The machine reads every agency; the regulatory judgment stays with a person
Dr. Omar Aldermoor on using AI to track guidance from regulators worldwide, why his firm draws a hard line at regulatory advice, and how continuous monitoring changes the economics of staying current.

Regulatory affairs in life sciences has always meant working against a moving target, but the volume has changed. Guidance now issues from dozens of agencies across every major market, in different formats and on different schedules, and over the past two years the regulators have begun publishing their own frameworks for artificial intelligence, including a joint set of principles from the FDA and EMA. Keeping a single product's strategy current against that flow is a genuine operational burden. We spoke with Dr. Omar Aldermoor, Head of Regulatory Strategy at Aldermoor Life Sciences, about using AI to monitor global guidance while keeping the regulatory judgment firmly with people.
Start with the commercial problem. Why has keeping up with global regulatory guidance become so hard for the companies you advise?
The obligation is fragmented across authorities. A company selling in a dozen markets answers to the FDA, the EMA and its national bodies, the MHRA, Japan's PMDA, China's NMPA, Health Canada, the TGA and others, layered over ICH standards. Each publishes guidance, revises questions and answers, and issues safety communications on its own cadence and in its own format.
The commercial stakes are direct. Regulatory clarity is the gate on whether a product can be filed, launched or kept on the market, so a change you miss can become a rejected submission, a delayed approval or a costly remediation. A specialist used to manage this by hand, with feeds, bulletins and spreadsheets. That holds for a narrow portfolio in one or two markets. It scales badly, and the gaps open in exactly the secondary markets where no one has time to read closely every week.
Why is AI a workable tool for this now, when it would not have been five years ago?
Two things changed. The first is the models. Semantic search and retrieval methods now match a guidance change to a product on meaning rather than exact keywords, which makes the monitoring useful instead of noisy. Older keyword alerts either missed a relevant change because the wording differed or buried it under hundreds of irrelevant hits. Being able to connect a revised passage on sterile-device labeling to a client who has a sterile device in that market is a real step up.
The second is the environment. Agencies publish more, and they publish digitally, so the material is machine-readable in a way it was not a decade ago. Regulators have also set expectations for how AI should be used here. The FDA and EMA principles issued this year describe a human-centric, risk-based approach, which is exactly our posture: the tool reads and organizes, under human control.
Walk me through how the system actually works, in concrete terms.
There are four stages. Ingestion first: the system monitors the sources that matter for a given client, guidance repositories, safety bulletins, question-and-answer pages and feeds, across each market where they operate, on a set schedule. Then change detection, which flags what is new or revised, including quiet edits like a single answer altered on an FAQ page that a person scanning quickly would miss.
Third is relevance. Each change is matched against a structured profile of the product: its modality, therapeutic area, markets and lifecycle stage. That is where semantic search earns its place, because it connects a change to a product even when the vocabulary differs. Fourth is summarization and routing. The system drafts a short brief of what changed, with a direct link to the exact source passage, and sends it to the responsible specialist. At no point does it decide what the change means. It presents; a person interprets.
Regulatory strategy touches confidential product information. How do you handle data governance and security?
It helps to separate two kinds of data. What the system reads is public: guidance and bulletins anyone can access. The sensitive asset is the client's own product profile and the strategic interpretation we build around it. Those live in controlled, access-segregated environments, scoped by engagement, and they are not fed into general-purpose public models.
Provenance is the backbone of the governance model. Every summary traces back to a specific public source passage, so there is an auditable line from the raw guidance to the brief a specialist reads. Where the output feeds a regulated process, we treat it under the same electronic-records expectations as that process, including 21 CFR Part 11 considerations and a retained audit trail. We also run diligence on any vendor's data handling before it touches an engagement. The rule is simple: confidential content does not enter a tool we do not control, and every machine-produced line is traceable.
You are firm that the AI never gives regulatory advice. Why draw the line there, and how do you hold it?
Regulatory advice is a judgment about how a specific requirement applies to a specific product, and it carries legal and patient-safety consequences. That judgment is what a client pays for and what a named professional is accountable for. A summary of what an agency published is not that, and we are careful not to let the two blur.
Holding the line is part design and part discipline. By design, the system outputs briefs and citations, not conclusions or filing strategies. It will tell you a requirement changed and show you the text; it will not tell you to refile. By discipline, a specialist reviews and signs every interpretation before it reaches a client. This maps onto the risk-based approach regulators describe, where oversight scales with the consequence of an error. For work this consequential, the human is not a formality at the end. The human is the point, and the machine exists to get better questions in front of them faster.
Models can fabricate. How do you validate the summaries and manage accuracy?
Fabrication is the risk we design against most directly. The main control is grounding. A summary is generated from retrieved source text and always carries a citation to the passage it came from, so a specialist verifies against the primary source in seconds rather than trusting the prose. If retrieval is thin or ambiguous, the system is built to say the evidence is unclear rather than fill the gap with something plausible.
The second control is the division of labor. The tool reports that a change exists and where; it does not assert what the change requires. That keeps the failure modes shallow: a mis-scored relevance is easy to catch on review, whereas an invented interpretation is dangerous. Accountability sits with the named specialist who reads every brief that goes to a client. We also test the monitoring against changes we already know about, to keep an honest read on precision and recall. The failure that worries me is not a false alarm. It is a false negative.
What did adoption look like inside the firm? Where did staff push back, and what went wrong first?
The skepticism was healthy, and it was right. The first version over-alerted. It surfaced too many low-relevance changes, the queue filled with noise, and people began to skim past it, which is worse than no tool at all because it breeds false confidence that nothing important is waiting.
We fixed it by tightening the relevance profiles and adding a severity tier, so material changes rise to the top while marginal ones are logged but not shouted. We also had to be honest about the new workflow. The tool does not replace a specialist's morning read of their markets; it front-loads it and makes it defensible. Training focused on one habit: treat every output as a lead to verify, never a finding to act on. The people who were most skeptical at the start became the most careful reviewers, because they already distrusted the machine in the right way.
What measurable difference has it made, and how should a reader weigh those numbers?
I would weigh them as operational gains, not as evidence that judgment got easier. On coverage, the monitoring now spans the full set of agencies a client cares about. Before, a specialist tracked a handful of authorities closely and the rest loosely, and the loosely watched ones were where problems started. On speed, assessing whether new guidance affects a product used to take days of reading and internal circulation. Now the first triage is a matter of hours, because the relevant passage and a draft brief arrive together.
On completeness, the changes that slipped through before were rarely the headline ones. They were quiet revisions, a reworded answer on an FAQ page, that no announcement flagged. Continuous monitoring is well suited to catching those. I would not claim we catch everything, and I would distrust anyone who did. The specialist hours we free up go back into deeper impact analysis, which is the work that actually protects the client.
What would you say to a skeptical peer, or to a client nervous about AI touching their regulatory work?
To the peer, I would agree with the skepticism first and then show the guardrails, because the guardrails are why it is safe. The system never issues advice. It reads and routes. Every brief is verifiable against a public source, and a named person owns the interpretation. The failure modes are ones we can name: a source we failed to monitor, a relevance score that was wrong, a summary that flattened a nuance. We manage those with coverage checks and human review, and we are candid that no monitoring, manual or automated, is complete.
To the nervous client, I would put it plainly. This makes your regulatory function faster and more thorough. It does not make regulatory decisions, and it does not sign anything. If a tool were sold to you as an autonomous regulatory adviser, I would tell you to walk away. What we run is closer to a diligent research assistant who never sleeps and always shows their sources.
Can you give a specific instance where the monitoring mattered?
I will describe it as representative rather than a single named account, because the pattern is the point. Picture a mid-sized device company selling into several markets, including a smaller one that rarely makes anyone's daily reading list. An authority in that secondary market quietly revised a question-and-answer entry on a labeling requirement. There was no announcement, just an edited page.
The monitor caught the edit and matched it to the client's product class. A specialist had the flagged passage and a short brief the same day, confirmed the change applied, and adjusted the submission plan before it became a deficiency the agency would raise later. Handled by hand, that kind of edit in a loosely watched market is exactly what gets missed until it costs you a cycle. The value was not that a machine understood regulation. It did not. The value was putting the right two paragraphs in front of the right person while there was still time to act.
What does this change about the profession and the client relationship over the next few years?
It raises the floor on what thoroughness means. When continuous global monitoring is available, tracking only your primary markets closely stops being defensible, and clients will expect coverage a person alone could not sustain. The advisory value shifts further toward interpretation and strategy, where it always belonged, and away from the mechanical work of finding out what changed.
I expect the regulators' own posture to keep shaping this. The principles the FDA and EMA published this year point toward human oversight scaled to risk, and that is a standard we are comfortable being held to. The firms that do well will not be the ones that automate the most. They will be the ones clearest about where the machine stops and the professional starts. For the client relationship, that clarity is the product. They are buying judgment, delivered faster and against a wider field of view, with a person's name on every call.
“The tool reads and routes. It never issues advice, and a person's name is on every regulatory call we deliver.”
Dr. Omar Aldermoor, Head of Regulatory Strategy, Aldermoor Life Sciences
Results in context
The figures below reflect Aldermoor Life Sciences' own experience deploying continuous monitoring across client portfolios. They describe operational improvements in how quickly and how widely regulatory change is surfaced, not a replacement for professional regulatory judgment, which stays with named specialists on every engagement.
- Global coverage: monitoring now spans the full set of regulatory authorities relevant to a client's portfolio, rather than the handful a specialist could realistically track closely by hand.
- Days to hours: the first assessment of whether new guidance affects a given product now takes hours instead of days, because the relevant source passage and a draft brief arrive together.
- Fewer missed updates: continuous monitoring is especially good at catching the quiet revisions, such as a reworded answer on an agency FAQ page, that tended to slip past manual tracking.
About Aldermoor Life Sciences
Aldermoor Life Sciences is a boutique advisory helping pharmaceutical, biotech, and medical-device companies with regulatory strategy and compliance.