GxP AI policy: what a workable AI use policy should control
A GxP AI policy defines who may use which AI, for what purpose and with which data. It also states when a use case needs GxP and risk assessment, how sources and changes are evidenced, and where human review remains mandatory. No universal rule requires a document with that exact title. A written policy is nevertheless a practical way to turn broad obligations into decisions, controls and records people can use.
Why a general AI policy is not enough for GxP
“Do not put confidential data into public chatbots” is a useful rule. It is not enough for GxP work. A team must also know whether an AI output merely supports brainstorming or later feeds an SOP, URS, deviation assessment or quality decision.
The decisive boundary is therefore not the tool’s brand but its intended use. The closer an output comes to product quality, patient safety, data integrity or a GxP record, the more explicit accountability, review and evidence must become.
A policy does not make AI use GxP-compliant by itself. It does stop every employee from having to reinvent the same boundary.
The one screening question before every AI use case
If the answer is no, privacy, confidentiality, copyright or AI Act rules may still apply. If the answer is yes or unclear, the use case belongs in a documented GxP and risk assessment before productive use.
This initial screen is deliberately simple. It does not replace intended use, quality risk management or validation. It ensures that relevant cases reach them at all.
Practical screening question
Does the AI output support or change a GxP record, a controlled document, a regulated process, or a decision that may affect product quality, patient safety or data integrity?
Ten building blocks of a defensible GxP AI policy
- Purpose, scope and definitions: who is covered, which systems and outputs are included, and how AI, generative AI, models and providers are distinguished.
- Permitted use cases: which tasks approved tools may support — for example research, drafting, summarisation or comparison.
- Prohibited or restricted use: what remains barred until separately assessed, such as autonomous approval, critical decisions or unapproved data input.
- Approved tools and data boundaries: which providers, tenants, contractual settings and data classes may be combined.
- Intended use and risk: who describes the use, determines GxP relevance and sets the required controls.
- Sources and factual basis: which claims must be traceable to controlled sources and how open points remain visible.
- Output status and human review: AI creates a proposal, not a self-approved work state. Reviewers, depth and decision criteria are named.
- Records and audit trail: which inputs, sources, versions, changes, decisions and rationales must remain available.
- Roles, training and AI literacy: users, SMEs, QA, IT, privacy and procurement need defined tasks and context-appropriate competence.
- Deviation, change and review: how errors, provider or model changes, new functionality and new uses trigger reassessment.
Three decision lanes instead of a long prohibition list
A useful policy guides the employee to a decision. Three clear lanes are usually enough:
- Not permitted: the tool or data class is not approved, or AI is expected to replace a human GxP decision autonomously.
- Controlled assistance: AI prepares work. The source boundary, output limit and qualified human review are defined; the human owns the adopted state.
- Separate assessment required: the output touches a critical GMP application, GxP record or decision. Intended use, risk, data integrity, supplier and validation strategy are assessed first.
These lanes are an operating model, not regulatory risk classes. They must be adapted to the organisation’s processes, data and responsibilities.
Data integrity: what the policy must make traceable for AI software
Keeping only the final text is not enough when AI supports GxP work. A defensible review must show which sources and inputs were used, which system version was involved, what AI proposed, and what the human changed or adopted.
Retention depends on the process, risk and applicable rules. The policy should at least define how attribution, completeness, change history, availability and the link to the original source are preserved. A detailed checklist is provided in ALCOA+ and data integrity with AI software.
Sample wording: the operational core in six sentences
AI tools may only be used for approved use cases, in approved system environments and with permitted data. Before each use, determine whether the output supports a GxP record, controlled document, regulated process or quality decision. If it does, intended use, risk, sources, required evidence and human review shall be defined beforehand. AI outputs remain proposals until a named, qualified person has reviewed and adopted them for the intended purpose. Inputs, sources, changes and decisions shall remain traceable under the applicable procedure. Errors, unexpected results and changes to the model, provider or configuration shall be reported and reassessed based on risk.
Not a ready-made SOP template
This is a starting point. Roles, data classes, systems, retention and approvals must come from your own quality and privacy systems.
From policy to daily work: a workable start
- Build the inventory: capture real AI touchpoints in GxP processes, not only formally procured systems.
- Classify use cases: answer the screening question and route unclear cases to QA, IT, privacy or other accountable roles.
- Set controls at work-case level: define sources, data, output status, review depth, records and stop conditions.
- Train people on the real process: teach error patterns, boundaries and review — not prompting alone.
- Test the evidence: reconstruct one use case from prompt to human decision. Anything missing is a real governance gap.
The AI in GxP guide places policy, validation, the EU AI Act and the draft Annex 22 in one governance framework.
Regulatory context without false precision
EMA’s adopted 2024 reflection paper describes AI principles across the medicinal-product lifecycle. The EU AI Act requires providers and deployers within scope to take measures for an appropriate level of AI literacy. FDA and MHRA have long set expectations for reliable, accurate and lifecycle-controlled GxP data.
The draft Annex 22 draws a particularly clear line in its GMP context: generative AI and LLMs should not be used in critical GMP applications. For non-critical GMP uses, it names qualified, trained personnel and human-in-the-loop responsibility. That is an important signal — not a blanket LLM ban and not yet applicable law.
Annex 22 remains a draft
The consulted EU GMP Annex 22 text is not an applicable requirement. It covers static, deterministic models in critical GMP applications; generative AI and LLMs are outside its validation scope.
Frequently asked questions
What belongs in a GxP AI policy?
It should define scope, permitted and prohibited use, approved tools and data, GxP screening, intended use, risk assessment, source requirements, human review, records, roles, training, and deviation and change processes.
Is a GxP AI policy legally required?
No universal rule requires a document with that exact title. Companies must still control the GxP, data-integrity, privacy and AI Act obligations applicable to their uses. A written policy is a practical way to translate those obligations into usable rules and evidence.
Can ChatGPT or other LLMs be used in GxP?
That depends on the use, data, system and applicable requirements. The draft Annex 22 does not envisage generative AI and LLMs for critical GMP applications. For non-critical uses, qualified human review, permitted data and a controlled process remain decisive.
Which data may employees enter into AI systems?
Only data approved for the specific tool, tenant, purpose and data class. Confidential, personal or GxP-relevant data should not enter public chat systems without explicit approval and appropriate contractual and technical controls.
Who may adopt an AI output for GxP use?
A person named by the organisation and qualified for the work case. The policy must define review depth, decision criteria and required evidence. AI may create a proposal but cannot review or approve itself.
How often should a GxP AI policy be reviewed?
At a defined periodic interval and when triggered by events such as new tools or uses, model or provider changes, relevant incidents and new regulatory requirements. There is no universal fixed interval.
Key takeaways
- A GxP AI policy turns abstract obligations into permitted uses, clear stop rules and traceable decisions.
- The core screening question is whether the output supports or changes a GxP record, regulated process or relevant decision.
- AI output remains a proposal: sources, changes, human review and decisions must fit the work-case risk.
- Data integrity covers not only the final text but also inputs, sources, versions, changes and human adoption.
- The Annex 22 text is a draft. Its limit for generative AI in critical GMP applications should be neither downplayed nor sold as an applicable blanket ban.
Sources
- EMA — Reflection paper on the use of AI in the medicinal product lifecycle (adopted 2024) — principles for AI/ML across the medicinal-product lifecycle.
- Regulation (EU) 2024/1689 — Artificial Intelligence Act, Article 4 — AI literacy duty for providers and deployers within scope.
- European Commission — Draft EU GMP Annex 22: Artificial Intelligence (Consultation 2025) — draft scope, critical-use boundary, LLM limit and human-in-the-loop.
- FDA — Data Integrity and Compliance With Drug CGMP: Questions and Answers (2018) — expectation for reliable, accurate data and risk-based controls.
- MHRA — Guidance on GxP data integrity (2018) — data integrity across the GxP data lifecycle.