The FDA Guide to AI in Drug Development

The 2025 Draft Guidance: A New Era for AI in Regulatory Submission Preparation

In January 2025, the FDA issued its first formal draft guidance: “Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products”. This document represents a formal step toward providing industry with a predictable path for incorporating AI into regulatory submissions.

The guidance centers on credibility, which the agency defines as the measure of trust in a model’s performance, backed by evidence, for a specific Context of Use (COU). Specifically, the guidance focuses on AI used to produce information or data intended to support regulatory decision-making regarding safety, effectiveness, or quality. It notably excludes applications limited to early drug discovery or internal operational efficiencies that do not impact patient safety or study reliability. 

The Seven-Step Framework for Credibility 

To help companies prove their AI is ready for regulatory prime time, the FDA suggests a risk-based, seven-step assessment:

1. Define the Question of Interest: What specific decision or concern is the AI solving?
2. Establish the Context of Use (COU): Clearly define the model's role and scope within the development process.
3. Assess Model Influence: How much weight will the AI’s output carry in the final decision?
4. Evaluate Data Fitness: Ensure training data is high-quality, reliable, and representative to avoid algorithmic bias.
5. Audit Design and Development: Verify that the model follows software engineering best practices, including interpretability and explainability.
6. Validate Performance: Use rigorous metrics tailored to the COU on "fit-for-use" data.
7. Implement Life Cycle Management: Set up ongoing monitoring to catch "data drift" before it impacts accuracy.
   
    

From Principles to Practice: Operationalizing the 7-Step Credibility Framework 

Rather than treating the FDA’s seven steps as a checklist, their real value lies in using them to guide operations in GxP environments.

By translating business or scientific objectives into clearly defined regulatory decision points, such as dose selection or patient stratification, while explicitly documenting the AI system’s Context of Use (COU) within validated processes to establish its intended regulatory impact, organizations must then assess model influence by classifying systems based on decision criticality to enable risk-based validation approaches, and ensure data fitness through robust governance practices covering lineage, integrity, and representativeness.

This means recognizing that this extends beyond traditional data integrity constructs and is specifically tied to model credibility.

In parallel, the design and development phase should incorporate software lifecycle controls, versioning, and explainability in alignment with CSV/CSA expectations, followed by performance validation that goes beyond generic accuracy metrics to include COU-specific measures such as robustness, bias assessment, and reproducibility.

Finally, lifecycle management must be implemented through continuous monitoring frameworks capable of detecting model drift or performance degradation and triggering timely revalidation, ensuring that AI systems remain reliable and compliant throughout their use.

The FDA’s Own AI: Meet "Elsa"

In June 2025, the FDA Elsa AI was launched, its own internal generative AI tool built in a high-security environment. Elsa helps reviewers summarize adverse events and perform label comparisons more efficiently. However, the agency is careful to note that Elsa only handles administrative "heavy lifting." Human experts still make every final regulatory decision. 

Global Compliance: The 10 Guiding Principles

Reflecting the global nature of medicine, the FDA and the European Medicines Agency (EMA) jointly released ten guiding principles for Good AI Practice in January 2026. These principles demand a human-centric design, ensuring that AI technology aligns with ethical values and maintains human oversight, also known as the "human-in-the-loop" approach. From a compliance perspective, every processing step and analytical decision must be documented in a traceable and verifiable manner that aligns with GxP standards.

AI is already driving efficiencies that were previously impossible:

• Nonclinical: We are seeing AI-driven small molecules move from discovery to Phase I in as little as 30 months, a process that used to take six years. Predictive toxicology models are now allowing researchers to flag safety issues before even reaching animal studies.
• Clinical Trials: AI "copilots" help writing trial protocols 30% faster. More impressively, AI platforms can now scan medical records to match patients to trials in minutes, a task that once took coordinators 30 hours per patient.
• Manufacturing: The agency’s FRAME initiative is exploring AI for Advanced Process Control (APC), allowing systems to make real-time adjustments to ensure quality. Janssen Pharmaceuticals has already used AI-driven controls to cut testing-to-release time for an HIV drug from 30 days to just 10 days.
• Pharmacovigilance: With nearly two million adverse event reports received annually, the FDA launched the Emerging Drug Safety Technology Program (EDSTP) to discuss how AI can help evaluate these reports faster and more effectively.

The regulatory conversation around generative AI in pharmacovigilance extends well beyond U.S. borders. In December 2025, the Council for International Organizations of Medical Sciences (CIOMS) published its Working Group XIV report, Artificial Intelligence in Pharmacovigilance, the first internationally consensus-based framework of its kind. Rather than prescribing rigid technical specifications, the report establishes seven guiding principles for responsible AI deployment in drug safety: a risk-based approach, human oversight, validity and robustness, transparency, data privacy, fairness, and governance. Notably, the framework aligns with the EU AI Act, EMA reflection papers, and FDA guidance, reinforcing that convergence across global regulatory thinking is not aspirational; it is already underway.

For Marketing Authorization Holders (MAHs), this convergence has direct operational implications. AI tools applied to signal detection, case processing, and literature surveillance do not exist outside the boundaries of GxP, they sit squarely within them. That means validation expectations, audit trail requirements, and human oversight obligations apply just as they would to any other regulated process. Critically, the CIOMS XIV report frames AI oversight as proportionate to risk: the greater an AI system’s influence over a safety decision, the more rigorous the governance controls must be. For PV teams actively evaluating or implementing AI tools, this is a useful anchor, not a barrier to adoption, but a framework for doing it defensibly.

Looking Ahead: AI in GxP

The most important shift underway is not technological, but regulatory and operational. The industry is moving away from evaluating isolated AI outputs toward managing complete, end-to-end AI lifecycles. In parallel, AI systems are no longer treated as standalone tools but as fully integrated components within GxP-governed environments. This evolution also marks a transition from innovation-first experimentation to a more structured, “credibility-by-design” approach, where trust is engineered into the system from the outset rather than assessed retrospectively.

In practical terms, this means that AI must now be treated as a regulated system. Organizations are expected to clearly define contexts of use, apply risk-based validation strategies proportionate to model influence, and ensure full traceability across data, models, and decisions. Continuous performance monitoring becomes essential to detect drift or degradation over time, while governance frameworks must scale with the level of risk associated with each AI application. Taken together, these elements position AI not as an exception to GxP requirements, but fully within them.

How PQE Can Support

This transition introduces complexity but also opportunity.

PQE can support organizations by:

• AI Governance Frameworks
  Designing operating models aligned with FDA, EMA, and global expectations
• Credibility Framework Implementation
  Translating the 7 steps into practical validation and documentation workflows
• Validation & Lifecycle Management
  Applying CSA principles to AI systems, including risk classification and revalidation strategies
• Data & Model Integrity
  Ensuring fitness for use, traceability, and compliance without forcing misaligned frameworks (e.g., avoiding oversimplified ALCOA analogies)
• Inspection Readiness
  Preparing clients to demonstrate credible, explainable, and controlled AI systems
• Auditing & Compliance Assurance
  Providing independent assessments of AI systems, including governance, validation approaches, and lifecycle controls, to identify gaps and ensure alignment with evolving regulatory expectations
• AI Use Case Design (Quality-by-Design)
  Supporting the conceptualization and development of AI use cases through a quality-by-design approach, ensuring clear definition of intended use, risk classification, and regulatory impact from the outset