Artificial Intelligence and LLMs in Regulatory Affairs (original) (raw)
[Revised January 29, 2026]
The Transformative Role of AI and Large Language Models in Regulatory Affairs
Overview of Regulatory Affairs Across Industries: Regulatory affairs (RA) professionals ensure that products and services comply with laws, standards, and regulations to protect public and financial interests. Traditionally, RA is most prominent in health-related fields: pharmaceuticals, biotechnology, and medical devices, where agencies like the FDA (USA) or EMA (EU) require rigorous approval processes. For example, in pharmaceuticals, RA specialists manage new-drug approvals, safety monitoring, and clinical trial compliance [1] [2]. In the medical device industry, a dedicated framework (e.g. the EU’s MDR) ensures patient safety; the RA department identifies applicable standards, interprets requirements for internal stakeholders, and guides product approvals [3] journals.aboutscience.eu. Figure: A laboratory setting highlighting the importance of medical device regulation. Regulatory affairs in this sector “aim to protect the patient and ensure health benefits” by enforcing safety and efficacy standards [3].
Beyond healthcare, RA functions exist wherever regulation safeguards interests. For instance, finance and banking have extensive compliance units: they enforce rules on banking operations, investments, insurance, audits, and anti-money-laundering (AML) practices [4] [5]. Other regulated sectors include food and beverages (food safety, labeling), environment and natural resources (pollution control, emissions, sustainability), technology and telecommunications (data privacy, cybersecurity, telecom licensing) [6] [7]. In fact, one industry analysis notes that RA roles are “particularly prominent” not only in pharmaceuticals and agrochemicals but also in telecoms, cosmetics, finance, and any field where regulators protect public interests [7] [6]. In each sector, RA teams monitor legislation, advise management on requirements, prepare and review compliance documentation, and liaise with authorities [7]. These multidisciplinary efforts ensure that products and services meet regulatory criteria throughout their lifecycle [2] [3].
- Pharmaceuticals/Biotech: Drug approval dossiers, pharmacovigilance, quality assurance (cGMP) – RA coordinates submissions to FDA/EMA and monitors safety.
- Medical Devices: Documentation for CE/510(k) approvals, clinical evaluation reports, post-market surveillance – RA ensures compliance with device-specific regulations [3] journals.aboutscience.eu.
- Finance/Banking: Compliance programs for AML/BSA, SEC/FINRA rules, audit readiness – RA/compliance teams translate laws into internal policies and reporting systems.
- Food & Environment: Safety certificates, labeling compliance, emissions reporting – RA units implement standards (e.g. FDA food codes, environmental statutes) and maintain records.
- Tech & Telecom: Data protection policies (e.g. GDPR), cybersecurity standards, licensing regulations – RA ensures products and communications comply with recent tech laws [8] [7].
Each of these fields shares the goal of protecting consumers or the public. RA professionals must stay abreast of evolving standards (e.g. new EU medical regulations, changing banking laws) and translate them into company practices [7] [6]. The regulatory landscape is global and fragmented: different countries and agencies may have distinct or conflicting requirements, creating complexity for multinational companies.
Traditional Compliance and Document-Handling Challenges: Managing regulatory compliance has long been cumbersome. Life sciences companies, for example, juggle vast volumes of complex documents: submission dossiers, trial reports, quality manuals, and more. These documents are frequently updated, leading to version-control issues. One regulatory tech analysis notes that “complex document revisions” with frequent updates can cause non-compliance risks if version control fails [9]. Similarly, having multiple product lines (and thus multiple portfolios of regulations) often results in scattered, disorganized storage. As one industry report puts it, “ fragmented document storage” and “manual workflows” amid ever-evolving global standards can lead to delays, non-compliance, and even financial penalties [9].
The human factor adds further difficulties. Regulatory content must be consistent and error-free: any oversight in a submission can delay approvals or trigger audits. For instance, inconsistencies across documents can cause misinterpretation; incomplete records can “jeopardize the validity” of a study roboreg.ca. Ensuring audit readiness at any time demands meticulous organization and frequent checks. Additionally, large-scale regulatory programs involve coordination across departments, often across languages and regions, which increases overhead. In short, firms face:
- Rapidly Changing Rules: Regulations are constantly evolving (e.g. yearly guideline updates). Keeping up is “daunting,” and failure to use the latest standards can lead to rejections of submissions roboreg.ca.
- Volume and Version Control: Hundreds or thousands of pages of regulation and company documents, with frequent revisions, create a version-control nightmare [9].
- Manual Processes: Much of RA work (document reviews, ga Computer System Validation (CSV) is, its crucial role in pharmaceutical and biotech compliance, ensuring data integrity and regulatory adherence for patient safety.p analyses, audit prep) has traditionally been manual, time-consuming, and error-prone [9] roboreg.ca.
- Data Integrity & Security: Protecting sensitive regulatory data (clinical results, trade secrets) is critical. Large unstructured datasets are susceptible to errors or breaches if not carefully managed (as regulatory oversight becomes increasingly digital, security is a greater concern [10]).
- Global Coordination: Multilingual requirements and divergent jurisdictional rules add complexity (e.g. labeling in local language, dual-language approvals, differing national guidelines).
Together, these challenges make RA resource-intensive. Companies invest heavily in compliance teams and systems to avoid costly non-compliance issues.
AI in Regulatory Affairs: Addressing Key Problems
Artificial intelligence (AI), especially generative AI and large language models (LLMs), promises to alleviate many RA burdens. By automating language-intensive tasks, AI can reduce manual workload, improve accuracy, and accelerate response to regulatory changes. Leading consulting analyses highlight that generative AI can transform regulatory workflows in three key ways [11]:
- Understanding Regulations: LLMs can parse and summarize complex regulatory texts. Users can “ask questions and receive answers grounded in facts” about dense documents, focusing on relevant sections [12]. For example, instead of manually sifting a guideline, a compliance officer could query an AI: “What are the FDA’s requirements for data submission in clinical trials?” The AI would scan the guidance and extract the answer, even comparing multiple country regulations and synthesizing the result [12]. This makes exploring lengthy rules or comparing international requirements far faster than manual review.
- Compliance Gap Analysis: AI can compare current company documents (policies, SOPs) against new or updated regulations. By highlighting discrepancies, the model accelerates “gap assessments and compliance analyses” [13]. For instance, after a new data protection regulation is released, an LLM could automatically identify outdated statements in a firm’s privacy policy. Some platforms even suggest remediation strategies to address identified gaps, guiding teams on required updates [14].
- Document Generation and Updates: Once differences are identified, AI can draft or update policies, standard operating procedures, and submission documents accordingly. Generative models can create first-draft sections of regulatory submissions, labeling documents, or training materials [15]. For example, Merck’s pharmaceutical division uses an internal AI tool to generate first drafts of regulatory documents for health authority submissions; these drafts are then reviewed and edited by experts [16]. This greatly reduces the rote writing burden on highly specialized scientists. AI can also help train personnel on new requirements via Q&A chat interfaces or by generating questionnaires (as tested in a medical-device use case) [17].
- Regulatory Intelligence and Alerts: Beyond static tasks, AI can monitor public sources. LLMs can continuously scan and flag regulatory news or guideline updates from agencies (FDA, EMA, MFDS, etc.), alerting RA teams in real time. In a proof-of-concept study, AI was tasked with answering queries from a repository of 100 global guidance documents. The LLM delivered accurate responses about regulatory criteria in ~77% of cases, demonstrating its promise to speed up information gathering in RA [18]. In January 2026, the FDA and EMA jointly released "Guiding Principles of Good AI Practice in Drug Development," a landmark accord addressing "shadow use" of LLMs by analysts and mandating continuous monitoring for "data drift" ema.europa.eu.
- Multilingual Compliance Support: Modern LLMs support many languages and dialects. They can translate and localize regulatory content while preserving legal nuance. For global companies, this is vital: one analysis of multilingual LLMs notes that outputs can be generated “in local legal dialects, not just translated scripts,” preserving tone and context (e.g. formal phrasing in French or nuances in Arabic) [19]. This helps firms produce compliant documentation in markets like Japan, UAE, or EU regions without requiring separate translation teams for each update.
- Predictive Analytics: Some AI approaches use historical regulatory and market data to forecast outcomes. For instance, one expert notes that AI can analyze past approval data to predict regulatory decisions and anticipate questions from review committees [20]. Such forecasting can inform strategy (e.g. focus on gaps most likely to be flagged) and prioritize resources on high-risk areas.
In summary, AI-powered tools offer improved efficiency, consistency, and insight in RA. By handling repetitive text analysis and creation tasks, they free professionals to focus on higher-level strategy. These capabilities make AI particularly well-suited for regulatory domains that are heavily text-based and rules-driven.
Capabilities of Large Language Models (ChatGPT, Gemini, etc.) in Regulatory Tasks
Large Language Models (LLMs) like OpenAI's ChatGPT (now GPT-4o and GPT-5, released August 2025) and Google's Gemini (now Gemini 3.1 Pro as the current flagship) are at the forefront of generative AI applications. They excel at understanding and generating human-like text, which directly maps to many RA tasks:
- Text Generation: LLMs can draft high-quality language for submissions, reports, and communications. For example, companies are using ChatGPT to write draft sections of regulatory submissions, standard operating procedures, and compliance reports [15] [16]. ChatGPT’s ability to produce coherent, structured text means it can output initial versions of documents (e.g. risk analyses, labeling text) that humans then refine. Similarly, Google’s Gemini can compose content and even code snippets if needed for internal tools.
- Summarization and Q&A: LLMs can compress long documents into concise summaries or answer specific questions about them. In a healthcare regulatory context, a LLM was able to parse health authority guidance and provide answers to targeted queries, greatly reducing research time [21] [18]. This is valuable for literature reviews or drafting executive summaries of technical files. ChatGPT’s chat interface also allows interactive exploration: an RA expert can iteratively probe regulations by refining their prompts.
- Compliance Analysis: By processing regulatory text, LLMs can highlight obligations and detect inconsistencies. For example, given a new regulation, a model can list required actions (e.g. training, labeling changes) or compare it against existing SOPs. In practice, advanced NLP tools already flag missing content in dossiers and suggest updates [14]. LLMs generalize this by “thinking” across entire documents and past cases.
- Multilingual Support: ChatGPT and Gemini support dozens of languages and cross-lingual queries. They can translate documents, but importantly, generate new text directly in target languages. As one industry analysis warns, simply translating English compliance language often fails to capture legal nuances [22]. Multilingual LLMs trained on global legal data can produce regulatory text that “compliance by design” in local markets [19]. For instance, Gemini’s real-time web training may include up-to-date local legislation, while ChatGPT’s GPT-4o variant is also multilingual. This enables a firm to coordinate filings in multiple regions using one AI assistant.
- Knowledge Integration: Some LLMs can be connected to enterprise knowledge bases. For example, ChatGPT’s enterprise offerings allow uploading of internal documents. This means a company can build an AI assistant with access to its proprietary dossiers, policies, and historical submissions. Queries then yield answers grounded in both open regulations and the company’s own files.
- Automated Reasoning: LLMs like GPT-5.2 have shown strong reasoning abilities in tasks like coding or legal analysis. This can help in compliance scenarios: for instance, generating decision-trees for compliance processes or writing test cases for system validation.
While promising, these models have limitations. They may hallucinate (generate incorrect statements) or lack domain-specific knowledge. To mitigate this, companies are developing domain-specific LLMs. For example, Writer has released Palmyra-Med (a 70B-parameter LLM) trained on medical corpora, and Palmyra-Fin for finance. Palmyra-Med averages 85.9% accuracy across medical benchmarks, surpassing Med-PaLM-2 and even outperforming human test-takers on PubMedQA (81.1% vs. 78.0%) [23] [24]. Palmyra-Fin notably scored 73% on the CFA Level III exam, becoming the first model to pass this prestigious investment certification [23]. By fine-tuning on sector-specific data, these models achieve higher accuracy and reliability for RA tasks (e.g. pharmacovigilance queries or regulatory compliance standards). Using such tailored LLMs can reduce errors in specialized content generation and improve compliance with domain norms, while costing substantially less than frontier models—Palmyra-Med is priced at 10permillionoutputtokenscomparedto10 per million output tokens compared to 10permillionoutputtokenscomparedto60 for GPT-4 [24].
In practice, organizations often compare multiple LLMs for their needs. OpenAI's GPT-5 (released August 2025) offers expanded agentic capabilities, enabling it to act as an enterprise agent rather than just a chatbot—automating SOPs, training modules, and compliance monitoring [25]. GPT-5 can be fine-tuned to always include required safety language or check that certain criteria are mentioned in documents. Google's Gemini (now at Gemini 3.1 Pro) offers real-time internet integration and enhanced multimodal inputs (e.g. analyzing an image of a regulation figure), and has achieved expanded compliance certifications including ISO 42001, HITRUST (May 2025), and PCI-DSS v4.0 for healthcare and financial workflows [26]. Gemini is fully enabled for HIPAA-covered workloads when paired with Google's Business Associate Agreement. Anthropic's Claude and Meta's LLaMA models are also used in some organizations (Merck's GPTeal platform supports both LLaMA and Claude under the hood [27]), each with their own trade-offs in creativity vs. conservatism. The key is that a mix of LLMs – generalists, specialists, and even open-source ones – may be applied to different parts of the RA workflow.
Comparative Analysis of Leading LLMs in Regulatory Affairs
| Model | Strengths | Limitations |
|---|---|---|
| OpenAI GPT-5 (August 2025) | Agentic capabilities for enterprise automation; can fine-tune for compliance-specific language; strong reasoning and code abilities; expanded context window. | Higher cost; requires robust governance for enterprise deployment; potential for sensitive data exposure without proper guardrails. |
| OpenAI GPT-4o (now succeeded by GPT-5.2) | Highly fluent text generation; multimodal (text, images, audio); mature API ecosystem; widely deployed. | May produce occasional inaccuracies ("hallucinations"); requires validation of outputs. |
| Google Gemini 3.1 Pro | Real-time internet access for up-to-date data; ISO 42001, HITRUST, PCI-DSS v4.0 certified; HIPAA-ready with BAA; multimodal inputs; 2/2/2/12 per MTok. | Automatic data access permissions on mobile have raised privacy concerns; regulatory inquiries ongoing in Europe. |
| Specialized LLMs (Palmyra-Med/Fin) | Palmyra-Med: 85.9% on medical benchmarks, outperforms humans on PubMedQA; Palmyra-Fin: first to pass CFA Level III (73%); 6x cheaper than GPT-4 (now deprecated) [23]. | Fewer parameters than frontier models; not recommended for direct patient care; requires qualified oversight. |
| Anthropic Claude | Strong safety alignment; detailed responses; signed EU AI Act Code of Practice (December 2025). | Slightly less powerful on complex reasoning benchmarks compared to GPT-5. |
| Open-Source (LLaMA 3, etc.) | Customizable and free to deploy on-prem; privacy-friendly; no vendor lock-in. | Require in-house expertise to fine-tune and secure; Meta has not signed EU AI Act Code of Practice. |
For regulatory tasks, accuracy and trustworthiness are paramount. A multi-model strategy is emerging: use GPT-5.2 for creative drafting, Gemini for fact retrieval and updates, and specialized models for domain-critical text. Enterprises often wrap these in governance layers: for instance, Merck’s “GPTeal” platform lets employees query ChatGPT, LLaMA or Claude securely with enterprise controls [27]. This way, Merck leverages the best of each while tracking usage and protecting data.
Real-World Use Cases and Case Studies
Pharmaceutical and Biotech: Major pharma companies have moved beyond pilots to enterprise-wide AI deployment. Merck (MSD) developed an internal AI interface ("GPTeal") that now serves approximately 50,000 employees monthly—roughly two-thirds of the company—securely using LLMs for writing tasks [28]. In a breakthrough announced in June 2025, Merck's AI-powered clinical authoring platform reduced the time to create first drafts of Clinical Study Reports (CSRs) from two to three weeks to just three to four days, while reducing errors by 50% [29]. Similarly, Pfizer has rolled out its generative AI platform "Charlie" (named after co-founder Charles Pfizer) to thousands of marketing employees and agency partners. Charlie can fact-check, perform legal reviews, and create compliant content with a color-coded risk system (red/yellow/green) to alert staff when human review is needed [30]. Pfizer's AI-powered predictive machine learning research hub can now identify promising drug candidates in 30 days or less, compared to months or years using traditional methods [31]. Startups and CROs continue to offer AI tools to automatically tag and summarize dossiers, or to generate clinical study reports with AI assistance (often under human supervision).
Medical Devices: A recent academic study tested ChatGPT on a simulated device registration process. Researchers prompted the LLM with aspects of the EU MDR requirements (2017/745) and asked it to perform tasks like creating checklists or translating regs into plain language. They found ChatGPT could produce reasonably structured outputs, but required precise prompt engineering. The conclusion emphasized that ChatGPT “represents a powerful tool to support decision-making” in device RA, improving efficiency when users apply strategic prompting and review journals.aboutscience.eu. The study suggests that in practical device trials, AI could help formulate technical documentation and survey questions, but experts must guide and validate the outputs.
Financial Services: Banks and financial institutions are exploring LLMs for compliance. IBM notes that LLMs (e.g. GPT-4) have been evaluated for anti-money-laundering (AML) compliance: they can automate transaction monitoring, flag suspicious patterns, and assist investigators [5]. For example, an LLM could parse customer transaction records and compliance guidelines to highlight unusual behavior, or suggest audit follow-ups. Pilot projects at large banks (like JPMorgan Chase) have used generative AI to draft compliance reports or analyze regulatory filings. These applications promise “driving compliance and efficiency” by automating rule checks and anomaly detection [5].
Global Regulatory Intelligence: Several initiatives use LLMs to handle international compliance data. One project ingested 100 guidelines from various health authorities into an AI system. When regulatory professionals asked the LLM questions (e.g. FDA’s stance on AI in manufacturing), about 77% of responses were accurate or nearly so compared to source documents [18]. This suggests LLMs can aggregate and answer queries across multiple regulatory sources much faster than manual research. Companies are beginning to deploy chatbots trained on their regional regulators’ documents to answer employee queries about upcoming rule changes, submission requirements, or labeling criteria. These AI assistants serve as a rapid Q&A for RA teams.
Other Sectors: While less documented in open sources, similar pilots occur in telecoms (AI helps interpret new spectrum regulations), energy (LLMs draft environmental compliance reports), and food (AI summarizes FDA food safety updates). The common theme is using AI to reduce routine research and writing.
In all these cases, AI does not replace experts but augments them: it handles tedious analysis so professionals focus on judgment and strategy. Early adopters report significant time savings – for example, Deloitte estimates that AI could eliminate many hours of manual regulation review [11] – and faster turnaround on submissions and audits.
Evaluating AI for your business?
Our team helps companies navigate AI strategy, model selection, and implementation.
Risk Considerations, Validation, and Governance
Introducing AI into regulatory workflows brings new risks that must be managed carefully. Since regulatory content is sensitive, errors can have serious consequences. Key considerations include:
- Output Accuracy and Hallucinations: LLMs can sometimes generate plausible-sounding but incorrect or fabricated information. In a regulatory context, a hallucinated rule or misinterpreted guideline could mislead compliance efforts. Therefore, all AI-generated content must be reviewed by qualified professionals. As one study on medical-device RA notes, maximizing AI’s benefits “requires continuous training, prompt optimization, and adaptation,” meaning users must be adept at shaping AI outputs and critically evaluating them journals.aboutscience.eu. Companies should adopt a “human-in-the-loop” approach, verifying every AI draft against source documents and regulations.
- Data Privacy and Security: RA teams handle proprietary and confidential data (clinical trial results, formula details). Feeding this information into a cloud-based LLM can risk leaks. For example, one corporate CIO highlighted that unprotected use of ChatGPT could inadvertently expose IP or patient information [32]. To mitigate this, organizations implement secure access (e.g. Merck's GPTeal, which isolates queries in a private environment) and data anonymization. Industry best practices call for encryption, strict access controls, and compliance with data protection laws (e.g. HIPAA, GDPR) when using AI tools. In healthcare RA, LLMs could potentially reveal personal data, so anonymization and secure data handling are mandatory. Modern enterprise AI platforms now support regional data residency, private routing, and custom retention windows for stricter compliance alignment [33].
- Regulatory Oversight: The FDA issued its first comprehensive AI guidance in January 2025: "Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products." This draft guidance proposes a seven-step risk-based credibility assessment framework requiring sponsors to: (1) define the question of interest, (2) define the context of use, (3) assess model risk, (4) develop a credibility plan, (5) execute the plan, (6) document results, and (7) discuss deviations [34]. The guidance was informed by more than 500 AI-related drug and biological product submissions since 2016. In May 2025, the FDA launched "Elsa," an internal generative AI tool that enabled reviewers to "perform scientific review tasks in minutes that used to take three days." In January 2026, the FDA and EMA jointly released "Guiding Principles of Good AI Practice in Drug Development," establishing ten common principles across both regulatory systems ema.europa.eu. The EU AI Act is now fully in force: prohibited AI practices became applicable in February 2025, GPAI model obligations took effect in August 2025 (requiring training data documentation and copyright compliance), and high-risk AI system requirements become fully applicable on August 2, 2026 artificialintelligenceact.eu. Penalties for non-compliance are significant: up to €35 million or 7% of worldwide turnover. RA teams must now ensure their AI tools comply with these requirements.
- Ethical and Bias Concerns: AI models reflect their training data. If an LLM is trained mostly on English-language or Western-sourced documents, it might underrepresent perspectives or regulations from other regions, inadvertently biasing compliance advice. Enterprises must ensure that AI tools cover all relevant jurisdictions and that biases are checked. Deloitte emphasizes that deploying generative AI ethically requires "robust governance frameworks and ongoing monitoring" to detect bias and ensure fairness [35]. This includes setting up review boards, auditing AI outputs regularly, and updating models as laws change. As of December 2025, 26 organizations have signed the EU AI Act's voluntary Code of Practice, including Amazon, Anthropic, Google, IBM, Microsoft, and OpenAI—though Meta has explicitly refused, citing legal uncertainties [36].
- Intellectual Property and Authenticity: Regulatory submissions often require original analyses. Relying too heavily on AI-generation could raise questions about authorship or inadvertent plagiarism of copyrighted training data. Companies should ensure that any AI use complies with copyright and that proprietary data used to train models is cleared for use.
- Change Management: Finally, there is human risk. Staff must be trained in new AI-augmented workflows. An internal study suggests running pilot tests on subsets of documents and validating accuracy before full rollout roboreg.ca. Clear policies (“AI usage guidelines”) should define what tasks are allowed (e.g. use ChatGPT only for first drafts, never for final content) and how to cite AI contributions if needed. The Merck GPTeal case underscores this: by formally implementing an internal AI tool and educating employees, Merck enabled wide AI adoption while controlling risk [27]. Such governance ensures that AI “assists” compliance without undermining quality or accountability.
In sum, AI in RA must be approached as an under continuous validation. Every automated output is ultimately the sponsor’s responsibility. With rigorous oversight – validation studies, privacy safeguards, and human review – organizations can leverage AI’s power while maintaining regulatory trust.
Future Outlook: AI and the Global Regulatory Landscape
The impact of AI on regulatory affairs has accelerated dramatically in 2025-2026, with regulatory agencies themselves now actively deploying AI internally. The FDA launched "Elsa," its internal generative AI tool, in June 2025, built within a high-security GovCloud environment to expedite clinical protocol reviews and identify high-priority inspection targets. The FDA also appointed a Chief AI Officer to coordinate implementation across all centers [37]. The European Medicines Agency (EMA) continues executing its AI workplan (2025–2028), having released an AI Tools framework in Q2 2025, launched a Digital Academy training program, and initiated pilot studies in Q3 2026. EMA is also exploring development of an ICH AI guideline with global partners ema.europa.eu. The landmark joint FDA-EMA principles released in January 2026 represent a new era of regulatory harmonization, addressing issues like "shadow use" of LLMs and mandating continuous monitoring for "data drift" ema.europa.eu.
On the industry side, AI is making regulatory processes more predictive and unified. In November 2025, the FDA launched an AI Benchbook and internal training courses, signaling expedited future reviews. Generative AI enables the design of more complex molecules faster, while real-world evidence (RWE) gathered from digital health technologies is streamlining clinical trials. The EU AI Act is now the binding legal framework: each Member State must establish at least one AI regulatory sandbox by August 2, 2026 artificialintelligenceact.eu. The European Commission's November 2025 "Digital Omnibus" proposal aims to simplify rules across AI, data access, privacy, and cybersecurity, extending sandbox possibilities through 2028.
Moreover, as AI lowers barriers to entry, even smaller companies and startups are gaining access to sophisticated RA support. Domain-specific models like Palmyra-Med offer frontier-level performance at a fraction of the cost. The cumulative effect is a faster, more data-driven global regulatory system where human experts focus on strategic oversight while AI handles routine analysis. Finland became the first EU member state with full AI Act enforcement powers in December 2025, signaling that compliance enforcement is now operational [36].
In conclusion, AI and LLMs have transformed regulatory affairs beyond early adoption into enterprise-wide deployment. Companies like Merck and Pfizer report dramatic efficiency gains—clinical study report drafting reduced from weeks to days, drug candidate identification from years to 30 days. The regulatory landscape has matured significantly: the FDA's January 2025 guidance, the joint FDA-EMA principles of January 2026, and the EU AI Act's phased implementation (fully applicable August 2026) provide clear frameworks for responsible AI use [34] ema.europa.eu. Domain-specific models like Palmyra-Med and Palmyra-Fin demonstrate that tailored LLMs can outperform generalist models while costing substantially less. Careful governance remains essential to manage risks, but with robust validation, privacy safeguards, and human oversight, AI is helping regulators and industry alike keep pace with innovation and safeguard public health and safety. The long-term outlook is one of a fundamentally reshaped RA landscape: faster approvals, smarter compliance, and a more harmonized global regulatory community.
Sources: This report synthesizes recent industry analyses, official guidelines, and case studies on AI in regulatory compliance [9] [12] [18] [16] ema.europa.eu. Each section’s facts and quotes are cited to authoritative publications and expert reports.