A reviewer at a national agency does not see your manufacturing line, your scientists, or your intentions. They see a dossier — and the dossier either holds together or it does not. Regulatory affairs is the discipline that decides which. That framing matters because “regulatory affairs” gets treated, inside a lot of organisations, as a downstream paperwork function: science happens, manufacturing happens, and then someone formats the output into the shape an agency wants. That is the misconception that quietly costs companies the most time. Regulatory affairs is not the formatting step at the end. It is the function that owns the defensibility of every claim a company makes to a regulator — and defensibility is a property you have to build in from the start, not bolt on at submission. Once you see it that way, the question of where AI fits becomes much sharper. AI does not make a dossier more defensible by itself. It changes the economics of producing, checking, and maintaining the evidence that makes a dossier defensible — and only if the AI itself is engineered to be defensible. That is the whole game. What Regulatory Affairs Actually Does Strip away the org-chart language and regulatory affairs does three things that no other function owns end to end. It translates scientific and manufacturing reality into the specific structured format each jurisdiction’s agency requires — the eCTD (electronic Common Technical Document) backbone for the FDA and EMA, with regional modules that differ in non-trivial ways. It maintains the truth of that representation over a product’s entire lifecycle, because a marketing authorisation is not a one-time event: every manufacturing change, every new safety signal, every label update is a regulatory transaction with its own evidentiary burden. And it defends the company’s position — it is the function that answers when an agency sends a question, and the speed and quality of that answer is frequently what determines whether a review timeline slips by months. The reason naive interpretations of this role fail is that they treat the dossier as a snapshot. It is not. A submission is a living claim that has to stay consistent across hundreds of documents, multiple jurisdictions, and years of changes. Inconsistency between two documents — a specification stated one way in the quality module and another way in the clinical module — is not a typo. To a reviewer it is a defect in your control of your own information, and that is exactly the kind of finding that triggers a deficiency letter. We see this pattern across life-sciences engagements: the cost is rarely in writing any single document. It is in keeping thousands of interdependent assertions consistent as everything underneath them changes. That is the workload AI is actually good at touching. Where AI Genuinely Fits — and Where It Doesn’t The honest answer is that AI fits well in a narrow, high-value band of regulatory work and fits badly — even dangerously — in another. Drawing that line precisely is more useful than any list of “AI use cases.” Regulatory task AI fit Why Cross-document consistency checking (specs, nomenclature, cross-references) Strong Pattern-matching over structured text at scale; humans are slow and error-prone here Drafting first-pass narrative sections from structured source data Strong, with review Reduces blank-page time; output must be verified, never shipped unread Mapping legacy content into eCTD module structure Strong Classification and reformatting is a well-bounded ML problem Triaging and routing agency questions to the right SME Moderate Useful, but the answer itself is a regulatory judgement Deciding what claim to make to a regulator None This is a strategic and legal judgement with liability attached Approving the final dossier for submission None Accountability cannot be delegated to a model The line is consistent: AI accelerates the evidence-handling layer and contributes nothing — and should be kept away from — the judgement and accountability layer. A model that proposes a label claim is in the wrong place. A model that flags that your dissolution specification appears with two different acceptance criteria in two modules is doing exactly the work the function struggles to do by hand. This distinction is the same one that runs through how AI document automation handles pharma regulatory submissions without breaking GxP: the automation earns its place by being verifiable, not by being autonomous. The Defensibility Trap: When the AI Becomes the Liability Here is the failure mode that catches teams who treat AI as a productivity tool rather than a regulated component. If an AI system touches a GxP record — and a regulatory submission is built from GxP records — then that AI system is itself in scope for validation. You cannot use an unvalidated tool to produce evidence you intend to defend to a regulator, because the moment an agency asks “how do you know this output is correct?”, the answer “the model generated it” is not an answer. This is where regulatory affairs and software engineering collide, and where most pilots quietly die. An organisation buys or builds an AI drafting assistant, runs it on real submission content, and only then discovers that the tool has no audit trail, no version control over the model, no documented assessment of how its behaviour changes when the underlying model is updated, and no defined intended use. Under GAMP 5 risk-based classification for AI/ML software in GxP environments, that tool needs all of those things before its output can be trusted in a dossier. The early warning signs are recognisable. Nobody can say which model version produced a given draft. The “compliance” claim rests on the vendor’s marketing rather than on a documented validation against your intended use. There is no procedure for what happens when the model is retrained or swapped. Each of these is the kind of gap that surfaces under what GxP compliance actually requires for AI software — not in a demo, but in an audit, which is the worst possible place to find it. The reframe is that the AI does not reduce your regulatory burden. It moves part of it: you trade some manual checking effort for the obligation to validate and maintain the tool doing the checking. That trade is often worth it — but only when it is made deliberately, with the validation cost priced in from the start. Treating the tool as outside the regulated system is how a productivity gain turns into a finding. How to Tell Whether AI Belongs in a Given Regulatory Task Before committing a model to any part of the submission workflow, four questions decide whether it belongs there at all. Is the output verifiable? Can a human check the AI’s output against an authoritative source faster than they could produce it themselves? Consistency checks pass this test; novel scientific claims do not. Is the intended use bounded? Can you write down, in one or two sentences, exactly what the tool does and does not do? If you cannot, you cannot validate it, and an unvalidatable tool has no place near a GxP record. Is accountability preserved? Does a named human still own the decision and the signature? AI assists; it never approves. Can you reproduce the behaviour? If the model is updated next quarter, can you demonstrate that its behaviour on your task has not silently drifted? Without version control and a re-validation trigger, you do not control your own evidence. A task that answers “yes” to all four is a strong candidate for automation. A task that fails any of them is a place to keep the human firmly in the loop — and to document why. This decision is structurally the same one pharma teams make about any computerised system — and it sits at the centre of the life-sciences AI work we take on. The validation expectations that flow from EU GMP Annex 11 requirements for computerised systems apply to an AI drafting tool just as they apply to a LIMS or an MES. The technology is newer; the obligation is not. FAQ What does regulatory affairs do in a pharmaceutical company? Regulatory affairs owns the defensibility of every claim a company makes to a health agency. In practice that means translating scientific and manufacturing reality into the structured submission formats each jurisdiction requires, maintaining the consistency of that representation across a product’s entire lifecycle, and answering agency questions when they arise. It is a continuous evidence-management discipline, not a one-time formatting step at the end of development. Where does AI actually fit in regulatory affairs? AI fits the evidence-handling layer — cross-document consistency checking, mapping legacy content into eCTD structure, and first-pass drafting from structured source data, always with human review. It does not belong in the judgement layer: deciding what to claim to a regulator and approving a final submission are strategic and legal decisions that cannot be delegated to a model. The reliable test is whether the AI’s output is verifiable faster than a human could produce it. Does using AI reduce a company’s regulatory burden? Not exactly — it moves part of the burden rather than removing it. You trade manual checking effort for the obligation to validate and maintain the AI tool itself, because any system that touches a GxP record falls in scope for validation. That trade is frequently worthwhile, but only when the validation cost is priced in from the start rather than discovered during an audit. Why does an AI submission tool need validation? Because a regulatory dossier is built from GxP records, and you cannot defend evidence produced by an unvalidated tool. When an agency asks how you know an output is correct, “the model generated it” is not a defensible answer. Under GAMP 5 and Annex 11, an AI tool needs documented intended use, version control, an audit trail, and a re-validation trigger for model updates before its output can be trusted in a submission. Regulatory affairs is, at bottom, the function that has to be able to defend a claim years after it was made — which means the real question for any AI you introduce is not “does it make us faster?” but “will it still be defensible the day a reviewer asks how it works?”
