Bloomberg Law
US Law Week
LinkedIn

Mitigating AI Risks in Pharma Needs a New Governance Framework

Sept. 27, 2024, 8:30 AM UTC
Keerthika Subramanian
Keerthika Subramanian
Winston & Strawn
Mollie Goldfarb
Mollie Goldfarb
Winston & Strawn

Generative artificial intelligence is a salient topic for pharmaceutical leaders, as AI is poised to transform conventional drug discovery, preclinical testing, and clinical trials. Despite yielding monetary benefits and cost savings, AI-enabled clinical development presents significant legal risks, including, but not limited to, product liability, intellectual property, and data privacy risks. To date, there is little guidance available on how best to manage these legal risks.

According to a 2024 Bain & Company study, 75% of pharmaceutical industry leaders say AI is a top C-suite and board priority. Companies should consider implementing a three-tiered, bottom-up corporate governance framework to help company boards of directors and management exercise proper oversight of AI-enabled clinical development and mitigate legal risks.

First Line of Defense

AI-enabled clinical development is esoteric, and a company’s board and management may not fully understand it. Therefore, companies should establish a permanent AI standing committee to serve as the eyes and ears of key decision-makers.

The AI standing committee is comprised of personnel from all levels of seniority across the drug development lifecycle, as well as other functions such as corporate development/strategy, finance, legal/compliance, information technology, government affairs, and investor relations.

The committee is the first line of defense in the board and management’s oversight of AI-enabled clinical development. This committee should report to the C-suite’s own AI committee. Members of this committee should have staggered terms to ensure continuity while still fostering new perspectives.

The role of the standing committee is captured by the four Rs—record, review, recommend, and report.

Record. In recent proxy seasons, shareholder proposals have increasingly focused on AI transparency reports. The standing committee should maintain comprehensive records of a company’s current use of AI-enabled clinical development. It should update these records on a quarterly basis in connection with the preparation of its quarterly report.

Review. The standing committee should review, on a quarterly basis, the following: the company’s current use of AI-enabled clinical development, including related metrics, guardrails, policies, and best practices; relevant domestic and foreign regulatory systems, including legislative, judicial, and regulatory developments; and internal and external proposals regarding the company’s current and future uses of AI-enabled clinical development, including potential collaborations with AI companies.

Recommend. Next, the standing committee should prepare a set of related recommendations.

Report. Finally, the standing committee should prepare a quarterly report containing the key findings of its review and related recommendations, and deliver it to the C-suite AI committee.

Second Line of Defense

Given that AI is a priority for investors, companies should consider appointing a chief AI officer. To ensure adequate and balanced representation of AI, scientific/clinical, strategic, and risk mitigation expertise in AI decision-making, companies should establish a C-suite AI committee.

This committee is comprised of the chief AI officer, the chief scientific officer, the chief medical officer, the chief compliance, quality, and risk officer, the head of corporate development/strategy, and the chief legal officer.

The mandate of the C-suite AI committee is encompassed by the four As—authorize, analyze, act, and advise.

Authorize. The C-suite AI committee is authorized to oversee the AI standing committee.

Analyze. The C-suite AI committee analyzes the findings and recommendations that the standing committee produces in its quarterly reports.

Act. Drawing upon thesereports, the C-suite AI committee produces quarterly AI executive summaries for the CEO’s review. Each AI executive summary should discuss metrics, guardrails, best practices, policies, procedures, risk management strategies, and other considerations for the use of AI-enabled clinical development.

Advise. The C-suite AI committee should advise the CEO on all AI-related decisions, including metrics, guardrails, best practices, policies, procedures, and risk management strategies.

Final Line of Defense

The board has primary oversight of risks related to AI-enabled clinical development. The board’s function can be summarized by the four Cs—care, competency, consult, and control.

Care. The customary fiduciary duty of care applies to board members when exercising oversight of AI-enabled clinical development. Using the quarterly reports and executive summaries from both AI committees, as well as guidance from external advisers, the board should establish, evaluate, and update, as necessary, metrics and guardrails for proper use of AI-enabled clinical development.

Competency. AI competency is required to exercise proper care and is increasingly a top investor priority. While some boards may choose to form a separate committee or subcommittee to demonstrate the board’s AI expertise, this isn’t necessary. The focus should be on cultivating competency at the individual director level.

Directors should develop their competencies in AI by regularly reviewing the quarterly reports and executive summaries produced by both AI committees and participating in relevant training opportunities.

Consult. The AI regulatory landscape is nascent and patchwork, so the board should seek advice from external legal and other advisers when confronted with AI-related decisions.

Control. The board’s oversight of AI-related risks also extends to disclosure control risk. The board, together with company management, legal, accounting, and investor relations personnel, must ensure proper disclosure controls over the company’s Securities and Exchange Commission’s AI-related disclosures to prevent AI washing—an embellishment of a company’s AI use.

The SEC has prioritized this area recently, noting that public companies must ensure that AI disclosures are clear, current, customized, and based in reasonable belief. In March, the SEC pursued enforcement action in respect to AI washing.

The board should take appropriate measures to ensure robust controls over AI disclosures.

AI-enabled clinical development isn’t immune from legal risks. Industry leaders should consider implementing the three-tiered, bottom-up corporate governance framework to mitigate them.

Read More in a Bloomberg Law Professional Perspective.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Author Information

Keerthika Subramanian is a partner and Mollie Goldfarb is an associate at Winston & Strawn. They focus on corporate governance matters.

Write for Us: Author Guidelines

To contact the editors responsible for this story: Jada Chin at jchin@bloombergindustry.com; Alison Lake at alake@bloombergindustry.com

Learn more about Bloomberg Law or Log In to keep reading:

Learn About Bloomberg Law

AI-powered legal analytics, workflow tools and premium legal & business news.

Already a subscriber?

Log in to keep reading or access research tools.