In This Article
- Executive Summary
- From Pre-Cert Pilot to Today: What Actually Happened
- Why Pharma AI Teams Should Care About a Device Program
- How PCCPs Actually Work in AI/ML Submissions
- The 2025 Lifecycle Management Draft Guidance
- Comparing the US and EU: A Practical Table
- What Pharma Quality and Regulatory Teams Should Monitor
- A Practical Playbook for the Next 12 Months
- Conclusion
- References & Sources
Executive Summary
The FDA’s Software Precertification (Pre-Cert) Pilot Program, launched in 2017 and formally concluded with a report in September 2022, did not become the regulatory framework the agency originally envisioned. Yet the ideas it tested, organization-level quality assessment, real-world performance monitoring, and streamlined review for iterative software, have quietly reshaped how the FDA regulates AI-enabled software across both devices and drug products. By mid-2026, pharma AI teams cannot afford to treat Pre-Cert as a closed chapter. Its intellectual DNA is now embedded in the January 2025 draft guidances on AI-enabled device software functions and on AI in drug development, in the finalized Predetermined Change Control Plan (PCCP) framework, and in the FDA’s broader posture on total product lifecycle oversight.
For pharma quality, regulatory, and IT leaders, the practical question is no longer whether Pre-Cert survived. It is which pieces of that framework now apply to models used in manufacturing, pharmacovigilance, clinical operations, and companion software, and how those pieces intersect with the EU AI Act’s high-risk regime, which begins meaningful enforcement in August 2026 for Annex III systems and August 2028 for products already regulated as medical devices. The answer determines what evidence you need to keep, what change control looks like when your model is not a device, and how much regulatory latitude you actually have to iterate.
This article traces the arc from Pre-Cert to today’s fragmented but coherent AI regulatory stack. It explains how PCCPs work in practice, what the 2025 draft guidances signal for pharma, and where the US and EU frameworks converge and diverge. It closes with a monitoring checklist and a twelve-month playbook that boutique-consulting practice has proven useful for pharma teams standing up AI governance without waiting for perfect regulatory clarity.
From Pre-Cert Pilot to Today: What Actually Happened
The Pre-Cert Program was ambitious in ways that are easy to forget now. When the FDA launched the pilot in 2017 as part of its Digital Health Innovation Action Plan, the premise was that some software products change so rapidly that traditional premarket review, product by product, submission by submission, could not keep pace. The agency proposed pre-certifying entire organizations on the basis of five excellence principles: patient safety, product quality, clinical responsibility, cybersecurity responsibility, and proactive culture. A pre-certified company would then be able to bring qualifying software to market with a lighter review, on the theory that a demonstrably excellent organization posed lower risk than one being assessed for the first time.1
Nine companies participated in the pilot, including Apple, Fitbit, Johnson & Johnson, Roche, Samsung, Verily, Pear Therapeutics, Phosphorus, and Tidepool. Over five years, the FDA published a working model, a test plan, and eventually a September 2022 report that acknowledged what most observers already understood: the pilot had run into two structural problems the agency could not solve on its own. First, its existing statutory authorities did not comfortably accommodate an organization-level pre-certification concept for medical devices. Second, measuring organizational quality with a repeatable, defensible methodology proved harder than measuring a specific product.2
The 2022 report was clear-eyed. It concluded that the pilot had been useful as an exploration, but that new statutory authority would be needed to operationalize the model at scale. That authority never came. Instead, Congress passed the Food and Drug Omnibus Reform Act (FDORA) in December 2022, which included Section 3308 authorizing Predetermined Change Control Plans, a targeted mechanism for pre-authorizing iterative changes to specific products rather than pre-certifying entire organizations. Pre-Cert, in effect, was superseded by a narrower, more surgical instrument that Congress was willing to grant.3
The through-line worth remembering.
Pre-Cert failed as a program but succeeded as a set of ideas. Its emphasis on organizational quality culture, iterative change, and real-world performance monitoring now shows up throughout FDA’s AI regulatory stack, most visibly in PCCPs, in the 2025 lifecycle management draft guidance, and in the January 2025 draft on AI in drug development. Understanding this lineage helps pharma teams read where the FDA is heading, not just where it has been.
Why Pharma AI Teams Should Care About a Device Program
The first objection is reasonable. Pre-Cert and its successor guidances speak in the language of medical devices and 510(k) submissions. Most pharma AI initiatives are not devices. They are models used to optimize manufacturing yield, triage adverse event reports, predict clinical trial enrollment, or draft regulatory narratives. Why should a regulatory affairs director in pharma care about a program aimed at software as a medical device?
Three reasons, each of which the FDA has made increasingly explicit in the last eighteen months.
The Same Concepts Are Migrating into Pharma Guidance
In January 2025, the FDA issued a draft guidance titled “Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products.” This is not a device guidance. It applies to models used across the nonclinical, clinical, post-marketing, and manufacturing phases of the drug product lifecycle when the output supports a regulatory decision about safety, effectiveness, or quality.4
The draft guidance is structured around two concepts that trace directly back to Pre-Cert and to the AI/ML SaMD Action Plan: the idea of a “context of use” that scopes what the model is doing and why, and a risk-based framework for establishing model credibility appropriate to that context. Sponsors are expected to define the model’s role, assess risks, and compile credibility evidence that scales with the consequences of getting the model’s output wrong. This is Pre-Cert’s total product lifecycle thinking translated into pharma vocabulary.5
Pharma Companies Are Increasingly Building Devices
The line between pharma and med tech is blurring. Companion diagnostics, drug-device combination products, digital therapeutics adjuncts, and AI-enabled clinical decision support tools deployed alongside a drug all sit at the intersection. If a pharma company launches an AI-enabled patient monitoring tool alongside its therapy, that tool is very likely software as a medical device, and everything the FDA has said about AI-enabled device software functions applies directly. The 2025 draft guidance on lifecycle management is the operative document.6
Global Regulators Are Aligning Around Common Principles
The Good Machine Learning Practice (GMLP) principles first published jointly by the FDA, Health Canada, and the UK MHRA in 2021 were finalized by the International Medical Device Regulators Forum (IMDRF) in 2025 as ten guiding principles covering the AI lifecycle from data through deployment and monitoring. GMLP principles are non-binding, but they are increasingly expected in submissions and lifecycle documentation, and they apply the same logic to any AI-enabled system where clinical performance matters, regardless of whether the artifact is technically a device.7
Add to this the FDA-EMA joint principles on responsible use of AI in drug development, published in early 2025, and the direction is unmistakable. The regulators expect a consistent set of controls, data quality, model documentation, risk-proportionate validation, human oversight, and post-deployment monitoring, whether the model sits in a device, a manufacturing execution system, or a regulatory submission workflow.8
The Practical Overlap Nobody Talks About
There is a quieter reason pharma teams should care, and it rarely surfaces in vendor pitches or trade press coverage. Modern pharma organizations increasingly deploy the same underlying AI infrastructure across regulated and unregulated use cases. A large language model used to draft internal memos may also, six months later, be used to summarize adverse event narratives. A vision model built for warehouse logistics may be repurposed to inspect vial fill lines. When the model crosses that threshold, the regulatory expectations change immediately, and the documentation that would have satisfied an inspector needs to already exist, not be reconstructed after the fact.
This is the practical failure mode we see most often in pharma AI programs: the model becomes GxP-relevant before anyone in quality or regulatory notices. By the time it matters, the training data lineage cannot be reconstructed, the validation dataset was never versioned, and the monitoring instrumentation was designed for uptime rather than performance drift. Pre-Cert’s original insight, that quality and lifecycle discipline are properties of the organization, not the product, is exactly the insight pharma teams need to internalize before their AI systems find their way into GxP workflows.
How PCCPs Actually Work in AI/ML Submissions
The Predetermined Change Control Plan is the single most consequential AI-specific regulatory mechanism to emerge from the Pre-Cert lineage. The FDA finalized the guidance in December 2024 and updated it in August 2025. Any pharma organization touching AI-enabled device software should understand it, and the underlying logic informs how the FDA thinks about controlled iteration for AI models more broadly.9
What a PCCP Is and What It Solves
A PCCP is a manufacturer-proposed plan submitted alongside a marketing application (typically a 510(k), De Novo, or PMA) that pre-authorizes specific modifications the manufacturer intends to make after clearance. Without a PCCP, most substantive changes to a cleared device require a new marketing submission. With one, the modifications described in the plan can be implemented under a controlled protocol without a new submission, provided the manufacturer stays within the plan’s scope.10
The mechanism was authorized by Section 515C of the Federal Food, Drug, and Cosmetic Act, added by FDORA in December 2022. Its practical value for AI-enabled devices is enormous. A retrained model, an updated performance envelope, an expanded intended-use population, changes that would previously have required a new submission each time, can now be handled through a pre-authorized change plan, provided the manufacturer has done the work to describe those changes and their controls upfront.11
The Three Required Sections
Description of Modifications
A specific, enumerated list of the changes the manufacturer intends to make post-authorization. This is not “we may update the model.” It is a bounded set of change types tied to the device’s intended use, performance claims, and target population.
Modification Protocol
The methodology for implementing each modification: data management, retraining triggers, performance evaluation, update procedures, and traceability. This is where GMLP principles become concrete controls.
Impact Assessment
Analysis of how each modification could affect device safety, effectiveness, and risk-benefit profile. This must include benefits and risks, and address how the modification interacts with previously authorized changes.
Transparency to Users
How the manufacturer communicates changes to clinicians and patients. The final guidance emphasizes that transparency is not optional; users need to understand what has changed and what has not.
Where Pharma AI Teams See PCCP Logic Applied
Even when a model is not a device, the PCCP’s underlying logic, describe the change, describe the protocol, describe the impact, is showing up in FDA expectations for AI in drug development. The January 2025 draft guidance on AI in drug development does not use the term “PCCP,” but it does ask sponsors to describe how models will be maintained and updated over their lifecycle, how retraining decisions will be triggered, and how the credibility case survives model updates. In practice, a well-constructed PCCP-equivalent will satisfy a growing share of these expectations.12
Common PCCP Design Mistakes to Avoid
Reviewing PCCPs that have gone well and those that have not, a small number of design mistakes account for most of the friction with the FDA. The most common is scope drift, writing modifications so broadly that the plan cannot credibly bound the impact assessment. A PCCP that says “the model may be retrained on new data” without specifying what kind of data, from what sources, meeting what quality criteria, will not survive review. The second is treating the modification protocol as a checklist of steps rather than a scientifically justified methodology. The FDA wants to see that the protocol will actually detect problems if the modification introduces them, not just that a procedure will be followed. The third is a thin impact assessment that considers each modification in isolation rather than in combination with prior authorized changes. The cumulative effect of small changes is often where risk accumulates.
The teams that build PCCPs well treat them as living design documents rather than one-time submission artifacts. They rehearse modifications against the plan before executing them, use tabletop exercises to identify gaps in the protocol, and revise the plan proactively when their operating experience reveals new failure modes. This mirrors how mature pharmaceutical quality systems handle change control for other GxP software: the discipline exists precisely because the guarantees the plan makes are only as good as the plan’s fidelity to actual practice.
Sakara Digital perspective. The teams that will handle the next five years well are the ones treating PCCP-style thinking as a template, not just a device-specific artifact. Even for internal manufacturing AI or pharmacovigilance models that will never see a marketing submission, the discipline of writing down what will change, how it will change, and what impact those changes could have is exactly the documentation an inspector will ask for. Build the muscle before you need it.
The 2025 Lifecycle Management Draft Guidance
Released on January 6, 2025, “Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations” is the most consequential FDA document on AI in software to date. It is still a draft as of mid-2026, but its recommendations already function as de facto expectations for AI-enabled device submissions and, by extension, as a strong signal to any pharma team building AI systems that touch clinical or manufacturing decisions.13
What the Guidance Asks For
The draft guidance organizes recommendations around the Total Product Life Cycle. It asks manufacturers to include, in marketing submissions:
- A detailed model description, including architecture, training data provenance, and design rationale
- Data lineage documentation covering how training, tuning, and test datasets were assembled, curated, and split
- Performance evidence tied specifically to intended-use claims, not just aggregate metrics
- Bias analysis and mitigation strategies, including subgroup performance where applicable
- Human-AI workflow documentation describing where and how humans interact with model output
- Post-market monitoring plans for real-world performance, drift detection, and adverse event handling
- A PCCP where post-market modifications are contemplated
None of these are surprising individually. Together, they represent a substantially higher documentation bar than most AI submissions have historically cleared. The guidance also emphasizes bias and health equity considerations explicitly, and it treats transparency, both to users and within submissions, as a first-class deliverable.14
Real-World Performance Monitoring Comes Front and Center
One of the clearest through-lines from Pre-Cert to the 2025 guidance is post-market performance monitoring. Pre-Cert’s original vision anticipated that pre-certified organizations would supply the FDA with ongoing real-world performance data as a condition of the lighter premarket review. That specific bargain never materialized, but the expectation of real-world monitoring has become a general one. The 2025 guidance asks manufacturers to describe how they will detect performance degradation, distribution shift, and workflow changes that could affect model behavior, and how they will act on those signals.15
Define Monitoring Objectives
Tie monitoring to the specific performance claims and intended use. What must remain true for the model to be safe and effective? Those are your monitoring targets.
Instrument the Deployment Environment
Capture inputs, outputs, and outcome data with enough fidelity to compute performance metrics over time. This is often where legacy validation approaches fall short.
Detect Drift and Degradation
Establish thresholds and statistical methods for identifying when observed performance departs materially from expected performance.
Trigger Investigation and Change Control
When thresholds are breached, initiate an investigation. If the response is model modification, it should follow the PCCP protocol (for devices) or the equivalent internal change control (for non-device AI).
Communicate to Stakeholders
Document what changed, why it changed, and what users need to know. Transparency is a lifecycle discipline, not a one-time submission requirement.
Comparing the US and EU: A Practical Table
The EU AI Act, which entered into force in August 2024 with a phased implementation timeline, classifies AI systems used as safety components of products regulated under the Medical Device Regulation or In Vitro Diagnostic Regulation as “high-risk.” Deadlines for these systems have been the subject of active revision as part of the EU’s Digital Omnibus proposals, but as currently structured, high-risk medical AI systems face a long-stop compliance date of August 2, 2028, with the Chapter III requirements applying after transitional periods once the Commission confirms support measures are in place.16
For pharma AI teams, the practical question is how the EU regime overlaps with, and diverges from, the FDA’s approach. The following comparison covers the areas where alignment or divergence has the biggest operational impact.
| Requirement Area | US (FDA) | EU AI Act (High-Risk) |
|---|---|---|
| Scope trigger | Software meets device definition or AI supports a regulatory decision for a drug/biologic | AI system is safety component under MDR/IVDR or listed in Annex III (broader by design) |
| Risk-based framework | Context of use, risk-based credibility (drug guidance); total product lifecycle (device guidance) | Risk management system as continuous, iterative process across the AI lifecycle (Article 9) |
| Data governance | GMLP principles; data lineage and dataset splits required in submissions | Explicit Article 10 data governance requirements: relevance, representativeness, accuracy, bias examination |
| Transparency | Transparency principles finalized 2024; user-facing communication expected | Article 13 requires clear instructions for use, including capabilities and limitations |
| Human oversight | Human-AI workflow documentation in submissions; principle-level in GMLP | Article 14 mandates measures enabling effective human oversight throughout deployment |
| Change control | PCCP finalized August 2025; pre-authorized modifications with defined protocol | Substantial modifications trigger reassessment; no direct PCCP analogue yet |
| Post-market monitoring | Real-world performance monitoring in lifecycle guidance; adverse event reporting | Article 72 post-market monitoring plan; serious incident reporting under Article 73 |
| Conformity assessment | 510(k), De Novo, or PMA depending on risk classification | Notified Body involvement for most high-risk systems, integrated with MDR conformity assessment |
| Compliance timeline | PCCP guidance in effect; lifecycle draft in force as expectation | Annex III systems Dec 2, 2027; Annex I products (including medical devices) Aug 2, 2028 |
Where dual-jurisdiction pharma will feel the friction. The FDA and EU frameworks agree on principles but diverge on how those principles are implemented. Change control is the sharpest example. A PCCP that satisfies the FDA does not automatically satisfy an EU Notified Body, and the EU’s concept of “substantial modification” is not perfectly aligned with the FDA’s framing of what falls inside a PCCP versus what triggers a new submission. Teams operating in both jurisdictions need a design that satisfies both, which usually means the stricter of the two.
Reading the Divergence Correctly
It is tempting to treat the US and EU frameworks as if they will eventually converge into a single global standard. That expectation is unlikely to be borne out on any actionable timescale. The FDA’s approach is grounded in decades of device and drug regulatory practice, adapted for AI’s iterative nature. The EU AI Act sits above sectoral regulations as horizontal legislation, imported into pharma and med tech contexts through MDR and IVDR conformity assessment machinery. These structural differences will persist even as the substantive requirements move in similar directions.
The practical implication is that pharma organizations should design their AI governance to satisfy the stricter of the two frameworks on each dimension, and to produce artifacts flexible enough to be assembled into either an FDA submission or an EU technical documentation file. This is not a translation exercise done at the end. It is an architectural decision made at the start of the governance program, and it is the decision that most often determines whether the program scales or has to be reworked in year three.
What Pharma Quality and Regulatory Teams Should Monitor
The regulatory landscape for AI in life sciences is changing quickly enough that a static compliance program will not survive. Quality and regulatory teams should build ongoing monitoring for a defined set of upstream signals that predict where enforcement expectations will land.
FDA Signals
- Final version of the 2025 lifecycle management guidance. The draft is likely to be finalized in the second half of 2026 or early 2027. When it lands, it will crystallize submission expectations.
- Final version of the AI in drug development guidance. Same timing pattern. Its finalization will affect every sponsor using AI in nonclinical, clinical, post-marketing, or manufacturing activities.
- Updates to the FDA’s list of authorized AI-enabled medical devices. The FDA has signaled that it will tag devices using foundation models. That tagging will provide the first structured public view of how the agency treats large language models and multimodal systems in device contexts.
- CDER and CBER pilot programs. The CMC Development and Readiness Pilot (CDRP) and the AI-Enabled Optimization of Early-Phase Clinical Trials Pilot are testing science- and risk-based approaches that inform where AI will be accepted in mainstream regulatory workflows.17
Global Signals
- EU AI Act implementing acts and Commission guidelines. The Commission has been issuing guidance on high-risk classification and on general-purpose AI. Each new guideline shifts the compliance perimeter.
- EU Digital Omnibus reforms. Proposed simplifications to the interaction between the AI Act, GDPR, and sectoral rules like MDR could materially change what pharma has to do. These are moving targets in 2026.18
- IMDRF guidance evolution. With GMLP finalized in 2025, IMDRF is likely to move on to more specific work products on validation, monitoring, and transparency. These typically show up in national guidance within twelve to eighteen months.
- Notified Body positions. For EU-marketed products, NB expectations often lead formal guidance. Watch published position papers and inspection findings.
Internal Signals
- Model inventory completeness. If your organization does not have a current, accurate inventory of AI/ML systems in use, and their intended contexts of use, you are behind. This is the single most useful artifact you can build in 2026.
- Change control gaps. Are model updates going through the same change control as other GxP software changes? If not, that gap will surface in the next inspection.
- Real-world performance data. Are you capturing the data you would need to demonstrate that deployed models are still performing? If the data is not being captured, the demonstration cannot be made after the fact.
Where boutique consulting has helped. The pharma teams that have made the most progress are the ones who stopped waiting for perfect regulatory clarity and started building the artifacts that any plausible final rule will demand: model inventory, context-of-use documentation, credibility assessments, change control mapped to model updates, and monitoring instrumentation. When the guidance finalizes, they have the substrate to comply. When it does not, they have better internal control regardless.
A Practical Playbook for the Next 12 Months
Pharma AI teams reading this in July 2026 have a narrow but real window before both the FDA and EU frameworks harden further. A practical playbook for the next twelve months breaks into three tracks that should be executed in parallel.
Track 1: Build the Foundational Artifacts
Every organization using AI in a GxP-relevant workflow should have, by the end of 2026:
- A complete AI/ML inventory, refreshed at least quarterly
- A context-of-use statement for each system, at a granularity that supports credibility assessment
- Data lineage documentation for training, tuning, validation, and test datasets
- Documented human-AI workflow and points of intervention
- A retraining and change control procedure that maps to PCCP-style thinking
- Post-deployment monitoring instrumentation with defined thresholds
None of these require the guidance to be final. All of them will be needed regardless of how the final guidance reads.
Track 2: Address the Dual-Jurisdiction Reality
Organizations that market or plan to market in the EU need a compliance design that satisfies both FDA and EU AI Act expectations. This is not a translation exercise. It is a design decision about which framework’s stricter position governs each control. A common pattern that works:
- Use the FDA’s context-of-use framing as the anchor because it aligns with pharma’s existing risk-based validation vocabulary
- Layer EU AI Act Article 9 risk management as the continuous process wrapper
- Adopt EU Article 10 data governance requirements as the floor for data documentation, since they are more prescriptive than FDA’s principles
- Design change control to include a PCCP-equivalent that also satisfies the EU’s substantial modification criteria
- Instrument post-market monitoring to feed both FDA real-world performance expectations and EU Article 72 requirements
Track 3: Monitor the Regulatory Signal Stack
Assign someone accountable for monitoring the FDA, EMA, EU Commission, MHRA, IMDRF, and NIST AI publications. Not a passive subscription; an active monitoring role with a defined cadence and escalation triggers. The volume of guidance in flight makes this a real job.
A useful pattern is to run a monthly regulatory intelligence review where the assigned owner presents new guidance, warning letters, and industry positions to a small cross-functional group covering quality, regulatory affairs, IT, and the AI product owner. The review should produce two outputs: a change log that annotates the organization’s AI inventory with new applicable requirements, and a short “what changed for us” note that circulates to the broader team. Without this cadence, guidance updates land unevenly and lag by months, which is precisely when compliance debt accumulates.
Track 4: Invest in the Governance Muscle
The Pre-Cert Program’s most durable insight was that credible AI oversight is an organizational competency, not a document. The organizations that will comply well over the next three years are the ones investing now in three specific capabilities: a small central AI governance function with the authority to require documentation, a clear escalation path when a model changes context of use or crosses a risk threshold, and training for GxP quality staff on what AI-specific validation actually requires. None of these show up in a guidance document, but all of them are visible to inspectors and reviewers who have started asking about them explicitly.
Investing in this muscle is also a hedge against regulatory ambiguity. When the guidance is fuzzy, credible governance becomes the differentiator between “we are handling this well” and “we hope the reviewer does not notice.” The former posture creates trust with regulators and buys latitude when the guidance eventually clarifies. The latter posture generates deficiencies that are expensive to remediate and slow to close.
A closing observation on Pre-Cert’s legacy. The Pre-Cert Pilot is easy to caricature as a failed program, and in the narrowest sense that framing is accurate. But the program’s real contribution was to force the FDA to think through what regulating iterative software actually requires. Every serious FDA document on AI since then bears that thinking. The pharma teams that internalize this history read the current guidance stack more accurately than those who treat each document as a standalone artifact.
Conclusion
The Pre-Cert Program did not become the regulatory framework the FDA originally proposed, but the questions it raised, how to regulate software that changes constantly, how to monitor real-world performance, how to give manufacturers appropriate latitude to iterate, remain the animating questions of AI regulation across both devices and drugs. The Predetermined Change Control Plan mechanism, the 2025 lifecycle management draft guidance, the AI in drug development draft, and the growing body of IMDRF and joint FDA-EMA principles are the answers the agencies have been assembling. For pharma AI teams in 2026, understanding this lineage matters because it explains why the regulatory expectations are converging on a common set of controls even as the guidance documents themselves remain scattered.
Sakara Digital works with pharma and biotech organizations building the operational muscle to comply with this evolving stack without waiting for perfect clarity. If you are standing up model inventory, PCCP-equivalent change control, or a dual-jurisdiction AI governance design and want an independent perspective on where to start, we are happy to have that conversation.
References & Sources
- U.S. Food and Drug Administration. “Digital Health Software Precertification (Pre-Cert) Pilot Program.” FDA.gov. https://www.fda.gov/medical-devices/digital-health-center-excellence/digital-health-software-precertification-pre-cert-pilot-program
- U.S. Food and Drug Administration. “The Software Precertification (Pre-Cert) Pilot Program: Tailored Total Product Lifecycle Approaches and Key Findings.” September 2022. https://www.fda.gov/media/161815/download
- Presidential Innovation Fellows. “Informing the FDA’s Digital Health Pre-Cert Program.” https://presidentialinnovationfellows.gov/projects/fda-precert/
- Foley & Lardner LLP. “AI Drug Development: FDA Releases Draft Guidance.” January 2025. https://www.foley.com/insights/publications/2025/01/ai-drug-development-fda-releases-draft-guidance/
- Goodwin Procter LLP. “FDA Publishes Draft Guidance on Use of Artificial Intelligence in the Development of Drugs and Biological Products.” January 2025. https://www.goodwinlaw.com/en/insights/publications/2025/01/alerts-lifesciences-aiml-fda-publishes-its-first-draft-guidance
- CenterWatch. “FDA Guidance on AI-Enabled Devices: Transparency, Bias, and Lifecycle Oversight.” 2025. https://www.centerwatch.com/insights/fda-guidance-on-ai-enabled-devices-transparency-bias-lifecycle-oversight/
- U.S. Food and Drug Administration. “Good Machine Learning Practice for Medical Device Development: Guiding Principles.” https://www.fda.gov/medical-devices/software-medical-device-samd/good-machine-learning-practice-medical-device-development-guiding-principles
- DLA Piper. “Key Takeaways from FDA’s Draft Guidance on Use of AI in Drug and Biological Life Cycle.” January 2025. https://www.dlapiper.com/en-us/insights/publications/2025/01/fda-releases-draft-guidance-on-use-of-ai
- McDermott+Consulting. “FDA Issues Final Guidance on Predetermined Change Control Plans for AI-Enabled Devices.” December 2024. https://www.mcdermottplus.com/insights/fda-issues-final-guidance-on-predetermined-change-control-plans-for-ai-enabled-devices/
- U.S. Food and Drug Administration. “Predetermined Change Control Plans for Machine Learning-Enabled Medical Devices: Guiding Principles.” https://www.fda.gov/medical-devices/software-medical-device-samd/predetermined-change-control-plans-machine-learning-enabled-medical-devices-guiding-principles
- medRxiv. “Regulating Flexibility for Artificial Intelligence: FDA Experience with Predetermined Change Control Plans.” August 2025. https://www.medrxiv.org/content/10.1101/2025.08.26.25334477v1
- Morrison & Foerster LLP. “FDA Draft Guidance on Artificial Intelligence-Enabled Device Software Functions.” January 2025. https://www.mofo.com/resources/insights/250121-fda-draft-guidance-on-artificial
- Federal Register. “Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations; Draft Guidance for Industry and FDA Staff.” January 7, 2025. https://www.federalregister.gov/documents/2025/01/07/2024-31543/artificial-intelligence-enabled-device-software-functions-lifecycle-management-and-marketing
- King & Spalding LLP. “FDA Releases Draft Guidance on Submission Recommendations for AI-Enabled Device Software Functions.” https://www.kslaw.com/news-and-insights/fda-releases-draft-guidance-on-submission-recommendations-for-ai-enabled-device-software-functions
- Innolitics. “2025 Draft FDA Guidance: Artificial Intelligence-Enabled Device Software Functions.” https://innolitics.com/articles/draft-fda-ai-device-software-guidance/
- Reed Smith LLP. “The EU AI Act and Medical Devices: Navigating High-Risk Compliance.” https://www.reedsmith.com/our-insights/blogs/viewpoints/102kq35/the-eu-ai-act-and-medical-devices-navigating-high-risk-compliance/
- Federal Register. “AI-Enabled Optimization of Early-Phase Clinical Trials Pilot Program; Request for Information.” April 29, 2026. https://www.federalregister.gov/documents/2026/04/29/2026-08281/ai-enabled-optimization-of-early-phase-clinical-trials-pilot-program-request-for-information
- Arnold & Porter. “EU Digital Omnibus: What the Proposed Reforms Mean for Pharma and MedTech.” February 2026. https://www.arnoldporter.com/en/perspectives/advisories/2026/02/eu-digital-omnibus-what-the-proposed-reforms-mean-for-pharma-and-medtech
- Petrie-Flom Center, Harvard Law School. “Simplification or Back to Square One? The Future of EU Medical AI Regulation.” March 2026. https://petrieflom.law.harvard.edu/2026/03/05/simplification-or-back-to-square-one-the-future-of-eu-medical-ai-regulation/
- Regulatory Affairs Professionals Society. “EU Commission Drafts Guidelines on Classifying High-Risk Systems Under the AI Act.” https://www.raps.org/resource/eu-commission-drafts-guidelines-on-classifying-high-risk-systems-under-the-ai-act.html
- U.S. Food and Drug Administration. “Chemistry, Manufacturing, and Controls Development and Readiness Pilot (CDRP) Program.” https://www.fda.gov/drugs/pharmaceutical-quality-resources/chemistry-manufacturing-and-controls-development-and-readiness-pilot-cdrp-program
- U.S. Food and Drug Administration. “Artificial Intelligence for Drug Development.” Center for Drug Evaluation and Research. https://www.fda.gov/about-fda/center-drug-evaluation-and-research-cder/artificial-intelligence-drug-development








Your perspective matters—join the conversation.