Two recent actions involving the United States Food and Drug Administration (FDA), in July 2025 – one, a FDA warning letter to WHOOP and the other, a Class I recall by Dexcom – are instructive in understanding the FDA’s evolving approach to Software as a Medical Device (SaMD) and connected health products.
FDA’s oversight is driven by what a product actually does, not by how it is labelled or marketed. Where exactly that line falls depends on a fact pattern that shifts meaningfully from one product to the next.
The Whoop Warning Letter
- WHOOP, founded in 2012, built its market position around performance-focused wearables and associated applications tracking sleep quality, cardiovascular strain, and recovery. Its commercial and regulatory strategy rested on classifying its products as “general wellness” tools, a category that, under the Federal Food, Drug, and Cosmetic Act (FD&C Act) and the FDA’s published guidance, is not subject to the same premarket clearance and registration requirements as medical devices.
- That strategy was challenged directly in July 2025 when the FDA issued a warning letter concerning WHOOP’s Blood Pressure Insights (BPI) feature. The BPI feature estimates systolic and diastolic blood pressure and is marketed as helping users “understand how blood pressure affects their performance and well-being.” FDA determined that this function constitutes a medical device under the FD&C Act and found WHOOP to be in violation for failing either to submit a 510(k) premarket notification, obtain premarket approval (PMA), or register the device with the FDA.
- Two factors drove the classification decision. First, the FDA concluded that blood pressure measurement is inherently medical. Second, the FDA pointed to regulatory precedent that other products performing blood pressure measurement functions had already been reviewed and cleared as regulated medical devices, making it increasingly untenable for WHOOP to maintain a wellness exemption for materially similar functionality.
The Dexcom Class I Recall
- Dexcom sits in a different position as it already markets cleared CGM systems for diabetes management. In July 2025, it initiated a Class I recall, FDA’s highest risk classification, after identifying a speaker defect in certain receivers that could prevent audible glucose alerts from sounding.
- The underlying principle this illustrates is not simply that FDA calibrates risk to clinical context, but that the same category of software failure can range from immaterial to life‑threatening depending on what it monitors and who relies on it. Companies developing connected health technologies often consult healthcare & life sciences lawyers to assess regulatory obligations throughout the product lifecycle.
What This Means for Digital Health Companies
Both actions point to the same underlying framework: one built around intended use, data type, and failure risk. But how those variables interact, and where a specific product lands as a result, is genuinely fact-specific. The same feature can land on different sides of the line depending on marketing language, comparator products already on the market, and the clinical consequences of getting it wrong.
Principles Emerging from These Actions
- “General wellness” framing is not a blanket shield, particularly where the underlying data is inherently tied to diagnosing or managing a disease.
- FDA’s existing library of cleared products functions as a benchmark which keeps shifting as more products get cleared.
- Classification decisions are best made at the design stage, not retrofitted once a product is market-ready or under scrutiny. Early regulatory planning with a technology law firm can help developers identify compliance requirements before product launch.
- Post-market obligations like surveillance, adverse event reporting, recall readiness, carry as much weight as premarket clearance itself.
- Intended Use, Data Type, and Failure Risk are the three core variables that, when taken together, determine whether and how a digital health product will be regulated. Understanding how these variables interact is the foundation of any coherent regulatory strategy for a wearable or SaMD product.
These are useful signposts, but they are not a substitute for a product-specific assessment. The honest answer to “does my feature need clearance” almost always starts with “it depends,” and the variables it depends on are exactly the kind of thing that benefit from a closer look rather than a general rule.
Key Takeaways
a) Classify Early: Developers should identify regulatory status during the design phase, not right before launch, especially if the product handles medical data.
b) Watch Your Marketing: The FDA judges the product based on the developer’s description of it. It is advised not to make “wellness” claims that secretly sound diagnostic or therapeutic.
c) Match Risk with Monitoring: If the product is a cleared medical device (like an alert-based software), the post-market safety tracking needs to be thorough.
d) Investors are Watching: Regulatory slip-ups (like FDA warning letters) are public and can affect fundraising and partnership deals.
Authors: Shantanu Mukherjee, Maitreyi Ramdas























