March 2023
· 3 min read
In collaboration with the private and public sectors, the U.S. National Institute of Standards and Technology (NIST) has developed a framework to better manage risks to individuals, organizations and society associated with artificial intelligence (AI). The NIST AI Risk Management Framework (AI RMF) is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use and evaluation of AI products, services and systems.
Released on January 26, 2023, the framework was developed through a consensus-driven, open, transparent and collaborative process that included a request for information, several draft versions for public comments, multiple workshops and other opportunities to provide input. It is intended to build on, align with and support AI risk management efforts by others.
On August 12, 2021, the MHRA launched a consultation on a proposed regulatory framework that is based on and links into current regulatory systems for medicines approvals, clinical trials, evaluation of regulatory compliance at manufacturing sites and safety monitoring. This consultation ran until September 23, 2021.
On January 25, 2023, the UK government issued its response to the POC consultation. There was significant support for the creation of a new UK regulatory framework for manufacture and supply at the POC: 91% of responders agreed with the need for a new POC framework, and 94% agreed with the proposed framework.
Responders also supported a wider scope of manufacturing and supply — for the framework to include modular manufacture (75% positive) and home-based manufacture (71% positive) as well. Based on this feedback, the government will prepare a statutory instrument to introduce the new framework into UK law. Future guidance will be developed by MHRA alongside the statutory instrument to provide the necessary interpretation and procedural support.
This first revision of Q9 was given step 4 approval at an interim ICH Management Committee meeting on January 18, 2023.
This revision has been made to address four areas for improvement in the application of QRM:
This revision has, quite rightly, taken the opportunity to change the terminology for the start of the risk assessment process from “risk identification” to “hazard Identification.”
The main additions to the revised guideline are in section 5, Risk Management Methodology, with additional subsections on:
On formality, the new draft gives examples of the factors to be considered to determine the appropriate level of formality:
The revised guide then gives characteristics of higher and lower levels of formality.
The new section Risk-Based Decision-Making states that “effective risk-based decision-making begins with determining the level of effort, formality and documentation that should be applied during the quality risk management process.” It goes on to describe highly structured processes, less structured processes and rule-based processes when making risk-based decisions.
On subjectivity, the revision notes that this can be introduced through:
It goes on to state, “While subjectivity cannot be completely eliminated from QRM activities, it may be controlled by addressing bias, the proper use of QRM tools, and maximising the use of relevant data and sources of knowledge.”
The revision adds a new section on QRM as part of supply chain control to Annex II on the potential applications of QRM. This new section is subdivided as follows: