AI in PV Surveillance: Aligning Innovation with Regulatory Expectations

February 2, 2026

Checking vitals on a laptop

Artificial Intelligence (AI) is moving quickly from pilot projects into routine pharmacovigilance (PV) operations. The 2025 CIOMS Working Group XIV report on AI in pharmacovigilance provides a timely, practical foundation for firms looking to use AI responsibly, especially across case intake and processing, signal activities, and literature surveillance.

For PV leaders and quality functions, the key question is no longer "Can AI be used?" but "How do we use AI in PV while preserving patient safety, data integrity, regulatory defensibility, and operational control?"

Establishing the right governance and validation approach is essential, and organizations increasingly rely on structured QA and AI/ML quality frameworks to support safe integration.

AI and PV Compliance

This article explores six core topics highlighted in the Council for International Organizations of Medical Sciences (CIOMS) report. It offers a pragmatic view of the pros, cons, and common pitfalls organizations should avoid when implementing AI tools in support of their PV requirements.

1. PV Landscape: Where AI Is Already Showing Up

AI can directly or indirectly impact virtually all PV processes, especially Individual Case Safety Report (ICSR) processing, signal detection, literature surveillance, and adverse event capture. These activities remain anchored in established Good Pharmacovigilance Practices (GVP) principles that guide MAH responsibilities across global markets.

The report highlights several areas where AI has already been deployed or is being adopted for routine use in the public domain, including:

  • Automated coding of medicinal products and AEs
  • Duplicate detection (e.g., in FDA Adverse Event Reporting System (FAERS), VigiBase, EudraVigilance)
  • Automated triage of ICSRs
  • Predictive models supporting quantitative signal detection
  • Literature surveillance

Generative AI (GenAI)/Large Language Models (LLM) use cases are also emerging: summarizing narratives, labeling documents, conducting safety document searches, drafting follow-up letters, and generating PV-aware queries (e.g., SQL queries).

What this means operationally is that AI is not a single PV system enhancement. It is a collection of capabilities that can influence multiple steps of the PV chain, some low risk, some high risk, and each needs its own risk profile and governance.

2. Potential Benefits vs. Hazards: The Tradeoff You Must Make Explicit

AI offers hope for improving PV efficiency and quality, but it can introduce hazards, particularly when deployed with unrealistic expectations or inadequate controls. Be warned of "hype cycles" and early overestimation of utility, which can lead to rushed implementation and poor outcomes.

Benefits often cited by PV teams

  • Speed and scale: Faster case processing, coding support, triage, and prioritization.
  • Consistency: Standardized handling of repetitive tasks and reduction of human variability.
  • Better signal workflows: Enhanced ability to find, cluster, and prioritize relevant case patterns across large datasets.

Risk hazards that must be proactively addressed

  • Patient safety risks from false negatives (missed signals) or false positives (resource diversion), and delayed identification of serious safety concerns.
  • Trust and engagement risks, including lack of transparency, poor performance in subpopulations, confidentiality concerns, and "automation bias" (over-trusting AI output).
  • Efficiency risks, where poor-performing tools create more manual work than they save, or where AI is applied to problems that do not need it.

Bottom line: In PV, a tool that accelerates workflow but increases the probability of missed risk detection is rarely an acceptable trade. The intended benefit must always be balanced against the potential safety impact and compliance implications.

3. Risk vs. Human Oversight: "Human-in-the-loop" Isn't Just a Preference, It's a Control

Human oversight is central to AI, trustworthiness, and accountability, and its extent should be risk-based.

The report distinguishes oversight models:

  • Human-in-the-loop (HITL): A decision is the result of human-machine interaction
  • Human-on-the-loop: AI makes a decision/result, and a human checks it

Crucially, the report links oversight intensity to two risk drivers:

  1. High-stakes decision-making (does an error have substantial adverse consequences?)
  2. Degree of autonomy (unchecked stand-alone vs human-computer interaction)

Practical implication for PV teams

Most AI cases in PV should begin with high oversight, then move only when justified toward more streamlined sampling strategies as confidence in ongoing performance grows. Consider phased deployment to reduce human controls when validated KPIs remain stable gradually.

4. Establishing Risk-Based Use of AI Tools: Define the Context of Use Like a Regulated Product Indication

AI, like medicinal products, needs "approved indications, warnings and precautions", in other words, a clearly defined context of use.

  • The AI system itself (e.g., static vs dynamic models, novelty, maturity)
  • The context of use (where it intervenes in the PV process, assistive vs decision-driving, degree of human involvement)
  • Likelihood, detectability, and impact of risks materializing

Be aware that GenAI/LLMs may require additional guardrails due to:

  • Non-deterministic outputs
  • Opacity of training Data Comparison
  • Hallucinations producing convincing but incorrect results

Compliance tip

Your "AI user requirements" should not just list functionality; they should define:

  • intended PV task(s)
  • boundaries and exclusions
  • required human decision points
  • performance thresholds by use-case risk tier
  • escalation and fallback procedures

5. Confirming Validity and Robustness: PV AI Must Work Under Realistic Conditions

Performance evaluation must demonstrate acceptable, robust results for the intended use under realistic conditions, using qualitative and quantitative methods across a diverse range of data sources and populations.

  • Many PV tasks relate to rare events (signals, duplicates), so test sets may need enrichment strategies to ensure enough positive cases to evaluate performance properly.
  • AI models may underperform over time due to model drift, changes in case mix, or evolving product profiles.

What good looks like in practice

  • Performance benchmarks aligned to business and patient safety impact
  • Reference standards defined and justified
  • Robust validation across data types (spontaneous, clinical, literature, device complaints as applicable)
  • Pre-defined KPIs and acceptance criteria integrated into CSV/validation planning
  • A continuous monitoring plan (not "validate once and forget") with retraining and rollback criteria

6. Transparency: The Fastest Route to Regulator and Auditor Confidence

Transparency is a recurring theme: stakeholders should know when AI is used, how it is used, and what its limitations are, including performance evaluation scope and metrics.

Be cautious around explainability: "Explainable AI" methods can offer plausible hypotheses about how outputs were generated, but they are not guarantees.

From a compliance perspective, transparency is not optional. Even if your AI tool is vendor-supplied, you'll need evidence that:

  • you understand the model's role and limitations
  • you can defend its performance and monitoring plan
  • you can trace changes, versions, and outcomes (especially for regulated decisions)

Common Pitfalls Firms Should Avoid When Implementing AI for PV

From a compliance consulting lens, here are the most frequent failure modes we see:

  1. Skipping a formal risk assessment because the tool is "assistive."
    • Even assistive tools can change decisions through subtle influence and automation bias.
  1. Defining requirements around features, not the context of use.
    • If you cannot clearly state what the AI should not be used for, you do not have adequate requirements.
  1. Validating on clean, curated datasets that don't reflect reality.
    • PV data is noisy, multilingual, inconsistent, and often incomplete; your test sets must reflect that.
  1. Underestimating GenAI-specific risks (hallucinations, non-determinism, leakage risks).
    • GenAI can be powerful for summarization and extraction, but needs guardrails such as grounding (e.g., retrieval augmented generation) and strict output constraints.
  1. Failing to plan for drift and change control.
    • AI is not static; performance and data conditions change, and regulators will expect lifecycle management.
  1. Treating vendor documentation as "validation evidence."
    • Vendor materials help, but the Marketing Authorisation Holder (MAH) still owns validation, monitoring, and documentation for their PV system.

Closing Perspective

While global regulatory approaches vary, health authority messages are converging AI should be implemented with a risk-based approach, clear governance, and lifecycle controls integrated into the quality system. A risk-based approach to AI/ML across the medicinal lifecycle can support AE management and signal detection, but emphasizes validation, monitoring, documented performance, and integrating quality into AI/ML operations when used with the PV system.

A Practical Compliance Takeaway

If your organization is implementing AI for PV, the winning strategy is to treat it like a regulated capability, like in Figure 1 below:

  • Define intended use and boundaries clearly (AI "indication")
  • Perform a risk assessment that drives oversight, validation depth, and monitoring
  • Build a defensible evidence package for robustness, bias/fairness considerations, and drift management
  • Ensure transparency for both stakeholders and auditors
  • Embed AI governance into the PV QMS and business continuity planning

Phase

Key Focus Areas

Checklist Considerations

1. Define Context of Use

Intended use & boundaries

  • PV activity supported
  • What the AI is NOT used for
  • Assistive vs decision-driving
  • Human oversight model
  • GenAI risks identified

2. Risk Assessment

Patient safety & decision impact

  • Decision consequence assessed
  • Automation bias considered
  • False positive/negative risk
  • Oversight & escalation defined

3. User Requirements

QA-AI requirements

  • Measurable performance KPIs
  • Traceability & audit trails
  • Explainability expectations
  • Data privacy & security

4. Data Controls

Training & test data integrity

  • Real-world PV data represented
  • Rare-event handling addressed
  • Bias & subgroup performance reviewed

5. Validation

Robustness & reliability

  • Tested under realistic conditions
  • Acceptance criteria defined
  • Fail-safe & fallback verified

6. Operational Integration

SOPs & training

  • SOPs/WIs updated
  • Staff trained on limits & oversight
  • Roles & accountability defined

7. Lifecycle Monitoring

Ongoing performance control

  • KPI monitoring in place
  • Drift detection defined
  • Retraining & rollback triggers

8. Audit Readiness

Regulatory defensibility

  • Evidence package maintained
  • Transparency of AI usage
  • Inspection-ready documentation
Figure 1: AI Implementation Compliance Checklist

Ultimately, AI can improve PV outcomes—but only when implemented with discipline, humility about limitations, and a governance model that matches the potential patient impact.

References

  1. Council for International Organizations of Medical Sciences (CIOMS). Artificial Intelligence in Pharmacovigilance. CIOMS Working Group XIV Report, Geneva, 2025. Publication No. WEB_2105.
  2. European Medicines Agency (EMA). Reflection Paper on the Use of Artificial Intelligence (AI) in the Medicinal Product Lifecycle. EMA/CHMP/INT/177063/2023, 2023.
  3. U.S. Food and Drug Administration (FDA). A Framework for Regulatory Evaluation of Artificial Intelligence/Machine Learning–Based Medical Devices. Center for Devices and Radiological Health (CDRH), 2023.
  4. U.S. Food and Drug Administration (FDA). Emerging Drug Safety Technology Program (EDSTP). FDA Center for Drug Evaluation and Research (CDER), current guidance and program materials.
  5. FDA, Health Canada, and Medicines and Healthcare products Regulatory Agency (MHRA). Good Machine Learning Practice for Medical Device Development: Guiding Principles. Joint publication, 2021.
  6. Medicines and Healthcare products Regulatory Agency (MHRA). Software and AI as a Medical Device Change Programme – Transparency and Governance Principles. MHRA, UK Government, current guidance.
  7. World Health Organization (WHO). Ethics and Governance of Artificial Intelligence for Health. WHO Guidance, 2021.

This executive viewpoint reflects a synthesis of CIOMS principles and current regulatory thinking and is intended to support informed, risk-based implementation of AI within pharmacovigilance quality systems. It does not replace applicable regulatory requirements or formal guidance.

Author

James Meckstroth

James Meckstroth

Vice President, Compliance & Quality Assurance

TAGS:

June 27, 2024

Meet the Expert: Susanna Heinonen

Our “Meet the Expert” series introduces you to our team of experts around the world. This “behind the curtain” view will help you get to know who we are on a professional and personal level, and...

The QPPV: An Essential Guide to the Qualified Person Responsible for Pharmacovigilance

When submitting marketing authorisation applications (MAAs) in Europe, the applicant (Marketing Authorization Holder, MAH) shall already have set up a pharmacovigilance system. A Summary of the...

The LPPV Network: An Essential Guide to Local Person Responsible for Pharmacovigilance

Every marketing authorization holder (MAH) needs a pharmacovigilance system to guarantee the safety of its products. Within the EU a pharmacovigilance system is defined as a system used by an...