particular example, debated whether I should remove it based on current situation that has happened recently, but we'll talk about it anyway.

So the blood pressure insights—when this came out, and the warning letter from the FDA came out, most, if not the majority, of regulatory professionals would have told you this was a big red flag, you should have seen this coming. Other devices had very similar—devices that had to be cleared by the FDA. Measured blood pressure insights, including daily systolic and diastolic estimations. Whoop was using them from a fitness and wellness perspective. However, the FDA concluded that it was inherently tied to diagnosing hypo- and hypertension.

So what happened? They received a warning letter. Whoop maintained that it was a wellness feature. Some level of conversation ensued, and just this week, the FDA commissioner cited the new wellness regulation that would allow Whoop specifically, because they included an example in the updated guidance that explicitly describes Whoop's product and blood pressure estimation for a wellness device.

So in the context of what we're understanding—regulatory due diligence—a regulatory professional would have likely, or should have, communicated the high-risk potential of this device, and the high risk that it was of receiving a warning letter and receiving injunctions and seizures and enforcement action by the FDA and other government agencies. But in this particular case, the work of Whoop managed to change the overall guidelines. Where the guidelines are now more inclusive to devices such as this, used for health estimation.

In normal regulatory scenarios, this probably would not happen. In the regulatory landscape that we are in today—well, it was a high risk, but it was a high reward. And independently, whether you agree or disagree with it, this is good news to many, many companies. But it's good to understand, from an investment perspective, at least the risk that was involved in making this type of decision.

Red Flag #4: Hidden Complexity Creates High Evidence Burden

The last red flag we'll analyze is startups that have relatively simple products, but hidden complexity creates high evidence burden. Specifically, digital products—cybersecurity, interoperability can create heavy evidence burdens that can be hidden. And in these types of scenarios, it's good to understand, from a deep diligence perspective, exactly what your timeline should look like.

Cheap Fixes at Each Stage

So these are some examples that we've gone through. What are some fixes to understand the risk here?

Well, depending on the investment stage that your target is at, there are some relatively cheap fixes early on that can help you avoid huge potential downside in the future.

For example, from a pre-seed or prototype perspective, understanding your claims and starting your document control, understanding your pathway. That's an easy fix, and it'll help you save a lot of money in the future.

Validation, or Seed level—understanding the frozen design, having a good understanding of your evidence burden that will be required to get to market. That's a relatively easy fix.

And for higher or more mature devices, or startups—having a very thought-out, detailed plan, and looking for any hidden risk within the engineering documents. Those are cheaper fixes early on. And they can save a lot of time, which results in sales, of course.

How to Do This Analysis

So how do you do this analysis? Well, it's good to have a rubric. And understand the rubric. And as investors, without a doubt, you have rubrics and spreadsheets and everything that factor into the decision of understanding risk for your investment and a go/no-go scenario. But we've developed a rubric that's specifically for regulatory risk. We're happy to share that with you—if you'd like to, you can put it in the chat or send an email or a note.

Three Things to Remember

So if you only remember 3 things, what should you remember?

1. Claims come first. Understand your claims. What you will say, what you won't say, what the target will or won't say. Understand what those claims are, and how they relate to the technology, first and foremost. That will many times dictate your pathway.

2. Even with the updated wellness guidance, wellness and disclaimers are not a complete shield. So having somebody on your team that understands where the line is and where the gray is, so that you can quantify that risk—that is essential.

3. Diligence is leverage. Spending a little bit of the check size on regulatory diligence, as we've seen, can save some significant time delays and some significant capital investments in the future.

Q&A Highlights

On Manufacturing Challenges

Q: Do you often spot issues when you're doing due diligence where you wonder, how are they going to find a manufacturer that is FDA-cleared who can actually build this thing?

Usually when we're doing deep diligence and we're analyzing the manufacturing, it's not that they can't find a manufacturer. It's usually that they don't understand the lead time to get certain manufacturing capabilities online. For example, if it's a plastic molded part that is unique—that can take 6 months to a year, just to build the molds, and multiple millions of dollars, just to have the molds to be able to begin some level of manufacturing, even if it's not fully automated.

So usually it's that. And back in the day, in my role with BD, one of my roles was to travel internationally and determine the abilities of certain manufacturers to produce at scale what was needed. So sometimes the scalability is a factor. Sometimes you have manufacturers that can scale for a certain amount, but they haven't done the due diligence that with the growth that they had expected, they can keep the same manufacturing. Sometimes that leads to issues.

Advice for AI Founders

Q: I see a lot of founders that see what LLMs can do, and Hugging Face, and all these models—and seem very intent on building what looks like a medical device without having any sort of controls or regulatory experience whatsoever. Do you have any advice for those founders?

The advice that we've given previously to founders is exactly what I described here—is really understanding your overall product roadmap. So what many times, especially early-stage founders—the Silicon Valley mentality, "move fast and break things"—doesn't translate very well to medical devices, because you can either move fast and break things and start over, or you can move a little bit slower, deliberately, and get there quicker.

So general recommendation would be to really understand what it is you're building, and understand the regulatory constraints around which you have to build. And even, for example, in Whoop's case, I'm sure there was some level of discussion in terms of the regulatory risk that existed. And for them, it paid off. But that is much, much more the exception versus the rule. Many, many, many more times, you will be shut down, and the FDA will be immovable. And I haven't seen a scenario that ended well for anybody where the founder told the FDA, "thank you for your advice, but we're not going to follow it." But it did in this case.

So it's understanding what are the regulatory bounds for what you're trying to build, and understanding the risk that's associated with it. Today's regulatory landscape is different than it was even a few years ago, so there might be some room to play, but understanding the risk is always what we promote.

On Clinical Diligence

Q: Sometimes the regulatory landscape may actually be really well defined, but the clinical diligence is really bad. How do you normally combine these activities?

Yes, clinical is a huge, huge, huge portion of it. And so what we recommend is always, always, always—before you perform clinical, run it through the FDA, through a pre-submission. Whether that's a digital product that you need to run clinical validation on, you're doing validations on images, or a prospective clinical study. (For more on working effectively with clinical experts, see Partnering with MDs as an Industry.)

Internally, we do have a clinical expert. She's a medical doctor and used to running clinical trials. We also partner with a clinical trial firm for added expertise. But clinical is a huge aspect, and unfortunately, that's somewhere where we see a lot of repetition. Because like I said, we meet with fantastic founders. Brilliant scientists, brilliant medical doctors, specialists in their field. But they've done clinical studies from an academic, scientific viewpoint. Which is not always necessarily the FDA's viewpoint. The statistics aren't well-defined. The endpoints are not the exact endpoints for the device, so you have to repeat the study.

But yeah, our recommendation—always, always, always, as much as you can, unless you understand the risk and want to move forward—run your clinical study by the FDA prior to running it.

Recent Changes to FDA Wellness Guidance

Q: Do you mind sharing a quick overview of the recent changes FDA has put in place for health and wellness?

Yeah, definitely. So previous stance from a health and wellness perspective was that devices that could have some reasonably foreseeable misuse from a medical standpoint did not meet the low-risk requirements for a wellness device, and therefore had to be regulated from a medical device perspective.

The Whoop example is a great example of something that was—before, it was in the black, now it's white. Blood pressure readings have always been—previously, the FDA always characterized blood pressure as a higher risk biomarker than all of the other biomarkers that are wellness devices. Heart rate, for example, sleep, stress, all those other biomarkers—specifically because of the risk for users to change their blood pressure medication, which is reasonably foreseeable misuse. That, FDA previously had put into a higher risk category.

Whoop's argument was that there should be a wellness case for blood pressure, where it's just used for fitness devices, for general health and wellness. And FDA relented. The exact mechanics of why that happened, I'm not entirely sure. But what I do know is that from publicly available data, the founder did speak directly with Secretary Kennedy, and the FDA commissioner came out with a statement saying something almost describing Whoop's device to a T, and saying why that shouldn't be regulated. That wellness policy update that came out—the regular approach to new policies like that is to have a public review of the updated guidance and public discussion of the updated guidance. That didn't happen in this case. Typically, a two-year guidance update went by in a few months. So that's a different regulatory landscape.

So in general now, the updated wellness guidance says that as long as you disclaim that it is intended for fitness, general health reasons—not citing any medical diagnostics, any medical disease—as long as you do not cite medical diseases, even if you prompt the user to look for medical guidance based on certain conditions, that is still wellness. As long as the technology doesn't create an added risk. So for example, electrostimulation to the brain—that technology has a potential risk, even if it's used for like, "oh, we're electrically stimulating your brain to reduce stress." Even though it's a wellness claim, the technology adds an added risk. So that's where the line is redrawn.

You have to disclaim. And as long as your technology is non-invasive, it doesn't create any new risks to the user, even if it prompts the user to seek medical attention, you are now a wellness device. So definitely increased the goalposts there.

And a great example of going through a pre-sub to validate.

Conclusion

Thank you very much. Again, a pleasure being able to discuss something that is near and dear to our hearts. You can find me on LinkedIn, or you can take a look at our website, which is apsiscg.com.