On April 29, 2026, the Center for Drug Evaluation (CDE) of China’s National Medical Products Administration (NMPA) released its Supplementary List of External Experts (Third Batch, 2025), adding 74 experts—including 12 specialists in AI-assisted diagnostic device human factors and biometric security. This development signals heightened regulatory attention on clinical compliance pathways for biometric identity technologies in healthcare settings, particularly Mobile Credentials for medical access control and Identity Flow for patient identification. Companies involved in the design, export, or certification of medical-grade biometric terminals—especially those targeting international markets—should closely monitor evolving NMPA and CFDA-aligned validation requirements.

Event Overview

On April 29, 2026, the CDE published the Supplementary List of External Experts (Third Batch, 2025). The list includes 74 newly appointed external experts. Among them, 12 are specifically designated for expertise in ‘human factors engineering and biometric security for AI-assisted diagnostic devices’. Their scope covers clinical compliance pathways for biometric applications including Mobile Credentials in healthcare facility access control and Identity Flow in patient identity verification. The notice also states that export of medical-grade biometric terminals from China requires strengthened dual-track verification under both CFDA and NMPA frameworks.

Impact on Specific Industry Segments

Medical Device Exporters

Exporters of biometric terminals classified as Class II or Class III medical devices face direct implications: the explicit mention of ‘CFDA/NMPA dual-track verification’ indicates stricter alignment between pre-market registration and post-market conformity assessment. Impact manifests in longer lead times for overseas market entry—particularly where local regulators reference Chinese technical documentation or certification outcomes.

Hardware Manufacturers (Biometric Terminal OEMs/ODMs)

Manufacturers integrating biometric modules into medical terminals must now anticipate more rigorous human factors evaluation during technical dossier preparation. The inclusion of 12 experts focused on AI-assisted diagnostics and biometric security suggests future CDE guidance may emphasize usability testing protocols, liveness detection validation, and identity lifecycle management—beyond basic ISO/IEC 13485 compliance.

Regulatory Affairs & Certification Service Providers

Third-party service providers supporting NMPA submissions will need to expand competency in biometric-specific risk analysis, especially around identity assurance, data integrity in credential handoff (e.g., between mobile apps and clinical systems), and traceability of biometric template storage. The expert cohort’s focus on ‘clinical compliance pathways’ implies upcoming emphasis on real-world use-case validation—not just lab-based performance testing.

What Relevant Enterprises or Practitioners Should Focus On

Track official updates on biometric-specific technical guidance

The appointment of 12 dedicated experts signals preparatory work for forthcoming documents. Enterprises should monitor CDE’s public consultation notices and draft technical review guidelines related to AI-assisted diagnostics and biometric identity—especially those referencing ISO/TR 80001, IEC 82304-1, or NMPA’s 2024 Human Factors Guidance.

Prioritize alignment between product architecture and Identity Flow clinical scenarios

For products using Mobile Credentials or Identity Flow, current compliance efforts should explicitly map each biometric interaction point (enrollment, authentication, revocation) to documented clinical workflows and associated risk controls. This mapping is likely to become a prerequisite in future dossier reviews.

Distinguish between policy signal and operational requirement

The expert list itself does not constitute new regulation—but it reflects institutional prioritization. Companies should treat this as an early indicator, not immediate enforcement. However, submissions filed after Q3 2026 may encounter informal requests for expanded biometric safety evidence, especially for AI-integrated devices.

Review existing supply chain documentation for biometric module traceability

Manufacturers should verify whether upstream suppliers of biometric sensors, SDKs, or cryptographic libraries provide NMPA-recognized validation reports—particularly regarding anti-spoofing, template protection, and audit logging. Gaps here may delay technical dossier acceptance.

Editorial Perspective / Industry Observation

Observably, this expert appointment is less a regulatory milestone than a capacity-building step: the CDE is strengthening internal capability to assess increasingly complex biometric integrations in medical devices. Analysis shows the selection criteria—focusing on human factors and identity security rather than algorithm accuracy alone—suggests a shift toward system-level clinical risk assessment. From an industry perspective, this is best understood not as an immediate compliance trigger, but as confirmation that biometric functionality in regulated healthcare contexts is transitioning from ‘feature’ to ‘critical subsystem’. Continued attention is warranted because subsequent technical guidance—and potential inspection focus—will likely derive from this expert cohort’s collective input.

Conclusion

This update reflects institutional preparation—not yet formal rulemaking—for more granular oversight of biometric identity technologies in medical devices. It underscores that compliance for such products will increasingly hinge on demonstrable integration with clinical workflows and robust human factors validation, rather than standalone hardware or software certification. Currently, it is more appropriate to interpret this development as a directional signal for regulatory maturation, rather than a change in enforceable requirements.

Information Sources

Main source: Center for Drug Evaluation (CDE), National Medical Products Administration (NMPA), Supplementary List of External Experts (Third Batch, 2025), issued April 29, 2026. Ongoing observation is recommended for related technical guidance drafts and CDE consultation announcements concerning AI-assisted diagnostic devices and biometric identity verification in healthcare settings.