Regulators covered
Which frameworks the life sciences pack maps to today.
Adapter coverage
Upstream services Vortalis adapts for this vertical.
No Vortalis-side adapters ship for this vertical today. The calling system holds the upstream credentials (CTMS / EDC, safety database, subject-communication channels) and Vortalis governs the action at the agent boundary rather than at the upstream-API boundary.
Action vocabulary
The policy template for this vertical.
Actions allowed
13
Each action gated by policy at the hot path.
Anticipated require_human actions
- consent.renewed
- adverse_event.flagged
- protocol_deviation.flagged
- eligibility.confirmed
- patient.communication_sent
Rate-limit posture
200 subject.screened per 24-hour rolling window; 50 eligibility.confirmed per 24-hour rolling window; 100 adverse_event.flagged per 24-hour rolling window; 100 protocol_deviation.flagged per 24-hour rolling window; 100 patient.communication_sent per 24-hour rolling window. Defensible for a single-site trial; multi-site sponsors raise after agreement with the medical monitor.
Template path: policies/sectors/life-sciences/clinical-trial-template.yaml
Integration brief
The implementation guide your engineers read first.
Available
docs/governance/integration-briefs/life-sciences-clinical-trial.md
Honest limits
What this sector pack does not do.
Vortalis does not perform clinical decisions; AI agents do.
The policy template gates 13 actions including subject.screened, adverse_event.flagged, and consent.renewed. It does not screen the subject, judge the seriousness of an adverse event, or substitute for the investigator's or medical monitor's clinical judgement. Trial integrity, subject safety, and the sponsor's regulatory obligations remain the operator's responsibility. Vortalis records what the agent did and when; it does not grade what the agent recommended.
ICH GCP section 4.8 informed-consent obligations are unforgiving; the require_human flow on consent.renewed is mandatory.
ICH E6(R2) section 4.8 imposes specific obligations on informed consent that the investigator (not the AI agent) discharges. The policy template gates consent.renewed behind require_human so the investigator approval is captured on the audit chain alongside the consent-renewal action. A trial that allows consent renewal without investigator sign-off has a GCP gap.
Adverse-event regulatory-reporting timelines are the sponsor's; the platform records the QPPV-side approval but does not chase the regulator deadline.
FDA expedited safety reporting, EMA EudraVigilance reporting, and MHRA Yellow Card reporting each have their own timeline windows. The Vortalis chain captures the agent's triage, the medical-monitor or QPPV sign-off, and the post-hoc record of the actual regulator filing; the deadline tracking and the regulator-portal upload sit with the sponsor's pharmacovigilance team. The pharmacovigilance sub-vertical brief at docs/governance/integration-briefs/life-sciences-pharmacovigilance.md covers the PV-specific flow.
Part 11 validated state is an operator-level conclusion; the platform's runtime controls are necessary but not sufficient.
FDA 21 CFR Part 11 compliance is achieved by the operator's validated deployment. The platform supplies the cryptographic audit chain, ES256 signing, RBAC, encryption at rest, and the signature / record linking property; the operator's IQ, OQ, PQ, validation summary report, SOPs on signature meaning, training records, and physical-security posture sit alongside the platform.
The general-purpose honest limits sit at /security/limitations; this list is specific to the life sciences pack.
Bring Vortalis to your life sciences agents.
Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.