Privacy and Data Protection Assurance Statement: AI-Assisted Indexing in the TMF System
This Privacy and Data Protection Assurance Statement serves to inform and assure our customers, sponsors, and partners that the AI-assisted indexing functions embedded in our Trial Master File (TMF) system are fully compliant with global privacy and data protection laws, as well as emerging artificial intelligence (AI) regulatory frameworks. Our commitment to data protection is integral to the ethical and lawful handling of clinical trial documentation and participant-related data.
2. Scope of AI-Assisted Indexing in TMF
The AI-assisted indexing module within our TMF system uses natural language processing (NLP) and machine learning (ML) algorithms to automate document classification, improve metadata extraction accuracy, and enhance the efficiency of file placement within the TMF structure. This includes:
- Automatic document type recognition
- Metadata pre-filling and auto-suggestions
- Intelligent filing of documents into appropriate TMF zones, sections, and artifacts
- Quality control support via anomaly detection and audit trail management
The AI models operate on data ingested into the TMF system and are designed to support Good Clinical Practice (GCP) and regulatory compliance standards such as ICH E6(R2/R3) and EU Regulation 536/2014.
3.1. Lawfulness, Fairness, and Transparency
The processing of personal data within the AI-assisted TMF system is based on clearly defined legal bases, including legitimate interest (for operational efficiency and regulatory compliance) and legal obligation (to maintain a GxP-compliant TMF). Data subjects are informed through appropriate notices, and transparency mechanisms are embedded in our data processing lifecycle.
3.2. Purpose Limitation
All AI-assisted indexing operations are strictly limited to supporting TMF filing, quality review, and compliance validation. The system does not process data for unrelated profiling, behavioural analytics, or commercial exploitation.
3.3. Data Minimisation
The AI module is engineered to process only the data strictly necessary for the purpose of classification and indexing. Training datasets, where used, are anonymised or pseudonymised as required, and personal data is excluded from any broader AI model development without customer authorisation.
3.4. Accuracy
AI outputs are subject to validation through human oversight and quality control measures. Indexing suggestions can be reviewed, accepted, or amended by authorised users to ensure that filing accuracy meets regulatory expectations.
3.5. Storage Limitation
No additional storage of personal data is triggered by the AI-assisted indexing function. Document metadata and processing logs are retained in accordance with applicable clinical trial retention schedules and regulatory obligations.
3.6. Integrity and Confidentiality
Advanced encryption protocols, access controls, audit trails, and role-based permissions protect both AI outputs and the source data. The TMF system adheres to ISO/IEC 27001 requirements, ensuring the confidentiality and integrity of sensitive clinical and operational data.
3.7. Accountability
We maintain a comprehensive record of processing activities (RoPA) specific to AI-assisted indexing. A Data Protection Impact Assessment (DPIA) has been conducted and is available for regulatory inspection or review under confidentiality.
4.1. Compliance with Global AI Laws
Our AI-assisted indexing solution is aligned with the core requirements of major AI and digital governance frameworks, including:
- EU AI Act (2024) – The system qualifies as a low-risk AI system under the AI Act, given that it supports document management without decision-making
- autonomy in clinical trial outcomes. It includes transparency features, user override capability, and logging for auditability.
- OECD AI Principles – Our system supports inclusive growth, transparency, and human-centred values in its deployment and lifecycle.
- Singapore AI Governance Framework – Our practices comply with the Model AI Governance Framework, particularly in the areas of accountability, explainability, and data integrity.
- US Executive Order on Safe AI Development (2023) – We implement safe, secure, and trustworthy AI practices, including risk assessments, continuous monitoring, and data stewardship.
4.2. Explainability and Human Oversight
Indexing suggestions provided by the AI model are fully explainable through a transparent metadata mapping interface. Users can view the basis of AI decisions and are empowered to override or confirm classifications. No final filing or document placement occurs without user confirmation.
4.3. Model Training and Data Residency
Where applicable, training of AI models is conducted using synthetic or anonymised data. We do not use customer TMF data for global model retraining without explicit, contractually documented consent. All data remains within specified geographic regions in accordance with customer instructions and applicable data residency laws (e.g., GDPR, LGPD, PDPA, HIPAA).
5. Independent Assurance and Continuous Monitoring
We conduct annual audits of our TMF system, including the AI-assisted modules, to verify:
- Compliance with data protection laws
- Validation of AI functions in alignment with GxP standards
- Operational transparency and minimal risk to data subjects
Internal governance teams carry out regular risk reviews, and any material updates to the AI module are subject to impact assessment and where applicable, customer notification.