[email protected]
Trust Bridge Compliance
Home / Thinking / Foresight
Pharma technology foresight · June 2026 · Sachin Bhandari

ELSA is coming. Is industry ready?

Part 1 of 3: what changes. A brief for the CIO and the CQO, written to help you plan and invest ahead of an FDA that now works at machine speed.

Part 1 · What changes Part 2 · What it hits Part 3 · How to prepare
In about 18 months the FDA took daily AI use from near 1% of staff to over 80%. Most of the industry it regulates still runs AI through pilot committees.

The FDA built an AI for itself before it asked industry to validate one. Elsa, the agency's in-house generative assistant, went live in June 2025 ahead of schedule, and it now runs across roughly 18,000 staff.

In that year and a half the agency took daily AI use from near 1% to over 80%. The companies it regulates are, for the most part, still putting generative AI through pilot committees and waiting for clearer guidance. That gap, the regulator automating faster than the regulated, is the real story. It is the spine of this three-part brief, and it is the reason a CIO and a CQO need to read this one together.

What Elsa actually is

Elsa is a large language model running on Anthropic's Claude inside a secure government cloud. It is the agency's own assistant. FDA staff use it; industry has no version of it to buy. Day to day it summarises adverse-event narratives, compares drug labels in a fraction of the time the work used to take, reads clinical protocols, generates code for agency databases, and helps reviewers find the high-risk facilities worth inspecting. The plain version: it reads the agency's mountain of text and data quickly, and it points the agency's people at what matters.

Both of you should care because Elsa changes the tempo of oversight and its targeting at the same time. One of those sits in IT's remit, the other in Quality's, and Elsa pulls on both at once.

The 18 months that reset the regulator's tempo

Jun 2025 Elsa launches agency-wide, ahead of schedule Jul 2025 Reviewers report hallucinated studies; use stays optional Feb 2026 Full workforce, ~18,000 staff; adoption past 80% Apr 2026 One-day inspection pilot; 40+ done, most close NAI May 2026 Elsa 4.0 + HALO: agentic AI on one consolidated dataset Each release widens what the agency can read and shortens how long it takes to read it.
Figure 1. The Elsa escalation, June 2025 to May 2026. The red node marks the public accuracy controversy; the agency acknowledged the limits and kept going.

The direction holds steady through every release. The July 2025 controversy, when FDA reviewers told reporters the tool invented studies and citations, did not slow it down. What followed was wider access, higher adoption, AI-targeted inspections, and a consolidated data platform (HALO) that gives Elsa a single view across information that used to sit in separate agency silos.

What changes for you

Three shifts matter for Part 1, and they land on the CIO and the CQO in different ways.

Reading speed. An agency that can parse a company's electronic footprint in minutes now reviews submissions and inspection history with a thoroughness that human hours used to ration. Anything that does not reconcile across your documents is far cheaper for them to find than it was two years ago.

Inspection targeting. Elsa helps the FDA rank facilities by risk from deviation patterns, adverse events and CAPA history. The decision to inspect your site is increasingly shaped by what a model sees in your data trail, and often the model connects those dots before your own teams do.

Data consolidation. With HALO, the agency is building its own single source of truth across its data estate. The regulator is finishing the data-integration project that many of the companies it inspects have deferred for a decade.

1% 80%
FDA staff using AI daily, early 2025 to 2026
~18,000
FDA employees with Elsa access
40+
AI-backed one-day inspection assessments since April 2026
Minutes
to sift a company's full electronic data footprint

Three places Elsa already works

Use case 01

Inspection targeting

Sifts deviation patterns, adverse events and CAPA history across domestic and foreign facilities to prioritise who gets inspected, and why.

Use case 02

Submission and label review

Summarises adverse-event narratives, compares labels and reads protocols at a pace that frees reviewer hours for judgement instead of collation.

Use case 03

One-day inspections

AI-backed risk analysis compresses inspections at lower-risk sites. Over 40 assessments since April 2026, most closing No Action Indicated.

The uncomfortable part

Elsa is not flawless, and the flaw cuts in two directions. The agency's own reviewers reported it inventing studies and citations with full confidence, and use remains optional precisely because of that. So the regulator runs an imperfect AI that still helps shape who gets inspected, which means a model's mistake can land on your calendar.

The same failure mode lives in your house. If you have generative AI drafting deviations, summarising complaints or pre-reading submissions, it hallucinates with the same confidence, and your name sits on the record it produced. This is where decision integrity becomes the thing an inspector can pull on: for every output a model shaped, what was it asked, what did it answer, and who checked the answer before it became a GxP record.

Data integrity told you whether the number was real. Decision integrity asks whether the judgement behind it can be reconstructed. Elsa puts that question on both sides of the table.

Five questions to sit with before Part 2

  1. If the FDA can read your full electronic footprint in minutes, what does it find in your data before your own teams do?
  2. Your last major submission took months to assemble. The agency can parse it in an afternoon. Is your data coherent enough to survive that speed?
  3. When a model flags your site for inspection from deviation patterns, who inside your organisation saw that pattern first, and why was it not you?
  4. The regulator's AI hallucinates. So does yours. In an inspection, whose hallucination carries the heavier consequence?
  5. You have governed AI as a future risk. The regulator deployed it as present capability. How many more quarters can that gap stay open?

Where this leaves us

Part 1 is the diagnosis. The regulator changed its operating tempo, and most of industry has not adjusted to it. Part 2 looks at where that lands hardest, on submissions, inspections, data integrity and the validation backlog you already carry. Part 3 is the preparation plan, the moves a CIO and a CQO can make together in the next two quarters.

The honest reading of June 2026: Elsa is coming into its own, and most organisations are not ready for an FDA that works at this speed. Readiness is buildable, and the firms that started early are noticeably calmer about it. The first step is simply to stop treating the regulator's AI as someone else's pilot.

Sachin Bhandari advises pharma, biotech, medical device and CDMO organisations on AI in GxP, the CSV to CSA evolution and digital validation at enterprise scale. He is a draft reviewer for EU GMP Annex 22 (AI) and sits on the Global GAMP Steering Committee. If Elsa is live for your programme, start with AI in GxP governance and the frameworks.

Get ahead of an AI-speed regulator.

A focused 30 minutes on your own programme, no obligation. Bring your hardest Elsa question.

Request a conversation

← More thinking  ·  The book: Validating AI in GxP