Standards Development

Scope

This document specifies requirements and provides guidelines for three key areas of non -medical BCI products that are entering or already available for purchase in the market:

a) Guidelines for minimum human testing requirements for commercialisation.

b) Protocols for post-market surveillance.

c) Standards for transparency in marketing.

These guidelines are intended to ensure that manufacturers inform all users about the scope of testing, known limitations, and potential long-term side effects.

This specification is particularly relevant for developers and vendors of BCI technologies, as well as professionals who may recommend or refer these products as part of their professional roles (e.g., clinicians, therapists, human factors engineers, consultants, coaches, consumer advocacy groups, etc).

This technical specification excludes requirements relating to medical devices and also excludes BCI that only being used for academic research with no direct intent for commercialisation.

The document does not prescribe a complete risk-management system; manufacturers are expected to conduct such activities in accordance with [output of WG9 – security, safety, privacy and ethics], as well as ISO 14971, ISO 31000 or equivalent, and to docume nt how the resulting hazards, misuse scenarios and residual-risk targets inform the testing and surveillance activities specified herein.

If a country or region has regulations or guidelines related to this document, these will take precedence over this document.

Purpose

The proliferation of non-medical Brain-Computer Interface (BCI) devices introduces novel regulatory challenges. Though not classified as medical, these devices interface closely with the human nervous system and can be used for long periods of time. As suc h, non-medical BCIs have a risk of producing side-effects– defined here as unintended physiological, cognitive, or mental changes that may be damaging or harmful – analogous to those of medical devices. 

Medical devices have highly regulated development cycles, undergo rigorous clinical trials to assess safety and efficacy, are prescribed and supervised in their use by trained clinical professionals, and are also subject to post-market surveillance (for example, see ISO 14971:2019 – Medical Device Risk Management and ISO 14155:2020 – Clinical Investigations for Medical Devices). Other examples of feedback mechanisms between biotech companies and consumers of medical products include the “yellow card” system for pharmaceuticals to report side-effects.

 Similar procedures are almost completely lacking for non -medical devices, which frequently have limited human testing focusing on electrical safety and short -term usage. The current regulatory landscape for non - medical BCI devices imposes little to no requ irements on manufactures or vendors to systematically assess or report potential long-term side effects, with no shared framework for post -market surveillance. This absence of regulation means consumers of non-medical BCIs are not systematically informed of potential side effects, beyond short-term risk assessment, and have no formal mechanism to flag emerging concerns with long-term use. This naturally also leads to a commercial environment where there are no incentives to investigate or report side-effects: a good actor who takes the initiative to transparently report side -effects might be paradoxically perceived as the higher risk one. This leads to the potential risks of mental, physical, cognitive and societal side effects of prolonged or intensive use remaining largely unexamined and unreported, particularly with vulnerable user groups. Moreover, the effects of BCIs are shaped by individual differences and diverse usage contexts, further complicating safety evaluations and amplifying the need for neuro-aware testing and standards. There is a need to provide users with the relevant information about what has been tested and the limitations of these tests. This will enable users to make well -informed decisions based on transparent and accessible informatio n. Information is required for valid consent.

While there are established standards and existing frameworks for other non -clinical consumer technologies, existing frameworks these do not reflect the unique challenges of BCIs. These devices differ fundamentally from conventional consumer-facing technologies in that their function evolves with use and interacts with the users’ cognitive and neural processes in unpredictable ways. As a result, assumptions built into traditional technology safety, such as fixed device behaviours and passive user roles, do not hold in the case of BCIs. This gap highlights the need for guiding best practices for non -clinical BCI human testing and consumer relations, particularly for devices that will be used intensively or over long periods of time (see ISO 31000:2018 – Risk Management Guidelines). Such guidelines should consider the very broad range of devices and use purposes, but also the multiple safety aspects involving, including physiological, cognitive, emotional, and social factors.

 Key areas for guidance development include guidelines for minimum human testing requirements for commercialisation (including data storage and management standards), transparency in marketing based on the results from the testing, protocols for post-market surveillance, and consent processes, especially given the sensitivities around human testing. In this context, a critical need emerges for the protection of vulnerable user groups, both in terms of how their testing data is being safeguarded, and how thei r unique needs are being addressed as part of the testing protocols.

An important consideration in the development of technical specifications for non -medical BCIs is the wide diversity of developers working in this area. This includes a wide range of entities from sole traders, academic spin-offs, small startups, to large corporations. Some implementations will only focus on a subset of the identified requirements that relate to a specific application of BCI technology. It is essential that any testing or monitoring schemes shall support smaller developers, ensuring they ar e not disadvantaged in comparison to more established companies. In particular, as longitudinal testing becomes increasingly relevant, any future regulations must balance the need for ongoing innovation with the responsibility to inform consumers about potential long-term effects of these technologies. Additional challenges include establishing an effective consumer feedback loop, especially in a global market where communication barriers can complicate responsiveness and data exchange.

A final consideration is that of the governance of data collected for post -market surveillance, particularly given its sensitivity and the need for shared access. Currently, no specific body is responsible for managing this data, raising questions about oversight and accountability. Mechanisms may need to be developed to address this gap.