Expert perspectives on AI-powered compliance, regulatory intelligence, and the future of global market expansion.
What began as a 3.4M SEK investment became the catalyst for a complete transformation. This is the story of how we rebuilt compliance from the ground up with artificial intelligence -- and why the old way of managing regulations was never going to scale for global manufacturers.
For more than a decade, ProductLex operated as a traditional SaaS platform serving manufacturers who needed to track and manage product compliance across global markets. The platform was reliable and well-regarded, but it operated the way most compliance tools did: as a structured database where human experts manually entered, updated, and maintained regulatory data. That model worked when the regulatory landscape changed slowly and predictably. By 2023, it had become clear that the pace of regulatory change had outstripped the ability of any human team to keep up, no matter how skilled or dedicated.
The 3.4 million SEK investment round in early 2024 was not simply a funding milestone -- it was a strategic inflection point. The capital enabled ProductLex to make a decisive commitment to artificial intelligence as the foundation of its platform, rather than treating AI as a feature bolted onto an existing product. This meant hiring machine learning engineers, licensing access to multiple large language models, and fundamentally rearchitecting the platform's data pipeline. The investment also funded an extended research phase where the team evaluated single-model approaches and ultimately rejected them in favor of a more robust multi-model architecture.
One of ProductLex's most significant competitive advantages is the depth of its compliance data. Over ten years of operation, the platform accumulated detailed records of regulatory requirements across dozens of jurisdictions, thousands of product categories, and hundreds of thousands of individual compliance events. This data proved invaluable when training and fine-tuning the AI systems. Unlike a startup building from scratch, ProductLex could validate its AI outputs against a rich historical record, ensuring that the new system was at least as accurate as the human-curated data it was replacing -- and in most cases, significantly more comprehensive.
The decision to build a multi-LLM consensus architecture was driven by a simple observation: in regulatory compliance, a single wrong answer can cost a manufacturer millions of euros in fines, product recalls, or market access delays. Single-model AI systems, no matter how capable, carry an inherent risk of hallucination -- generating plausible-sounding but factually incorrect regulatory information. ProductLex's consensus approach routes every query through three independent large language models and cross-validates their outputs. When all three models agree, the system delivers the result with high confidence. When they diverge, the system flags the discrepancy for human review. This architecture reduces hallucination risk by an order of magnitude compared to single-model approaches.
Looking ahead, ProductLex AI is building toward a future where compliance is not a bottleneck but a competitive advantage. The platform's roadmap includes real-time regulatory monitoring that alerts manufacturers to relevant changes within hours of publication, predictive compliance modeling that anticipates regulatory trends before they become law, and automated document generation that produces submission-ready compliance packages. The goal is not to replace compliance professionals but to amplify their capabilities -- turning a team of five into a team that operates with the reach and speed of fifty. For manufacturers competing in global markets, that kind of leverage is not optional; it is the price of entry.
When a single AI model hallucinates a regulation that does not exist, the consequences for manufacturers can be catastrophic. Our multi-model consensus approach cross-validates every output across three independent LLMs, eliminating the hallucination risk that makes single-model compliance tools dangerous.
Large language models are remarkably capable at processing and synthesizing regulatory text, but they carry an inherent flaw: they can generate confident, well-structured responses that are factually wrong. In general consumer applications, this is an inconvenience. In regulatory compliance, it is a liability. A single hallucinated clause or a misinterpreted deadline can lead a manufacturer to ship a non-compliant product, resulting in fines, recalls, or loss of market access. The fundamental issue is not that LLMs are unreliable -- it is that no single model is reliable enough for high-stakes compliance decisions.
ProductLex AI addresses this challenge with a multi-LLM consensus architecture. Every regulatory query is independently processed by three separate large language models, each with different training data, architectures, and reasoning approaches. The system then cross-validates their outputs, looking for agreement on key facts: applicable regulations, specific requirements, compliance deadlines, and required documentation. When all three models converge on the same answer, the system assigns a high confidence score. When one model diverges, the system identifies the specific point of disagreement and flags it for human review with full context.
Internal testing across thousands of regulatory queries has demonstrated that the consensus approach reduces factual errors by over 90% compared to any individual model operating alone. The architecture is particularly effective at catching subtle errors -- such as a model applying the correct regulation but citing an outdated version, or correctly identifying a requirement but misattributing it to the wrong product category. These are precisely the kinds of errors that human reviewers find most difficult to catch, because the surrounding context appears correct.
General-purpose AI applications can tolerate a 5-10% error rate because the cost of individual errors is low. Compliance cannot. A single incorrect classification under the EU Medical Device Regulation can delay market entry by months. A missed requirement under the Cyber Resilience Act can expose a manufacturer to significant penalties. ProductLex's consensus architecture is designed for domains where the acceptable error rate is measured in fractions of a percent, not single digits. This is not AI for convenience -- it is AI for confidence.
The consensus approach also provides a natural audit trail. Because each model's reasoning is logged independently, compliance teams can review not just what the system concluded but how each model arrived at its conclusion. This transparency is essential for regulated industries where demonstrating due diligence is as important as reaching the correct answer.
The CRA introduces mandatory cybersecurity requirements for every product with digital elements sold in the EU. From vulnerability handling to software bill of materials, here is a practical breakdown of what product companies must do before the enforcement deadline.
The EU Cyber Resilience Act represents the most significant horizontal cybersecurity regulation to affect product manufacturers in over a decade. Unlike sector-specific regulations, the CRA applies broadly to all products with digital elements -- from consumer IoT devices and smart appliances to industrial software platforms and network equipment. The regulation establishes essential cybersecurity requirements that must be met throughout a product's entire lifecycle, from design through end-of-support. For manufacturers accustomed to treating cybersecurity as a feature rather than a regulatory obligation, the CRA represents a fundamental shift in how digital products are brought to market in Europe.
The CRA mandates several concrete obligations. Manufacturers must conduct cybersecurity risk assessments during the design phase and document how identified risks are mitigated. Products must be delivered with secure default configurations, and manufacturers must provide clear documentation of the product's cybersecurity properties. Perhaps most significantly, the regulation requires manufacturers to provide security updates for the expected product lifetime and to establish coordinated vulnerability disclosure processes. The Software Bill of Materials (SBOM) requirement ensures transparency about third-party components, enabling faster response when vulnerabilities are discovered in widely used libraries.
The CRA entered into force in late 2024, with a phased implementation schedule. Manufacturers of critical products face earlier compliance deadlines, while the broader market has until 2027 for full enforcement. However, the reporting obligation for actively exploited vulnerabilities takes effect significantly earlier, meaning manufacturers need incident response processes in place well before the full compliance deadline. Companies that wait until the last moment to begin preparation will find themselves in an extremely difficult position, as the documentation and process requirements are substantial.
AI-powered compliance platforms like ProductLex can significantly accelerate CRA preparation. Automated gap analysis compares a manufacturer's existing cybersecurity practices against CRA requirements and identifies specific deficiencies. Natural language processing can parse the regulation and its associated harmonised standards to generate product-specific compliance checklists. AI can also monitor the evolving landscape of implementing acts and guidance documents, ensuring that manufacturers are working against the latest interpretations rather than outdated understandings of the regulation's requirements.
For IoT manufacturers and software developers, the CRA creates both challenges and opportunities. Companies that achieve compliance early will be able to market their products as CRA-ready, gaining a competitive advantage in the European market. Those that lag behind risk not only regulatory penalties but also exclusion from supply chains where CRA compliance becomes a procurement requirement. The manufacturers who treat the CRA as a catalyst for improving their cybersecurity posture, rather than a bureaucratic burden, will emerge from the transition period in the strongest position.
Market expansion used to mean months of regulatory research, expensive consultants, and unpredictable timelines. AI-powered regulation detection compresses that process from months to minutes, giving manufacturers a decisive competitive advantage in global expansion.
For most manufacturers, entering a new market has traditionally meant engaging regulatory consultants, commissioning gap analyses, and waiting weeks or months for a comprehensive picture of what compliance looks like in a new jurisdiction. This process is not only slow but also inherently sequential -- you typically cannot begin compliance work for market B until you understand how it differs from market A. The result is that market expansion plans are routinely delayed by compliance timelines, and the cost of regulatory preparation often exceeds the cost of product adaptation. For mid-size manufacturers competing against larger rivals with dedicated regulatory teams, this bottleneck can be the difference between capturing a market opportunity and missing it entirely.
ProductLex AI approaches market expansion compliance differently. Rather than treating each jurisdiction as an isolated compliance project, the platform maintains a continuously updated regulatory map that covers product safety, environmental, cybersecurity, and sector-specific requirements across all major markets. When a manufacturer identifies a target market, the platform can instantly generate a comprehensive compliance profile: which regulations apply to their specific product, where their existing compliance satisfies local requirements, and precisely what additional work is needed. This transforms the initial scoping phase from a weeks-long consulting engagement into a conversation with the platform.
One of the most significant advantages of AI-assisted compliance is the ability to pursue multiple markets simultaneously. In the traditional model, compliance teams work sequentially because each market analysis requires significant focused attention from a limited number of experts. With AI handling the initial regulatory mapping and gap analysis, compliance teams can run parallel workstreams across multiple jurisdictions. A manufacturer entering the EU, the United States, and Japan simultaneously can see all three compliance profiles side by side, identify shared requirements that satisfy multiple markets, and prioritize work that unlocks the largest number of markets with the least effort.
Manufacturers using AI-assisted compliance tools consistently report a reduction in their compliance preparation timeline of 60-80% compared to traditional approaches. More importantly, the predictability of the timeline improves dramatically. When compliance is a manual research process, it is extremely difficult to estimate how long preparation will take, because unknown requirements can surface late in the process and reset the timeline. AI-driven regulatory mapping surfaces the complete requirement set upfront, allowing project managers to plan with confidence and make reliable commitments to their commercial teams.
The strategic implications extend beyond speed. When compliance is no longer a bottleneck, manufacturers can make market entry decisions based on commercial opportunity rather than regulatory convenience. Instead of defaulting to markets where they already have compliance expertise, they can pursue the markets with the strongest demand for their products. This shift from compliance-constrained strategy to opportunity-driven strategy is one of the most powerful ways that AI is changing the competitive landscape for global manufacturers.
For decades, compliance teams have relied on spreadsheets, shared drives, and institutional memory to track regulations. That approach was always fragile -- and in an era of accelerating regulatory change, it has become untenable. Here is how AI-driven platforms are replacing static tools with living, adaptive intelligence.
For the better part of three decades, the compliance spreadsheet was the central artifact of product regulatory management. Compliance teams maintained elaborate workbooks tracking applicable regulations, required test reports, certification statuses, and renewal deadlines for every product in every market. These spreadsheets were often masterpieces of organizational knowledge, refined over years by experienced compliance managers who understood both the regulatory landscape and their company's product portfolio. But they were also brittle, opaque, and entirely dependent on the individuals who maintained them. When a key compliance manager left the organization, critical institutional knowledge walked out the door with them.
As companies expanded their product lines and entered additional markets, the spreadsheet model broke down in predictable ways. Version control became a nightmare, with multiple copies of critical compliance data living on different team members' laptops. Updates to one product's compliance status did not automatically propagate to related products or markets. And perhaps most critically, there was no mechanism for proactively alerting teams to regulatory changes -- compliance managers had to manually monitor regulatory bodies, industry publications, and standards organizations across every jurisdiction where their products were sold. For a company with hundreds of products across dozens of markets, this monitoring task alone could consume the majority of a compliance team's time.
The emergence of SaaS compliance platforms in the 2010s addressed some of these pain points. Centralized databases replaced individual spreadsheets, role-based access controls improved data governance, and workflow automation streamlined routine compliance tasks. These platforms represented a genuine improvement, but they shared a fundamental limitation with the spreadsheets they replaced: the intelligence in the system was still entirely human-generated. Every regulation had to be manually analyzed, every requirement manually mapped to products, and every change manually propagated through the system. The SaaS platform was a better container for compliance knowledge, but it did not generate or maintain that knowledge autonomously.
AI-powered compliance platforms represent a qualitative shift, not merely an incremental improvement. Instead of serving as passive databases that store what humans tell them, these platforms actively analyze regulatory text, identify relevant requirements, map them to product categories, and monitor for changes. When a regulation is amended, the platform can automatically assess the impact on every affected product and generate updated compliance requirements without human intervention. When a new standard is published, the platform can parse it, extract actionable requirements, and alert the relevant product teams -- all within hours of publication rather than the weeks or months that manual processing requires.
The concept of "living intelligence" captures this shift precisely. A spreadsheet is a snapshot -- it reflects the state of compliance knowledge at the moment it was last updated. An AI-powered platform is a living system that continuously absorbs new information, reassesses existing conclusions, and proactively surfaces changes that require attention. For compliance teams, this means spending less time on data maintenance and more time on the strategic decisions that actually require human judgment: how to prioritize compliance investments, when to enter new markets, and how to balance regulatory risk against commercial opportunity.
The EU Medical Device Regulation demands rigorous clinical evaluation, post-market surveillance, and technical documentation that overwhelms traditional compliance workflows. AI is transforming how manufacturers approach MDR -- from automated gap analysis to intelligent document generation that keeps pace with evolving requirements.
The EU Medical Device Regulation (MDR 2017/745) replaced the previous Medical Device Directives and introduced significantly more stringent requirements for manufacturers. The regulation expanded the scope of devices covered, strengthened requirements for clinical evidence, introduced a unique device identification (UDI) system, and established new obligations for post-market surveillance. For manufacturers, the sheer volume of documentation required -- technical files, clinical evaluation reports, periodic safety update reports, and post-market clinical follow-up plans -- represents an unprecedented compliance burden. Many small and mid-size manufacturers have found that MDR compliance requires more documentation effort than all other regulatory requirements combined.
The transition from MDD to MDR has exposed several critical challenges. Device classification rules have changed, meaning some products previously classified as lower-risk now require more extensive conformity assessment procedures. The clinical evidence requirements are substantially more demanding, with greater emphasis on clinical investigations and equivalence demonstrations. Notified Body capacity has been a persistent bottleneck, with the limited number of MDR-designated bodies creating long queues for conformity assessments. And the ongoing obligations -- including periodic safety update reports, post-market surveillance plans, and vigilance reporting -- require sustained resources that many manufacturers did not anticipate when planning their MDR transition.
AI-powered tools are proving valuable at multiple stages of the MDR compliance lifecycle. At the classification stage, AI can analyze a device's intended purpose and characteristics against the MDR classification rules and relevant MDCG guidance to suggest the appropriate risk class. For documentation, natural language processing can help generate structured technical file sections by extracting and organizing information from design records, test reports, and clinical literature. AI can also continuously monitor the regulatory landscape for relevant MDCG guidance updates, harmonised standard revisions, and Common Specifications that affect specific device categories, ensuring that technical documentation remains current.
Post-market surveillance (PMS) is one of the areas where AI delivers the most immediate value. MDR requires manufacturers to proactively and systematically gather, record, and analyze data on the quality, performance, and safety of their devices throughout their lifetime. AI can automate the monitoring of adverse event databases (such as EUDAMED, MAUDE, and national vigilance databases), scientific literature, and field safety corrective actions from comparable devices. Rather than relying on periodic manual reviews, manufacturers can implement continuous AI-driven monitoring that surfaces relevant safety signals in near real-time, enabling faster response to emerging issues and more comprehensive periodic safety update reports.
As the MDR landscape continues to evolve -- with ongoing discussions about potential amendments, the delayed rollout of EUDAMED, and the development of additional Common Specifications -- manufacturers need compliance systems that adapt as quickly as the regulatory environment changes. AI-powered platforms that continuously ingest and analyze regulatory updates give manufacturers the confidence that their compliance posture reflects the current state of requirements, not the state of requirements as they existed when their last manual review was completed. For medical device manufacturers navigating the most complex regulatory environment they have ever faced, this adaptive capability is not a luxury but a necessity.
Get compliance insights, product updates, and regulatory intelligence delivered to your inbox.
We are building the future of AI-powered product compliance for global manufacturers. Join us.
We use cookies to improve your experience. By continuing to browse, you agree to our use of cookies. Read our Cookie Policy.