These are the terms that come up the moment you put an AI agent into a regulated workflow. Most of them get used loosely, which is how a project ends up with a compliance gap nobody can name until an audit finds it. Each page gives the short, plain answer first, then what it means for a build. Start with what an audit-ready AI agent is if you want the through-line.

Regulations and frameworks

21 CFR Part 11 for AI. The FDA rule on electronic records and signatures, and what it asks of AI outputs.
GAMP 5 for AI. Risk-based validation, applied to LLM and agentic systems.
ALCOA+ for LLM outputs. The data-integrity standard, read against what an agent produces.
CSA vs CSV. Computer Software Assurance versus Computer System Validation.
CSV for AI systems. What system validation looks like for an AI build.

Build discipline

AI audit trail. What an agent logs so an output can be reconstructed.
Human-in-the-loop accountability. The named person who signs for an output.
Validated AI agent. What validation means for an agent, and how it relates to audit-ready.
Agentic AI validation. Validating multi-step, tool-using agents.
AI model governance. Versioning, change control, access, and monitoring.

Platform and compliance

Claude Enterprise tenancy. The isolated environment where the data stays with the client.
HIPAA AI under a BAA. How AI becomes HIPAA-compliant through the contract and the tenancy.