IEC 60601-1-10 Testing and Compliance for Physiologic Closed-Loop Controllers

IEC 60601-1-10 is a collateral standard within the IEC 60601 series that applies to medical electrical equipment and systems incorporating physiologic closed-loop control. A physiologic closed-loop controller is a system that:

• Measures a physiological parameter (e.g., oxygen saturation, blood pressure, glucose level)
• Compares that measurement to a defined target
• Automatically adjusts therapy to maintain or achieve that target

In simple terms, the device continuously and automatically monitors, decides, and acts. This represents a meaningful shift from traditional devices, where clinicians interpret data and determine next steps. In closed-loop systems, that responsibility is either partially or fully handled by the device itself. IEC 60601-1-10 ensures that this automation remains safe, bounded, and clinically appropriate.

Closed-loop systems behave differently than conventional devices because they operate continuously and rely on feedback. As a result, risks are often dynamic and system-driven rather than isolated to a single failure point.

Some of the most important risk considerations include:

• Sensor inaccuracies or delays leading to incorrect system responses
• Software or algorithm errors influencing therapy delivery
• Feedback instability causing oscillation or overcorrection
• Loss of user situational awareness due to automation
• Unexpected behavior under abnormal or edge-case conditions

 These risks can emerge quickly and compound over time, which is why IEC 60601-1-10 emphasizes predictability, stability, and clear operational limits.

IEC 60601-1-10 applies to a growing range of devices that automatically adjust therapy based on patient data. These systems are increasingly common as medical technology becomes more connected and software-driven. Typical examples include:

• Infusion pumps with automated drug delivery control
• Ventilators with adaptive breathing support
• Closed-loop insulin delivery systems (artificial pancreas)
• Anesthesia delivery systems
• Dialysis equipment with feedback control
• Cardiac monitoring or assist systems with automated response

If a device is making real-time therapy adjustments without constant human input, this standard is likely relevant.

IEC 60601-1-10 focuses on how a closed-loop system behaves under both normal and abnormal conditions. Rather than mandating specific algorithms, it defines expectations around system performance, control boundaries, and risk management integration.

Key Areas of Focus

At its core, the standard ensures that automated control systems operate within defined and safe limits, even when conditions change.

Closed-loop control sits at the intersection of multiple standards and disciplines. It is a system-level challenge and not just a hardware or software concern. To achieve compliance, manufacturers typically need to align:

• IEC 60601-1 for general safety and essential performance
• IEC 62304 for software lifecycle processes
• ISO 14971 for risk management
• IEC 62366-1 for usability and user interaction

Each of these contributes a different perspective, but IEC 60601-1-10 ensures that the system as a whole behaves safely and predictably.

Physiologic closed-loop systems introduce risks that must be clearly captured in the Risk Management File (RMF). These risks are often dynamic, emerging from how the system behaves over time rather than from a single, isolated failure.

Within the RMF, manufacturers are expected to present a complete and traceable picture of how these risks have been managed. This includes identifying control-related hazards, establishing defined limits for system behavior, and implementing risk controls through both design and software. It also requires demonstrating that those controls are effective through verification activities, and that any remaining residual risk has been evaluated and determined to be acceptable.

Because closed-loop systems make automated decisions, it is especially important that those decisions are fully justified and supported by documented evidence. The RMF becomes the central record that shows not only what the system does, but why it behaves safely under expected and unexpected conditions.

Developing safe and effective closed-loop systems requires coordination across engineering, software, and clinical understanding. Even experienced teams can encounter challenges such as:

• Translating clinical intent into stable control algorithms
• Validating system behavior across diverse patient conditions
• Managing variability in sensor inputs and real-world environments
• Aligning software validation with system-level risk management
• Ensuring users understand system behavior and limitations

These challenges are often interconnected, making early planning and integration critical to success.

Intertek helps manufacturers navigate the complexity of closed-loop control systems by connecting design, software, and risk management into a cohesive compliance strategy.

We work closely with development teams to evaluate system behavior, identify potential risks, and ensure that testing and documentation align with regulatory expectations. Our experience with software-driven and automated medical technologies allows us to provide practical guidance that supports both compliance and innovation.

By integrating IEC 60601-1-10 with related standards and testing activities, Intertek helps reduce uncertainty and create a more efficient path to market.