Your version of Internet Explorer is not up to date. Please upgrade your browser to view GXP Consulting Switzerland correctly or use Chrome, Firefox or Safari.You can update your browser directly on the Microsoft website.

icon-chrome icon-firefox icon-explorer icon-safari

Votre version d'Internet Explorer n'est plus supportée. Pour visiter GXP Consulting Switzerland, veuillez mettre votre logiciel Internet Explorer à jour ou utiliser Chrome, Firefox ou Safari.Il est possible de trouver la dernière version d'Internet Explorer sur le site Microsoft.

icon-chrome icon-firefox icon-explorer icon-safari

HomeAbout UsServicesCareersContact

30 September, 2025

AI in Compliance: What ISO 42001 and EudraLex Annex 22 Mean for Life Sciences

ISO/IEC 42001 is the first international standard focused entirely on AI governance. It introduces a formal Artificial Intelligence Management System (AIMS), helping organizations establish policies, assess risks, ensure transparency, and embed human oversight throughout the AI lifecycle.

The standard includes 38 reference controls (Annex A) and detailed implementation guidance (Annex B), with strong emphasis on:

- Data quality and traceability

- Risk assessment and impact evaluation

- Oversight of third-party systems and suppliers

- Internal audits and continuous improvement

It’s a flexible, technology-agnostic framework, and while not mandatory, ISO 42001 is poised to become a key benchmark for AI trust and assurance.

The European Medicines Agency’s draft Annex 22 brings AI under the scope of GMP by extending Annex 11. Once finalized, it will apply to AI systems used in GxP environments, particularly those impacting patient safety, product quality, or data integrity.

Key provisions include:

- Clear definition of model intent and limitations

- Prohibition of Generative AI and LLMs in critical applications

- Requirements for explainability (e.g., SHAP, LIME)

- Strict independence of test data from training data

- Human-in-the-loop oversight and system logging requirements

Annex 22 doesn’t introduce a new risk framework but builds on existing GMP and Annex 11 expectations, reinforcing traceability, accountability, and control.

For life sciences companies, these frameworks represent a shift from “experimental AI” to regulated AI. The challenge ahead is not only building effective AI systems but ensuring they are governed, explainable, and inspection-ready.

- QMS integration of ISO/IEC 42001

- Inspection-readiness assessments for Annex 22

- AI governance, validation, and data integrity consulting

To discuss your AI compliance strategy, get in touch with our team: contact@gxp-cs.com

Experts for Life Sciences industries.

Memberships and/or partnerships
Contact us at contact@gxp-cs.com

Voie du chariot 3
1003 Lausanne
Switzerland
PO BOX 8009