On March 30, 2023, the FDA issued a guidance document called Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act. The document signals the FDA’s initial approach to reviewing premarket submissions of medical devices that meet the definition of a ‘cyber device’—i.e., a device that can connect to the internet and could be vulnerable to cyberattacks—to ensure compliance with new minimum cybersecurity standards adopted in Section 524B of the Food, Drug and Cosmetic Act as part of the Consolidated Appropriations Act, 2023, signed into law on December 29, 2022. While the guidance document takes effect immediately, there is a preliminary period, ending on October 1, 2023, for cyber device sponsors to prepare to meet Section 524B’s requirements. During this preliminary period, the FDA’s policy is generally to not issue “refuse to accept decisions” based solely on the failure to meet Section 524B requirements.