Imagine a paper logbook in a pharmaceutical plant. Every time someone writes in it, you know who wrote it, when they wrote it, and exactly what they wrote. If someone changes an entry, the original ink stays visible under the correction. That logbook builds trust through physical evidence.
21 CFR Part 11 exists to make electronic systems trustworthy in the same way. It requires that digital records carry the same credibility as that paper logbook — that you can prove who touched them, when, and exactly what changed. The regulation does not care whether the system touching your records is a data entry form, a QMS platform, or an AI tool. The same rules apply.
FDA investigators cite Part 11 violations in roughly 15 percent of all warning letters, with missing or unreviewed audit trails among the most common findings. In late 2025, warning letters from CDER increased 73 percent over the same period in 2024. The message from FDA is consistent: the agency treats electronic record integrity failures as evidence of broader quality system failure, not administrative oversight.
AI tools change the nature of how records get accessed and used. Understanding what Part 11 requires when AI enters the picture is not optional for quality and regulatory teams at FDA-regulated manufacturers.
Any electronic record that your facility is required to keep under FDA regulations falls within Part 11’s scope. This includes batch records, CAPA documentation, SOPs, validation protocols, deviation records, change control documentation, and complaint records. When an AI system reads any of these records to generate a response, summary, or recommendation, it is interacting with Part 11 records.
What the regulation actually says
21 CFR Part 11 covers two types of electronic systems: closed systems and open systems. The distinction between them determines your compliance burden.
A closed system is one where the people responsible for the regulated records also control the electronic environment those records live in. Your facility owns the servers, manages the network, controls who has access, and can independently verify what happened. Section 11.10 governs closed systems.
An open system uses electronic infrastructure the organization does not directly control, such as the internet or a third-party platform. When records travel outside your controlled environment, the verification problem becomes harder. Section 11.30 governs open systems — and it requires everything in Section 11.10 plus additional measures including document encryption and use of appropriate digital signature standards.
Cloud AI tools are open systems. When your quality team submits a CAPA record to a cloud AI platform for analysis, that record leaves your controlled environment and transits to infrastructure you do not own or manage. The open system requirements of Section 11.30 apply to that interaction.
“Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records, and shall include those identified in §11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure record authenticity, integrity, and confidentiality.”
On-premises AI running inside your own network is a closed system. You control the infrastructure, which means you manage compliance from your own quality management system rather than depending on a vendor to provide evidence of controls you cannot independently verify.
The four requirements cloud AI makes hardest
Section 11.10 lists eleven specific requirements for closed systems. Four of them create the most friction when AI enters the picture through a cloud environment.
Validation. Section 11.10(a) requires validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. Every software system that touches Part 11 records requires documented evidence that it performs as intended. For AI systems, this means validation extends to the model itself — its outputs need to be accurate, consistent, and traceable. FDA’s Computer Software Assurance (CSA) guidance, finalized in September 2023, replaced the older Computer Software Validation framework with a risk-based approach. It reduces the documentation burden for lower-risk functions but does not eliminate the validation requirement. AI tools that influence GxP decisions require assurance regardless of the approach used.
Audit trails. Section 11.10(e) requires secure, computer-generated, time-stamped audit trails that independently record the date and time of every operator entry or action that creates, modifies, or deletes an electronic record. Changes cannot obscure previously recorded information. These audit trails must be retained for at least as long as the records themselves and must be available for FDA review and copying. When an AI system accesses your records on a cloud platform, the audit trail for that access lives in the vendor’s infrastructure. You cannot generate, control, or independently certify the completeness of that audit trail. During an FDA inspection, answering questions about AI-generated access to your records requires getting that information from the vendor, not from your own QMS.
Access controls. Section 11.10(d) and (g) require limiting system access to authorized individuals and using authority checks to ensure only those individuals can use the system, sign records, alter records, or access devices. In a cloud AI environment, your data may share infrastructure with other customers, depending on the vendor’s architecture. Even with enterprise agreements and private tenancy, the access control environment exists outside your direct management. Documenting and verifying those controls for FDA purposes means relying on vendor-provided evidence rather than your own auditable records.
Data integrity. FDA uses the ALCOA+ framework to assess electronic record quality: records must be Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available. Cloud AI systems that process your records introduce a chain of custody question. Once a record transits to an external system, confirming its integrity throughout that journey requires documentation and verification your organization did not generate. On-premises AI keeps the chain of custody entirely within your controlled environment.
Warning letters from CDER increased 73 percent in the second half of 2025 compared to the same period in 2024. Approximately 15 percent of all warning letters in that period cited data integrity failures. Common findings included uncontrolled deletion or modification of electronic data, failure to review audit trails, and inadequate backups. These are all Part 11 categories that AI system deployments need to address before an investigator asks about them.
What FDA’s new AI guidance adds
FDA issued its first AI-specific draft guidance in January 2025: “Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products.” The guidance establishes a seven-step credibility assessment framework requiring sponsors to define the AI model’s intended use, assess model risk based on influence and decision consequence, and document the credibility assessment plan and its execution.
The guidance applies specifically to AI used in regulatory submissions. But the credibility framework it establishes signals how FDA thinks about AI evidence more broadly: the agency wants to know the context of use, the risk level, and the documented basis for trusting the output. Those are the same questions an investigator asks about any Part 11 system.
In January 2026, FDA and EMA jointly published “Guiding Principles of Good AI Practice in Drug Development,” a set of ten high-level principles for AI use across the product lifecycle. The principles cover transparency, human oversight, data quality, and documentation. None of them soften Part 11 requirements. They reinforce the same framework: AI outputs that inform regulated decisions require the same evidentiary standards as any other electronic record.
“AI systems that process protected health information or regulated manufacturing records will be subject to the same documentation, validation, and integrity standards as any other software system in a GxP environment. The technology does not change the requirement.”
Adapted from FDA CSA Guidance and 21 CFR Part 11 scope guidance
What your quality team needs to answer before deploying AI
Before any AI tool touches regulated records in your facility, your quality team needs clear answers to four questions. FDA investigators will ask them.
Is this a closed or open system? If the AI runs on external infrastructure, it is an open system and the additional requirements of Section 11.30 apply. Your quality system documentation needs to reflect that classification and address encryption and data integrity controls for the external environment.
Is the system validated? Under FDA’s CSA guidance, the depth of validation scales with risk. An AI tool whose outputs directly enter batch records requires more rigorous assurance than one whose outputs support human review. Either way, validation documentation needs to exist before the tool goes live, not after an investigator asks for it.
Can you independently produce the audit trail? Section 11.10(e) requires that audit trail documentation be “available for agency review and copying.” If the audit trail for AI interactions with your records lives in a vendor’s system, can you retrieve a complete, unmodified copy independently? The answer to that question needs to be yes, and you need documentation of how.
Who controls access? Your quality system must document access controls for every system that touches Part 11 records. If access to the AI system is managed through a vendor’s admin console rather than your own user management infrastructure, that is an access control configuration your QMS needs to account for and verify on a defined schedule.
The architecture answer
On-premises AI running inside your facility’s own network keeps all four of these questions inside the compliance framework your quality team already manages. The system falls under Section 11.10 as a closed system. Validation, audit trails, access controls, and data integrity documentation all exist within your own infrastructure, accessible to your own QMS, producible for FDA review without vendor involvement.
This does not mean on-premises AI requires no compliance work. Validation is still required. Access controls still need documentation. Audit trail review still needs to happen on schedule. The difference is that your quality team performs and owns all of it rather than managing a vendor relationship to verify that someone else’s controls meet your regulatory requirements.
An FDA investigator who asks about an AI system’s audit trail should receive an answer from your quality team, drawn from your own records. When AI inference runs inside your own network, that is the answer you can give.
Classify the system as open or closed. Complete validation documentation under FDA’s CSA risk-based framework before go-live. Confirm your ability to independently retrieve complete audit trails. Document access controls in your quality management system. Review your SOPs to address AI-generated record interactions explicitly. If the system is cloud-based, address encryption and data integrity controls required under Section 11.30. If it runs inside your own network, verify that your existing closed-system controls cover it.