John Paul Lee (COO of AG Mednet) made an argument in Clinical Leader that we found ourselves nodding along to from the first paragraph. His thesis: regulators aren't blocking AI in clinical trials, they're just holding AI systems to the same bar as human ones: validation, reproducibility, and audit trails that connect an output to the decision it informed.
Reading this felt like hearing our own thesis out loud
Lee is right on both counts, and they're worth restating because the industry still hasn't internalized them.
First, regulators aren't the obstacle. The FDA and EMA aren't asking whether an AI decision is novel or fast. They're asking whether it can be validated, reproduced, and traced - the same questions they've always asked of a human decision. That's not a higher bar for AI. It's the same bar, applied consistently.
Second, the thing that determines whether you clear that bar is operational infrastructure, not the model. A more sophisticated model with no audit trail fails inspection. A modest one wrapped in genuine governance passes. The capability everyone races to demo is not the capability regulators are evaluating.
We've been building from exactly that premise. Where our angle differs is where in the workflow governance has to begin.
Our angle: accountability begins before the first decision
A governance approach that sits between an AI's output and the regulated workflow governs decisions well. But every decision in a clinical trial, human or AI, is derived from the protocol. If the source document is ambiguous, contradictory, or untraceable, the cleanest downstream audit trail still inherits the defect. You can perfectly document a decision that was built on an inconsistency or misinterpretation.
So here's the word we'd add: continuous. Governance has to run from the source document through every artifact generated from it - not just forward from the AI's output. The protocol is where the chain of accountability starts, and if it isn't governed there, everything downstream is auditing a copy of a possibly-flawed original.
The cost of leaving that source ungoverned is already quantified. Tufts CSDD found that 76% of Phase I through IV protocols now require a substantial amendment, up from 57% in 2015. Each one runs $141K to $535K and adds roughly three months to trial timelines. A meaningful share of that churn traces back to ambiguity and error in the source document and its derivatives. This is exactly the layer that sits upstream of the decisions most governance frameworks start with.
What governing the source actually looks like
Governing the protocol isn't an abstraction. It's three concrete things, and they're what HumanTrue does.
Governed retrieval. A study assistant that answers design, eligibility, and procedure questions in plain language, with every answer traceable back to the protocol. This replaces the unaudited PDF-search-and-guess that quietly drives interpretation errors at sites and CROs. The question is answered, and the source of the answer is visible.
Governed generation. Informed consent forms, recruitment screeners, and training guides drafted from the protocol and structurally consistent with it, so derivative documents can't silently drift from their source. ICF drafting compresses from days to minutes with a human approving every word.
Governed structure. The protocol is converted into CDISC USDM which includes things like structured Schedules of Activities data. This makes the source machine-actionable and auditable as it feeds the systems downstream, instead of being re-keyed by hand at every step.
One source of truth, governed end to end, across sponsors, CROs, and sites.
HumanTrue is a quality copilot: it surfaces discrepancies, contradictions, and ambiguities for a person to judge. None of this is autonomous decision-making. That's the same accountability-first, human-in-control architecture Lee describes - we've just applied it across every artifact derived from the protocol, not only the final decision.
Where the proof lives
The system was built with validation, reproducibility and audit trails from the beginning; not as features bolted on after the fact. The AI infrastructure is isolated with no third-party logging and customer data is never used to train models. Validation loops and built-in QA minimize hallucination with verified SOC 2 and HIPAA certifications. There is encryption in transit and at rest, and it is SSO by default.
That's the point Lee is making, restated as architecture rather than as a claim. Governance you can demonstrate, not governance you assert.
The path toward trial integrity
The path forward requires a shift from fragmented oversight to a unified architecture where governance is a continuous thread. This means bridging the gap between the upstream creation of the protocol and the downstream orchestration of decisions. When the source document and every artifact derived from it are governed with the same rigor as the final clinical outputs, the chain of accountability remains unbroken, ensuring that the trial's foundation is as verifiable as its results.
The industry is now being asked to meet a higher standard of transparency and reproducibility that cannot be achieved through manual checks alone. Achieving this requires built-in, end-to-end governance that transforms compliance from an after-the-fact claim into a structural reality. Ultimately, this comprehensive approach is the only way to deliver the speed AI promises without sacrificing the safety and scientific integrity that patients and trials depend on.