Following the Regulatory Landscape
It is important to note that AI validation is not a one-time event. It’s an ongoing governance commitment by your company. The regulations and guidelines will also continue to evolve throughout the life of your AI systems. As is common, industry is moving faster than regulatory bodies can keep up. This is not an excuse to under document – auditors will still expect proper risk assessment, testing, and documentation.
Organizations must determine what constitutes adequate validation in the absence of finalized guidance. However, conscientious companies will continue to follow regulatory guidelines as they are developed and published.
By doing so they will not only have an opportunity to provide input and public comment on the regulations but will also be well prepared when the guidelines are finalized. A few new guidelines have been issued over the last few years that can give a good start:
- EU AI Act
- FDA AI/ML SaMD Action Plan
- ISO 23894 (AI risk management)
- NIST AI Risk Management Framework

Bottom Line
The advent of Artificial Intelligence has introduced incredibly powerful tools that have the potential to address product development, manufacturing, and public health in ways only dreamed of years ago. The AI landscape is changing at an unprecedented pace. Those still using old validation practices will quickly get left behind if they do not update and adapt.
While it’s easy for implementing companies to feel fearful or left behind, the key is intentionality. By establishing a documented risk-based framework and applying CSA principles, they will find themselves more than capable of not only keeping up but also reducing audit exposure and governance burden. Customers will ultimately be able to use these AI tools to lead in their respective spaces.

