Summary
The regulatory ground: FDA’s Parts 210 and 211 already reach AI output, and the EU’s draft Annex 22 permits only static, deterministic models for critical decisions, leaving most generative AI needing a human in between.
The build is a four-function, sponsor-side architecture:
• Ingestion turns paper, PDFs, and system exports into structured data, scored field by field.
• Contextualization links records into a knowledge graph with traceability across the chain.
• Deterministic rules return a reproducible pass or fail with severity grading.
• Exception review is where the Quality Unit re-enters, judging only flagged items and signing the audit trail.
The payoff is review by exception, and a readiness for the three questions an investigator will ask: your AI inventory, your evidence for a specific record, and how you’d know if your CDMO used AI at all.
For virtual and asset-light sponsors, holding the regulatory license carries ultimate compliance responsibility, including the oversight of outsourced operations. As contract manufacturers increasingly adopt AI to generate critical documentation like batch records and deviation narratives, sponsors face a systemic oversight challenge regarding systems operating outside their direct control. The April 2026 FDA warning letter concerning a manufacturer’s AI usage highlights this compliance gap, emphasizing that sponsors remain fully accountable for the regulatory integrity of the AI tools utilized by their manufacturing partners.
Our last blog post examined why that warning letter is a signal about the Quality Unit’s review obligation rather than a story about AI. This one is about what to build. The obligation under 21 CFR 211.22(c) cannot be delegated to a contractor or an algorithm, so the question is practical: how does a sponsor make that obligation executable across boundaries it does not control?
The Regulatory Geometry After the Warning Letter
Start with the ground the architecture has to stand on. FDA’s position is that 21 CFR Parts 210 and 211 apply to AI-generated output without exception. Any AI output that flows into a cGMP record requires Quality Unit review. There is no separate AI rulebook; the existing one already reaches.
Europe has drawn a sharper line. The EU’s draft Annex 22, published for consultation in July 2025, is the first dedicated GMP framework for AI, and it turns on a distinction worth learning. A static, deterministic model produces the same output from the same input and does not change after deployment. An adaptive, probabilistic model can produce different outputs from the same input and may evolve as it sees new data. Under the draft, only static, deterministic models are permitted in critical GMP applications. Most generative AI sits in the second category, outside that boundary by design.
Because the draft is still in consultation, the language may move. But the planning value holds now, and not only for EU-facing operators. A static-versus-probabilistic distinction is a useful way to sort your own AI footprint regardless of where your product is marketed: which models can carry a critical decision, and which need a human between them and the record. Even a US-only sponsor benefits from drawing that line internally, because it forces an explicit decision about which models may touch a critical record and which may not.
An Architecture That Makes the Review Obligation Executable
Closing the gap takes four functions. Each has to exist in some form for a sponsor’s Quality Unit to review what it is accountable for, in time to act. Together they are what the term manufacturing intelligence actually denotes: a layer that contextualizes cross-system manufacturing data into something a Quality Unit can query and act on.
Ingestion comes first. Records arrive from CDMOs in their native state: paper, scanned PDFs, electronic batch records, ERP and MES exports, supplier certificates of analysis. Ingestion converts those into structured, queryable data and scores its own confidence field by field. The unstructured PDFs and free-text narratives that AI is otherwise asked to digest blindly are what practitioners call dark data, and this function removes it as a blind spot. Scoring each field is also what makes the later review affordable, because it lets the system separate what a human must examine from what it can pass through.
Contextualization comes next. Structured data with no lineage is still inert. This function links records into a knowledge graph connecting raw materials through unit operations to finished goods, with forward and backward traceability across the contract chain.
Third, deterministic rules run against the contextualized record. Pre-approved checks, including range checks, calculation checks, signature checks, and deviation flags, return a reproducible pass or fail with severity grading. Identical inputs produce identical outputs. This is the operational form of the static, deterministic category Annex 22 permits in critical applications, and it is auditable the way any validated system has always been.
Exception review is the fourth function, and it is where the human Quality Unit re-enters. Exceptions surface to a reviewer with the context needed to judge them: the offending value, the specification, the source record, and the rule that fired. The reviewer accepts, modifies, or rejects, and signs into an immutable, Part 11-compliant audit trail. The aim is not to remove people from the loop. It is to put them where their judgment is needed.
Review by Exception: Putting the Quality Unit Where Its Judgment Is Needed
That fourth function has a name practitioners already use: review by exception. Instead of re-checking every parameter of every batch, the Quality Unit reviews only the items the system flags as uncertain. Confidence scores from ingestion and severity grades from the rule engine feed one queue, the queue of things that actually need a human. It is the inverse of the warning letter’s failure mode: judgment stays in the chain instead of being quietly removed from it.
One implementation makes the pattern concrete. Mareana builds this as a set of modules, offered here as an example of the pattern rather than the only way to build it. For ingestion, Paper Batch Record Digitization converts paper and scanned-PDF batch records and certificates of analysis into structured data, with pharmaceutical-tuned recognition for handwriting, checkboxes, and tables, a confidence score on every field, and a built-in reviewer interface with electronic signatures for the low-confidence items. For contextualization, Batch Genealogy functions as a GxP-validated knowledge graph linking raw materials through unit operations to finished goods, ingesting from ERP, MES, LIMS, QMS, historians, and digitized paper records.
For the rule and review layer, Batch Release Copilot runs a library of deterministic checks against the contextualized record and surfaces critical and warning exceptions in a reviewer dashboard, with e-signatures and comments captured under a Part 11 audit trail. The release decision stays with the Quality Unit. Generative AI has a place in this picture too, provided it is bounded. Lumis, a co-pilot for natural-language analysis, retrieves from the validated batch genealogy rather than the open web and traces every answer to specific source records. That is generative AI in a support role, grounded in validated data, with a human reviewing the result, which is the second Annex 22 category, not the first. Other architectures could implement the same four functions differently. Some sponsors will assemble them from several vendors, some will build parts in-house, and some will phase the work over years. The functions are the requirement. The specific build is a choice.
What an FDA Investigator Will Actually Ask About AI
An architecture is only worth what it makes visible to an inspector. FDA has been preparing its investigators for exactly this: its internal AI Benchbook, rolled out in late 2025, signals that AI in a quality system is now something inspectors are trained to probe rather than ignore. Three questions are worth rehearsing now.
First: show me your inventory of AI use in cGMP activities. The answer is an AI inventory, the Quality Unit’s working map of where AI-assisted content enters the regulated record, organized by document type and contracting party, with the review control assigned to each. It is not a catalog of tools. Without it, the question has no answer.
Second: show me how an AI-assisted record was reviewed before release. The answer is evidence, the retrievable audit trail for the specific record the inspector picks, not the assurance that review always happens. Saying “we review everything” does not satisfy the question. Producing the review does.
Third: how do you know whether your CDMO is using AI on your records? The answer is a quality-agreement clause requiring disclosure and audit rights, paired with an ingestion layer that surfaces AI-assisted content whether or not it was disclosed. The agreement is necessary. It is not self-enforcing.
Compliant on Paper Is Not the Same as Governance in Real Time
This is the distinction the warning letter ultimately exposed. Compliance documents sitting in a quality system are not the same as governance executing as records move. The architecture makes that governance possible; it does not perform it. The Quality Unit still performs it. What the architecture buys is the ability to stay accountable at the speed and scale a contract-chain operating model demands, without pretending the obligation has gone anywhere.
WHITEPAPER · THE AI NEVER TOLD US
Built to hold up to an inspection
The whitepaper gives you the full build behind this architecture: the capture points a defensible AI audit trail needs, the validation discipline behind each of the functions, and the five questions an investigator can ask, with the answer architecture for each.
Get the whitepaper →




