Regulatory Scope · Methodology Positioning

Regulatory Scope & Positioning

This page clarifies the regulatory scope boundaries of the AuditLog.AI Proof-of-Unchanged methodology, based exclusively on publicly available, cryptographically anchored materials.

Audience: CRO Quality Assurance, Regulatory Affairs, Inspection Readiness, and any evaluator assessing methodology scope and classification.

Status & References

• Status: Public methodology-level positioning
• Primary references:
  • C12 – AuditLog.AI Global Compliance Matrix (Ordinal 12)
  • C17 – Proof-of-Unchanged: Global Application Matrix (Ordinal 16)

This page does not assert regulatory approval, clearance, or endorsement.

Purpose

This page clarifies regulatory scope boundaries for the Proof-of-Unchanged methodology, to assist CRO QA and Regulatory Affairs teams in understanding:

• what regulatory frameworks the methodology is positioned under,
• what it is explicitly not, and
• how to avoid misclassification (e.g., as clinical decision support or medical-device software).

Formal regulator engagement (FDA Q-Submission, EMA Scientific Advice, TGA Excluded Software Determination) is planned but has not yet occurred.

High-Level Positioning (Methodology, Not Approval)

Audit-trail and electronic-records verification infrastructure, operating at custody boundaries, under electronic records, data integrity, and audit documentation frameworks.

This reflects design and documentation intent, not a determination by any regulatory authority.

What the Methodology Does (Intended Use)

• Verifies whether exported digital evidence has remained byte-unchanged since a prior checkpoint.
• Operates post-export, pre-archive, or at other custody boundaries.
• Uses hash-only, zero-custody verification with optional decentralized time attestation and public anchoring.
• Produces deterministic outcomes: PASS (proof-of-unchanged) or divergence enumeration.

What the Methodology Does Not Do (Negative Scope)

• Does not provide clinical recommendations.
• Does not analyze patient-specific medical information.
• Does not generate compliance determinations or audit opinions.
• Does not infer intent, misconduct, or error.
• Does not operate inside source systems.
• Does not require system integration.
• Does not perform real-time monitoring or control.

Relationship to FDA CDS Guidance (January 2026)

Based on C12 and C17, the Proof-of-Unchanged methodology does not meet the definitional criteria for CDS under section 520(o)(1)(E) of the FD&C Act.

• No clinical recommendations are provided.
• No patient-specific analysis is performed.
• No diagnostic or treatment guidance is generated.

CDS guidance is referenced only to clarify non-applicability.

Regulatory Frameworks Referenced in C12

• FDA 21 CFR Part 11
• EMA Annex 11 + GCP Guideline Integration (2023)
• TGA / PIC/S PE 009-17
• PCAOB AS 1105 / AS 1215 (including AS 1105.10A)
• ISA 230 / 500 / 240 (Revised 2025)

These references reflect methodological alignment, not regulatory acceptance.

Intended Regulatory Role for CROs

• A post-export verification layer at custody boundaries.
• A supplement to existing SOPs.
• A deterministic method to prove evidence has not changed.
• A mechanism to bound inspection and audit effort proportionally.

Source Documents

• C12 – AuditLog.AI Global Compliance Matrix (Ordinal 12)
• C17 – Proof-of-Unchanged Global Application Matrix (Ordinal 16)
• Ordinal 11 – Runtime Execution & Validation Dossier
• Ordinal 15 – Proof-of-Unchanged Reproducibility Trial

Public anchoring and verification details are described on the Proof-of-Unchanged page.

Summary

Proof-of-Unchanged answers one deterministic question:

Has this evidence changed since the last verified checkpoint?

It operates within electronic records and audit documentation frameworks and is not positioned as clinical decision support or medical-device software.