and store data used in clinical trials and submissions.

EU Annex 11: Similar to 21 CFR Part 11, Annex 11 under the EU GMP guidelines deals with the use of computerized systems in a regulated environment. It provides specific requirements for data management and integrity.

Guidelines from ICH: The International Council for Harmonisation offers guidelines (such as ICH Q8, Q10, and Q12) that address quality by design principles and emphasize the importance of data integrity throughout the product lifecycle.

Documentation Requirements

Effective documentation is a cornerstone of data governance for AI. Regulatory authorities scrutinize documentation to ensure compliance with established guidelines. The following types of documents are essential:

• Data Governance Framework: A comprehensive document that outlines data management policies, roles, responsibilities, and procedures.
• Validation Protocols and Reports: Detailed protocols that describe how AI models will be validated against performance criteria, including acceptance tests, and the results of those validations.
• Change Control Documents: Properly documented changes to AI systems must be tracked to ensure compliance and maintain data integrity.
• Risk Management Plans: Planning that outlines potential risks associated with AI systems, as recommended by ICH Q9 guidelines.

Review/Approval Flow

The review and approval process for AI-related submissions involves multiple steps, which vary by regulatory agency. Below is a suggested flow particularly relevant to interactions with the FDA, EMA, and MHRA:

1. Pre-Submission Meetings: Engage with regulatory authorities early to discuss AI approaches and data governance concerns.
2. Submission Preparation: Compile necessary documentation, focusing on compliance and validation data.
3. Submission Review: Await feedback from the agency, being prepared to answer queries regarding data governance practices and AI model validation.
4. Responding to Agency Queries: Timely and thorough responses to any questions raised during the review process are essential for expediency.
5. Post-Approval Monitoring: Continuous evaluation and documentation of AI system performance throughout its lifecycle.

Common Deficiencies

During regulatory reviews, specific deficiencies frequently arise regarding data governance for AI technologies. Awareness of these common pitfalls can aid in preemptive remediation:

• Inadequate Documentation: Missing or incomplete records related to data governance activities, model validation, and compliance with 21 CFR Part 11 or EU Annex 11.
• Insufficient Change Control Processes: Failure to document and evaluate changes in AI models, which may lead to compliance issues and data integrity concerns.
• Weak Validation Practices: AI models lacking rigorous validation, which may not meet the necessitated performance criteria or expectations outlined in ICH guidelines.
• Lack of Risk Management: Inadequate identification and mitigation of risks associated with AI that can impact data integrity and patient safety.

RA-Specific Decision Points

Effective regulatory submission strategies hinge on making the right decisions at critical junctures. Some essential decision points include:

When to File as Variation vs. New Application

Determining whether an AI software change constitutes a variation or warrants a new application is pivotal.

• Consider filing a variation if the changes do not impact the product’s intended use or if there are only minor adjustments to the AI model that do not affect safety or efficacy.
• If the AI system experiences significant changes that might influence its output and thereby the safety or efficacy profile, a new application should be pursued to ensure full regulatory oversight.

Justifying Bridging Data

When using data from existing studies to support new AI applications, adequately justifying the choice of bridging data is vital. RA professionals should:

• Clearly articulate how the existing data is relevant and applicable to the new application context.
• Demonstrate comparability between the existing data sets and the target population or conditions of the new application.
• Address potential gaps in data through additional studies or analyses if required.

Practical Tips for Documentation and Responses

To streamline the regulatory process for AI systems, consider the following practical tips:

• Maintain Clear Communication: Regularly engage with regulatory bodies to clarify expectations and changes in guidance on AI technologies.
• Create a Centralized Repository: Organize all documentation related to AI governance, validation, and regulatory submissions in a single, accessible location.
• Develop Checklists: Utilize document checklists for submission completeness to ensure all necessary information is included.
• Run Mock Regulatory Inspections: Conduct internal audits simulating regulatory inspections to identify potential deficiencies in documentation and compliance.

Conclusion

As regulatory expectations evolve, especially concerning data governance for AI technologies, it is essential for regulatory affairs professionals to cultivate a deep understanding of guidelines and best practices. By ensuring that documentation is robust, embracing thorough validation processes, and preparing to address agency queries effectively, organizations can navigate the complexities of compliance across the FDA, EMA, and MHRA frameworks.

Additional Resources

For further reference, regulatory affairs professionals can consult the following resources:

• FDA’s official website
• EMA’s official site
• MHRA’s homepage