The Benchling 2026 biotech AI report came out this week, and one number jumped off the page: 80% of pharma organisations are increasing their AI investment this year.
Four out of five.
At first glance, that sounds like the story. More budget, more urgency, more adoption. But the more interesting line comes right after it. The main blocker isn’t model quality. It isn’t compute cost. It isn’t even a shortage of data scientists.
It’s data governance.
That’s worth pausing on for a second, because it says a lot about where the industry actually is. Pharma is putting real money into AI, and the thing slowing progress down is still the way data is organised, labelled, validated, controlled, and moved across the business. Not the model itself. The mess around it.
Why this keeps happening
I see the same pattern with pharma and compounding pharmacy clients all the time.
A team finds a use case that genuinely matters. Maybe it’s automating batch release documentation. Maybe it’s spotting formulation anomalies before they hit QC. Maybe it’s reducing the amount of manual review sitting between operations and release. The point is, the use case is real. It’s not some fluffy demo.
They scope it. They build a proof of concept. Sometimes they even get budget sign-off.
And then everything slows to a crawl.
Not because the model fails. Usually it doesn’t. The problem is that nobody agrees on which version of the data is the real one. Or the data sits across three systems and nobody owns the pipeline between them. Or the underlying documentation is inconsistent enough that training on it would just bake the inconsistency in.
That’s the part people don’t want to admit: the bottleneck usually isn’t AI. It’s the last ten years of deferred data cleanup that nobody wanted to fund before AI became a board-level issue.
The governance problem isn’t just technical
And in pharma, this gets harder fast.
Data governance here isn’t just a data engineering job. It lives right in the middle of regulatory compliance, change control, validation, and internal authority. Who owns a data standard? Who signs off on a schema change if it touches a validated system? What gets versioned? What gets audited? What has to be documented well enough to survive inspection?
Those aren’t side questions. They are the work.
In a GMP environment, moving quickly is genuinely harder than it is in most other industries. That’s just reality. The validation burden is real. Annex 11 doesn’t suddenly become optional because the AI tooling got better this year.
So if an AI strategy in pharma doesn’t start with data governance, it’s not really a strategy. It’s more like a wishlist with a budget line attached to it.
What fractional leadership actually does here
This is one of the main reasons I keep making the case for the fractional Head of AI model.
In regulated environments, the problem is rarely just technical. A strong engineer can build a model. That’s not nothing. But it usually isn’t the part that’s blocking progress.
What’s actually missing is someone who can sit in the room with QA, IT, operations, and commercial, and force clarity on the questions nobody wants to own. Who decides the data standard? Who owns the risk? Which workflow actually matters first? What needs to be validated now, and what can wait?
That job looks a lot closer to programme leadership with regulatory fluency than it does to pure model building.
And most companies don’t need that person full time. Not yet, anyway. What they need is experienced senior capacity at the moments that matter most: governance work, architecture decisions, vendor evaluations, integration projects, internal alignment. Those are spikes of work. Important ones. But still spikes.
That’s why the fractional model fits. You bring in senior judgment where the real drag is, not where the org chart says it should be.
The EU layer makes this harder, not easier
Then there’s the EU AI Act.
For companies working with higher-risk systems or AI tied to regulated products and processes, the next couple of years are going to get more complicated, not less. August 2027 is the date a lot of teams are planning around for high-risk systems embedded in regulated products, and the current Digital Omnibus discussions have added another layer of uncertainty on top of that.
Which, to be fair, is understandable.
If you’re a pharma company trying to deploy AI into a validated manufacturing or clinical environment, this isn’t some abstract policy debate. It affects architecture decisions you’re making right now. It affects what needs to be documented. It affects review processes. It affects who signs off on what.
So the governance model you build today can’t just be good enough for now. It has to be flexible enough to deal with a regulatory picture that’s still shifting.
The companies that get their data governance sorted early will have a real advantage when those deadlines start to feel close. The ones that don’t will be trying to solve governance, compliance, and architecture all at once. That’s usually when things get ugly.
The practical read
If you’re inside a pharma organisation and wondering why your AI programme isn’t moving faster, I’d start with a very simple question:
Where is the drag actually coming from?
Because my bet is it’s probably not the model.
More likely, it’s one of the three blockers listed here: unclear data ownership, validation paralysis, or compliance uncertainty.
None of that gets fixed by buying a better model. And it definitely doesn’t get fixed just by hiring more data scientists.
It gets fixed by governance work. Slow, unglamorous, often political governance work. The kind that needs somebody credible enough to move between QA, IT, and the business without the whole thing stalling out.
That’s where the real work is in 2026. Not in the demo. Not in the model benchmark. In the governance layer underneath it.
Michael Kilty is the founder of Arvanu and fractional Head of AI at NPLabs, a compounding pharmacy in Athens. Arvanu works with pharma and healthcare companies navigating AI in regulated environments.