Introduction

Artificial intelligence (AI) technologies—including machine learning, natural language processing, and computer vision—emerged as transformative tools for cosmetic compliance during the mid-2020s, offering opportunities to enhance safety assessment, streamline regulatory documentation, and improve post-market surveillance [1]. By February 2025, cosmetic companies increasingly deployed AI systems for tasks such as ingredient screening, CPSR generation, claims substantiation, and adverse event monitoring [2]. However, the use of AI in regulatory compliance also presented risks, including potential for algorithmic errors, lack of transparency in AI decision-making, and questions regarding accountability when AI systems generate non-compliant outputs [3]. The regulatory framework established by Regulation (EC) No 1223/2009 did not explicitly address AI use, but the fundamental requirements—including the Responsible Person’s accountability under Article 4, the qualified safety assessor requirement under Article 10, and the evidential support criterion for claims under Commission Regulation (EU) No 655/2013—remained applicable regardless of whether AI tools were used [4].

The EU AI Act (Regulation (EU) 2024/1689), which entered into force in August 2024 with phased implementation through 2027, established a risk-based regulatory framework for AI systems, classifying them into prohibited, high-risk, limited-risk, and minimal-risk categories [5]. While cosmetic compliance applications were not explicitly classified as high-risk under the AI Act, the use of AI for safety assessment or regulatory decision-making raised questions regarding transparency, accountability, and human oversight [6]. The intersection of cosmetic regulation and AI regulation created a complex compliance landscape that required careful navigation by Responsible Persons and technology providers [7].

Regulatory Framework and Legal Analysis

Regulation (EC) No 1223/2009 establishes a framework based on human accountability and professional expertise [8]. Article 4 designates the Responsible Person as the entity ensuring compliance with all applicable requirements, and this accountability cannot be delegated to an AI system [9]. Article 10(2) requires that the safety assessment be carried out by a person in possession of appropriate qualifications, and while AI tools may assist in data collection and analysis, the final safety assessment must be conducted and signed by a qualified human assessor [10].

The SCCS Notes of Guidance (10th Revision, SCCS/1602/18) do not address AI use, but emphasize that safety assessment requires professional judgment, weight-of-evidence evaluation, and consideration of all relevant data [11]. AI systems can process large datasets, identify patterns, and generate predictions, but lack the contextual understanding and professional judgment required for comprehensive safety assessment [12]. The anticipated 11th Revision of the SCCS Notes of Guidance was expected to address the use of new approach methodologies (NAMs), including computational models and AI-based predictions, providing guidance on when and how such tools can be used in safety assessment [13].

The EU AI Act (Regulation (EU) 2024/1689) establishes requirements for AI systems based on risk classification [14]. High-risk AI systems—including those used for safety assessment of products or for making decisions with significant impact on health and safety—must comply with stringent requirements including risk management, data governance, technical documentation, transparency, human oversight, accuracy, robustness, and cybersecurity [15]. While cosmetic compliance applications are not explicitly listed as high-risk in Annex III of the AI Act, the use of AI for safety assessment could be considered high-risk if it significantly influences decisions regarding product safety [16].

Limited-risk AI systems, such as chatbots or content generation tools, must comply with transparency obligations, ensuring that users are aware they are interacting with an AI system [17]. Minimal-risk AI systems, such as AI-enabled spam filters or inventory management systems, are not subject to specific AI Act requirements but must comply with general product safety and data protection regulations [18].

For cosmetic compliance applications, the key AI Act considerations include: (1) transparency—users must understand how the AI system generates outputs and what data it relies on; (2) human oversight—qualified professionals must review and validate AI-generated outputs; (3) accuracy and robustness—the AI system must perform reliably and generate accurate outputs; and (4) accountability—the Responsible Person remains accountable for compliance regardless of AI use [19].

Article 20 claims substantiation under Commission Regulation (EU) No 655/2013 requires that claims be supported by adequate and verifiable evidence [20]. If AI systems are used to generate or substantiate claims (e.g., through analysis of consumer reviews, social media sentiment, or clinical trial data), the methodology must be transparent, scientifically valid, and documented [21]. The Technical Document on Cosmetic Claims emphasizes that evidence must be appropriate to the claim type, and AI-generated evidence must meet the same standards as evidence generated through traditional methods [22].

Toxicological and Safety Science Considerations

AI applications in cosmetic toxicology and safety assessment include: (1) QSAR (Quantitative Structure-Activity Relationship) modeling for predicting toxicity from chemical structure; (2) read-across and grouping of structurally similar substances; (3) integration of data from multiple sources (in vitro assays, in vivo studies, human data) using machine learning; (4) prediction of dermal absorption from physicochemical properties; and (5) automated literature review and data extraction [23].

QSAR models use statistical or machine learning algorithms to predict toxicological endpoints (e.g., skin sensitization, mutagenicity, acute toxicity) from molecular descriptors such as molecular weight, log P, and structural features [24]. The OECD has developed principles for QSAR validation, requiring that models have a defined endpoint, an unambiguous algorithm, a defined domain of applicability, appropriate measures of goodness-of-fit and predictive power, and a mechanistic interpretation if possible [25]. QSAR predictions are accepted by the SCCS as supporting evidence in weight-of-evidence assessments, but are not sufficient as standalone evidence for safety assessment [26].

Read-across involves predicting the toxicity of a target substance from data on structurally similar source substances [27]. The ECHA Read-Across Assessment Framework (RAAF) provides guidance on read-across justification, requiring demonstration of structural similarity, similar physicochemical properties, similar toxicokinetics, and a plausible hypothesis for why the target and source substances would have similar toxicity [28]. AI systems can assist in identifying suitable source substances and assessing similarity, but the scientific justification for read-across must be provided by qualified toxicologists [29].

Machine learning models can integrate data from multiple in vitro assays to predict in vivo toxicity, potentially reducing the need for animal testing [30]. For example, the Integrated Approaches to Testing and Assessment (IATA) for skin sensitization integrates data from DPRA, KeratinoSens™, h-CLAT, and other assays using defined approaches to predict sensitization potential [31]. AI systems can automate this integration and generate predictions, but the SCCS emphasizes that predictions must be validated against human data and that professional judgment is required to interpret results [32].

Dermal absorption prediction from physicochemical properties (molecular weight, log P, water solubility) is an active area of AI research, with several models demonstrating reasonable predictive accuracy [33]. However, the SCCS requires that dermal absorption be measured using validated in vitro methods (OECD TG 428) rather than predicted, unless the prediction is validated against experimental data for the specific substance [34]. AI-predicted dermal absorption may be used as supporting evidence or for prioritization, but not as the primary basis for SED calculation [35].

Automated literature review and data extraction using natural language processing (NLP) can accelerate the process of compiling toxicological data for CPSR preparation [36]. AI systems can search scientific databases, extract relevant information (e.g., NOAEL values, study designs, results), and summarize findings [37]. However, the accuracy of AI-extracted data must be verified by qualified professionals, as NLP systems may misinterpret technical terminology or extract data from inappropriate sources [38].

Practical Compliance Guidance

For Responsible Persons considering AI use in cosmetic compliance, a risk-based approach is essential. First, the intended use of the AI system must be clearly defined, and the risks associated with that use must be assessed [39]. High-risk applications, such as AI-generated safety assessments or AI-based decisions regarding product safety, require stringent controls including human oversight, validation, and documentation [40]. Lower-risk applications, such as AI-assisted literature review or ingredient screening, require less stringent controls but still necessitate human review and validation [41].

Second, AI systems must be validated to ensure accuracy, reliability, and fitness for purpose [42]. Validation should include testing the AI system on representative datasets, comparing AI-generated outputs to expert-generated outputs, and assessing performance across the system’s intended domain of applicability [43]. Validation results should be documented and maintained in the PIF as part of the evidence supporting the CPSR or claims substantiation [44].

Third, human oversight is essential for all AI applications in cosmetic compliance [45]. Article 10(2) requires that the safety assessment be carried out by a qualified person, and this requirement cannot be satisfied by an AI system alone [46]. Qualified safety assessors must review AI-generated outputs, verify accuracy, apply professional judgment, and take responsibility for the final assessment [47]. The CPSR must be signed by the qualified safety assessor, and the assessor’s qualifications and role must be documented [48].

Fourth, transparency and documentation are critical [49]. The PIF should include documentation of AI systems used in compliance activities, including the system’s purpose, methodology, validation results, and limitations [50]. If AI-generated data or predictions are used in the CPSR, the methodology must be described and the limitations acknowledged [51]. If enforcement authorities request information under Article 21, the Responsible Person must be able to explain how AI systems were used and provide evidence that outputs were validated by qualified professionals [52].

Fifth, data governance is essential for AI systems that process personal data (e.g., consumer reviews, adverse event reports) [53]. The General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) requires that personal data be processed lawfully, fairly, and transparently, and that data subjects have rights including access, rectification, and erasure [54]. AI systems must be designed to comply with GDPR requirements, including data minimization, purpose limitation, and security [55].

Sixth, Responsible Persons should monitor regulatory developments regarding AI use in cosmetic compliance [56]. The anticipated 11th Revision of the SCCS Notes of Guidance was expected to provide guidance on the use of NAMs, including AI-based predictions, in safety assessment [57]. The AI Act’s implementation and enforcement will clarify the regulatory expectations for AI systems used in cosmetic compliance [58]. Industry associations such as Cosmetics Europe are developing guidance on AI use, and Responsible Persons should engage with these initiatives to stay informed and contribute to best practices [59].

Conclusion

Artificial intelligence technologies offer significant opportunities to enhance cosmetic compliance, including improved safety assessment, streamlined documentation, and enhanced post-market surveillance. However, AI use also presents risks, including potential for algorithmic errors, lack of transparency, and questions regarding accountability. The regulatory framework established by Regulation (EC) No 1223/2009 remains applicable regardless of AI use, and the Responsible Person’s accountability under Article 4 and the qualified safety assessor requirement under Article 10 cannot be delegated to AI systems. The EU AI Act establishes additional requirements for high-risk AI systems, and Responsible Persons must ensure that AI applications comply with both cosmetic-specific and AI-specific regulations. As AI technologies continue to evolve and regulatory frameworks adapt, the cosmetic industry must balance innovation with adherence to fundamental principles of human accountability, professional expertise, and evidence-based decision-making.

References

[1] European Commission. (2024). Artificial Intelligence Act: Implications for product compliance. European Commission.

[2] European Commission. (2024). Artificial Intelligence Act: Implications for product compliance. European Commission.

[3] Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (AI Act). Official Journal of the European Union, L 2024/1689.

[4] Regulation (EC) No 1223/2009, Articles 4 and 10.

[5] Regulation (EU) 2024/1689 (AI Act).

[6] Regulation (EU) 2024/1689 (AI Act), Annex III.

[7] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[8] Regulation (EC) No 1223/2009, Article 4.

[9] Regulation (EC) No 1223/2009, Article 10.

[10] SCCS. (2018). Notes of Guidance (10th Rev.). SCCS/1602/18. European Commission.

[11] SCCS. (2018). Notes of Guidance (10th Rev.). SCCS/1602/18. European Commission.

[12] Scientific Committee on Consumer Safety. European Commission. https://health.ec.europa.eu/scientific-committees/scientific-committee-consumer-safety-sccs_en

[13] SCCS. (2018). Notes of Guidance (10th Rev.). SCCS/1602/18. European Commission.

[14] Regulation (EU) 2024/1689 (AI Act). OJ EU.

[15] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[16] Regulation (EU) 2024/1689 (AI Act). OJ EU.

[17] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[18] Regulation (EU) 2024/1689 (AI Act). OJ EU.

[19] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[20] Commission Regulation (EU) No 655/2013 on cosmetic claims criteria.

[21] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[22] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[23] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[24] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[25] Scientific Committee on Consumer Safety. European Commission. https://health.ec.europa.eu/scientific-committees/scientific-committee-consumer-safety-sccs_en

[26] Scientific Committee on Consumer Safety. European Commission. https://health.ec.europa.eu/scientific-committees/scientific-committee-consumer-safety-sccs_en

[27] Scientific Committee on Consumer Safety. European Commission. https://health.ec.europa.eu/scientific-committees/scientific-committee-consumer-safety-sccs_en

[28] European Chemicals Agency. Restriction proposal (REACH Annex XV). https://echa.europa.eu

[29] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[30] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[31] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[32] Scientific Committee on Consumer Safety. European Commission. https://health.ec.europa.eu/scientific-committees/scientific-committee-consumer-safety-sccs_en

[33] Scientific Committee on Consumer Safety. European Commission. https://health.ec.europa.eu/scientific-committees/scientific-committee-consumer-safety-sccs_en

[34] Scientific Committee on Consumer Safety. European Commission. https://health.ec.europa.eu/scientific-committees/scientific-committee-consumer-safety-sccs_en

[35] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[36] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[37] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[38] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[39] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[40] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[41] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[42] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[43] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[44] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[45] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[46] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[47] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[48] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[49] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[50] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[51] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[52] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[53] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[54] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[55] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.

[56] Scientific Committee on Consumer Safety. European Commission. https://health.ec.europa.eu/scientific-committees/scientific-committee-consumer-safety-sccs_en

[57] SCCS. (2018). Notes of Guidance (10th Rev.). SCCS/1602/18. European Commission.

[58] SCCS. (2018). Notes of Guidance (10th Rev.). SCCS/1602/18. European Commission.

[59] Regulation (EC) No 1223/2009 on cosmetic products; SCCS/1602/18. European Commission.