Regulatory Requirement

Regulatory requirements live in the quality manager's head and a shelf of binders. When someone asks 'which FDA regulations apply to this product line?' the quality manager pulls out a binder, flips through, and gives their interpretation. Different people have different understandings of which requirements apply. When a new product is developed, the quality team discovers applicable regulations ad hoc during design reviews.

AI cannot perform compliance checking because no machine-readable regulatory requirements exist. Every compliance question requires a human expert to interpret regulations from source documents.

A regulatory requirements list exists — a spreadsheet or document listing applicable regulations (FDA 21 CFR Part 820, ISO 13485, customer-specific standards). It identifies which regulations apply to the organization. But the mapping is general — 'ISO 13485 applies to our medical devices' — without specifying which clauses apply to which products, processes, or characteristics. When an auditor asks 'show me how clause 7.5.1 applies to Product X,' someone has to interpret the regulation and trace the evidence manually.

AI can list applicable regulations but cannot check compliance because the mapping between specific regulatory clauses and specific product/process requirements isn't documented at the detailed level.

Regulatory requirements are mapped to specific products and processes. Each requirement record links a regulatory clause to the product lines it governs, the specific compliance criteria, and the evidence type needed (test report, process validation, design review record). The quality team can query 'show me all FDA requirements for Product Line X and where the compliance evidence is stored.' But the requirements are static documents — updated manually when regulations change, and not linked to the actual compliance evidence.

AI can generate compliance checklists and identify requirements by product. Cannot verify compliance because the link between requirements and actual evidence (test reports, validation records) isn't structured — someone still has to manually locate and verify each piece of evidence.

Regulatory requirements are linked to compliance evidence. Each requirement traces to specific evidence records: the test report that demonstrates compliance, the validation protocol that proves process capability, the design review that verified design intent. The quality manager can query 'for FDA 21 CFR 820.75, show me the process validation evidence for each applicable product line and its current status' and get a complete, traced answer. Requirements are current, mapped, and evidence-linked.

AI can perform automated compliance verification — checking that required evidence exists, is current, and covers all applicable requirements. Can flag gaps (missing evidence, expired validations) and generate audit-ready compliance matrices. Cannot interpret new or ambiguous regulatory language because the requirements aren't machine-executable.

Regulatory requirements are formal, machine-executable compliance rules. Each requirement is encoded as logic: applicability criteria (which products and processes), compliance tests (what must be demonstrated), acceptance criteria (quantitative thresholds), and evidence requirements (what records must exist). An AI agent evaluating a new product can automatically determine which regulations apply, what compliance evidence is needed, and whether existing evidence satisfies the requirements — generating a compliance gap analysis without human regulatory interpretation.

AI can perform autonomous compliance assessment for new products and process changes — determining applicability, checking evidence, and generating gap analyses. Regulatory experts focus on interpreting new regulations and ambiguous cases rather than routine compliance verification.

The regulatory requirements model is self-updating and continuously current. When FDA publishes a new guidance document, the system parses it, identifies affected products and processes, proposes new compliance rules, and flags requirements that need updated evidence. When an ISO standard is revised, the compliance model updates automatically. Regulatory intelligence is a living system that tracks the regulatory landscape and maintains compliance readiness proactively.

Fully autonomous regulatory compliance management. AI monitors the regulatory landscape, maintains compliance evidence, and manages the requirements model as a continuously current system.

Ceiling of the CMC framework for this dimension.