Clarity before execution.
Todaypharma GMP preflight
Nextmedtech (EU MDR + FDA) · the EU AI Act high-risk regime · see Coverage →
Preflight: the checks an AI workflow has to pass before it goes live in a regulated process. Named for the routine a pilot runs before takeoff.
Every Preclari output is a PIF bundle (Preflight Interchange Format): structured JSON plus a human-readable brief, anchored against the cited regulations and signed by hash. PIF is an open spec, Apache 2.0.
AI triage of quality deviations in a GMP environment. Preclari identifies Annex 11 validation requirements, missing change control for prompts, and audit trail expectations before the pilot begins.
Describe your AI workflow once. Preclari reads it and returns:
A structured review of an AI workflow before you put it into a regulated process, modelled on the routine a pilot runs before takeoff.
The cost of finding something wrong in the air is far higher than finding it on the ground.
Find yourself first. The technical sections that follow are written for these four roles, with one targeted section each below.
Need a defensible preflight before QA review, not after.
Block the PR when a required control is missing above medium risk.
See § 07 · Where it fits in your pipelineNeed an artifact you can read and sign without learning a new tool.
Sign per-assumption, not per-document; overrides persist in the audit log.
See § 11 · Regulatory guardrailsNeed calibrated outputs you can put your name on.
Hand-off rules sit in the schema; the agent refuses to finalise a workflow above medium risk without a human gate.
See § 08 · Built for agents, audited by humansPharma, medical-device, and financial-services firms in Switzerland, the EU, and adjacent markets.
Roughly CHF 100M–1B revenue. EU regulations primary; non-EU depth follows.
See § 12 · ImpactMost regulatory tools answer "what does this rule say?" Preclari answers "is this AI workflow appropriate?"
Regulatory intelligence platforms are document-first. They index rules, redlines, and guidance, and they help a regulatory affairs professional find the right paragraph. That is not the same job as evaluating whether an AI workflow you are about to deploy belongs in a regulated process at all.
Preclari is workflow-first by design. You describe the workflow (what the AI does, where it runs, what it touches), and Preclari returns the applicable requirements, the controls you have not documented, the assumptions it made on your behalf, and the verification steps a human reviewer can run independently. The output is an artifact, not a search result.
An agent (or a person) describes the workflow once. Preclari does the rest, and the output is portable.
In a paragraph or a structured form, say what the AI does and where it runs. Preclari normalises prose or a typed WorkflowDescription.
WorkflowDescription { id: "wf_qd_triage…", intended_use: "AI triage of quality deviations", data_touched: ["deviation_log", "batch_record"], human_in_loop: true }
Preclari names the rules that apply, the controls you're missing, and the verification steps a reviewer can run. Every conclusion shows its reasoning chain back to your workflow.
PreflightAssertion { applicable_requirements: 3, missing_controls: 6, assumptions_made: 3, clarifying_questions: 3, verification_steps: 3, risk_classification: "medium" }
The output is a PIF bundle (JSON + a human-readable brief), openable by a reviewer without Preclari installed. Portable by design; you are never locked in.
PreflightSession { bundle_id: "ps_2026_001", produced_by: "[email protected]", sha256: "7f3e8a…0a1b", exports: [".pif", ".pdf"], portable: true }
Preclari answers one question (is this AI workflow appropriate?) across the AI-touching regulatory wave. v0.1 ships the pharma GMP corpus. Medtech and the EU AI Act high-risk regime are in active onboarding. The architecture, the PIF schema, and the reasoning pattern are the same.
Today's corpus. Covers AI workflows in GMP environments: deviation triage, batch record review, OOS handling, change control, computerised systems validation.
Example workflow: AI triage of quality deviations → preflight names Annex 11 validation requirements, missing change-control records, ALCOA+ audit-trail expectations.
EudraLex Vol 4 (Annex 11, Chapters 1 & 7) · ICH Q9, Q10 · FDA 21 CFR Part 11 + Data Integrity cGMP Q&A · MHRA data integrity · PIC/S PE 009 · WHO TRS 1033 Annex 4.
Smallest cognitive distance from pharma capability. Risk-based validation, post-market surveillance, complaint handling, and PRRC sign-off paths transfer directly. AI-enabled medical devices fall under the EU AI Act's Annex I high-risk track — full obligations there apply August 2027, not August 2026 (which is the Annex III timeline).
Example workflow: AI-assisted Software-as-a-Medical-Device classification → preflight names MDR Article 10 manufacturer obligations, Annex XIV clinical evaluation gaps, and the PRRC sign-off path.
EU MDR (Regulation 2017/745) — Articles 10, 83–87, Annexes I, II, III, XIV. EU IVDR (Regulation 2017/746) for in-vitro diagnostics.
Supporting (US + UK + international)US FDA 21 CFR Part 803 (adverse-event reporting), 21 CFR Part 820, the Quality Management System Regulation (QMSR); the QMSR final rule (89 FR 7496) amends Part 820 to incorporate ISO 13485:2016 by reference from 2 February 2026. MHRA Medical Devices Guidance (UK CA path). IMDRF (SaMD framework, MDSAP audit programme; MDSAP is operated by participating regulators, not IMDRF directly).
Full obligations on Annex III high-risk AI systems (standalone, including financial-services creditworthiness assessment) apply from August 2026; Annex I product-embedded systems are on the August 2027 track. Preclari produces an Article 6 + Annex IV-aware PIF artifact ahead of deployment, naming the high-risk classification basis, the Article 9 risk-management posture, the Article 10 data-governance steps, and the Article 14 human-oversight design. Financial services is the entry point (Annex III §5(b) creditworthiness assessment), where existing model-risk governance dovetails with PIF output.
Example workflow: AI-assisted credit decisioning under AI Act Annex III §5(b) → preflight names the Article 6 classification basis, the Article 9 risk management posture, the Article 10 data governance steps, and the Article 14 human oversight design.
EU AI Act (Regulation 2024/1689) — Articles 6, 9, 10, 11 + Annex IV, 12, 13, 14, 26, 72; Annex III categories including §5(b) creditworthiness assessment. EBA Guidelines on loan origination and monitoring (EBA/GL/2020/06) §4.3.4 on automated models in credit decisions. EBA Report on Machine Learning for IRB credit risk models (EBA/REP/2023/28). ECB Guide to Internal Models. EU DORA (Regulation 2022/2554) co-applies on operational resilience.
Supporting (US parallel)NIST AI Risk Management Framework — complement, not substitute. Gives a single PIF that addresses both regimes for buyers with EU exposure.
EU regulations are primary for marketing and onboarding sequence; non-EU jurisdictional depth (FDA, MHRA, IMDRF, NIST) is onboarded alongside as the international supporting set. The full corpus state — onboarded, in active onboarding, and on the roadmap — is on the Coverage page.
Preclari is a tool the team that builds the workflow runs against itself, not a tool QA runs after the fact. The artifact lands in QA's hands already.
Add preclari.assert_preflight as a step in your AI-workflow design template. Block the PR when missing_controls has a required entry at risk ≥ medium. The preflight artifact lives next to the workflow definition.
Compatible with Claude Desktop, VS Code, Cursor, and any MCP-aware agent runtime. No bespoke SDK to learn. Your existing agent calls Preclari's typed tools directly during workflow design.
Wire the CLI into your pipeline. The preflight bundle is committed alongside the workflow YAML; reviewers see what Preclari saw on each commit.
# .github/workflows/preflight.yml run: npx @preclari/cli check ./workflow.yaml --fail-on missing_required
// hand-off rules the agent enforces against its own draft if risk_class == "high" and human_gate == "none": refuse_to_finalise() if any(c.criticality == "required" for c in missing_controls): recommend_pause_pilot() if clarifying_questions: escalate_to_human("answer_first")
In practice Today, your agent in Claude or Cursor can call Preclari during workflow design and refuse to finalise a workflow that lacks required controls above medium risk.
Time-to-first-preflight: under a day. Workflow description (10 minutes), first run (1 minute), reviewer brief on the same hash.
The same artifact has two faces. An agent reads the structured object; a reviewer reads a printed brief. Both reference the same hash.
Preclari exposes a typed MCP server with composable preflight tools. The model that designs your workflow can call project_requirements or identify_missing_controls directly and receive a deterministic, hash-stable assertion before any human is involved.
The same assertion renders as a printed-document-style Preflight Brief. A regulatory affairs lead can read it, mark findings, and sign. The hash on the brief matches the JSON the agent received.
Same hash, two readers: the agent that builds the workflow, and the human who signs it.
Every Preclari output is a PIF artifact, Preflight Interchange Format. PIF is an open JSON specification published under Apache 2.0, with three schemas: WorkflowDescription, PreflightAssertion, and PreflightSession.
If Preclari ever disappears, your audit artifacts remain readable. Any tool that implements the spec can produce a PIF bundle; any reviewer can verify one. You are never locked in.
PIF is a portable artifact, not a vendor format. Compliance and audit platforms can consume a PIF document as hash-stable, citation-anchored evidence of AI-workflow preflight; the spec is the integration surface. Preclari is the AI-preflight layer; what sits below it stays your choice.
Every workflow change produces a new PIF bundle with its own hash and corpus snapshot. The artifact is the unit of repeatability, not the run.
Read the spec{
"pif_version": "0.1",
"assertion_id": "pa_2026_001_a",
"workflow_ref": "wf_qd_triage_2026_001",
"produced_by": {
"tool": "preclari",
"version": "0.1.0",
"methodology": "preclari-method-v1.0"
},
"corpus_snapshot": {
"snapshot_id": "corpus_2026_w19",
"snapshot_hash": "sha256:7f3e8a…0a1b",
"source_count": 10
},
"risk_classification": { "level": "medium" },
"applicable_requirements": [
{ "requirement_id": "req_001", "source": { "canonical_document_id": "EU-GMP-Annex-11" }, "confidence": "high" },
{ "requirement_id": "req_002", "source": { "canonical_document_id": "MHRA-DI-2018" }, "confidence": "high" },
{ "requirement_id": "req_003", "source": { "canonical_document_id": "Swissmedic-CS-Note-2023" }, "confidence": "high" }
],
"missing_controls": [ /* 6 entries: 4 required, 2 recommended. see example.json */ ],
"assumptions_made": [ /* 3 entries with impact_if_wrong */ ],
"clarifying_questions": [ /* 3 entries with would_change */ ],
"verification_steps": [ /* 3 entries with applies_to */ ],
"status": "draft",
"notice": "This assertion is informational and does not constitute regulatory advice."
} Not disclaimers. Columns. Every PIF assertion has to declare what it inferred, what would change the answer, and what it deliberately ignored before it ships.
assumptions_made: what we inferred when your description was incomplete; each one removable by you.clarifying_questions: what would change the output if you answered it.out_of_scope: what we deliberately did not consider, and why.verification_steps: how a human can independently audit each conclusion (citation, paragraph, page, line).applicability_basis: the reasoning chain from your workflow to each requirement.A PIF bundle without these fields is not a valid PIF bundle.
RA and Quality teams set the rules; Preclari enforces them as a working surface, not as policy text.
These are real adjacent products. Preclari stays narrow on purpose.
v0.1 corpus is pharma GMP. Medtech (EU MDR + FDA) and the EU AI Act high-risk regime are in active onboarding. The Coverage page is the live, authoritative list — it is the source of truth and updates as the corpus grows.
assumptions_made entry; sign-off is per-assumption, not per-document.For auditors Every MCP tool call is logged and replayable. Auditors can trace the agent's interaction with Preclari as part of the audit walk-through.
For the budget owner deciding whether Preclari earns its line item.
Typical budget owner: Head of Digital/AI, Head of Quality, or CIO. Procurement runs through whichever owns the AI workflow's deployment risk.
Free access is curated, not self-serve. Approved users get a workspace, a monthly quota, and the full set of preflight tools. Builder, Consultancy, and Team tiers are for committed users; Private deployment is for regulated enterprise. Approval typically takes two business days.
For enterprise procurement: security, data-location, and audit documentation available under NDA.