OPENREGULATORY
Sign in Get started
Ask a question
Quality Management 8 answers

How to handle risk analysis for regression vs classification models in AI medical devices?

Anonymous · Published December 06, 2025 · 1 comment
When performing risk management for AI-based medical devices, how should the analysis differ between classification and regression models?
For classification models, risks are often broken down into omission/commission risks due to false negatives (FN) and false positives (FP). However, with regression models, this distinction is less straightforward since there are no FN/FP, but rather continuous errors measured by metrics like RMSE.
Is it appropriate to categorize errors in regression models as "deviating detections", or is there a better way to structure the risk analysis for regression models?

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

Anonymous 7 months ago
Could you provide examples of the types of AI models or intended uses you're considering? This might help tailor the recommendations.
 Reply to this comment

Discussion

8 Answers

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory ·
This is a common challenge. With classification models, you have clear categories and can define risks based on false positives and false negatives. For regression models, since outputs are continuous, you can set thresholds to define what counts as a significant error (for example, above a certain RMSE or another clinically relevant measure). By defining these thresholds, you effectively convert the regression outcomes into categories (such as safe/unsafe), making the risk analysis more straightforward.
The key is to clearly document the justification for your chosen thresholds, using sources like PMS data or literature. You should also have a review process in place to ensure these thresholds remain appropriate over time. This approach should satisfy auditors if the logic is transparent and justified.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory ·
This is a common challenge. With classification models, you have clear categories and can define risks based on false positives and false negatives. For regression models, since outputs are continuous, you can set thresholds to define what counts as a significant error (for example, above a certain RMSE or another clinically relevant measure). By defining these thresholds, you effectively convert the regression outcomes into categories (such as safe/unsafe), making the risk analysis more straightforward.
The key is to clearly document the justification for your chosen thresholds, using sources like PMS data or literature. You should also have a review process in place to ensure these thresholds remain appropriate over time. This approach should satisfy auditors if the logic is transparent and justified.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
A
Anonymous ·
It depends on the intended use of the model and whether the difference between classification and regression leads to different risks or risks with different severity levels. If so, it's reasonable to split them up in your risk analysis.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
A
Anonymous ·
I would focus less on the terminology and more on ensuring your rationale is logical and well-documented. What's important is that your team agrees with the approach and that you can explain it to auditors. As long as you have a documented justification, the wording (like "deviating detection") is secondary.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
A
Anonymous ·
In our process, we also split up risk per model. Not sure if that's what you mean, but it can help clarify the analysis.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
A
Anonymous ·
It depends on the intended use of the model and whether the difference between classification and regression leads to different risks or risks with different severity levels. If so, it's reasonable to split them up in your risk analysis.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
A
Anonymous ·
I would focus less on the terminology and more on ensuring your rationale is logical and well-documented. What's important is that your team agrees with the approach and that you can explain it to auditors. As long as you have a documented justification, the wording (like "deviating detection") is secondary.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
A
Anonymous ·
In our process, we also split up risk per model. Not sure if that's what you mean, but it can help clarify the analysis.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
Want to add your answer to this question?
Write an answer under your name by logging in or signing up, or post anonymously.

Keep reading

All questions
Risk Management Plan

Risk Management Plan

Dr. Oliver Eidel

updated over 1 year ago
Technical Documentation

ISO 14971 Walkthrough

Updated over 1 year ago

Dr. Oliver Eidel

SOP Information Security Risk Assessment

SOP Information Security Risk Assessment

Dr. Oliver Eidel

updated about 2 years ago

Still have a question? Ask a question here publicly — for free.

Or talk to one of our consultants — first calls are free. Check out our services and prices.

Looking to automate your regulatory work? Check out our eQMS, Formwork. Built for lean, founder-led companies. There’s a free version too.