Regulatory Use & Lifecycle Management

Safety, security & robustness

Data & digital tools: 

New data generated, continuous validation and tests of robustness; model versioning updated (compatible with continuous integration and continuous deployment (CICD) requirements) and continuous improvement. Incident response and CAPA processes in place; documentation maintained according to organisation’s quality system; cybersecurity controls monitored.

Personnel Training:

Adoption of best practices for safe and robust quality management systems.​

Links:

ICH Q1: https://database.ich.org/sites/default/files/Q1A%28R2%29%20Guideline.pdf

ICH Q2(R2): https://database.ich.org/sites/default/files/ICH_Q2%28R2%29_Guideline_2023_1130_ErrorCorrection_2025.pdf

ICH Q8(R2): https://database.ich.org/sites/default/files/Q8%28R2%29%20Guideline.pdf

ICH Q10: https://database.ich.org/sites/default/files/Q10%20Guideline.pdf

ICH Q12: https://database.ich.org/sites/default/files/Q12_Guideline_Step4_2019_1119.pdf

ICH Q13: https://database.ich.org/sites/default/files/ICH_Q13_Step4_Guideline_2022_1116.pdf

ICH Q14: https://database.ich.org/sites/default/files/ICH_Q14_Guideline_2023_1130_ErrorCorrection_2025.pdf

ICH M4Q (R2): https://www.ema.europa.eu/en/documents/scientific-guideline/ich-m4qr2-guideline-common-technical-document-registration-pharmaceuticals-human-use-quality-step-2b_en.pdf

ICH M15: https://database.ich.org/sites/default/files/ICH_M15_EWG_Step2_DraftGuideline_2024_1031.pdf

ISO/IEC 5259:2024-2025 (AI data quality management bundle): https://www.iso.org/publication/PUB200525.html

ISO/IEC 5469 :2024 (Functional safety and AI systems): https://www.iso.org/standard/81283.html

ISO/IEC TS 6254:2025 (Information technology — Artificial intelligence — Objectives and approaches for explainability and interpretability of machine learning (ML) models and artificial intelligence (AI) systems): https://www.iso.org/standard/82148.html

ISO/IEC CD TS 8200:2024 (Information technology — Artificial intelligence — Controllability of automated artificial intelligence systems): https://www.iso.org/standard/83012.html

ISO/IEC 22989:2022 (Information technology — Artificial intelligence — Artificial intelligence concepts and terminology): https://www.iso.org/standard/74296.html

ISO/IEC 23894:2023 (Information technology — Artificial intelligence — Guidance on risk management): https://www.iso.org/standard/77304.html

ISO/IEC 25012:2008 (Software engineering — Software product Quality Requirements and Evaluation (SQuaRE) — Data quality model): https://www.iso.org/standard/35736.html

ISO/IEC 27001:2022/Amd 1:2024 (Information security, cybersecurity and privacy protection — Information security management systems — Requirements): https://www.iso.org/standard/88435.html

ISO/IEC 27002:2022 (Information security, cybersecurity and privacy protection — Information security controls): https://www.iso.org/standard/75652.html

ISO/IEC 27006-1:2024 (Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of information security management systems): https://www.iso.org/standard/82908.html

ISO/IEC 27035-1:2023 (Information technology — Information security incident management): https://www.iso.org/standard/78973.html

ISO/IEC TR 29119-11:2020 (Software and systems engineering — Software testing Part 11: Guidelines on the testing of AI-based systems): https://www.iso.org/standard/79016.html

ISO 42001:2023 (Information technology — Artificial intelligence — Management system): https://www.iso.org/standard/42001

ISPE AI GAMP: Artificial Intelligence GUIDE: https://ispe.org/publications/guidance-documents/gamp-guide-artificial-intelligence

FDA Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/artificial-intelligence-enabled-device-software-functions-lifecycle-management-and-marketing

FDA Guidance for Industry Process Validation: General Principles and Practices: https://www.fda.gov/files/drugs/published/Process-Validation--General-Principles-and-Practices.pdf

FDA Assessing the Credibility of Computational Modeling and Simulation in Medical Device Submissions - Guidance for Industry and Food and Drug Administration Staff: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/assessing-credibility-computational-modeling-and-simulation-medical-device-submissions

FDA Predetermined Change Control Plans for Machine Learning-Enabled Medical Devices: Guiding Principles: https://www.fda.gov/medical-devices/software-medical-device-samd/predetermined-change-control-plans-machine-learning-enabled-medical-devices-guiding-principles

EMA and FDA set common principles for AI in medicine development: https://www.ema.europa.eu/en/news/ema-fda-set-common-principles-ai-medicine-development-0

EMA Guideline on Real Time Release Testing (formerly Guideline on Parametric Release): https://www.ema.europa.eu/en/documents/scientific-guideline/guideline-real-time-release-testing-formerly-guideline-parametric-release-revision-1_en.pdf

EU Artificial Intelligence Act Article 12: Record-Keeping: https://artificialintelligenceact.eu/article/12

EU Artificial Intelligence Act Article 72: Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI Systems: https://artificialintelligenceact.eu/article/72

EU Artificial Intelligence Act Article 73: Reporting of Serious Incidents: https://artificialintelligenceact.eu/article/73

UK Government Implementing the UK’s AI regulatory principles: initial guidance for regulators: https://www.gov.uk/government/publications/implementing-the-uks-ai-regulatory-principles-initial-guidance-for-regulators