FDA Cracks Down on Wearable Devices: Lessons from WHOOP and Dexcom Enforcement Actions

Articles
Written By Michael Schellhous and Sam Pinson

Recent enforcement actions by the Food and Drug Administration (FDA) send a clear message to the digital health industry: FDA’s oversight extends well beyond traditional medical devices, to consumer wearables and software platforms. These new devices and digital heath technologies are now squarely in FDA’s sights.

Digital health and device companies can no longer rely on “general wellness” labels or disclaimers to avoid active regulation. In addition to scrutinizing how products are marketed, FDA is also taking a close look at the data they process and whether their functions are inherently medical. Without a clear regulatory strategy that adapts to shifting enforcement trends, these companies risk warning letters, product recalls, or costly redesigns that threaten market momentum and investor confidence.

Two recent enforcement actions—one involving WHOOP and the other involving Dexcom—highlight how both marketing claims and post‑market performance can trigger FDA scrutiny.

WHOOP Warning Letter: Blood Pressure Data as “Inherently Medical”

Founded in 2012, WHOOP built its brand around performance‑focused fitness wearables and associated apps that track sleep, stress, strain, and heart health. WHOOP has consistently positioned its products as promoting a healthy lifestyle, classifying them as “general wellness” tools exempt from FDA regulation.

That strategy was directly challenged in July 2025, when the FDA issued a warning letter to WHOOP regarding its Blood Pressure Insights (BPI) feature. This feature estimates the systolic and diastolic blood pressure of users and is marketed as a way to “offer members a new way to understand how blood pressure affects their performance and well‑being.” The FDA determined that this function constitutes a medical device under the Federal Food, Drug, and Cosmetic Act (FD&C Act) and found WHOOP in violation of the Act for failing to submit a 510(k) premarket notification or a premarket approval (PMA) application, or to register the device with FDA.

Two factors drove the FDA’s classification decision:

  1. Blood pressure data is inherently medical. FDA concluded that blood pressure is inherently tied to diagnosing hypertension or hypotension.  Blood pressure data is directly linked to identifying, treating, or preventing disease, providing readings or estimates falls squarely within the FDA’s definition of a medical device.

  2. Regulatory precedent matters. FDA noted that other products with blood pressure measurement functions have been reviewed and cleared as regulated medical devices. This is noteworthy since, as FDA’s portfolio of cleared digital health devices grows, similar products are far more likely to require clearance or approval.

The broader implication of the WHOOP warning letter is that FDA is narrowing its tolerance for “general wellness” claims. If a wearable device or software app captures data that is inherently diagnostic in nature, or if there is precedent for FDA regulation of a similar product, it is likely to be regulated as a medical device regardless of the language used in marketing the product.

Dexcom Recall: How Use Context Affects Risk

Unlike WHOOP, Dexcom already markets multiple FDA‑cleared medical products, including several wearable continuous glucose monitoring (CGM) devices for people with diabetes. However, in July 2025, Dexcom initiated a Class I recall (the FDA’s most serious recall classification) for its G6, G7, ONE, and ONE+ CGM receivers after discovering a speaker defect in some receivers that could prevent alerts for high or low blood sugar from sounding. The FDA classified the defect as high risk because a missed alert could delay detection of dangerous glucose levels, potentially leading to serious injury or death.

The Dexcom recall underscores a key regulatory principle: a software function’s risk profile depends not only on what it does, but also on how, when, and in what context it is used. While in this case, the defect was with the speaker within the receiver, that defect prevented the alert functionality of the software from performing as expected.

It is important to understand that a function that poses minimal or no risk in one context (for example, an alert that your quality of sleep the prior night was suboptimal) can be high-risk in another context (for example, an alert that your blood glucose is very low), resulting in a shift in regulatory requirements. Alerts from software or mobile health apps that are integral to preventing harm MUST function reliably and are therefore subject to increased scrutiny.  

Where SaMD Fits In

Software as a Medical Device (SaMD) is software intended for a medical purpose that operates independently of a hardware device. SaMD can require regulatory clearance or approval by FDA depending on its risk profile. Some low‑risk SaMDs may qualify for “enforcement discretion,” whereby the normal regulatory requirements are not enforced by FDA. However, if there is some potential risk to patient safety, SaMD will be subject to regulation just like any other device. Notably, in 2016, the 21st Century Cures Act excluded certain categories of software from regulation, specifically stating that functions such as administrative support, general wellness apps, and some non-device clinical decision support tools are not medical devices, and therefore not regulated as such.

Whether a digital health product is regulated as SaMD depends heavily on its intended use, the type of data it processes, and the risks posed by malfunction or misuse. Understanding this classification early is critical to designing a compliant regulatory strategy.

Key Takeaways for Digital Health Founders

  • Marketing won’t override regulatory reality. Labeling a feature as “wellness” will not exempt it if the FDA views it as inherently medical.

  • Plan regulatory strategy early. Determining the right pathway during design and development avoids costly gaps and redesigns.

  • Post‑market vigilance matters.** FDA oversight continues after clearance. Robust monitoring and risk management are essential.

  • Investor confidence hinges on compliance.** A clear regulatory strategy can be a competitive advantage in fundraising and due diligence.

  • Cross‑functional integration is key.** Aligning legal, engineering, and marketing teams strengthens both compliance and growth strategy.

Conclusion

The WHOOP and Dexcom cases send a clear message: FDA oversight of digital health products is expanding, and enforcement will be driven by function and risk rather than marketing labels. For digital health innovators, compliance is not just about avoiding warning letters or recalls; it’s about safeguarding patients, preserving market access, and protecting investor confidence.

At Nixon Law Group, we help digital health and SaMD companies navigate FDA’s evolving regulatory landscape—from early classification strategy to 510(k) submissions, post‑market monitoring, and marketing review. Contact us for practical guidance that keeps your company moving forward.

Michael Schellhous and Sam Pinson
Previous

Inside the Deal: Healthcare VCs to Watch with Kristi Ebong - Digital Health Innovation, Fundraising, and Founder Discipline
Next

OIG’s 2025 Report on Remote Patient Monitoring: Growth, Compliance Red Flags, and Medicare Billing Clarifications