AI in Post-Market Surveillance: What Actually Works and What Is Still Marketing

Where AI works in production today

The capabilities described in this section are not roadmap items. They operate in production at manufacturers processing thousands of complaints per month across 80+ countries.

AI-powered complaint intake

Large language models read unstructured complaint sources including emails, PDFs, free-text fields, and forwarded message chains, and extract structured data: product identifiers, lot or serial numbers, event dates, reporter information, event descriptions, and patient outcomes. This is natural language processing, not keyword matching or rules-based parsing. It handles misspellings, inconsistent formatting, buried details, and mixed-language communications.

Smarteeva's SmartExtraction engine achieves 96% first-pass accuracy on field extraction across production data. Fields that cannot be extracted with high confidence are flagged for human review rather than guessed. The system processes a single complaint email in under 60 seconds.

Automated IMDRF code suggestion

IMDRF coding is a classification task: map an unstructured event description to a structured taxonomy of hundreds of codes. AI models trained on complaint data and device context produce code suggestions ranked by confidence. The system considers the event narrative, device type, intended use, and historical coding patterns across the manufacturer's complaint database.

The confidence score is the critical feature. When the top suggestion is at 94%, the specialist confirms and moves on. When confidence is at 55%, the specialist knows to apply additional judgment. Before AI-assisted coding, one customer had a 9% mismatch rate between complaint codes and MDR codes. After implementation with bidirectional sync, the rate dropped to less than 0.001%.

Reportability assessment

Determining whether a complaint requires a regulatory report is a decision tree problem. The inputs are event type, severity, jurisdiction, and device classification. The outputs are specific report types and submission deadlines. Smarteeva's country-driven decision trees automate this assessment across 80+ jurisdictions. A single complaint can simultaneously trigger an FDA MDR, an EU MIR, a Health Canada CVR, and a BfArM notification.

Regulatory report pre-population and narrative drafting

MDR form fields are populated from connected data in the same Salesforce environment. The event description narrative is generated as a draft from complaint data, IMDRF codes, and investigation findings. The AI eliminates the data assembly and blank-page problem. The Regulatory team reviews, edits, and approves. Average submission time: 3 minutes via the FDA ESG NextGen API.

Duplicate detection

Identifying whether an incoming complaint matches an existing record requires comparing across product, lot number, event date, and reporter while accounting for formatting variations. AI-powered matching handles inconsistencies that simple string matching misses. One customer achieved 95% duplicate reduction within six months.

AI for complaint-adjacent operations

The capabilities above apply to the quality and regulatory workflow. But complaints trigger operational actions that AI can also address when the complaint system is also the CRM.

Automated customer notification workflows can send status updates to the reporter when complaint milestones are reached: acknowledgment of receipt, investigation initiated, investigation complete, regulatory report filed. These notifications currently happen manually through email, if they happen at all.

AI-assisted risk assessment drafts can be generated from complaint patterns. When multiple complaints cluster around a specific failure mode, the system can draft a preliminary risk evaluation referencing the relevant complaint data, the affected device population, and the current risk management file.

Sales team alerts can be triggered when complaint patterns affect key accounts. If a hospital that represents significant revenue has multiple complaints in a short period, the account manager should know before the next visit. When the complaint system runs on Salesforce, this alert is a native capability.

These functions become possible when the post-market surveillance platform is also the CRM. They are not available on any eQMS or standalone complaint management tool because those systems do not have access to customer relationship data, sales account information, or commercial workflow triggers.

Where AI does not work yet

Honesty about limitations is more useful than another capability list.

1. Root cause analysis: AI can surface relevant data for an investigation. It can pull device history records, link to similar prior complaints, and identify related adverse events. It cannot determine root cause. Root cause analysis requires engineering judgment, physical device examination, failure mode analysis, and clinical context. A trained investigator examining a returned device under a microscope is performing work that no AI system can replicate today. AI accelerates the data gathering that happens before the investigation. It does not replace the investigation itself.‍
2. Clinical assessment for PSURs: A PSUR requires a benefit-risk evaluation written by someone with clinical and regulatory expertise. Smarteeva generates the data sections of a PSUR in 8 minutes: complaint trends, adverse event summaries, statistical analysis. It does not write the clinical assessment. Evaluating whether a device's safety profile has changed, whether new risks have emerged, and whether the benefit continues to outweigh the risk is a judgment call that requires domain expertise AI does not possess.
3. Regulatory strategy: Deciding how to respond to a safety signal, whether to initiate a field safety corrective action, how to communicate with a Notified Body, or how to structure a response to an FDA warning letter requires regulatory strategy. AI provides the data to inform these decisions. It does not make them. The human Regulatory professional remains the decision-maker for every action that affects market authorization, patient safety communication, or the manufacturer's relationship with regulatory authorities.

‍

What agentic AI means for post-market surveillance

Traditional AI in post-market surveillance operates as single-task automation. A human triggers an action (process this email), the AI performs one task (extract fields), and the human triggers the next action (suggest IMDRF codes).

Agentic AI completes multi-step workflows autonomously within defined guardrails. An agentic system can receive a complaint email, extract the structured data, suggest IMDRF codes, assess reportability, pre-populate the regulatory form, and route the complaint for investigation. Each step executes in sequence without a human triggering the next one.

Smarteeva's Orchestra platform is an AI agent builder designed for Quality and Regulatory teams. Users configure agents using a no-code, drag-and-drop interface. Each agent defines a sequence of tasks, the data sources it can access, and the governance rules that constrain its behavior. Every agent action is logged in an audit trail. Every output is reviewable. The human stays in the loop at the points where human judgment matters, not at every step where data moves from one field to another.

The distinction between generative AI and agentic AI is important for regulated environments. Generative AI produces content (drafts, summaries, suggestions). Agentic AI performs actions (creates records, routes workflows, triggers submissions). In post-market surveillance, the value of agentic AI is that it handles the process coordination that currently consumes most of the elapsed time in complaint handling, while preserving human oversight at every decision point that affects compliance or patient safety.

How to evaluate AI claims from PMS vendors

When evaluating AI capabilities from any vendor, including Smarteeva, ask five questions.

• First: what specific task does the AI perform? "AI-powered" is a marketing adjective. "AI reads unstructured emails and extracts 12 complaint fields at 96% accuracy" is a verifiable capability. Ask for specifics.
• Second: what is the accuracy rate in production, not in a demo? Demo accuracy on curated data is not production accuracy on your messy, inconsistent, multilingual complaint emails. Ask for production metrics and how they were measured.
• Third: what happens when the AI is wrong? The answer should involve confidence scores, human review requirements, and flagging for uncertain outputs. If the answer is "it is rarely wrong," ask again with more specificity.
• Fourth: is there an audit trail? Every AI action should be logged: what the AI suggested, what the human confirmed or changed, and when. Auditors will ask for this. If the vendor cannot show an audit trail of AI decisions, the capability is not ready for a regulated environment.
• Fifth: does the AI operate within a validated framework? With the EU AI Act classifying medical device AI systems as high-risk, and ISO 13485 requiring validation of automated processes, the AI capability needs to fit within a documented validation framework. Ask how the vendor addresses regulatory requirements for AI validation.

35% of all FDA MDRs are filed through Smarteeva. 50,000+ users across 80+ countries rely on the platform. These numbers are production data. Any AI claim worth evaluating should come with equivalent production evidence.

‍