AI Can Be Compliant—But Most Implementations Aren’t There Yet

After my last post, one thing became clear:

There’s a lot of confusion around whether AI is “allowed” in regulated environments.

Let’s be clear:

AI itself isn’t the issue.

The issue is how it’s implemented.

In FDA-regulated systems, expectations haven’t changed:

Systems must be validated
Outputs must be traceable
Behavior must be controlled and predictable

That’s where things get complicated.

AI doesn’t behave like traditional software.

Outputs may vary
Models may evolve
Decisions may not be fully explainable

That doesn’t mean AI can’t be used.

It means it has to be:

Scoped correctly
Controlled appropriately
Implemented with validation in mind

What I’m seeing right now:

AI is being introduced into systems without a clear strategy for how it will meet those expectations.

And that creates risk—often unintentionally.

The opportunity is real.

AI can absolutely improve efficiency, decision-making, and team productivity.

But only if it’s implemented in a way that aligns with regulatory reality.

I’ll break down where most implementations go wrong next.