21 CFR Part 11 Compliance for AI Systems
A clinical trial system that uses AI to screen patients against protocol eligibility criteria is producing an electronic record. That record will eventually be referenced in a Common Technical Document submission to the FDA. The patient match list, the AI’s confidence scores, and the coordinator’s accept/reject decisions become part of the trial dossier. The moment that happens, the AI system is no longer just an internal productivity tool. It is in scope for 21 CFR Part 11 — the FDA’s regulation on electronic records and electronic signatures — and the engineering team that built it has to prove the system meets Part 11’s audit trail, validation, and electronic signature requirements.
This page is for pharma engineering teams, CRO data managers, medical device software leads, and healthcare AI vendors who sell into FDA-regulated workflows. The conversation is different from HIPAA compliance, from SOC 2 readiness, from HITRUST certification. Part 11 is FDA law, not HHS law, and it applies anywhere FDA’s predicate rules require record-keeping. For the underlying clinical trial AI context, see our clinical trial AI service page.
Tell Us Your Requirements
Our experts are ready to understand your business goals.
Trusted by Industry Leaders Worldwide
Awards & Recognitions
Why Part 11 Applies to AI Workloads at All
Part 11 has a deceptively simple scope: it applies to electronic records and electronic signatures that satisfy a predicate rule — meaning an underlying FDA regulation that requires a record to be kept. If your AI system creates, modifies, maintains, archives, retrieves, or transmits a record that an FDA regulation requires, your AI system is in scope.
The categories of AI work where this hits hardest:
Clinical trial operations. Patient eligibility screening, eCRF data validation, adverse event coding, synthetic control arm generation. All produce records that flow into FDA submissions through GCP. See our clinical trial AI page for the operational layer.
Pharmacovigilance and drug safety. AI over case narratives, MedDRA coding assistance, signal detection in safety surveillance. All produce records required under FDA’s adverse event reporting rules.
Drug development and manufacturing. AI-assisted batch record review, deviation classification, manufacturing process analytics. GMP records are predicate-rule records.
Medical device design and post-market. AI in design history files, complaint handling automation, post-market surveillance analytics. QSR and 21 CFR 820 are predicate rules.
FDA submission generation. AI-assisted writing of CTD modules, IND/NDA narratives, 510(k) submissions. The output is the submission record itself.
The categories where Part 11 typically does not apply: AI for marketing, AI for non-regulated business operations, AI for internal productivity that does not produce or maintain records used to satisfy FDA rules.
The Five Part 11 Requirements That Reshape AI Architecture
Part 11 has many requirements. Five of them reshape AI architecture in ways that generic enterprise AI design does not anticipate.
Validation under §11.10(a). The system must be validated for accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. For deterministic software, validation is well-understood. For AI models, validation has a moving target — the model’s behavior depends on the prompt, the context, and sometimes the time of day. You have to validate the system, including the model’s behavior envelope, and document the validation rigorously. This is where most AI Part 11 engagements actually spend their time.
Audit trails under §11.10(e). Computer-generated, time-stamped audit trails that independently record user actions on electronic records. For AI, this means logging the inference call, the input that was sent, the output that was returned, the model version, the prompt template version, and the user who triggered or approved the action. Audit trails must not be alterable and must be retained for as long as the underlying record is required.
Limited system access under §11.10(d). Authority checks ensuring only authorized individuals can use the system, electronically sign records, access operations, and alter records or audit trails. For AI, this includes who can change a prompt template (an indirect change to the system’s behavior), who can update a model version, and who can override an AI output that has been used in a regulated decision.
Operational system checks under §11.10(f). Enforce permitted sequencing of steps. For AI workflows, this often means a human review and electronic signature must follow the AI output before the record is committed.
Electronic signatures under Subpart C. When a person electronically signs a record, the signature must be uniquely tied to that person, the act of signing must be documented, and the record must reflect the meaning of the signature (approval, review, responsibility). AI-generated outputs cannot themselves be electronic signatures — only humans sign — but AI-assisted decisions can become signed records when a human applies their signature to the AI-produced content.
Closed Systems vs Open Systems — Which Are You Building?
Part 11 distinguishes between closed systems (where access is controlled by the persons responsible for the content) and open systems (where access is not controlled). Most pharma and medical device computer systems are designed as closed systems because the additional controls for open systems (document encryption, digital signatures) are heavier.
An AI system that runs entirely within your validated environment — your data, your model deployment, your audit logs — is typically a closed system. An AI system that calls a public cloud model API where the model provider’s environment is outside your direct control raises the question. The pragmatic answer in 2026: cloud AI providers with HIPAA-eligible service offerings and BAA coverage are usually treated as part of the validated closed system for Part 11 purposes, provided the vendor agreement and SOC reports demonstrate appropriate controls. We document this explicitly during the Part 11 readiness assessment.
The 2003 Scope and Application Guidance Still Matters
Risk-based validation. You do not need to validate everything in the system to the same depth. A risk-based approach focuses validation effort on the controls and components most likely to affect record integrity. For AI, this means more validation depth on the model layer and the audit logging layer, less on (for example) the application UI layer.
Legacy systems and migration. Systems in operation before 1997 had certain enforcement discretion. AI systems are all built after 1997, so this exemption does not apply to new AI work — but it sometimes matters when AI is being added to a legacy quality system that already operates under partial enforcement discretion.
Audit Trail Granularity for AI Inference
The audit trail requirement under §11.10(e) is the single most expensive Part 11 requirement to implement well for AI systems. Done correctly, the trail captures enough information to reconstruct any AI-influenced record decision years later — including the exact model version, prompt template, retrieval context, and output that produced the decision.
Minimum audit trail content for AI:
- Inference timestamp (server-side, UTC)
- User identity (the human who triggered the inference, not the system account)
- Model provider, model name, model version
- Prompt template version (with content-hash for tamper detection)
- Retrieval context fingerprint (which documents were retrieved, with hashes)
- Input hash (the actual prompt content, hashed)
- Output hash (the actual response, hashed)
- Decision recorded by user (accept, reject, override, modify) with electronic signature if applicable
- Audit log integrity check (append-only, cryptographic chain)
How We Engage on Part 11 for AI
21 CFR Part 11 Readiness Assessment — $25K, 4 weeks. We audit your current or planned AI system against Part 11 requirements with risk-based scope informed by the 2003 Scope and Application guidance. Output is a gap report, validation plan template, audit trail architecture spec, and remediation roadmap.
Part 11 Engineering Implementation. Validation work, audit trail implementation, electronic signature workflow build is delivered through the MVP Sprint or Pilot-Ready Sprint — the heavier of the two when full GxP validation documentation is in scope. The Discovery Sprint is appropriate for early-stage scoping.
Companion FDA SaMD work. When the AI feature is itself a medical device, Part 11 work pairs with the FDA SaMD pathway add-on at $60K over 8 weeks. The two regulatory frames overlap but are not identical — SaMD covers the device pathway (510(k), De Novo, PMA), Part 11 covers electronic records that flow into FDA submissions and quality system records.
Dedicated engineers. When ongoing validation work spans multiple deployments, hire FDA SaMD engineers, HIPAA compliance engineers, or clinical data engineers at $8K per engineer per month.
Companion compliance. Part 11 typically pairs with HIPAA AI compliance audit when patient data is involved, SOC 2 readiness when commercial buyers require it, and BAA architecture when cloud AI providers are in the inference path.
Frequently Asked Questions About 21 CFR Part 11 for AI
Part 11 applies when your AI creates, modifies, maintains, archives, retrieves, or transmits an electronic record that satisfies an FDA predicate rule. Clinical trial records, pharmacovigilance records, drug manufacturing records, medical device design history records, and FDA submissions all qualify. Internal productivity AI without record-keeping obligations typically does not.
Likely yes if the matching record will be referenced in any subsequent FDA submission, audit, or inspection. Patient match decisions are GCP records. We scope this explicitly during readiness assessment because some specific use cases sit on the boundary.
A predicate rule is the underlying FDA regulation that requires a record to be kept — for example, 21 CFR 312 for IND submissions, 21 CFR 211 for drug GMP, 21 CFR 820 for medical device QSR. Part 11 applies only where a predicate rule requires record-keeping. Without a predicate rule, Part 11 does not engage.
When the response is associated with a regulated activity and used to satisfy a record-keeping requirement, yes. A clinical trial coordinator who uses an LLM to draft an adverse event narrative and saves that narrative to the trial record has created an electronic record. The model’s output is part of that record by virtue of being part of the regulated dossier.
HIPAA audit logging (§164.312(b)) focuses on access to ePHI. Part 11 audit logging (§11.10(e)) focuses on actions taken on electronic records that satisfy a predicate rule. The two often overlap in practice — a single audit log can satisfy both — but the granularity and retention requirements differ. Part 11 typically requires longer retention because the underlying predicate rule’s retention period applies.
No. Under Subpart C, electronic signatures must be uniquely tied to an individual and reflect that individual’s intent (approval, review, responsibility). AI does not have personhood under the regulation. AI-assisted decisions can become signed records when a human applies their signature to AI-produced content, but the AI itself cannot sign.
A closed system is one where access to the system is controlled by the persons responsible for the content. An AI system running within your validated environment with documented vendor agreements covering external components (cloud model providers under appropriate BAAs and SOC reports) is typically treated as closed. We document this explicitly during readiness assessment.