Praxara
Enforcement: 2 August 2026 · Annex 22 finalising 2026

Got the EU AI Act paperwork yet?

Praxara's Compliance Pack generates the full EU AI Act, Annex 22, 21 CFR Part 11 and GDPR artefact set every pharma QA team needs to clear procurement and audit — auto-built from your live AI inventory, signing-ready in days.

Book a 30-minute concierge call See what's inside
EU-resident · UK head office
Delivered in 5–10 business days
Generated, not templated
Starter
Quick procurement bypass · single signing authority
£5,000
/ one-time
  • Annex III classification report
  • AI Model Cards (Article 11)
  • Risk Register seed (Article 9)
  • Signing-ready PDFs + Markdown sources
  • Delivered within 5 business days
Recommended
Full
Concierge onboarding · quarterly refresh · auditor-ready
£30,000
/ annual
  • Everything in Starter
  • GDPR Article 30 ROPA
  • 21 CFR Part 11 compliance matrix
  • Audit chain summary + retention policy
  • Quarterly refresh + Annex 22 updates
Why a Compliance Pack
60%
EU pharma planning AI risk-management systems by 2027
Pharma Tech 2025 survey
45%
EU pharma overhauling QMS for AI
Pharma Tech 2025 survey
£200K+
Typical Big-4 consultancy fee for the same artefact set
Per engagement

Annex III says you need a technical-documentation pack. Annex 22 specifies what GxP-for-AI looks like. Praxara generates both, automatically, from your actual usage.

What's inside the Full Pack

Eight signing-ready artefacts. One ZIP. One audit chain.

Every artefact is generated from your live tenant data on Praxara — model cards, risk register, ROPA, retention policies, audit chain summary. Re-run quarterly and the pack reflects what actually changed.

01
Cover & Manifest

Tier, generated-at, contents list, sign-off block. Index of everything in the bundle.

02
Annex III Classification

Each AI system classified against EU AI Act Annex III categories. Reviewer attestation block.

03
Risk Register (Art. 9)

Likelihood × impact × residual, mitigation, owner, next-review date.

04
AI Model Cards (Art. 11)

Intended use, out-of-scope, training/eval data, metrics, biases, oversight requirements.

05
GDPR Article 30 ROPA

Processing activities, lawful basis, data categories, transfers, retention, security measures.

06
21 CFR Part 11 Matrix

Every § mapped to Praxara implementation + the live evidence row in your tenant.

07
Audit Chain Summary

Total record count, top-15 actions, SHA-256 chain integrity status.

08
Retention Policy

Per-resource retention days, deletion method, lawful-basis cross-reference.

Cost comparison

5× cheaper than the consultancy alternative — and current quarterly, not stale annually.

Big-4 consultancies charge £150K–£300K for a one-time technical-documentation pack that's stale the moment your AI inventory changes. Praxara generates the same evidence from runtime data and refreshes it on demand.

Big-4 consultancy
£200,000+
Refresh cadence
Annual, manual
Praxara Full Pack
£30,000 /yr
Refresh cadence
Quarterly, automatic
Includes Annex 22 updates as the standard finalises during 2026
How buying works

Concierge today, self-serve later. Five business days from call to signed pack.

1
Discovery call

30 min. We confirm scope, AI inventory size, signing authority. No deck.

2
MSA + DPA

UK MSA + GDPR-compliant DPA. Signed inside 48 hours.

3
Tenant + inventory

Provisioned same day. Your AI systems registered as model cards.

4
Pack generated

One click. Eight PDFs + markdown sources + manifest, audit-logged.

5
Sign + submit

QA, DPO, AI Officer review. Sign. Hand to auditor or regulator.

What we won't pretend

What's not included (so we don't surprise you on contract day)

  • MedDRA dictionary: customer-licensed (we don't bundle MSSO).
  • SSO / SAML: Q3 2026 roadmap. JWT + MFA for now; pilots run on JWT.
  • US data residency: 6–12 months out. EU-only today (westeurope / northeurope).
  • SOC 2 Type II: in observation period; Type I + ISO 27001 SoA available now.
  • External pen-test: internal complete (all findings remediated); external scheduled.

If any of these block your pilot, tell us on call one. We'll either find a workaround or be straight that we're not the right fit yet.

FAQ

Common questions

Can we buy just the pack, even though we're already on Veeva or ArisGlobal?
Yes. The pack sits alongside your existing systems. Praxara doesn't replace Vault or NavaX — it generates the technical-documentation evidence those tools don't ship.
Can the pack be signed under 21 CFR Part 11 e-signature?
Yes. Each artefact is generated against the Praxara audit chain. Reviewer attestation and signing block are part of every document.
What if Annex 22 changes between purchase and renewal?
Full Pack includes quarterly refresh. We update the templates as Annex 22 finalises during 2026 and re-generate your pack against the new requirements at no extra charge.
Do we need to give Praxara our actual AI usage data to generate the pack?
No raw inference data. You register your AI systems as model cards and risk-register entries — what they are, intended use, training data summary. Praxara never sees the underlying patient or clinical content (unless you also subscribe to the platform).
Is this a SaaS subscription or a one-shot deliverable?
Both options. Starter is a one-time deliverable (single-shot, no ongoing obligation). Full is annual SaaS with quarterly refreshes and updates.
Will this satisfy our internal QA / GxP audit?
The pack is designed to be the input to your internal review — it doesn't replace QA attestation. Your QA team reviews, signs, and submits. We've built the artefact set; you certify it under your own quality system.

Aug 2026 is closer than your next QMS audit.

30-minute concierge call. Bring your AI inventory (or a list of suspected use cases). We'll generate a sample pack live and quote in writing the same day.

Book a concierge call See platform pricing →