Regulatory intelligence (RI) is the systematic process of gathering, analysing, and communicating regulatory information so that an RA team can make faster, better-informed decisions across the product lifecycle. It covers regulation, guidance, precedent, and competitor activity from agencies like FDA, EMA, Swissmedic, and 80+ national authorities. Done well, RI turns raw regulatory change into timely, targeted input for submission strategy, change control, and commercial planning. Done poorly, it becomes a newsletter nobody reads.
Defining regulatory intelligence
The Regulatory Affairs Professionals Society (RAPS) describes RI as "the systematic process of gathering, reviewing, analysing, and communicating regulatory information." That definition sits alongside comparable language from the Drug Information Association (DIA) and TOPRA. In practice, four verbs carry the weight:
- Gather: monitor primary and secondary sources for regulatory change
- Analyse: filter noise, identify what matters, assess impact on the organisation's products
- Communicate: deliver the right information to the right stakeholders in time to act
- Support decisions: feed submission strategy, change control, clinical development, and commercial planning
RI is not the same as compliance. Compliance asks "are we meeting the current requirements?" RI asks "what is changing, how does it affect us, and what should we do differently?" A compliance function can keep you out of trouble today; an RI function keeps you out of trouble next year.
Why every RA team needs it
1. Regulation changes faster than product development cycles. A new drug takes a decade from IND to approval. A medical device takes 3 to 7 years from concept to CE mark. Over that window, requirements shift: EU MDR replaced MDD, FDA QMSR replaced QSR, ICH E6 moved from R2 to R3, EU CTR replaced the Clinical Trials Directive. Teams without an RI function rediscover these changes during a submission or inspection, not before.
2. Regulators now expect proactive surveillance. ICH Q10 requires manufacturers to operate a pharmaceutical quality system with knowledge management and continual improvement. ISO 13485, embedded in the FDA QMSR effective February 2, 2026, requires documented procedures to identify applicable regulatory requirements and keep them current. Both standards make regulatory surveillance a QMS obligation, not a nice-to-have.
3. Agencies do it, and expect you to match them. EMA runs horizon scanning through the EU Innovation Network and the ICMRA horizon scanning working group. FDA maintains the Advisory Committee calendar, guidance agenda, and Federal Register notices. An RA team whose own horizon is narrower than the agency's is flying blind into meetings.
The four-stage process
A working RI function operates as a closed loop, not a linear pipeline.
1. Horizon scanning
Systematic monitoring of primary and secondary sources against a scope defined by your products, jurisdictions, therapeutic areas, and device classes. Common source categories:
| Source type | Examples |
|---|---|
| Primary regulation | EUR-Lex, eCFR, national legal databases |
| Agency guidance | FDA guidance search, EMA scientific guidelines, MDCG documents |
| Federal/official gazettes | Federal Register, EU Official Journal, Swissmedic Journal |
| Committee outputs | FDA Advisory Committees, CHMP/CVMP/PRAC opinions, MDCG meeting minutes |
| Inspection and enforcement | FDA warning letters, EMA NCA inspection reports, MHRA GCP inspection findings |
| Standards bodies | ISO, IEC, ASTM, CEN, USP, Ph. Eur. |
| Scientific and industry | RAPS, DIA, TOPRA, CAPRA publications; peer-reviewed journals |
Scope discipline matters more than source count. A list of 500 sources that no one reads is worse than 50 sources that a human actually reviews every week.
2. Analysis
Raw updates are noise. The analyst's job is to answer three questions for each item:
- Does this affect us? Match against the product portfolio, active dossiers, clinical trials, manufacturing sites, and suppliers.
- How much? Categorise as informational, advisory, or action-required. Most items are informational. A few are advisory. Very few are action-required but those are the ones a submission hinges on.
- What is the timeline? Does this apply immediately, at renewal, at next variation, or only to future submissions? A July 2026 EMA guideline and an October 2026 FDA mandate require different internal clocks.
3. Communication
RI output must land with the right internal audience in a form they can act on. Common delivery formats:
- Weekly digest for RA team (all signals, filtered and tagged)
- Monthly brief for cross-functional stakeholders (clinical, CMC, quality, commercial)
- Immediate alerts for action-required items (inspection finding patterns, imminent deadlines, enforcement actions against comparators)
- Annual RI review for senior leadership (trend summary, risk map, resourcing implications)
Channel mix matters. A dashboard nobody opens is not communication. Alerts sent in real time to the people with authority to act are.
4. Decision support
The closing loop. RI findings feed into:
- Submission strategy (dossier content, endpoint choice, comparator arms)
- Change control (should we open a variation now or wait for the mandatory cutoff?)
- Clinical development (which jurisdictions accept our trial design?)
- Commercial planning (timing of launches in function of expected guidance)
- Risk management (what competitor enforcement actions signal for our controls?)
The RI function must track whether its outputs actually influence decisions. An RI team that produces excellent reports but cannot name a decision changed by them has a product-market-fit problem.
What gets monitored: pharma vs medtech priorities
Both domains share a core set of sources (FDA, EMA, ICH, WHO). Priorities differ.
| Priority area | Pharma focus | Medtech focus |
|---|---|---|
| Core regulation | FDCA, 21 CFR Parts 210/211/314/600, EU Directive 2001/83, Regulation 726/2004 | EU MDR 2017/745, EU IVDR 2017/746, FDA 21 CFR Parts 800-898, FDA QMSR |
| Quality standards | ICH Q1 through Q14, 21 CFR Part 11 | ISO 13485, ISO 14971, IEC 62304, IEC 60601 |
| Clinical | ICH E6(R3), ICH E8(R1), EU CTR (Reg 536/2014) | IEC 14155, FDA IDE regulation |
| Safety/vigilance | ICH E2A-E2F, EudraVigilance, FAERS/AEMS | MDR Articles 83-92, EMDN, MDCG 2023-3 |
| Lifecycle | ICH Q12, FDA post-approval reporting | MDR PMS/PMCF, MDCG 2020-7, MDCG 2022-21 |
| Jurisdiction-specific | Swissmedic TPA, Japanese PMD Act, Chinese NMPA Drug Registration Regulation | Swissmedic MedDO, Japanese PMD Act Chapter 5, CDSCO Class D |
Try this in RegAid: What are the main differences between ISO 13485 and FDA QMSR?
Traditional vs AI-powered RI
The traditional model relies on a mix of manual portal checking, paid databases, RSS feeds, and vendor newsletters. Analysts read, tag, and write. The model works but hits three ceilings.
Ceiling 1: coverage breadth. A human analyst can reliably monitor 20 to 40 sources per week. A mid-size pharma needs to cover 150+ sources to catch what matters across pharma, clinical, quality, and target markets. Most teams compromise by under-covering low-probability jurisdictions and standards.
Ceiling 2: semantic search. Keyword monitoring catches known topics. It misses reframed concepts (e.g. "NDSRI" when your keyword was "nitrosamine") and cross-guidance cross-references (e.g. a CMDh procedural update that changes how an EMA guideline is applied).
Ceiling 3: synthesis speed. Turning 200 weekly signals into 3 actionable items for the executive team takes hours of analyst time. At small companies it doesn't happen at all.
AI-powered RI tools close these ceilings. They scan broader source sets, retrieve with semantic search (not keyword), and summarise with citations rather than free-form text. The best tools ground every claim in the underlying regulation or guidance with a linked citation, so the analyst can verify in seconds. Without citations, the AI is just a faster newsletter writer.
Who owns the RI function
In most pharma companies, RI is embedded within regulatory affairs and reports to the head of RA. Large companies have a dedicated RI team of 3 to 10 analysts; mid-size have 1 to 2 dedicated analysts plus contributions from regional RA managers; small companies distribute RI across the RA generalist roles.
In medtech, the picture differs. RI responsibilities typically split across RA (for regulation and guidance), Quality (for ISO and harmonised standards), and Post-Market Surveillance (for vigilance, inspection, and enforcement signals). ISO 13485 Clause 4.1.6 and 4.2.4 together require documented procedures for keeping regulatory requirements current, which anchors RI to the QMS.
For startups and small teams, a practical minimum:
- A defined scope document (products, jurisdictions, therapeutic areas)
- A source list (30 to 50 prioritised sources)
- A weekly review cadence with a simple tag (relevant / not relevant / action needed)
- A quarterly trend summary for leadership
- A decision log showing how RI findings influenced at least one decision per quarter
The decision log is the one artefact most teams skip. It is also the one an inspector will ask to see first.
Common mistakes
Confusing RI with compliance monitoring. Compliance tracks your obligations today. RI tracks what will change tomorrow. Organisations that fold RI into the compliance team produce compliant-focused outputs and miss strategic signals.
Outsourcing without anchoring. Commercial RI databases and newsletters provide breadth but not judgement. A subscription to a regulatory alerting service without an internal analyst to filter it is worse than no subscription at all.
Publishing without measuring. If nobody reads your weekly digest, fix the format or kill it. RI output is a product; it needs usage metrics.
Missing the competitor and inspection lens. RI is not just about reading guidance. Warning letters, refusal decisions, CHMP opinions, and competitor label changes tell you how regulators actually apply the rules. Teams that only read guidance miss the applied interpretation.
Treating AI tools as replacements for judgement. AI accelerates retrieval and summary. It does not substitute for the analyst's organisation-specific judgement on whether a given signal matters to your portfolio.
Key takeaways
- Regulatory intelligence is the systematic process of gathering, analysing, and communicating regulatory change to support decision-making
- The four-stage loop is: horizon scan, analyse, communicate, support decisions
- ICH Q10 and ISO 13485 both make regulatory surveillance a QMS obligation, so RI is no longer optional
- Pharma and medtech share a core source set but diverge in priority domains; tailor your scope to your portfolio
- Traditional RI hits ceilings at 20 to 40 sources per analyst; AI-powered tools extend coverage with semantic search and cited summaries
- Maintain a decision log linking RI findings to actual organisational decisions; this is the artefact an inspector expects to see
How RegAid helps
RegAid is a regulatory intelligence and search platform built for pharma and medtech RA teams. It ingests FDA guidance, EMA scientific guidelines, MDCG documents, Swissmedic guidance, ICH guidelines, eCFR, EUR-Lex, and 80+ other primary sources. Every answer is grounded in a citation so your analyst can verify the source in one click. Ask "What are the main differences between ISO 13485 and FDA QMSR?" or "What new nitrosamine AI limits did EMA publish in March 2026?" and get a cited answer with links to the original agency documents.