Skip to content

Why now

There is no FDA rulebook for AI agents yet. That does not save you when one acts.

The agent already made the call, and the investigation is about who owned it. That question is the old one, and the trap is the same: if your own system is the only witness, you are the suspect vouching for yourself. The proof has to be something your inspector can check without taking your word for it.

Who is on the hook when the agent gets it wrong?

You are. The QPPV who signs the safety system is in the deposition. The operator who ran the patient-access path is the one the federal recovery lands on, and that recovery hit a record 6.8 billion dollars in 2025. When the investigation comes, your defense is the record. And if your own system is the only thing vouching for that record, you are the suspect vouching for yourself.

This is not a new problem. A company cannot sign off on its own audit; that is why a SOC 2 report only counts when the auditor has no stake in it. Browsers stopped taking a certificate authority at its word and made the evidence public for anyone to check. The lesson is the same everywhere it matters: the party doing the work cannot be the only party proving it was done right. The proof has to come from somewhere you do not control, and your inspector has to be able to check it without trusting anyone, including us.

The rules already on the books

No one is waiting for an AI rulebook.

The FDA, the EMA, the OIG, and notified bodies already have the power to inspect and prosecute, under rules that predate every model. They do not mention AI. They do not need to. They put a named human on the call that matters, demand records that hold up under scrutiny, and, in patient access, name the operator as the one who answers for it. That is the bar your agent has to clear today.

  • Anti-Kickback Statute / FCA

    Standing

    In patient access, the operator is the prosecuted party. A manufacturer-funded path toward copay or foundation support can put the operator under the Anti-Kickback Statute and the False Claims Act, where federal recoveries hit a record 6.8 billion dollars in fiscal 2025. Here the operator cannot vouch for its own log; the record has to be one the operator does not control.

  • 21 CFR Part 11

    1997

    Electronic records and signatures, limited access, authority checks, time-stamped audit trails (11.10(e)), and every signature carrying its meaning (11.50). Written, almost verbatim, for exactly this.

  • 21 CFR §211.22

    Standing

    An independent quality unit, with authority that cannot be delegated to production, or to the software production builds. Under EU GMP Annex 16 a named Qualified Person carries the batch-release decision. The point is structural: the party that did the work cannot be the party that clears it.

  • ICH-GCP E6

    Standing

    Good clinical practice. A named investigator is accountable for the eligibility determination on every enrolled subject. An algorithm may screen; it cannot consent or enroll a patient.

  • 21 CFR Part 803 / EU MDR

    Standing

    Medical-device reporting. A reportable event starts a 30-day clock the moment it is determined to be reportable. A named regulatory-affairs reviewer owns that determination, whoever triaged the complaint.

  • EU GVP / 21 CFR §314.80

    Standing

    Pharmacovigilance. The seriousness and expectedness call on an adverse-event case sets the 15-day expedited clock, a substantive medical judgment a qualified person owns; ICH E2B(R3) carries the record forward. A QPPV holds continuous personal accountability for the whole system.

  • ALCOA+

    Standing

    Attributable, Legible, Contemporaneous, Original, Accurate, and complete, consistent, enduring, available. The data-integrity standard inspectors apply to every record, whoever, or whatever, created it.

What we do about it

The agent can move. A named person owns what matters.

That is the whole company in one line. We build and run AI agents that do real regulated work. They move fast on the routine cases. They stop at the calls a named person has to own. And the proof is something your inspector checks themselves, not something we ask them to take on faith.

We meet your agent where it already runs, on any framework, in your environment. The record and the action are written together, so an agent that acted but did not log cannot happen. The result is one signed file per case that anyone can check offline, against a published spec, with no access to your systems or ours. We never claim your system is compliant; that is your inspector's judgment, not ours. We just make sure no one ever has to take our word for anything.

The six primitives, mapped to the rules →

Keep reading

For life sciences

Complaint and adverse-event triage, batch release, the reportability call stays a named officer’s.

Read →

For oncology

Patient access, funding and appeals, and trial cohort identification, the eligibility attestation kept off the agent that ran the investigation.

Read →

The six primitives

Agents as employees, versioned grants, structural segregation of duties, gates, limits, signed audit.

Read →

Use cases

Where a governed agent must not act alone, every workflow has a one-way door.

Read →

How it compares

Guardrails, gateways, observability, and the authorization layer only MakerChecker provides.

Read →

See it for yourself

Have the answer before the question.

One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.

Book a demoRead the docs

Designed against the rules your auditors already enforce.