THE STAKES
Posts 1 through 4 documented the Invisible Standard in domains where capture produces economic harm — inflated compliance costs, suppressed innovation, restricted competition. Post 5 maps the domain where capture produces something more consequential: medical devices fail. Patients die. The standard that was supposed to protect them becomes the architecture that protects the industry instead.
Medical device standards are the highest-stakes application of every dynamic this series has documented. The copyright architecture of Post 2 determines who can afford to know what safe device manufacturing requires. The capture architecture of Post 3 determines whose definition of "safe" governs. The barrier architecture of Post 4 determines who can compete in the market the standard defines. And when the standard fails to do what patients need it to do — the consequences are measured not in dollars but in lives.
The medical device standard is supposed to be the floor that protects patients.
Every dynamic documented in this series applies — capture, copyright, barrier to entry, incumbency protection. The difference from every other domain: when the standard serves the industry rather than the patient, the patient pays with their health. The stakes make the architecture visible in a way that bolt thread specifications do not.
THE MEDICAL DEVICE STANDARD ARCHITECTURE
FSA — Medical Device Standards · The Regulatory Framework
ISO 13485 — Quality Management For Medical Devices
The global standard for medical device quality management systems. Required for market access in the EU, Canada, Japan, Australia, Brazil, and over 100 other countries. Referenced in the FDA's Quality System Regulation for US market access. Developed by ISO Technical Committee 210 — whose membership includes representatives from the major medical device manufacturers, notified bodies (the private certification organizations that audit compliance), and national standards bodies drawing primarily from industry. Written by: the industry. Required by: governments worldwide. Sold by: ISO, $198 per copy.
IEC 62304 — Medical Device Software Lifecycle
The standard governing software development processes for medical devices. As medical devices increasingly incorporate software — pacemaker firmware, insulin pump algorithms, diagnostic AI — IEC 62304 compliance defines what "safe" software development means. It covers classification of software safety levels, development lifecycle requirements, problem resolution processes, and software maintenance. The standard was developed by a joint ISO/IEC committee drawing heavily from the embedded systems industry. Cost: $285.
ISO 14971 — Risk Management For Medical Devices
The standard defining how medical device manufacturers must identify, evaluate, and control risks. Central to all regulatory submissions globally. Developed by ISO TC 210. The risk management framework it establishes — hazard identification, risk estimation, risk evaluation, risk control — is the intellectual architecture that regulators use to assess device safety. The entities that wrote the framework are the entities whose devices are assessed against it. Cost: $198.
The Notified Body Architecture
In the EU medical devices must be certified by a "notified body" — a private organization authorized by an EU member state to assess conformity with the relevant standards before market access is granted. Notified bodies are private companies. They charge fees for their conformity assessment services. They are authorized by governments. They assess compliance with standards written by the same industry whose products they certify. The notified body is UL running in medical device regulation — the entity that defines safety also certifies it, and charges for the certification. The standard body, the notified body, and the major device manufacturer are three nodes in the same industry ecosystem — mutually dependent, mutually reinforcing, and collectively governing what "safe" means for the patient who is not in the room.
THE MESH IMPLANT CASE — WHEN THE STANDARD FAILED THE PATIENT
FSA — Surgical Mesh · The Standards Failure Architecture
Transvaginal surgical mesh — a polypropylene mesh implanted to treat pelvic organ prolapse and stress urinary incontinence — was introduced to the US market in the 1990s and subsequently approved for additional applications. Hundreds of thousands of women received mesh implants over the following two decades. By the 2010s it became clear that a significant proportion of mesh implants caused serious complications: chronic pain, erosion through tissue, organ perforation, nerve damage. The FDA issued multiple safety communications. Thousands of lawsuits followed. Several manufacturers withdrew their mesh products. The FDA ultimately reclassified surgical mesh as a high-risk device in 2016 — requiring clinical trials for market approval — 20 years after its initial introduction.
The standards pathway that allowed surgical mesh to reach hundreds of thousands of patients without clinical trials is the 510(k) clearance process — which allows medical devices to gain FDA clearance by demonstrating "substantial equivalence" to a previously cleared predicate device rather than through independent safety and efficacy clinical trials. The 510(k) process was designed to reduce regulatory burden for low-risk devices. It was used for implants that remained inside patients for decades.
The standard that governed surgical mesh entry to market was not a standard for long-term implant safety — it was a standard for regulatory convenience. The convenience served the industry's time-to-market interests. The patients paid the cost. The standard did not fail technically. It succeeded institutionally — at the function the industry needed it to perform.
THE 510(k) ARCHITECTURE — THE PREDICATE DEVICE CHAIN
The 510(k) clearance pathway — named for the section of the Food, Drug, and Cosmetic Act that established it — allows a medical device to be cleared for market without clinical trials if the manufacturer can demonstrate that it is substantially equivalent to a legally marketed predicate device. FSA maps the predicate chain as a capture architecture.
FSA — The 510(k) Predicate Chain · How Safety Standards Cascade
Device A is cleared via 510(k) by showing substantial equivalence to Device B. Device B was cleared by showing substantial equivalence to Device C. Device C was cleared by showing substantial equivalence to Device D — which was originally cleared in 1978 under standards that predate modern materials science, long-term biocompatibility testing, and software safety requirements. The new device at the end of the predicate chain may be substantially more complex, more invasive, and more long-lasting than the original predicate — but it has never been independently tested for its specific safety profile.
The IOM (Institute of Medicine) 2011 report on the 510(k) process concluded that the pathway cannot provide reasonable assurance of safety and effectiveness and recommended its replacement with a new framework. The FDA has not replaced the 510(k) pathway. Over 80% of medical devices currently reach the US market through 510(k) clearance rather than the Premarket Approval process requiring clinical trials.
FSA reading: the 510(k) pathway is the standards capture architecture in its most consequential form. The standard for market entry was set by existing device manufacturers who benefit from a pathway that allows rapid iteration on existing products without clinical testing. The standard that emerged reflects the industry's time-to-market interests — not the independent assessment of patient safety that clinical trials would require. The IOM said replace it. The industry said no. The pathway runs.
THE DIGITAL HEALTH RACE — AI IN MEDICAL DEVICES
⚡ FSA Live Node — AI Medical Device Standards · 2026
The FDA has approved over 950 AI/ML-enabled medical devices as of 2026 — diagnostic imaging algorithms, clinical decision support systems, patient monitoring AI. The standards governing these devices — how they are trained, validated, monitored for drift, and updated after deployment — are being developed simultaneously by the FDA, ISO TC 210, IEC SC 62A, and multiple national bodies. The companies participating most actively in these standards development processes are the companies that have already received AI device clearances — and whose existing cleared products would face the most disruption from stringent post-market surveillance requirements.
The specific concern FSA maps: AI medical devices can be updated after clearance through software updates — potentially changing the device's performance significantly without triggering new regulatory review. The standards being written now will determine whether algorithm updates require new safety validation or can be deployed as routine software maintenance. The companies writing those standards have a significant financial interest in the "routine maintenance" classification — because clinical validation of algorithm updates is expensive and time-consuming.
The AI medical device standard is being written right now. The entities writing it have the most to gain from standards that minimize post-market surveillance requirements. The patients who will be diagnosed and treated by AI devices are not in the room. The architecture is identical to surgical mesh. The stakes are higher. The room is the same.
THE FRAME CALLBACK
Post 1: The rules governing physical reality are written by private membership organizations funded by the companies the rules govern.
Post 2: The government makes compliance mandatory. The private organization makes knowledge of what compliance requires proprietary.
Post 3: The standard becomes the ceiling of permitted innovation. The standard protects the market that wrote it.
Post 4: The ITAR Wall is the Closed Door with a citizenship requirement on it. The defense industrial base charges what the Wall allows.
Post 5 adds the medical principle:
Post 5 — The Medical Standard
The medical standard is the Invisible Standard at its most consequential.
When the standard serves the industry rather than the patient — the patient pays with their health. The room that writes the standard determines whose safety it protects. The patient is not in the room. The device company is.
Final Post — Post 6 of 6
The Invisible Standard Closes. 2026. The AI standard race across every sector simultaneously. The climate standard — who defines net zero, what counts as sustainable, what counts as a carbon offset. The architecture of physical reality being written right now by the entities with the most to gain from writing it. The five principles close. The ledger open. The standard invisible. The compliance mandatory.
```
Posts
