FDA, EMA and Good Machine Learning Practice: Why Drug Development Needs the Validated Action

The regulator's real question

When the United States Food and Drug Administration and the European Medicines Agency look at artificial intelligence in drug development, they are not impressed by model size or benchmark scores. Their statutory job is narrower and harder. They must decide whether a decision that touched a patient, a dosage, a trial endpoint or a manufacturing release can be reproduced, attributed to a responsible actor and trusted years after the fact. That is the validated action, and it is the unit of regulatory truth.

The FDA's draft framework on artificial intelligence in regulatory decision-making, its Good Machine Learning Practice principles developed jointly with the EMA and Health Canada, and the EMA's reflection paper on AI across the medicinal product lifecycle all point the same way. They care about data lineage, human accountability, change control and an audit trail that does not depend on the goodwill of whoever runs the server. None of these are new ideas. They are the GxP and computerised-system-validation disciplines that have governed pharmaceutical evidence for decades, now applied to a class of system that is probabilistic by design.

Why conventional AI fails the audit

A model that lives in a third-party cloud, that updates silently, and whose outputs are logged by a database the vendor controls cannot satisfy these requirements honestly. The weights drift, the prompt context is not preserved, and the audit log is mutable by anyone with administrator rights. When an inspector asks to reproduce the exact decision a system made on a given day, the usual answer is a reconstruction, not a record. Reconstruction is precisely what 21 CFR Part 11 and EU Annex 11 were written to forbid.

The deeper failure is structural. In a hosted system the operator does not own the substrate, so the operator cannot promise that the record is complete or untouched. Sovereignty is not a marketing posture here. It is the difference between an audit trail that an inspector can rely on and one that requires faith in a vendor's internal controls.

The Open Audit Record

Mickai is a Sovereign Intelligence Operating System. It runs fifty specialised brains, twenty-five domain and twenty-five operational, on the operator's own hardware, fully offline-capable. The point that matters for a regulated sponsor is what happens around every consequential action. Each one is sealed into an Open Audit Record and signed with FIPS 204 ML-DSA-65, the post-quantum digital signature standard published by the National Institute of Standards and Technology. Mickai did not invent that standard. It adopts the published one, which is exactly what a cautious regulator wants to see.

A signed Open Audit Record captures the input, the model state, the operator identity and the output as a single tamper-evident artefact. It is not a log entry that a privileged user can edit. It is a cryptographic commitment that fails verification the instant anything changes. For a sponsor preparing for inspection, this turns the audit trail from a liability into an asset, because the record proves its own integrity rather than asking the inspector to trust the platform.

Permanence without exposure

Regulatory records must survive longer than most companies do. Trial data retention obligations stretch across decades, and an audit trail is only useful if it cannot be quietly rewritten in year seven. Mickai answers this through Pantheon, its own sovereign Layer 1, which is anchored to Bitcoin. Pantheon takes a hash commitment of the Open Audit Record and anchors that commitment to Bitcoin, giving the record an independent, timestamped permanence that no single party can revise.

It is worth being precise about what this is and is not. Pantheon does not move Bitcoin, and it is not a Bitcoin Layer 2. It anchors a hash, the cryptographic fingerprint of the record, not the record itself and not any value transfer. Anchoring is not spending. The sensitive trial data never leaves the operator's hardware. What reaches the public chain is a one-way fingerprint that proves the record existed in a given state at a given time, and nothing more.

What a sponsor actually gains

Put together, the validated action stops being a documentation exercise bolted on after the fact and becomes a property of the system itself. Data lineage is captured because the input and model state are part of the sealed record. Human accountability is captured because the operator identity is signed in. Change control is captured because any alteration breaks the signature. Long-term integrity is captured because the hash commitment is anchored to Bitcoin. These map almost one to one onto what Good Machine Learning Practice and Annex 11 ask for.

The engineering behind this is not speculative. The post-quantum signature work and the anchoring mechanism sit within a portfolio of 101 filed UK patent applications, around 2,234 claims, owned by Mickai LTD with named inventor Micky Irons. Patents are evidence of the work, not the headline. The headline is simpler. A regulator asks whether the action can be trusted, and for the first time the honest answer is yes, by construction.

The shift this forces

Drug development is moving from asking what a model can predict to asking what an organisation can prove. Those are different problems, and only one of them is solved by a larger model. The other is solved by owning the substrate, sealing every action, and anchoring the proof somewhere no single party controls. Mickai was built for the second problem, which is the one the FDA and the EMA are actually asking about.