Key takeaways
- Define intended use and prohibited use before choosing the model.
- Part 11 questions depend on whether electronic records and signatures are created, modified, maintained or transmitted.
- Source citations help review but do not prove that an answer is correct.
- A quality owner retains authority for deviations, CAPA and release decisions.
Do not call a model GxP compliant
A model is one component. The validated state belongs to the configured system and process: intended use, data, prompts or retrieval, interfaces, access, records, review, change control and procedures. A public model name does not establish fitness for a regulated use.
Define intended use and prohibited use
An intended-use statement should name the user, workflow, input, output and decision boundary. For example, an assistant may retrieve approved passages for an investigator but may not determine root cause, approve a CAPA or release a batch. Prohibited uses should be tested, not merely written in policy.
Map the authoritative record
Identify the source of truth for document status, version, permissions and controlled updates. A retrieval assistant can cite an obsolete or unauthorized record if metadata and access rules are incomplete. The reviewer must be able to open the source and understand why it was returned.
Apply risk-based assurance
The FDA's Computer Software Assurance guidance describes a risk-based approach for production and quality-system software. For an AI workflow, assurance evidence can include requirements, risk assessment, representative tests, expected and unexpected cases, access tests, audit evidence, change control, monitoring and approved procedures. The depth should match the risk of the intended use.
Understand the Part 11 boundary
FDA Part 11 guidance addresses electronic records and electronic signatures. Determine whether the AI application creates, modifies, maintains, archives, retrieves or transmits regulated electronic records, and which system remains authoritative. Logging every model token does not by itself create a compliant audit trail; the record, meaning, access and review process matter.
Evaluate retrieval and generation separately
Test whether the correct controlled evidence is retrieved before judging the final answer. Record performance by document type, version, permission and question class. Then evaluate whether the answer is supported by the retrieved passages, whether uncertainty is visible and whether escalation works.
Control change after approval
Models, prompts, retrieval rules, documents, interfaces and infrastructure can all change behaviour. Define which changes require assessment, regression testing, approval and rollback. A vendor's silent model update may be unacceptable for a validated boundary.
Preserve human authority
AI can organize evidence and draft language. Qualified people remain responsible for investigation conclusions, CAPA decisions, batch disposition, quality approval and regulatory commitments.



