relevant to Good Automated Manufacturing Practice (GAMP).

Understanding these regulations forms the foundation upon which RA professionals must build AI-integrated quality systems that meet both regional and international requirements.

Documentation Requirements

Documentation plays a critical role in demonstrating compliance with regulatory expectations. Key documentation requirements for AI-enabled quality systems include:

Validation Documentation

• Validation Plan: Clearly define the scope, objectives, and validation strategy tailored to the specific AI application.
• User Requirements Specification (URS): Outline the essential functions and performance criteria of the AI system.
• Functional Specification (FS): Detail technical specifications required to meet user needs.
• Validation Protocols: Provide step-by-step methodologies for conducting performance, operational, and user acceptance testing.

Data Integrity Documentation

• Data Retention Policy: Establish procedures for data storage, retrieval, and backup.
• Audit Trail Documentation: Ensure that electronic systems maintain comprehensive audit trails that chronologically record changes to data and system operations.
• Access Control Procedures: Define user access levels and authentication processes to safeguard sensitive data.

Review/Approval Flow

Effective RA processes for AI-enabled quality systems must include a structured review and approval flow to ensure each component meets regulatory compliance. Key stages of this process involve:

Pre-Submission Preparation

Before submitting any documentation for regulatory approval, ensure that:

• All necessary documentation is complete and accurately reflects the system capabilities.
• Cross-functional teams, including Quality Assurance (QA), Clinical, and Information Technology (IT), collaborate to review documentation.
• Compliance with applicable guidelines, including ICH E6 and GAMP, is confirmed.

Submission Process

For submissions to the FDA, EMA, or MHRA:

• Determine the appropriate submission type, whether it be a New Application, Variation, or Supplement.
• Provide evidence of AI validation and adherence to data governance requirements.
• Utilize clear and concise language to explain AI operational capabilities and how they meet regulatory expectations.

Post-Submission Activities

After submission, be prepared for potential agency queries. Address these queries promptly, ensuring that responses are thorough and based on documented evidence.

Common Deficiencies

Understanding common deficiencies encountered during regulatory review can help RA professionals avoid pitfalls. Some frequent issues include:

• Inadequate Validation: Failure to demonstrate compliance with validation requirements can lead to non-compliance findings.
• Insufficient Audit Trails: Lack of comprehensive audit trails may lead regulators to question the integrity and reliability of data.
• Poor Access Controls: Weak security measures around system access can pose risks for data breaches, potentially impacting patient safety and product quality.

To mitigate these deficiencies, implement a robust governance framework that continuously reviews and updates systems and processes. Regular audits and trainings can also reinforce compliance.

RA-Specific Decision Points

When managing the regulatory lifecycle of AI-enabled quality systems, key decision points must be considered, including:

When to File as a Variation vs. New Application

A crucial decision for RA professionals is determining when to file a submission as a variation versus a new application. Consider the following:

• Variation: If changes to the AI system are incremental, such as improvements in algorithms or enhanced functionalities that do not alter the intended use or indication, a variation may be appropriate.
• New Application: If the AI system introduces fundamentally new capabilities or changes the intended use, consider submitting a new application to ensure comprehensive review.

How to Justify Bridging Data

Justifying the need for bridging data is important, especially when deploying AI-driven tools that depend on varying datasets. To justify bridging data:

• Clearly articulate the rationale behind the selected datasets and their relevance to the current application.
• Document how the data supports the integrity of the AI system’s learning mechanisms and outputs.
• Provide comparative analyses demonstrating consistency with existing validated systems, if applicable.

Conclusion

AI-enabled quality systems are transforming the landscape of pharmaceutical and biotech industries, and regulatory compliance is essential to ensure ethical and effective practice. Regulatory Affairs professionals must thoroughly understand relevant regulations, maintain robust documentation, and address common deficiencies proactively. By following best practices for cybersecurity and access controls, while navigating decision points effectively, professionals can create validated, compliant AI systems that enhance quality assurance and foster innovation.

For further detailed guidance on regulatory compliance and expectations, refer to 21 CFR Part 11, Annex 11, and ICH Quality Guidelines.