Search all...
Back to: All AI News

FDA's Tina Kiang: Use AI in Drug Manufacturing, But People Make the Calls

AI can assist across drug development and manufacturing, but people remain accountable and QC has final say under cGMP. Validate for context, keep traceable records, manage risk.

Categorized in: AI News IT and Development Product Development
Published on: Jan 28, 2026
Become an AI Expert today
FDA's Tina Kiang: Use AI in Drug Manufacturing, But People Make the Calls

AI in Drug Manufacturing: How to Build It Right and Stay Compliant

At the CASSS WCBP conference, Tina Kiang, director in FDA's Office of Pharmaceutical Quality, laid out a clear message: AI can be integrated across drug development and manufacturing, but people are accountable for every decision it informs. Treat AI as software governed by cGMP, not as an autonomous decision-maker.

For IT, engineering, and product teams, that means your models, pipelines, and apps must be credible, validated for their context of use, and fully traceable. The quality control (QC) unit retains final authority under 21 CFR 210.3, with responsibilities in 21 CFR 211.22 and 211.68.

Where AI Fits in the Product Lifecycle

  • Discovery and nonclinical: candidate selection, pattern detection, simulation
  • Clinical: trial design support, signal detection, data cleaning
  • Manufacturing: process design, process control, deviation triage, predictive maintenance - AI Learning Path for Plant Managers
  • Regulatory: submissions support and model documentation
  • Postmarket: complaint analysis, adverse event signaling, trend monitoring

FDA Materials Worth Your Time

  • Discussion Paper: AI in Pharmaceutical Manufacturing (cloud use, data volume, oversight challenges). Read on FDA.gov
  • Regulatory anchors: cGMP requirements, QC responsibilities, and automated systems expectations (21 CFR 210 and 211). See 21 CFR Part 211

Also referenced: a 2024 article in the International Journal of Pharmaceutics on process models and a risk-based framework, and a 2025 FDA draft guidance outlining credibility assessment for AI models used in regulatory decision-making.

Core Principles from FDA's Messaging

  • AI is software. It outputs recommendations; it does not make decisions.
  • Use must align with cGMP and be appropriate for the specific context of use (COU).
  • Validate models for their COU and keep complete, inspector-ready records.
  • The QC unit controls how AI outputs are used during manufacturing.

Model Risk: What to Weigh Before You Integrate

  • Overall model risk: What could go wrong in this COU, and how severe would it be?
  • Decision consequence: What happens if the model is wrong?
  • Model influence: How much weight does the model carry in the decision path?

These factors determine the level of credibility assessment and validation needed before a model touches production systems.

Operational teams looking for applied use cases, predictive maintenance examples, and process-improvement patterns should also review AI for Operations.

Practical Playbook for IT, Engineering, and Product

  • Define your COU upfront: Tie the model to a specific process step, decision, and user. Document scope and limits.
  • Data and cloud plan: Map data lineage, retention, and integrity controls. Address cloud vendor qualification, access controls, and audit trails.
  • Credibility plan: Set acceptance criteria, verification/validation methods, sensitivity analyses, worst-case testing, and revalidation triggers.
  • Human-in-the-loop by design: No auto-release or auto-approve for high-impact steps. Require QC review and sign-off where appropriate.
  • Change control: Version models and datasets. Log changes, approvals, and impact assessments. Define rollback procedures.
  • Monitoring and drift: Implement performance monitoring, control limits, alerts, and safe fallback states. Review periodicity and thresholds.
  • Documentation: Maintain model cards, training/eval datasets, code versions, environment specs, and SOPs. Keep records inspection-ready.
  • Security and access: Role-based permissions, segregation of duties, immutable logs, and incident response playbooks.
  • Bias and failure modes: Check class imbalance, edge cases, and out-of-spec scenarios. Define what "model off" looks like.
  • QC integration: Embed review gates in workflows. Make model outputs explainable enough for QC to accept or reject with confidence.

Compliance Anchors to Keep Front and Center

  • Section 501(a)(2)(B) of the FD&C Act: cGMP applies to systems that impact product quality.
  • 21 CFR 210 and 211: define cGMP and the QC unit's responsibilities, including automated systems (211.68).
  • Records must be complete, contemporaneous, and retrievable for inspection.

30-60-90 Day Action Plan

  • 30 days: Inventory all current and planned AI uses; assign a COU and risk tier to each. Identify owners across QA, IT, and manufacturing.
  • 60 days: Draft credibility plans (requirements, tests, data sets, acceptance criteria). Stand up model versioning, audit logs, and change control.
  • 90 days: Run validation, stress tests, and user acceptance with QC oversight. Formalize monitoring and revalidation triggers before production.

Bottom Line

AI can strengthen process design, control, and surveillance across the product lifecycle-but only within a risk-based, cGMP-aligned framework. Build for traceability, prove credibility, and keep people in charge, especially the QC unit.

If your team needs focused upskilling on AI workflows, validation, and model risk, explore role-based programs at Complete AI Training.


Get Daily AI News

Your membership also unlocks:

700+ AI Courses
700+ Certifications
Personalized AI Learning Plan
6500+ AI Tools (no Ads)
Daily AI News by job industry (no Ads)