Vortalis for Life sciences

Pharmacovigilance

The trust layer for AI agents inside adverse-event detection, triage, MedDRA coding, regulator-filing, and signal-detection workflows.

Pharmacovigilance moves at the speed of intake-channel volume, not at the speed of QPPV review. The pharmacovigilance sub-vertical pack codifies the actions an agent may take across the safety database lifecycle, gates the regulator-facing actions (Yellow Card filing, EudraVigilance submission, MedDRA coding, signal detection, PSUR drafting) behind QPPV approval, and signs every decision into an audit chain an external auditor can verify offline. ICH E2D and E2E post-approval safety expectations flow through the principal-chain on every governed action; FDA Part 11 signature / record linking flows through the per-tenant Merkle chain.

Regulators covered

Which frameworks the life sciences pack maps to today.

Framework

Jurisdiction

Coverage

Notes

FDA 21 CFR Part 11

vortalis_proxy/compliance/fda_21_cfr_part_11.py
tests/conformance/regulators/fda_21_cfr_part_11/

Full

Subpart B and Subpart C controls mapped to platform primitives for adverse-event records and signatures. Operator-side controls are explicitly NOT_AVAILABLE_IN_PLATFORM.

MHRA Yellow Card scheme

vortalis_proxy/compliance/mhra.py
tests/conformance/regulators/mhra/

Full

Yellow Card audit-evidence support, post-market surveillance, and SaMD transparency. The platform records the audit evidence the deployer uses to file; Vortalis does not file Yellow Cards on the deployer's behalf.

EMA Reflection Paper on AI

vortalis_proxy/compliance/ema.py
tests/conformance/regulators/ema/

Partial

The Reflection Paper (EMA/CHMP/CVMP/83833/2023) is the EMA's published position; anticipated requirements are explicitly marked. EudraVigilance reporting framework integration is operator-side.

ICH E2D and E2E

vortalis_proxy/compliance/ema.py (build_ema_sections)

International

Partial

Post-approval safety data management (E2D) and pharmacovigilance planning (E2E) inform the action vocabulary; the substantive case-management decisions remain with the QPPV.

Adapter coverage

Upstream services Vortalis adapts for this vertical.

No Vortalis-side adapters ship for this vertical today. The calling system holds the upstream credentials (safety database, MHRA Yellow Card portal, EudraVigilance gateway, FAERS portal, MedDRA license) and Vortalis governs the action at the agent boundary rather than at the upstream-API boundary.

Action vocabulary

The policy template for this vertical.

Actions allowed

Each action gated by policy at the hot path.

Anticipated require_human actions

adverse_event.reported
yellow_card.filed
signal.detected
psur.drafted
meddra.coded

Rate-limit posture

500 adverse_event.detected per 24-hour rolling window; 200 adverse_event.reported per 24-hour rolling window; 100 yellow_card.filed per 24-hour rolling window; 50 signal.detected per 24-hour rolling window; 10 psur.drafted per 24-hour rolling window. Defensible for a single-product MAH; multi-product MAHs raise after agreement with the QPPV.

Template path: policies/sectors/life-sciences/pharmacovigilance-template.yaml

Integration brief

The implementation guide your engineers read first.

Available

docs/governance/integration-briefs/life-sciences-pharmacovigilance.md

Honest limits

What this sector pack does not do.

Vortalis does not file Yellow Cards, EudraVigilance reports, or FAERS submissions; AI agents propose, QPPVs approve, the operator files.

The policy template gates 13 actions including adverse_event.flagged, yellow_card.filed, and signal.detected. The actual filing happens via the operator's regulator-portal credentials; Vortalis records the QPPV sign-off, the upstream outcome, and the audit-chain entry hash that ties them together. The operator's pharmacovigilance team retains personal responsibility for the regulator-deadline window.

QPPV personal responsibility is unforgiving; the require_human flow on yellow_card.filed is mandatory.

EU and UK pharmacovigilance law impose personal responsibility on the QPPV for the operator's pharmacovigilance system. The policy template gates yellow_card.filed, signal.detected, and psur.drafted behind require_human so the QPPV approval is captured on the audit chain alongside the action. An MAH that allows regulator-facing actions without QPPV sign-off has a pharmacovigilance system-master-file gap.

MedDRA is licensed content; the operator's MedDRA license covers the agent's usage.

MedDRA (the Medical Dictionary for Regulatory Activities) is licensed via the MedDRA Maintenance and Support Services Organization. The operator's MAH-level MedDRA license covers the agent's MedDRA-coding actions; Vortalis does not redistribute MedDRA content. The agent's coding decisions are gated behind a medical-coder review via the require_human flow on meddra.coded.

Signal detection from longitudinal case data is a quantitative process; the agent contributes pre-screening, not the substantive signal evaluation.

The policy template gates signal.detected behind require_human because signal evaluation is a QPPV judgement informed by quantitative analysis (Empirica Signal, Oracle Empirica, or the operator's toolkit). The agent's signal pre-screening adds value at scale; the substantive signal decision remains with the QPPV and the safety committee.

The general-purpose honest limits sit at /security/limitations; this list is specific to the life sciences pack.

Bring Vortalis to your life sciences agents.

Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.

Read the integration brief Talk to an engineer