Does Your Medical Device Product Liability Policy Cover Software Updates?

Maybe, and the wording is rarely the wording you would write today. Traditional product liability insurance was built for physical products with fixed configurations: a device left the factory, was sold, and entered the field as the same product the policy underwrote. A modern medical device whose software updates continuously after launch breaks that assumption. Each update is effectively a new product configuration in the field, and the question of whether the original product liability policy follows the updated version is one most device companies have never put to their carrier directly.

What the Traditional Form Assumed

A standard products liability form attaches coverage to “your product,” and the policy was priced against the product as it existed at the time of sale. The carrier saw a 510(k) clearance, an indication, a labeled use, and a fixed design, and rated the risk against that snapshot. Field changes were the exception. A recall, a labeling update, or a service bulletin were discrete events that generated their own notices and, where significant, their own underwriting conversation. Continuous post-market change was not in the model.

For a device whose software shipped once and stayed that way, this worked. For a device that pushes weekly firmware updates, monthly algorithm refinements, or quarterly cleared changes under a Predetermined Change Control Plan, the assumption breaks. The product in the field is no longer the product that was sold, and “your product” in the policy wording becomes an active question rather than a settled one.

Where the Update Creates the Exposure

Three update categories matter. The first is a cleared change made through the FDA’s standard mechanism (a new 510(k) for a significant change, or a Special 510(k) for a modification): the device the policy attaches to has formally changed, and whether the policy follows depends on the form’s language about modifications and how the carrier was notified. The second is a change made under a Predetermined Change Control Plan, where the FDA pre-authorized a category of post-market modifications without a new 510(k); the policy may or may not contemplate this mechanism, the exposure mapped in what a Predetermined Change Control Plan means for your device insurance. The third is a routine software update that is not a regulatory change but is still a functional change to the product, which traditional product liability forms rarely address directly.

For AI and machine-learning devices, the issue is sharper still. The algorithm in the field can diverge from the algorithm at clearance through continued learning or model updates, and the version that allegedly caused harm may not be the version the policy was written against, the dynamic detailed in AI medical device product liability coverage.

What to Read in the Policy

A few wording dimensions decide whether the program follows the updated product. The definition of “your product” should be broad enough to include the device as modified post-market, and the carrier should have been put on notice of the update mechanism, whether through a renewal disclosure of the PCCP, a description of the update cadence, or both. The retroactive date and the occurrence-based structure of the form determine which policy responds to a claim alleging harm from an updated version: the policy in effect at the time of injury usually answers, but if the form does not recognize the updated configuration as a covered product, the trigger does not engage.

Sub-limits and exclusions for “products in a state different from the state in which the insured intended” can become live questions for a device that intentionally changes after sale. The cyber exclusion can become a live question for a software change that fixes or introduces a cybersecurity issue. And the “your work” exclusion, which the products form usually carves back into for finished product, can become contested when the modification is delivered as a service.

The Companion Lines Have Their Own Question

A device that ships software updates is rarely covered by products liability alone. The Tech E&O and professional liability lines, where they exist in the program, address the service dimension of the update, the boundary explained in the Tech E&O versus products liability seam for SaMD. A connected device whose update introduces a cybersecurity exposure also engages the cyber-bodily-injury question that products forms increasingly contemplate explicitly. The broader picture of how these lines fit together at commercialization sits in Class II device insurance before commercialization.

What to Do Now

Inventory your update cadence and tell your broker what it is. Whether you push monthly firmware, quarterly cleared changes, or a PCCP-authorized stream of updates, the carrier needs to underwrite the program as it actually is. Ask whether the form’s “your product” definition reaches the updated configuration, whether the carrier has been notified of the update mechanism, and how the policy responds to a claim alleging harm from a version of the product that did not exist when the policy was bound.

The risk is not exotic; it is just that the policy was written for a product that did not change, and yours does. A specialty review through Tower Street Insurance can confirm whether a device company’s products liability program follows the version in the field rather than only the version that was sold.