FDA 21 CFR Part 11 establishes the criteria under which electronic records and electronic signatures are considered trustworthy and reliable equivalents to paper records. Originally enacted to address the transition from paper-based to computer-based record systems in life sciences, its requirements have taken on renewed significance as AI systems enter clinical decision support, drug discovery, and manufacturing quality control.
The core requirements of Part 11 — tamper-evident records, audit trails, access controls, system validation — are precisely the capabilities that hardware-anchored AI governance provides. The challenge for many organisations is mapping the regulatory language to technical implementations that are both compliant and operationally feasible.
The Tamper-Evident Record Requirement
Part 11 Section 11.10(e) requires that audit trails be computer-generated and include the date and time of operator entries and actions that create, modify, or delete electronic records. Critically, it requires that these records be "protected from alteration."
Software-based tamper detection — checksums, hash verification at the application layer — satisfies the letter of this requirement but is vulnerable to a sufficiently privileged attacker who can modify both the record and the checksum. Hardware-anchored tamper detection, where the hash is stored in TPM-protected storage and the verification occurs in hardware, satisfies both the letter and the spirit.
Part 11 asks: can you prove this record has not been altered? Hardware-anchored governance answers: yes, and here is the cryptographic proof.
Electronic Signatures Under Part 11
Part 11 Section 11.100 requires that electronic signatures be unique to one individual and not be reused by or reassigned to anyone else. This requirement, applied to AI governance, means that the governance authorities applied to an AI system must be individually attributed and non-transferable.
The AUTH integrity chain in Claviger.AI implements this requirement at the infrastructure level. Every governance action — approval, invalidation, override — is signed with hardware-bound credentials that cannot be transferred between principals. The signature is produced in TPM hardware; the signing key never leaves the hardware security boundary.
System Validation Requirements
Part 11 Section 11.10(a) requires that systems used to create, modify, maintain, archive, retrieve, or transmit electronic records be validated to ensure accuracy, reliability, and consistent intended performance. This validation requirement, applied to AI systems, creates a significant documentation burden for organisations using traditional software-level governance.
Hardware-anchored governance simplifies validation in two ways. First, the governance infrastructure itself has a smaller and more stable attack surface than a software-only implementation — hardware components change less frequently than software, reducing the scope of re-validation triggered by system changes. Second, the VERSION integrity chain provides continuous automated validation that the deployed model matches the validated version, eliminating a significant manual validation task.
Practical Implementation Considerations
For life sciences organisations implementing AI in Part 11-regulated contexts, the following architectural decisions are recommended:
- Separate the governance system from the AI application system: Part 11 validation scope should be minimised. A hardware-separated control plane limits the validated system boundary to the governance infrastructure, not the full AI application stack.
- Ensure audit trail completeness at the infrastructure layer: Application-layer audit trails that depend on the AI system calling logging APIs are incomplete. Infrastructure-layer records that capture governance events independent of application behaviour are more defensible.
- Document the cryptographic verification chain: Validation documentation for Part 11 compliance should include the complete chain from hardware attestation through governance certificate to operational record. This chain is the technical basis for the tamper-evidence claim.
Claviger.AI has been deployed in life sciences contexts to support Part 11 compliance for AI-assisted clinical decision support systems. Contact us to discuss your specific regulatory context.