While paper trails and legacy systems remain part of the landscape, pharma has been actively coding its next chapter: evolving through digital innovation, transforming core functions like drug development, manufacturing, regulatory oversight, and patient interaction. Central to this is the adoption of advanced technologies such as artificial intelligence (AI), blockchain, cloud computing, and digital twins, collectively referred to as Pharma 4.0™. In response to these updates, the European Medicines Agency (EMA) and the Pharmaceutical Inspection Co-operation Scheme (PIC/S) have proposed updates to Annex 11 of the EU Guidelines for Good Manufacturing Practice (GMP), which governs computerized systems. Published in 2011, Annex 11 is being reimagined to address modern technologies, cloud services, and data integrity challenges.
The revision of Annex 11 of the EU Guidelines on Good Manufacturing Practice (GMP) for medicinal products reflects the urgent need to modernize regulatory expectations in response to the rapid evolution of digital technologies within the pharmaceutical sector. Originally issued in 2011, the current Annex 11 no longer provides sufficient guidance on key areas such as data integrity, cloud services, and digital transformation. This concept paper outlines the rationale and scope for updating Annex 11 to ensure it remains aligned with contemporary practices and emerging risks. Let us explore the key differences between the current Annex 11 and the 2025 draft concept paper:
Table 1. Key Differences between the Annex 11 (2011) and the 2025 Draft Concept Paper
With the ever-increasing complexity of data and digital modalities, these regulations actually create clarity in how to effectively deal with that complexity. They provide clear modern expectations that are better aligned with the risks.
Organizations will need to reassess and potentially revalidate existing computerized systems, update SOPs and documentation to reflect lifecycle management and data integrity and embed Quality Risk Management (QRM) throughout system design and operation in order to remain compliant with these regulatory expectations.
The 2025 draft concept paper also favors automation and technical controls over manual processes, requiring investment in modern platforms and staff training in AI/ML validation, cloud compliance, and cybersecurity. Legacy systems may become non-compliant, pushing firms toward modernization.
Companies must strengthen quality agreements with cloud and SaaS providers, conduct enhanced due diligence, and ensure third-party vendors operate under GMP-compliant conditions. For those exploring AI, alignment with both Annex 11 and the new Annex 22 is essential, covering intended use, training data quality, model validation, and ongoing monitoring.
In conclusion, the 2025 draft concept paper represents a major step forward in modernizing GMP compliance. While the updates may seem daunting, their alignment with PIC/S, ICH, and FDA guidelines supports global regulatory convergence and simplifies compliance for multinational operations.
Lachman Consultants can help your organization with an overall data strategy that includes robust and compliant governance, assurance of data integrity and implementation of an effective and compliant platform. In addition to helping companies better manage their data quality and assure compliance, we also help companies adopt the use of artificial intelligence in day-to-day activities. If your firm needs assistance adopting these principles, reach out to us for a consult at LCS@LachmanConsultants.com.
