Summary
Artificial intelligence is rapidly becoming part of the quality and regulatory landscape. From drafting procedures and technical documentation to auditing management systems and analysing post-market surveillance data, AI-powered tools are increasingly being used to support regulatory activities across the medical device industry.
In his latest article, Leon Doorn examines the growing role of AI in Quality Assurance (QA) and Regulatory Affairs (RA), highlighting both the opportunities these technologies create and the risks organisations must address before relying on them in regulated environments.
The article explores a range of practical use cases where AI can support quality and regulatory functions. These include drafting Quality Management System (QMS) and Information Security Management System (ISMS) procedures, generating records such as CAPAs and root cause analyses, reviewing technical documentation, auditing compliance against standards such as ISO 13485 and ISO/IEC 27001, and identifying trends within post-market surveillance data.
While these capabilities can improve efficiency and help organisations process large volumes of information, Leon stresses that AI outputs should never be accepted without appropriate oversight. He outlines several categories of risk that organisations should consider when implementing AI-enabled regulatory workflows.
These include functional risks such as hallucinations, omissions, inaccurate interpretations, and incomplete regulatory assessments. The article also discusses privacy and confidentiality concerns when sensitive company or patient information is entered into AI systems, as well as security risks associated with cloud-based AI platforms, prompt injection attacks, data manipulation, and third-party dependencies.
A significant focus of the article is the role of the user. Even powerful AI tools remain dependent on the expertise of the person operating them. Without sufficient regulatory knowledge, users may struggle to recognise incorrect outputs, missing requirements, or flawed recommendations, potentially introducing compliance risks into product development and regulatory decision-making processes.
Leon also highlights what he considers one of the most important long-term risks: the erosion of human expertise. As AI becomes more integrated into quality and regulatory activities, organisations must ensure that professionals continue to develop the knowledge and critical thinking skills necessary to oversee these systems effectively. Human oversight remains a fundamental requirement under the EU AI Act and is, in Leon’s view, the most important mitigation measure available.
The article concludes that AI can significantly strengthen quality and regulatory activities when implemented responsibly. However, organisations should combine AI adoption with robust validation, supplier qualification, staff training, governance controls, and continued investment in regulatory expertise.
Read the full article by Leon Doorn on Automating Regulatory Compliance: The future of quality and regulatory?
