Stuyvenberg Advisory Group

SAG finds the regulatory gaps in your clinical AI product before your customers do.

I translate FDA and international regulatory requirements into product decisions, engineering specifications, and PRD language your team can act on. The difference is depth: with hands-on experience building clinical data products end to end, I can identify exactly where the gaps are and explain what needs to change in terms your engineers can implement and your product leads can prioritize.

What it costs when this gets missed

The best way to understand what this work prevents is to see what happens when it isn't done. These are the failure modes that show up consistently in clinical AI products: the gaps between what the product does and what regulators, sponsors, and enterprise buyers require.

The Moving Strike Zone
A continuously learning AI diagnostic tool starts a pivotal trial flagging disease progression at 50 pixels of tissue damage. Six months later, it silently updates its weights and shifts the threshold to 48 pixels. The engineers see an accuracy improvement. The FDA sees rules of measurement that changed mid-game, and calls into question the entire trial dataset.
The trial is invalidated. Every AI improvement is a liability without a Predetermined Change Control Plan legally bounding how the model learns. SAG identifies the PCCP gaps in your current product and PRD, translates the requirements into language your engineering team can act on, and delivers a prioritized set of requirements you can put directly into your roadmap: what needs human sign-off, what doesn't, and how to prove it either way.
The Timezone Trap
A decentralized trial runs across sites in Japan, California, and London. The platform logs timestamps in local time at each site. When a sponsor's quality team requests a full audit reconstruction ahead of an FDA submission, the team discovers they cannot establish an unambiguous sequence of events across time zones. Under ICH E6(R3), if regulators cannot verify the precise order and timing of every clinical data event, they treat the data as compromised.
The data cannot be used. Logging what happened and being able to reconstruct it for a regulator are different architectures. SAG performs a gap analysis of your current audit trail against 21 CFR Part 11 requirements and delivers the specific PRD requirements your engineering team needs to build from: bi-temporal timestamps, server-side commit records, and the fields that make every event reconstructable without ambiguity.
The Invisible Scope Line
A trial tech startup builds an AI-assisted protocol authoring tool. It doesn't recommend treatments. It doesn't touch patient care. It helps clinical teams draft eligibility criteria and study design parameters, then flags potential issues before IRB submission. The team is confident they're outside FDA's Clinical Decision Support framework. Their first enterprise sponsor's legal team disagrees and asks for documentation proving the UI presents the AI's reasoning basis in a way that supports independent clinical judgment, not just a result the clinician acts on. The product was never designed to produce that documentation, and the UI was never designed to support that standard.
The deal falls through. FDA CDS Criterion 4 applies to AI outputs that inform clinical judgment, not just treatment decisions. SAG identifies whether your product is in scope, performs a gap analysis against Criterion 4 requirements, and delivers UI requirements and evidence layer specifications your product and design teams can incorporate into the roadmap before a sponsor's legal team asks.
The Reconstruction Request
A startup's AI platform processes incoming trial data and logs every output it generates. When a sponsor's quality team requests a full audit reconstruction ahead of an FDA submission, the team pulls the logs. They can show what the AI decided. They cannot show which model version was running at the time, which version of the input data it evaluated, or whether the regulatory ruleset in effect that day is the same one running now. The sponsor pauses the engagement while the team rebuilds the audit architecture from scratch, mid-trial.
Months of rework, mid-trial. Regulators need to verify every condition under which an AI decided, not just what it decided. SAG performs a gap analysis of your current audit trail architecture, identifies what's missing, and delivers the specific feature requirements and data model specifications your engineering team needs to build a reconstructable record before the product enters a trial.
When it's done well

Regulatory compliance isn't a tax on your product. It's what makes it sellable to the buyers who matter.

Enterprise pharma sponsors, hospital systems, and the investors and acquirers evaluating your company are no longer impressed by algorithmic capability alone. They are actively assessing governance architecture. The teams that treat compliance as a core product feature, built in from the start, are the ones winning the contracts and the due diligence conversations their competitors aren't passing.

Enterprise procurement

Hospital CIOs and pharma sponsors are mandating governance alignment as a hard gate in vendor evaluation, in many cases ahead of the regulations themselves. A product that can demonstrate verifiable audit trails, model change control, and documented compliance posture wins procurement conversations that a technically superior but governance-light competitor loses. The governance pack is becoming the sales asset.

Investor and M&A positioning

Due diligence has shifted from technical evaluation to governance evaluation. Acquirers are hunting for architectural maturity they can plug into their existing compliance infrastructure. A clean, compliant product architecture is a valuation driver. A compliance retrofit discovered mid-diligence is a deal risk, and sophisticated buyers know the difference before you walk in the room.

Global market access

Aligning with FDA, EMA, and international AI governance standards from the start means expanding into new jurisdictions without rebuilding the compliance architecture from scratch for each one. The teams that design for multi-jurisdictional requirements early move faster globally than the teams that design for one market and patch the rest.

Services

Engagements built around what your team can act on.

Every engagement produces something your product and engineering team can build from, not a compliance memo to hand to legal. The output is requirements, specifications, and prioritized gaps in a format your team can take directly into the roadmap.

Training

Regulatory-Ready AI for Trial Tech Teams

Working sessions for product, design, and engineering leads on building AI-enabled features in regulated clinical trial contexts. Topics include AI governance architecture and what FDA reviewers actually look for, how to think about CDS classification and what triggers device status, PCCP requirements and how to design a model update governance framework, audit trail architecture that satisfies 21 CFR Part 11, and RBQM concepts your clinical buyers will ask about. Teams bring a real feature or product question. We work through it together, in your language, at the level your engineers can implement.

Ongoing

Fractional Advisory & Retainer

Ongoing regulatory-to-product translation across your roadmap. Async PRD and requirements review, office hours for product and engineering leads, and continuity across releases and regulatory developments. Built for teams that need a standing translator, someone who knows your product, understands the regulatory landscape, and can flag issues before they become expensive, without a full-time hire. Especially useful during active AI feature development, pre-commercial scaling, or ahead of enterprise pharma pilots.

About
Jessica Stuyvenberg

Jessica Stuyvenberg

Founder & Principal
Stuyvenberg Advisory Group

The gap between what regulations require and what your team can build from isn't a knowledge problem. It's a translation problem.

Before founding SAG, I spent over a decade as a product leader in regulated clinical data and AI — building the kinds of tools your team is building now. That means I've been on the product side when a compliance requirement landed with no explanation of what it meant for the data model, and on the engineering side when a regulatory decision needed to become something buildable. I know what the regulations require and how to turn them into something a development team can implement, because I've had to do it.

"The gap isn't compliance knowledge or product knowledge. It's translation between them, at the moment in the build when it's still cheap to get right."

That work spanned the full clinical data pipeline: study design with biomedical concept encoding, SDTM conversion tooling, and data quality analysis. It included leading AI product development in regulated trial contexts — protocol authoring and eConsent tooling built with biopharma organizations who asked the same questions your pharma buyers bring to pilot conversations: how does this map to our standards, what does your validation package look like, and what happens when the model changes.

"I can get into the specifics of how your product works, identify where the gaps are, and explain what needs to change in terms your engineers can implement."

SAG is the practice I launched to bring that translation to trial tech teams who need it at the product level, not after the pilot stalls.

Architect of the ARCH Framework for clinical AI governance, published June 2026 and submitted to FDA Docket FDA-2026-N-4390

Field-level fluency in 21 CFR Part 11, ICH E6(R3), PCCP, CDS Criterion 4, USDM, CDISC, SDTM, and ADaM

13 years building regulated clinical data products and AI-enabled tools at Deloitte and in life sciences environments

Hands-on experience across SDTM pipelines, USDM-aligned protocol tooling, and eConsent in regulated contexts

B.S. Biomedical Engineering, Johns Hopkins University

Provisional surgical device patent and co-authored clinical research

Published Work

The ARCH Framework: Adaptive Regulatory Compliance and Human Oversight in Clinical Trials Stuyvenberg Advisory Group · June 2026 · Submitted to FDA Docket FDA-2026-N-4390 · Zenodo

ARCH is a field-level specification for anchoring AI proof certificates natively within the CDISC Unified Study Definitions Model, defining what compliance evidence for AI-generated clinical decisions looks like as structured, machine-readable data that travels with a regulatory submission. It was published in June 2026 and submitted to FDA Docket FDA-2026-N-4390 as a public comment on the AI-Enabled Optimization of Early-Phase Clinical Trials Pilot Program.

Contact

Let's find out if the fit is real.

If you're a clinical trial technology company preparing for pharma pilots, navigating investor diligence, or building AI-enabled features in a regulated context, and you don't have regulatory-to-product translation in-house, start with a conversation. No proposal until we both agree it makes sense.

Get in touch