Confidence Governance for Pharmaceutical Dosing Systems

1. Regulatory Framework

Clinical AI in 2026 operates inside a regulatory perimeter that did not exist when the first dosing-recommendation engines were cleared. The US Food and Drug Administration's final guidance on Clinical Decision Support, the predetermined-change-control-plan framework for adaptive AI/ML medical devices, and the September 2024 final rule on transparency for AI used in certified electronic health records together require that clinical AI disclose its training data, its known limitations, the confidence properties of its outputs, and the conditions under which its recommendations should not be relied upon. The 21st Century Cures Act's CDS carve-out continues to require that clinicians be able to independently review the basis of any AI recommendation, which the regulator now interprets as a structural property of the system rather than a documentation artifact.

The European Union's AI Act classifies clinical decision support that influences treatment as high-risk under Annex III, with the high-risk obligations binding through 2026 and 2027. Article 14's human-oversight requirement, Article 15's accuracy-and-robustness requirement, and Article 13's transparency obligation together require that the system communicate the basis and confidence of its outputs in a form that supports meaningful human oversight. The Medical Device Regulation continues to apply in parallel, and the European Health Data Space adds provenance obligations on the data that feeds clinical AI.

Japan's PMDA, the UK MHRA's AI airlock, Singapore's HSA AI in Healthcare guidelines, and Health Canada's adaptive-AI guidance converge on the same architectural expectation: a clinical AI system must govern its own recommendation authority based on assessed confidence in the inputs underlying each recommendation, and must communicate its uncertainty in a form that the supervising clinician can act on. The Joint Commission's medication-management standards and the Institute for Safe Medication Practices' guidance both reinforce the same property at the institutional level. The combined regulatory expectation is that clinical AI must not merely produce recommendations; it must structurally govern when it is permitted to produce them.

2. Architectural Requirement

The architectural property required by the framework is risk-proportional confidence governance with structural non-execution. The system must compute a composite confidence state from the multiple inputs underlying each dose recommendation — patient weight, organ function, lab values, concurrent medications, genetic factors, drug-interaction analysis, clinical context — and must compare that composite state against a threshold that is itself a function of the medication's pharmacological risk profile and the patient's specific risk context. When the composite confidence meets the threshold, the system is permitted to emit a specific dose recommendation. When it does not, the system must structurally refuse to emit one, and must transition to an advisory posture that communicates what is known, what is not known, and what would resolve the uncertainty.

The graduated-mode requirement is load-bearing. The system must distinguish between a recommendation emitted with high confidence from complete data, a recommendation emitted with moderate confidence and a flagged caveat, and a structural refusal to recommend, in a way that the supervising clinician can act on without independently reconstructing the confidence assessment. The hysteretic-recovery property is equally load-bearing: once the system has entered non-executing mode for a high-risk recommendation, it must not immediately resume recommending when a single data point is updated, because the marginal recovery does not reflect a genuine improvement in the underlying data quality.

The audit requirement is the third structural property. Every recommendation, every confidence computation, every threshold comparison, every non-executing transition, and every recovery must be recorded in a form that supports forensic reconstruction of the system's reasoning at any past time. The institutional medication-safety officer, the regulator, and the malpractice trier of fact must all be able to ask, post hoc, "on what inputs and against what threshold did the system emit or refuse this recommendation," and receive a structurally complete answer rather than an application log assembled around the recommendation.

3. Why Procedural Approaches Fail

The standard procedural response to clinical-AI confidence pressure is to attach a confidence interval to the recommendation, surface it in the user interface, and rely on the clinician to assess reliability. This is the architecture that the regulatory framework now treats as insufficient. The confidence interval is informational; it does not modulate the system's recommendation behavior. A recommendation generated with high confidence from complete, recent data appears in the same dose field, in the same workflow, with the same default-accept affordances, as a recommendation generated with low confidence from incomplete, conflicting data. The cognitive task of distinguishing the two falls entirely on the clinician, and falls precisely at the moments — high-workload, time-pressured, cognitively-saturated — when the AI assistance is most needed and the independent assessment is least reliable.

Adding hard cutoffs that suppress recommendations below a fixed confidence threshold improves the structural property at the margin but introduces oscillation: a patient whose composite confidence fluctuates around the threshold receives intermittent recommendations and intermittent suppression, which is operationally worse than either consistent state. Without hysteretic recovery, the system thrashes; with naive hysteresis, the system locks into the wrong state. The procedural retrofit cannot resolve this because it lacks the credentialed-input structure that makes the hysteresis state machine well-founded.

Adding logging of confidence values to the EHR audit trail improves the post-hoc reconstructability at the margin but does not produce structural audit closure. The audit log captures what the application chose to log; it does not carry the credentialed lineage of every input that contributed to the confidence computation, every threshold the comparison ran against, and every governance state that bore on the emission decision. A regulator asking the structural question receives an application log, not a credentialed chain.

The deeper failure is that procedural confidence handling treats confidence as a display attribute on a recommendation produced by a substantially ungoverned engine, while the regulatory framework now treats confidence governance as a structural property of the engine itself. No amount of UI surfacing or audit-log enrichment produces a structural property; structural properties have to be designed in.

4. The AQ Confidence-Governance Primitive

The Adaptive Query confidence-governance primitive, disclosed under USPTO provisional 64/049,409, specifies that every recommendation in a conforming clinical-AI system pass through a five-property closure. The first property is credentialed input: every input contributing to the recommendation arrives as an observation signed by an authority within a published taxonomy — the lab system, the patient-monitoring device, the pharmacy database, the clinician's attestation — and uncredentialed inputs are rejected or downgraded rather than silently absorbed. The second is composite confidence weighting: data recency, measurement precision, inter-source agreement, drug-interaction-resolution completeness, patient-specific risk factors, and credentialed authority compose into a structured contribution rather than a scalar.

The third property is risk-proportional admissibility. The composite confidence is compared against a threshold that is itself a function of the medication's pharmacological risk profile, the patient's specific risk context, and the institutional configuration. A routine antibiotic with a wide therapeutic range admits at moderate confidence; an anticoagulant with a narrow therapeutic window admits only at high confidence anchored on recent lab values, confirmed weight, and resolved interaction analysis. The comparison produces a graduated outcome — emit, emit-with-caveat, defer, refuse — drawn from a defined mode set rather than a binary recommend/suppress.

The fourth property is governed actuation: when the system is permitted to emit a recommendation, it does so with reversibility evaluation, harm-minimization under credentialed configuration, and post-emission verification, and structurally distinguishes intent from execution so the clinician's action on the recommendation is itself a credentialed observation. The fifth property is lineage-recorded provenance: every input, weighting, threshold comparison, emission decision, and clinician action is recorded with credentials, supporting forensic reconstruction at any past time and structurally tamper-evident inter-authority audit.

The recursive closure is what makes the primitive a substrate rather than a feature. Every emission produces emission-state observations that re-enter at property one as inputs to downstream evaluations — the dose administered re-enters as an input to the next dose's confidence computation, with credentialed lineage to the prior emission. Hysteretic recovery falls out naturally because the recovery threshold is itself a credentialed configuration that downstream evaluations admit. The primitive composes with any specific confidence-computation algorithm, any specific risk-classification scheme, and any specific storage medium, and the closure property is what distinguishes it from a confidence-display feature attached to an ungoverned engine.

5. Compliance Mapping

The FDA's CDS guidance and the ONC transparency rule are satisfied by properties one and five together: every input is credentialed, and every emission's basis is reconstructable from the lineage. The independent-clinician-review condition that anchors the CDS carve-out is satisfied structurally because the lineage carries the credentialed inputs and weightings that the reviewing clinician would otherwise reconstruct manually.

The EU AI Act's Article 14 human-oversight requirement is satisfied by the graduated-mode property: the system communicates its confidence state in a form that supports meaningful oversight, and structurally refuses to emit recommendations the clinician would otherwise have to evaluate independently. Article 15's accuracy-and-robustness requirement is satisfied by the risk-proportional admissibility: the threshold is itself a function of the medication's pharmacological risk, so accuracy is governed proportionally to the consequences of error rather than as a single global metric. Article 13's transparency obligation is satisfied by the lineage that accompanies every emission.

The MDR's post-market surveillance obligations and the FDA's predetermined-change-control-plan framework benefit from the recursive closure: the credentialed lineage of past emissions and clinician actions is itself a corpus of credentialed observations, so post-market analysis runs against a structurally complete record rather than against an application-log reconstruction. The Joint Commission's medication-management standards and the ISMP's high-alert-medication guidance map onto the risk-proportional thresholds: institutional safety officers configure thresholds against the published high-alert classes, and the configuration is itself a credentialed observation that audits admit.

Patient-safety-organization reporting under PSQIA and the EU's pharmacovigilance obligations benefit from the same property: an adverse-event review reconstructs, from the lineage, exactly what the system knew, what it did not know, what threshold it compared against, and why it emitted or refused the recommendation that bore on the event.

6. Adoption Pathway

Adoption of the primitive does not require replacement of the existing clinical-AI engine. The primitive composes with existing recommendation engines as a governance substrate underneath the recommendation logic, so an existing dosing model continues to compute its recommendation while the substrate governs whether the recommendation is permitted to emit and records the credentialed lineage of each emission decision. The first deployment phase typically wraps the high-alert medication classes — anticoagulants, opioids, chemotherapy agents, insulin, neuromuscular blockers — where the risk-proportional threshold is most load-bearing for safety and where the institutional medication-safety officer has the strongest mandate to govern emission authority.

The second phase extends the substrate across the formulary as institutional confidence in the governance behavior accumulates and as the credentialed-input integrations with lab, pharmacy, and patient-monitoring sources are validated. The third phase integrates the substrate with the institutional pharmacovigilance and patient-safety reporting pipelines, so the lineage that the substrate produces feeds adverse-event analysis and predetermined-change-control-plan evidence directly rather than being reconstructed from application logs.

The commercial fit is an embedded-substrate license for clinical-AI vendors and EHR platforms that need a defensible answer to the FDA's CDS guidance, the EU AI Act's high-risk obligations, and the institutional medication-safety mandate. Pricing aligned to credentialed-input integration count and governed-emission rate matches how regulated institutions consume governance, and the portable lineage that the substrate produces survives platform migrations and vendor changes, paradoxically increasing platform stickiness because the platform's differentiated value is its UX, formulary integration, and institutional access to the substrate rather than its custody of the records. The honest framing is that the primitive does not replace the dosing engine; it gives the dosing engine the governance substrate the regulatory framework now requires it to have, and which procedural confidence-display retrofits cannot supply.