Understanding And Preserving Data Flow Integrity In AI-Assisted Clinical Trials

By Dawn Wydner, Ph.D., senior vice president, regulatory compliance, ELIQUENT Life Sciences

In clinical research, data integrity is not just about whether a data point is accurate in the database. It depends on the integrity of information flow across the full trial life cycle: how data is captured at the site, transferred into sponsor systems, reviewed by CROs, transformed for analysis, included in essential records, and ultimately used to support safety, efficacy, and regulatory decisions.

This expectation aligns with ALCOA+ and with current FDA and ICH expectations that sponsors must maintain data that are attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, available, and traceable. In outsourced studies, those principles must apply not only within the sponsor’s core systems but across CRO-managed processes, cloud environments, data transfers, and AI-assisted interpretations that influence study decisions.

For clinical trials, AI expands the scope of what must be governed. Integrity now extends to:

• source data, derived data sets, and transferred trial data
• summaries, analyses, and issue assessments created by sponsors or CROs
• AI-assisted outputs used in monitoring, data review, safety, medical writing, or inspection preparation
• essential records maintained in systems such as EDC, CTMS, eTMF, safety databases, and analytics environments
• the pathways through which information moves between sponsors, investigators, sites, CROs, and other service providers.

When trial information moves through AI, especially outside approved or validated environments, the integrity of the flow itself becomes the compliance concern. If a sponsor cannot reconstruct how information was processed, influenced, or altered across internal and outsourced activities, it may be unable to demonstrate adequate oversight even if the original source data still exist.

For pharma and biotech companies, treating data integrity as an end-to-end clinical information flow issue, rather than a database-only concern, is essential to managing AI-related risk and meeting modern expectations for sponsor oversight, auditability, and trial reconstruction.

Governing AI Across Sponsor, Site, And CRO Environments

Once integrity is understood as an end-to-end clinical information flow issue, the challenge becomes practical: how to maintain control as data moves across sponsor teams, CROs, sites, platforms, and AI-enabled workflows. The FDA’s 2024 guidance on electronic systems in clinical investigations and ICH E6(R3) both point toward the same expectation: Sponsors need risk-based governance, reliable records, and enough visibility to reconstruct how trial decisions were made.

For clinical trial sponsors, controlling the flow of information requires governance that extends beyond system validation into data ownership, vendor accountability, essential records access, and the documented review of AI-assisted work products.

Effective control depends on the following elements:

1. Provenance, Versioning, and Trial Reconstruction

Sponsors should be able to demonstrate:

• where trial data and operational records originated
• how data were transferred, transformed, reviewed, or summarized
• what systems, vendors, or AI tools touched the information
• how resulting study decisions or conclusions were derived.

This includes source data, derived data sets, monitoring outputs, protocol deviation assessments, TMF content, and AI-assisted summaries or analyses. Without traceability across these transformations, sponsors may be unable to defend decisions during inspections, especially in outsourced operating models where critical evidence is distributed across multiple parties and systems.

2. Clear Sponsor Governance and CRO Accountability

Strong governance is the foundation of trustworthy AI use in outsourced and hybrid trial models.

This includes:

• clearly defined data owners, process owners, and accountable sponsor roles
• quality agreements and contracts that address AI use, system access, and essential records
• explicit accountability for AI-assisted outputs used to support trial decisions
• consistent oversight mechanisms across CROs, labs, and specialty vendors.

Sponsors can delegate activities, but they cannot delegate responsibility. If AI-assisted work products inform study conduct, data review, safety evaluation, or inspection responses, ownership and review responsibilities should be unmistakably clear.

3. Validation, Monitoring, and Inspection Readiness

In clinical research, AI cannot be treated as trustworthy without risk-based validation and ongoing oversight.

Organizations should ensure that:

• AI-enabled systems are evaluated for intended use in the clinical context
• AI-assisted workflows are documented, reviewable, and inspectable
• monitoring detects drift, misuse, and unintended impacts on trial outputs
• audit trails and metadata support reconstruction of decisions and records.

This is particularly important when AI is used in workflows tied to data cleaning, risk signals, monitoring prioritization, protocol deviation assessment, medical review, or inspection preparation, where errors can propagate quickly across the trial record.

4. AI-Specific Confidentiality, Security, and Access Controls

AI expands the exposure surface for confidential trial information, sponsor strategy, and regulated study records.

Effective control includes safeguards such as:

• controls to prevent data leakage, retention, or unintended reuse
• role-based access to sensitive trial data and unblinded information
• restrictions on the use of external or public AI tools with study information
• secure human-in-the-loop review for regulated outputs.

These controls support not only cybersecurity and privacy obligations but also participant confidentiality, blinding protection, and sponsor confidence that essential records remain reliable and defendable.

5. Policy Gateways, Acceptable Use, and Output Controls

To prevent uncontrolled or unpredictable AI behavior, organizations should establish enforceable boundaries around AI use.

This includes:

• routing approved AI use through governed workflows and approved environments
• defining what study information may or may not be entered into AI tools
• setting review thresholds for AI-generated summaries, recommendations, and draft content
• ensuring AI-assisted outputs do not bypass required sponsor, medical, quality, or statistical review.

These safeguards help ensure that AI accelerates compliant trial execution rather than creating undocumented decision pathways that weaken sponsor oversight.

Maintaining Control Across The Outsourced Trial Ecosystem

These controls cannot stop at the sponsor’s internal systems. In clinical development, integrity depends on how information flows across the full study ecosystem, including sites, CROs, central labs, safety vendors, technology providers, consultants, and partners who may handle or transform sponsor data.

Without visibility and enforceable governance across those boundaries, even strong internal controls may not be enough to protect data integrity or demonstrate adequate sponsor oversight during inspection.

The Overlooked Risk: AI Used By CROs, Vendors, And Other Trial Partners

Even sponsors with mature internal governance face a growing blind spot: AI tools used by CROs, contractors, consultants, and other study partners on sponsor-controlled or trial-generated information.

CRO teams, auditors, medical writers, statisticians, data managers, and functional vendors increasingly use generative AI to summarize records, draft narratives, analyze data sets, prepare inspection materials, and support quality assessments. While these tools may improve productivity, they often sit outside validated clinical systems and formal sponsor oversight processes, creating risks that traditional governance models were not designed to capture.

As a result, AI-related risks to trial integrity are not limited to a sponsor’s internal tools. They also arise from unmanaged or insufficiently governed AI use across the outsourced trial model, where study-critical work may be performed by parties outside direct sponsor control.

Why Third-Party AI Use Creates Clinical And Regulatory Risk

When trial data, subject-level information, monitoring outputs, or essential records are entered into unmanaged or external AI tools, sponsors may face:

• Loss of provenance and traceability. AI-assisted transformations may lack documented inputs, model details, version history, or reproducibility, making it difficult to explain how conclusions were reached.
• Weakening of ALCOA+ expectations. Outputs may no longer be clearly attributable, original, contemporaneous, or reviewable, undermining confidence in records used to support trial decisions.
• Confidentiality and retention risk. Some AI tools retain prompts, interaction history, or uploaded content, which can create conflicts with sponsor confidentiality obligations and participant data protection expectations.
• Undisclosed AI influence on study decisions. Monitoring conclusions, risk assessments, medical writing content, protocol deviation evaluations, or inspection responses may be shaped by AI without transparent documentation or review.
• Accountability gaps across sponsors and partners. When multiple parties rely on AI to support judgment, it may be unclear who owns the output, who reviewed it, and who is responsible if it is challenged.

From a sponsor oversight perspective, the central question is simple: If AI influenced a trial decision or record, can the sponsor demonstrate how it was used, by whom, in what environment, and under what review controls?

That question is becoming more urgent as regulators emphasize reliable electronic records, trustworthy systems, metadata, audit trails, and clear sponsor accountability for outsourced activities in clinical investigations.

Controls Expected For Pharma And Biotech Sponsors Working With CROs

To preserve trial integrity and inspection readiness, sponsors should extend governance beyond internal platforms to include how AI is used on study information, regardless of whether the user sits within the sponsor, the CRO, or another delegated provider.

Practical controls include:

• AI acceptable use standards for study data. Define what categories of trial, subject, safety, and operational information may or may not be entered into AI tools and when disclosure is required.
• CRO and vendor contracting requirements. Use quality agreements and contracts to define approved AI use, record retention, review obligations, and sponsor access to relevant evidence.
• Documentation of material AI use. Require documentation when AI materially influences monitoring, data review, medical writing, inspection preparation, or quality decision-making.
• Named human review and ownership. Ensure AI-assisted outputs are reviewed, approved, and owned by accountable individuals with appropriate functional authority.
• Training for sponsor and partner teams. Make clear that copying trial information into AI tools is not a neutral action; it is data processing that can create compliance, confidentiality, and oversight consequences.

Integrity Is The Control Surface For AI In Clinical Development

AI can help pharma and biotech teams accelerate study execution, reduce manual burden, and strengthen signal detection across complex development programs. But without disciplined control of information flow, clear CRO governance, and continuous human oversight, AI can redistribute and intensify regulatory risk. For sponsors working through internal teams and CRO partnerships, responsible AI use depends on secure platforms and approved vendors, as well as visibility across the full clinical information life cycle.

Innovation depends on the movement of information across sponsors, sites, and partners, but trust depends on control. Integrity is not the obstacle to modern trial execution but the structure that keeps speed, outsourcing, and AI from undermining the reliability of the evidence.

References:

Primary Regulatory Sources

1. U.S. Food and Drug Administration. (2025, January). Considerations for the use of artificial intelligence to support regulatory decision‑making for drug and biological products (Draft guidance for industry). https://www.fda.gov/regulatory-information/search-fda-guidance-documents/considerations-use-artificial-intelligence-support-regulatory-decision-making-drug-and-biological.
2. U.S. Food and Drug Administration. (2018, December). Data integrity and compliance with drug CGMP: Questions and answers. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/data-integrity-and-compliance-drug-cgmp-questions-and-answers
3. U.S. Food and Drug Administration. (2024, October). Electronic systems, electronic records, and electronic signatures in clinical investigations: Questions and answers. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/electronic-systems-electronic-records-and-electronic-signatures-clinical-investigations-questions
4. 4U.S. Food and Drug Administration. (2003, August). Part 11, electronic records; electronic signatures—Scope and application. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application
5. U.S. Food and Drug Administration. (2026, February). Computer software assurance for production and quality management system software. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/computer-software-assurance-production-and-quality-management-system-software
6. U.S. Food and Drug Administration. (2026, April). Warning letter to Purolea Cosmetics Lab: Inappropriate use of artificial intelligence in pharmaceutical manufacturing. https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters

Secondary Regulatory and Industry Analysis

7. Regulatory Affairs Professionals Society. (2026, April). FDA warns firm for inappropriate use of AI in drug manufacturing. https://www.raps.org/news-and-articles/news-articles/2026/4/fda-warns-firm-for-inappropriate-use-of-ai-in
8. Outsourced Pharma. (2026, April). FDA’s first cGMP enforcement action on AI misuse in drug manufacturing. https://www.outsourcedpharma.com/doc/fda-s-first-cgmp-enforcement-action-on-ai-misuse-in-drug-manufacturing-0001

Tertiary References (Conceptual and Contextual Sources)

9. Forbes. (2025). AI, data integrity & human oversight in pharma. https://www.forbes.com/councils/forbesbusinesscouncil/2025/11/03/ai-data-integrity-and-the-human-in-the-loop-what-pharma-can-teach-other-industries
10. Clinical Researcher Professional Society (CCRPS). (2025). Clinical research technology adoption report. https://ccrps.org/clinical-research-blog/clinical-research-technology-adoption-report-ai-and-digital-health-in-trials-2025
11. Clinical Trials Arena. (2025). AI challenges in clinical trial data management. https://www.clinicaltrialsarena.com/features/ai-takes-charge-of-data-but-challenges-linger/?cf-view
12. Chang E. (2025). How fast are AI companies evolving? Check this out. Institute for Business in Global Society. Harvard Business School. https://www.hbs.edu/bigs/perplexity-aravind-srinivas.
13. Project Management Institute. (2025). AI data governance best practices. https://www.pmi.org/blog/ai-data-governance-best-practices

About The Author:

Dawn Wydner is a senior vice president, regulatory compliance, at ELIQUENT, bringing extensive FDA regulatory compliance expertise as well as quality and compliance experience within industry. During her 10 years at the FDA, she was a commissioned public health service medical officer, conducting complex, thorough BIMO inspections to assess GCPs, GLPs, and GMPs under medical device and drug compliance programs domestically and internationally.  She also held quality and compliance leadership roles at Janssen Research & Development, overseeing global compliance initiatives and advising senior leadership.

Dawn provides clients with deep expertise across the full product lifecycle, from early development through post-marketing, covering regulatory compliance, audits, risk management, and quality oversight across all GxPs. Known for her strategic mindset and collaborative approach, she is a trusted subject matter expert.

She began her career as a registered nurse and holds a Ph.D. in health psychology and RQAP-GCP certification.