PIC/S Annex 22 Explained: What Pharmaceutical Manufacturers Must Know About AI Validation

Why Annex 11 Was Never Enough for AI

Short Answer: Annex 11 (Computerised Systems) governed pharmaceutical software using principles designed for deterministic systems—identical inputs producing identical outputs every time. AI doesn’t work that way. Machine learning models find patterns in data and make predictions based on probabilities. Some systems learn continuously from new data, adapting behaviour during operation. This unpredictability created a regulatory gap that Annex 22 now closes by addressing the probabilistic, data-driven nature of AI.

Traditional software validation assumed reproducibility. A classification model might produce different outputs from identical inputs depending on training data, hyperparameters, or ongoing learning. When your automated system classifies batches or flags deviations, regulators need absolute confidence that decisions are reproducible, explainable, and traceable. Annex 11 lacked vocabulary to govern “black box” algorithms. PIC/S Annex 22 resolves this by drawing clear lines: some AI architectures are acceptable in critical applications if properly controlled. Others are prohibited entirely.

What PIC/S Annex 22 Actually Regulates (and What It Doesn’t)

 Annex 22 applies to all AI/ML models in medicinal product manufacturing, but strictest requirements govern critical applications—systems with direct impact on product quality, patient safety, or data integrity. Critical applications include batch disposition, automated quality control, deviation classification, and release testing. Non-critical applications, such as SOP drafting, can leverage broader AI capabilities with qualified Human-in-the-Loop (HITL) oversight.

The central pivot is “Criticality.” Critical applications require strict controls: Automated Visual Inspection for sterility, Real-time Release Testing, predictive maintenance for sterile barriers, In-Process Control to adjust Critical Process Parameters, automated quality decisions, and deviation classification. Non-critical applications—such as SOP drafting, training materials, project planning, and historical analysis—allow broader AI use but require HITL review.

The decisive test: if AI directly affects whether medicine reaches patients, strictest controls apply. If human experts must review all outputs before GMP action, lighter controls may suffice.

The Non-Negotiable Rule: Static, Deterministic Models Only

Short Answer: PIC/S Annex 22 prohibits dynamic models that continue learning during operation, probabilistic systems producing variable outputs, and generative AI in critical decision-making. Only static AI models with deterministic outputs—parameters frozen after training, identical inputs producing identical results—are acceptable for critical GMP use.

In scope (acceptable concept):

• Static (“frozen”) models — no learning/adaptation during operation
• Deterministic outputs — identical inputs → identical outputs
• Operated under change/configuration control with defined re-test triggers

Not to be used in critical GMP (per Annex 22 scope statements)

• Dynamic models that continuously/automatically learn in use
• Probabilistic/non-deterministic outputs (same input may not yield the same output)
• Generative AI / LLMs in critical GMP applications

Why this matters: Prevents “moving target” validation risk: deployed behaviour must remain stable unless formally changed and re-assessed.

If you’ve deployed adaptive AI evolving with production data, that architecture is non-compliant. Fundamental redesign is required before mandatory enforcement.

What Counts as a “Critical AI Application” Under Annex 22

Short Answer: If AI can stop or release a batch, it’s critical. Applications directly affecting product quality, patient safety, or data integrity require full Annex 22 compliance. Examples include batch disposition decisions, QC result interpretation, automated deviation assessment, stability predictions, and contamination detection. These demand static models, complete validation evidence, and continuous performance monitoring.

Core Validation Requirements Under Annex 22.

Short Answer: Compliance rests on five mandatory pillars:

1. SME-approved Intended Use Definition
2. Test Data Independence with technical controls,
3. Representative Sampling covering edge cases,
4. Explainability and Confidence Scoring,
5. Performance Metrics are as stringent as manual processes.

Together, these create traceable, reproducible AI validation.

Pillar 1: Intended Use Definition

Every model requires comprehensive documentation approved by process SMEs before testing. This specifies: what the model predicts, expected input data and variations, limitations and biases, defined subgroups, and operator responsibilities. This foundation determines validation scope and acceptance criteria—no SME approval means no testing.

Pillar 2: Test Data Independence

Most validation fails here. Test data must be completely independent from training/validation datasets. Technical and procedural controls required: access restrictions with audit trails, four-eyes principle, version control, and independence documentation. If developers see test data, they can optimise to pass tests rather than demonstrate real-world performance.

Pillar 3: Representative Sampling and Verified Labelling

Test data must cover complete input space—not just common scenarios. Stratified sampling covering all subgroups, rare variations, boundary conditions, and edge cases. Labels require independent expert verification, validated measurements, laboratory results, and SME cross-validation. No validating against incorrectly labelled data.

Pillar 4: Explainability and Confidence Scoring

Critical applications must explain decisions. Feature attribution (SHAP, LIME, heat maps) shows which inputs drove classifications—auditors verify appropriate feature use, not spurious correlations. Confidence scoring flags “undecided” outputs when below thresholds, escalating to human review for situations outside validated experience.

Pillar 5: Performance Metrics and Acceptance Criteria

SMEs define metrics at least as stringent as replaced processes before testing: confusion matrix, sensitivity, specificity, accuracy, precision, F1 score, and task-specific metrics. If you can’t quantify current manual performance, you can’t validate AI replacement.

Validation Does Not End at Go-Live: Ongoing Operational Controls

Short Answer: Annex 22 mandates continuous controls: change control for modifications, configuration management, detecting unauthorised changes, performance monitoring for drift, and input space monitoring, ensuring data stays within validated boundaries. These maintain “validated state” throughout operational life.

1. Change Control: Any model, system, or process change requires revalidation and evaluation. Model retraining, new data sources, process parameter changes, and infrastructure updates all trigger assessment. Decisions not to retest require documented technical justification—”vendor approved” isn’t acceptable.
2. Configuration Management: Version control for models, training scripts, and validation artefacts. Access restrictions, audit trails, and checksums ensure production matches the validated configuration.
3. Performance Monitoring: Continuous tracking against validated metrics with automated alerts for degradation. Statistical process control detects gradual deterioration. When drift is detected, escalate to QA for investigation and potential revalidation.
4. Input Space Monitoring: Verify operational data stays within validated ranges. Statistical measures detect distribution shifts. Alerts flag out-of-range inputs. Escalation when novel feature combinations appear. This prevents “silent failures” in encountering untrained situations.

Australian Context: Why TGA Inspectors Will Expect Annex 22 Alignment

Short Answer: While TGA hasn’t formally adopted Annex 22, Australia’s PIC/S membership means inspectors know these expectations and will align practices with PIC/S guidance. Proactive implementation demonstrates leadership, reduces future disruption, and builds inspection-defensible systems.

Australia joined PIC/S in 2013, committing to align with its guidance. TGA inspectors receive PIC/S training and reference standards during inspections. Manufacturers waiting for formal adoption face compressed timelines and the risk of non-conformances.

 Annex 22 aligns with ISO 42001:2023 (AI Management Systems). Pursuing both creates cohesive governance satisfying global expectations.

Common Missteps We’re Already Seeing

1. “The vendor validated it”; You cannot delegate validation responsibility. Obtain complete documentation: intended use, test independence confirmation, explainability evidence, performance metrics, and change procedures.
2. Test data leakage: Splitting test from shared pool without access controls.
3. No SME-approved intended use: Starting testing before SMEs approve the scope and limitations.
4. Black-box models with no explainability: Deploying complex models without feature attribution or confidence scoring. Inspectors will ask, “Why did it decide this?”—and you must answer.

The Bottom Line—Annex 22 Is an Enabler, Not a Barrier

PIC/S Annex 22 isn’t blocking pharmaceutical AI adoption—it’s creating framework for sustainable innovation. By establishing clear boundaries and rigorous controls, manufacturers deploy AI confidently while protecting patients and product quality.

The guidance reflects regulatory maturity. Innovation is welcome within controlled parameters.

Organisations starting implementation now will be inspection-ready when Annex 22 becomes mandatory. More importantly, they’ll build reliable, explainable AI systems aligned with pharmaceutical quality principles.

The era of regulated AI in pharmaceutical manufacturing has arrived. The question isn’t whether to comply—it’s how quickly you build governance, processes, and culture, making compliance automatic.

If you’re using or planning AI in GMP environments, the question isn’t whether Annex 22 applies—it’s whether your current controls would stand up in front of an inspector.