Traditional document management approaches, rooted in paper-based paradigms, create artificial boundaries between engineering activities and quality oversight. These silos become particularly problematic when implementing Quality Risk Management-based integrated Commissioning and Qualification strategies. The solution lies not in better document control procedures, but in embracing data-centric architectures that treat documents as dynamic views of underlying quality data rather than static containers of information.
The Engineering Quality Process: Beyond Document Control
The Engineering Quality Process (EQP) represents an evolution beyond traditional document management, establishing the critical interface between Good Engineering Practice and the Pharmaceutical Quality System. This integration becomes particularly crucial when we consider that engineering documents are not merely administrative artifacts—they are the embodiment of technical knowledge that directly impacts product quality and patient safety.
EQP implementation requires understanding that documents exist within complex data ecosystems where engineering specifications, risk assessments, change records, and validation protocols are interconnected through multiple quality processes. The challenge lies in creating systems that maintain this connectivity while ensuring ALCOA+ principles are embedded throughout the document lifecycle.
Building Systematic Document Governance
The foundation of effective GEP document management begins with recognizing that documents serve multiple masters—engineering teams need technical accuracy and accessibility, quality assurance requires compliance and traceability, and operations demands practical usability. This multiplicity of requirements necessitates what I call “multi-dimensional document governance”—systems that can simultaneously satisfy engineering, quality, and operational needs without creating redundant or conflicting documentation streams.
Effective governance structures must establish clear boundaries between engineering autonomy and quality oversight while ensuring seamless information flow across these interfaces. This requires moving beyond simple approval workflows toward sophisticated quality risk management integration where document criticality drives the level of oversight and control applied.
Electronic Quality Management System Integration: The Technical Architecture
The integration of eQMS platforms with engineering documentation can be surprisingly complex. The fundamental issue is that most eQMS solutions were designed around quality department workflows, while engineering documents flow through fundamentally different processes that emphasize technical iteration, collaborative development, and evolutionary refinement.
Core Integration Principles
Unified Data Models: Rather than treating engineering documents as separate entities, leading implementations create unified data models where engineering specifications, quality requirements, and validation protocols share common data structures. This approach eliminates the traditional handoffs between systems and creates seamless information flow from initial design through validation and into operational maintenance.
Risk-Driven Document Classification: We need to move beyond user driven classification and implement risk classification algorithms that automatically determine the level of quality oversight required based on document content, intended use, and potential impact on product quality. This automated classification reduces administrative burden while ensuring critical documents receive appropriate attention.
Contextual Access Controls: Advanced eQMS platforms provide dynamic permission systems that adjust access rights based on document lifecycle stage, user role, and current quality status. During active engineering development, technical teams have broader access rights, but as documents approach finalization and quality approval, access becomes more controlled and audited.
Validation Management System Integration
The integration of electronic Validation Management Systems (eVMS) represents a particularly sophisticated challenge because validation activities span the boundary between engineering development and quality assurance. Modern implementations create bidirectional data flows where engineering documents automatically populate validation protocols, while validation results feed back into engineering documentation and quality risk assessments.
Protocol Generation: Advanced systems can automatically generate validation protocols from engineering specifications, user requirements, and risk assessments. This automation ensures consistency between design intent and validation activities while reducing the manual effort typically required for protocol development.
Evidence Linking: Sophisticated eVMS platforms create automated linkages between engineering documents, validation protocols, execution records, and final reports. These linkages ensure complete traceability from initial requirements through final qualification while maintaining the data integrity principles essential for regulatory compliance.
Continuous Verification: Modern systems support continuous verification approaches aligned with ASTM E2500 principles, where validation becomes an ongoing process integrated with change management rather than discrete qualification events.
Data Integrity Foundations: ALCOA+ in Engineering Documentation
The application of ALCOA+ principles to engineering documentation can create challenges because engineering processes involve significant collaboration, iteration, and refinement—activities that can conflict with traditional interpretations of data integrity requirements. The solution lies in understanding that ALCOA+ principles must be applied contextually, with different requirements during active development versus finalized documentation.
Attributability in Collaborative Engineering
Engineering documents often represent collective intelligence rather than individual contributions. Address this challenge through granular attribution mechanisms that can track individual contributions to collaborative documents while maintaining overall document integrity. This includes sophisticated version control systems that maintain complete histories of who contributed what content, when changes were made, and why modifications were implemented.
Contemporaneous Recording in Design Evolution
Traditional interpretations of contemporaneous recording can conflict with engineering design processes that involve iterative refinement and retrospective analysis. Implement design evolution tracking that captures the timing and reasoning behind design decisions while allowing for the natural iteration cycles inherent in engineering development.
Managing Original Records in Digital Environments
The concept of “original” records becomes complex in engineering environments where documents evolve through multiple versions and iterations. Establish authoritative record concepts where the system maintains clear designation of authoritative versions while preserving complete historical records of all iterations and the reasoning behind changes.
Best Practices for eQMS Integration
Systematic Architecture Design
Effective eQMS integration begins with architectural thinking rather than tool selection. Organizations must first establish clear data models that define how engineering information flows through their quality ecosystem. This includes mapping the relationships between user requirements, functional specifications, design documents, risk assessments, validation protocols, and operational procedures.
Cross-Functional Integration Teams: Successful implementations establish integrated teams that include engineering, quality, IT, and operations representatives from project inception. These teams ensure that system design serves all stakeholders’ needs rather than optimizing for a single department’s workflows.
Phased Implementation Strategies: Rather than attempting wholesale system replacement, leading organizations implement phased approaches that gradually integrate engineering documentation with quality systems. This allows for learning and refinement while maintaining operational continuity.
Change Management Integration
The integration of change management across engineering and quality systems represents a critical success factor. Create unified change control processes where engineering changes automatically trigger appropriate quality assessments, risk evaluations, and validation impact analyses.
Automated Impact Assessment: Ensure your system can automatically assess the impact of engineering changes on existing validation status, quality risk profiles, and operational procedures. This automation ensures that changes are comprehensively evaluated while reducing the administrative burden on technical teams.
Stakeholder Notification Systems: Provide contextual notifications to relevant stakeholders based on change impact analysis. This ensures that quality, operations, and regulatory affairs teams are informed of changes that could affect their areas of responsibility.
Knowledge Management Integration
Capturing Engineering Intelligence
One of the most significant opportunities in modern GEP document management lies in systematically capturing engineering intelligence that traditionally exists only in informal networks and individual expertise. Implement knowledge harvesting mechanisms that can extract insights from engineering documents, design decisions, and problem-solving approaches.
Design Decision Rationale: Require and capture the reasoning behind engineering decisions, not just the decisions themselves. This creates valuable organizational knowledge that can inform future projects while providing the transparency required for quality oversight.
Lessons Learned Integration: Rather than maintaining separate lessons learned databases, integrate insights directly into engineering templates and standard documents. This ensures that organizational knowledge is immediately available to teams working on similar challenges.
Expert Knowledge Networks
Create dynamic expert networks where subject matter experts are automatically identified and connected based on document contributions, problem-solving history, and technical expertise areas. These networks facilitate knowledge transfer while ensuring that critical engineering knowledge doesn’t remain locked in individual experts’ experience.
Technology Platform Considerations
System Architecture Requirements
Effective GEP document management requires platform architectures that can support complex data relationships, sophisticated workflow management, and seamless integration with external engineering tools. This includes the ability to integrate with Computer-Aided Design systems, engineering calculation tools, and specialized pharmaceutical engineering software.
API Integration Capabilities: Modern implementations require robust API frameworks that enable integration with the diverse tool ecosystem typically used in pharmaceutical engineering. This includes everything from CAD systems to process simulation software to specialized validation tools.
Scalability Considerations: Pharmaceutical engineering projects can generate massive amounts of documentation, particularly during complex facility builds or major system implementations. Platforms must be designed to handle this scale while maintaining performance and usability.
Validation and Compliance Framework
The platforms supporting GEP document management must themselves be validated according to pharmaceutical industry standards. This creates unique challenges because engineering systems often require more flexibility than traditional quality management applications.
GAMP 5 Compliance: Follow GAMP 5 principles for computerized system validation while maintaining the flexibility required for engineering applications. This includes risk-based validation approaches that focus validation efforts on critical system functions.
Continuous Compliance: Modern systems support continuous compliance monitoring rather than point-in-time validation. This is particularly important for engineering systems that may receive frequent updates to support evolving project needs.
Building Organizational Maturity
Cultural Transformation Requirements
The successful implementation of integrated GEP document management requires cultural transformation that goes beyond technology deployment. Engineering organizations must embrace quality oversight as value-adding rather than bureaucratic, while quality organizations must understand and support the iterative nature of engineering development.
Cross-Functional Competency Development: Success requires developing transdisciplinary competence where engineering professionals understand quality requirements and quality professionals understand engineering processes. This shared understanding is essential for creating systems that serve both communities effectively.
Evidence-Based Decision Making: Organizations must cultivate cultures that value systematic evidence gathering and rigorous analysis across both technical and quality domains. This includes establishing standards for what constitutes adequate evidence for engineering decisions and quality assessments.
Maturity Model Implementation
Organizations can assess and develop their GEP document management capabilities using maturity model frameworks that provide clear progression paths from reactive document control to sophisticated knowledge-enabled quality systems.
Level 1 – Reactive: Basic document control with manual processes and limited integration between engineering and quality systems.
Level 2 – Developing: Electronic systems with basic workflow automation and beginning integration between engineering and quality processes.
Level 3 – Systematic: Comprehensive eQMS integration with risk-based document management and sophisticated workflow automation.
Level 4 – Integrated: Unified data architectures with seamless information flow between engineering, quality, and operational systems.
Level 5 – Optimizing: Knowledge-enabled systems with predictive analytics, automated intelligence extraction, and continuous improvement capabilities.
Future Directions and Emerging Technologies
Artificial Intelligence Integration
The convergence of AI technologies with GEP document management creates unprecedented opportunities for intelligent document analysis, automated compliance checking, and predictive quality insights. The promise is systems that can analyze engineering documents to identify potential quality risks, suggest appropriate validation strategies, and automatically generate compliance reports.
Natural Language Processing: AI-powered systems can analyze technical documents to extract key information, identify inconsistencies, and suggest improvements based on organizational knowledge and industry best practices.
Predictive Analytics: Advanced analytics can identify patterns in engineering decisions and their outcomes, providing insights that improve future project planning and risk management.
Building Excellence Through Integration
The transformation of GEP document management from compliance-driven bureaucracy to value-creating knowledge systems represents one of the most significant opportunities available to pharmaceutical organizations. Success requires moving beyond traditional document control paradigms toward data-centric architectures that treat documents as dynamic views of underlying quality data.
The integration of eQMS platforms with engineering workflows, when properly implemented, creates seamless quality ecosystems where engineering intelligence flows naturally through validation processes and into operational excellence. This integration eliminates the traditional handoffs and translation losses that have historically plagued pharmaceutical quality systems while maintaining the oversight and control required for regulatory compliance.
Organizations that embrace these integrated approaches will find themselves better positioned to implement Quality by Design principles, respond effectively to regulatory expectations for science-based quality systems, and build the organizational knowledge capabilities required for sustained competitive advantage in an increasingly complex regulatory environment.
The future belongs to organizations that can seamlessly blend engineering excellence with quality rigor through sophisticated information architectures that serve both engineering creativity and quality assurance requirements. The technology exists; the regulatory framework supports it; the question remaining is organizational commitment to the cultural and architectural transformations required for success.
As we continue evolving toward more evidence-based quality practice, the organizations that invest in building coherent, integrated document management systems will find themselves uniquely positioned to navigate the increasing complexity of pharmaceutical quality requirements while maintaining the engineering innovation essential for bringing life-saving products to market efficiently and safely.
The pharmaceutical industry stands at an inflection point where artificial intelligence meets regulatory compliance, creating new paradigms for quality decision-making that neither fully automate nor abandon human expertise. The concept of the “missing middle” first articulated by Paul Daugherty and H. James Wilson in their seminal work Human + Machine: Reimagining Work in the Age of AI has found profound resonance in the pharmaceutical sector, particularly as regulators grapple with how to govern AI applications in Good Manufacturing Practice (GMP) environments
The recent publication of EU GMP Annex 22 on Artificial Intelligence marks a watershed moment in this evolution, establishing the first dedicated regulatory framework for AI use in pharmaceutical manufacturing while explicitly mandating human oversight in critical decision-making processes. This convergence of the missing middle concept with regulatory reality creates unprecedented opportunities and challenges for pharmaceutical quality professionals, fundamentally reshaping how we approach GMP decision-making in an AI-augmented world.
Understanding the Missing Middle: Beyond the Binary of Human Versus Machine
The missing middle represents a fundamental departure from the simplistic narrative of AI replacing human workers. Instead, it describes the collaborative space where human expertise and artificial intelligence capabilities combine to create outcomes superior to what either could achieve independently. In Daugherty and Wilson’s framework, this space is characterized by fluid, adaptive work processes that can be modified in real-time—a stark contrast to the rigid, sequential workflows that have dominated traditional business operations.
Within the pharmaceutical context, the missing middle takes on heightened significance due to the industry’s unique requirements for safety, efficacy, and regulatory compliance. Unlike other sectors where AI can operate with relative autonomy, pharmaceutical manufacturing demands a level of human oversight that ensures patient safety while leveraging AI’s analytical capabilities. This creates what we might call a “regulated missing middle”—a space where human-machine collaboration must satisfy not only business objectives but also stringent regulatory requirements.
Traditional pharmaceutical quality relies heavily on human decision-making supported by deterministic systems and established procedures. However, the complexity of modern pharmaceutical manufacturing, coupled with the vast amounts of data generated throughout the production process, creates opportunities for AI to augment human capabilities in ways that were previously unimaginable. The challenge lies in harnessing these capabilities while maintaining the control, traceability, and accountability that GMP requires.
Annex 22: Codifying Human Oversight in AI-Driven GMP Environments
The draft EU GMP Annex 22, published for consultation in July 2025, represents the first comprehensive regulatory framework specifically addressing AI use in pharmaceutical manufacturing. The annex establishes clear boundaries around acceptable AI applications while mandating human oversight mechanisms that reflect the missing middle philosophy in practice.
Scope and Limitations: Defining the Regulatory Boundaries
Annex 22 applies exclusively to static, deterministic AI models—those that produce consistent outputs when given identical inputs. This deliberate limitation reflects regulators’ current understanding of AI risk and their preference for predictable, controllable systems in GMP environments. The annex explicitly excludes dynamic models that continuously learn during operation, generative AI systems, and large language models (LLMs) from critical GMP applications, recognizing that these technologies present challenges in terms of explainability, reproducibility, and risk control that current regulatory frameworks cannot adequately address.
This regulatory positioning creates a clear delineation between AI applications that can operate within established GMP principles and those that require different governance approaches. The exclusion of dynamic learning systems from critical applications reflects a risk-averse stance that prioritizes patient safety and regulatory compliance over technological capability—a decision that has sparked debate within the industry about the pace of AI adoption in regulated environments.
Human-in-the-Loop Requirements: Operationalizing the Missing Middle
Perhaps the most significant aspect of Annex 22 is its explicit requirement for human oversight in AI-driven processes. The guidance mandates that qualified personnel must be responsible for ensuring AI outputs are suitable for their intended use, particularly in processes that could impact patient safety, product quality, or data integrity. This requirement operationalizes the missing middle concept by ensuring that human judgment remains central to critical decision-making processes, even as AI capabilities expand.
The human-in-the-loop (HITL) framework outlined in Annex 22 goes beyond simple approval mechanisms. It requires that human operators understand the AI system’s capabilities and limitations, can interpret its outputs meaningfully, and possess the expertise necessary to intervene when circumstances warrant. This creates new skill requirements for pharmaceutical quality professionals, who must develop what Daugherty and Wilson term “fusion skills”—capabilities that enable effective collaboration with AI systems.
Validation and Performance Requirements: Ensuring Reliability in the Missing Middle
Annex 22 establishes rigorous validation requirements for AI systems used in GMP contexts, mandating that models undergo testing against predefined acceptance criteria that are at least as stringent as the processes they replace. This requirement ensures that AI augmentation does not compromise existing quality standards while providing a framework for demonstrating the value of human-machine collaboration.
The validation framework emphasizes explainability and confidence scoring, requiring AI systems to provide transparent justifications for their decisions. This transparency requirement enables human operators to understand AI recommendations and exercise appropriate judgment in their implementation—a key principle of effective missing middle operations. The focus on explainability also facilitates regulatory inspections and audits, ensuring that AI-driven decisions can be scrutinized and validated by external parties.
The Evolution of GMP Decision Making: From Human-Centric to Human-AI Collaborative
Traditional GMP decision-making has been characterized by hierarchical approval processes, extensive documentation requirements, and risk-averse approaches that prioritize compliance over innovation. While these characteristics have served the industry well in ensuring product safety and regulatory compliance, they have also created inefficiencies and limited opportunities for continuous improvement.
Traditional GMP Decision Paradigms
Conventional pharmaceutical quality assurance relies on trained personnel making decisions based on established procedures, historical data, and their professional judgment. Quality control laboratories generate data through standardized testing protocols, which trained analysts interpret according to predetermined specifications. Deviation investigations follow structured methodologies that emphasize root cause analysis and corrective action implementation. Manufacturing decisions are made through change control processes that require multiple levels of review and approval.
This approach has proven effective in maintaining product quality and regulatory compliance, but it also has significant limitations. Human decision-makers can be overwhelmed by the volume and complexity of data generated in modern pharmaceutical manufacturing. Cognitive biases can influence judgment, and the sequential nature of traditional decision-making processes can delay responses to emerging issues. Additionally, the reliance on historical precedent can inhibit innovation and limit opportunities for process optimization.
AI-Augmented Decision Making: Expanding Human Capabilities
The integration of AI into GMP decision-making processes offers opportunities to address many limitations of traditional approaches while maintaining the human oversight that regulations require. AI systems can process vast amounts of data rapidly, identify patterns that might escape human observation, and provide data-driven recommendations that complement human judgment.
In quality control laboratories, AI-powered image recognition systems can analyze visual inspections with greater speed and consistency than human inspectors, while still requiring human validation of critical decisions. Predictive analytics can identify potential quality issues before they manifest, enabling proactive interventions that prevent problems rather than merely responding to them. Real-time monitoring systems can continuously assess process parameters and alert human operators to deviations that require attention.
The transformation of deviation management exemplifies the potential of AI-augmented decision-making. Traditional deviation investigations can be time-consuming and resource-intensive, often requiring weeks or months to complete. AI systems can rapidly analyze historical data to identify potential root causes, suggest relevant corrective actions based on similar past events, and even predict the likelihood of recurrence. However, the final decisions about root cause determination and corrective action implementation remain with qualified human personnel, ensuring that professional judgment and regulatory accountability are preserved.
Maintaining Human Accountability in AI-Augmented Processes
The integration of AI into GMP decision-making raises important questions about accountability and responsibility. Annex 22 addresses these concerns by maintaining clear lines of human accountability while enabling AI augmentation. The guidance requires that qualified personnel remain responsible for all decisions that could impact patient safety, product quality, or data integrity, regardless of the level of AI involvement in the decision-making process.
This approach reflects the missing middle philosophy by recognizing that AI augmentation should enhance rather than replace human judgment. Human operators must understand the AI system’s recommendations, evaluate them in the context of their broader knowledge and experience, and take responsibility for the final decisions. This creates a collaborative dynamic where AI provides analytical capabilities that exceed human limitations while humans provide contextual understanding, ethical judgment, and regulatory accountability that AI systems cannot replicate.
Fusion Skills for Pharmaceutical Quality Professionals: Navigating the AI-Augmented Landscape
The successful implementation of AI in GMP environments requires pharmaceutical quality professionals to develop new capabilities that enable effective collaboration with AI systems. Daugherty and Wilson identify eight “fusion skills” that are essential for thriving in the missing middle. These skills take on particular significance in the highly regulated pharmaceutical environment, where the consequences of poor decision-making can directly impact patient safety.
Intelligent interrogation involves knowing how to effectively query AI systems to obtain meaningful insights. In pharmaceutical quality contexts, this skill enables professionals to leverage AI analytical capabilities while maintaining critical thinking about the results. For example, when investigating a deviation, a quality professional might use AI to analyze historical data for similar events, but must know how to frame queries that yield relevant and actionable insights.
The development of intelligent interrogation skills requires understanding both the capabilities and limitations of specific AI systems. Quality professionals must learn to ask questions that align with the AI system’s training and design while recognizing when human judgment is necessary to interpret or validate the results. This skill is particularly important in GMP environments, where the accuracy and completeness of information can have significant regulatory and safety implications.
Judgment Integration: Combining AI Insights with Human Wisdom
Judgment integration involves combining AI-generated insights with human expertise to make informed decisions. This skill is critical in pharmaceutical quality, where decisions often require consideration of factors that may not be captured in historical data or AI training sets. For instance, an AI system might recommend a particular corrective action based on statistical analysis, but a human professional might recognize unique circumstances that warrant a different approach.
Effective judgment integration requires professionals to maintain a critical perspective on AI recommendations while remaining open to insights that challenge conventional thinking. In GMP contexts, this balance is particularly important because regulatory compliance demands both adherence to established procedures and responsiveness to unique circumstances. Quality professionals must develop the ability to synthesize AI insights with their understanding of regulatory requirements, product characteristics, and manufacturing constraints.
Reciprocal Apprenticing: Mutual Learning Between Humans and AI
Reciprocal apprenticing describes the process by which humans and AI systems learn from each other to improve performance over time. In pharmaceutical quality applications, this might involve humans providing feedback on AI recommendations that helps the system improve its future performance, while simultaneously learning from AI insights to enhance their own decision-making capabilities.
This bidirectional learning process is particularly valuable in GMP environments, where continuous improvement is both a regulatory expectation and a business imperative. Quality professionals can help AI systems become more effective by providing context about why certain recommendations were or were not appropriate in specific situations. Simultaneously, they can learn from AI analysis to identify patterns or relationships that might inform future decision-making.
Additional Fusion Skills: Building Comprehensive AI Collaboration Capabilities
Beyond the three core skills highlighted by Daugherty and Wilson for generative AI applications, their broader framework includes additional capabilities that are relevant to pharmaceutical quality professionals. Responsible normalizing involves shaping the perception and purpose of human-machine interaction in ways that align with organizational values and regulatory requirements. In pharmaceutical contexts, this skill helps ensure that AI implementation supports rather than undermines the industry’s commitment to patient safety and product quality.
Re-humanizing time involves using AI to free up human capacity for distinctly human activities such as creative problem-solving, relationship building, and ethical decision-making. For pharmaceutical quality professionals, this might mean using AI to automate routine data analysis tasks, creating more time for strategic thinking about quality improvements and regulatory strategy.
Bot-based empowerment and holistic melding involve developing mental models of AI capabilities that enable more effective collaboration. These skills help quality professionals understand how to leverage AI systems most effectively while maintaining appropriate skepticism about their limitations.
Real-World Applications: The Missing Middle in Pharmaceutical Manufacturing
The theoretical concepts of the missing middle and human-AI collaboration are increasingly being translated into practical applications within pharmaceutical manufacturing environments. These implementations demonstrate how the principles outlined in Annex 22 can be operationalized while delivering tangible benefits to product quality, operational efficiency, and regulatory compliance.
Quality Control and Inspection: Augmenting Human Visual Capabilities
One of the most established applications of AI in pharmaceutical manufacturing involves augmenting human visual inspection capabilities. Traditional visual inspection of tablets, capsules, and packaging materials relies heavily on human operators who must identify defects, contamination, or other quality issues. While humans excel at recognizing unusual patterns and exercising judgment about borderline cases, they can be limited by fatigue, inconsistency, and the volume of materials that must be inspected.
AI-powered vision systems can process images at speeds far exceeding human capabilities while maintaining consistent performance standards. These systems can identify defects that might be missed by human inspectors and flag potential issues for further review89. However, the most effective implementations maintain human oversight over critical decisions, with AI serving to augment rather than replace human judgment.
Predictive Maintenance: Preventing Quality Issues Through Proactive Intervention
Predictive maintenance represents another area where AI applications align with the missing middle philosophy by augmenting human decision-making rather than replacing it. Traditional maintenance approaches in pharmaceutical manufacturing have relied on either scheduled maintenance intervals or reactive responses to equipment failures. Both approaches can result in unnecessary costs or quality risks.
AI-powered predictive maintenance systems analyze sensor data, equipment performance histories, and maintenance records to predict when equipment failures are likely to occur. This information enables maintenance teams to schedule interventions before failures impact production or product quality. However, the final decisions about maintenance timing and scope remain with qualified personnel who can consider factors such as production schedules, regulatory requirements, and risk assessments that AI systems cannot fully evaluate.
Real-Time Process Monitoring: Enhancing Human Situational Awareness
Real-time process monitoring applications leverage AI’s ability to continuously analyze large volumes of data to enhance human situational awareness and decision-making capabilities. Traditional process monitoring in pharmaceutical manufacturing relies on control systems that alert operators when parameters exceed predetermined limits. While effective, this approach can result in delayed responses to developing issues and may miss subtle patterns that indicate emerging problems.
AI-enhanced monitoring systems can analyze multiple data streams simultaneously to identify patterns that might indicate developing quality issues or process deviations. These systems can provide early warnings that enable operators to take corrective action before problems become critical. The most effective implementations provide operators with explanations of why alerts were generated, enabling them to make informed decisions about appropriate responses.
The integration of AI into Manufacturing Execution Systems (MES) exemplifies this approach. AI algorithms can monitor real-time production data to detect deviations in drug formulation, dissolution rates, and environmental conditions. When potential issues are identified, the system alerts qualified operators who can evaluate the situation and determine appropriate corrective actions. This approach maintains human accountability for critical decisions while leveraging AI’s analytical capabilities to enhance situational awareness.
Deviation Management: Accelerating Root Cause Analysis
Deviation management represents a critical area where AI applications can significantly enhance human capabilities while maintaining the rigorous documentation and accountability requirements that GMP mandates. Traditional deviation investigations can be time-consuming processes that require extensive data review, analysis, and documentation.
AI systems can rapidly analyze historical data to identify patterns, potential root causes, and relevant precedents for similar deviations. This capability can significantly reduce the time required for initial investigation phases while providing investigators with comprehensive background information. However, the final determinations about root causes, risk assessments, and corrective actions remain with qualified human personnel who can exercise professional judgment and ensure regulatory compliance.
The application of AI to root cause analysis demonstrates the value of the missing middle approach in highly regulated environments. AI can process vast amounts of data to identify potential contributing factors and suggest hypotheses for investigation, but human expertise remains essential for evaluating these hypotheses in the context of specific circumstances, regulatory requirements, and risk considerations.
Regulatory Landscape: Beyond Annex 22
While Annex 22 represents the most comprehensive regulatory guidance for AI in pharmaceutical manufacturing, it is part of a broader regulatory landscape that is evolving to address the challenges and opportunities presented by AI technologies. Understanding this broader context is essential for pharmaceutical organizations seeking to implement AI applications that align with both current requirements and emerging regulatory expectations.
FDA Perspectives: Encouraging Innovation with Appropriate Safeguards
The U.S. Food and Drug Administration (FDA) has taken a generally supportive stance toward AI applications in pharmaceutical manufacturing, recognizing their potential to enhance product quality and manufacturing efficiency. The agency’s approach emphasizes the importance of maintaining human oversight and accountability while encouraging innovation that can benefit public health.
The FDA’s guidance on Process Analytical Technology (PAT) provides a framework for implementing advanced analytical and control technologies, including AI applications, in pharmaceutical manufacturing. The PAT framework emphasizes real-time monitoring and control capabilities that align well with AI applications, while maintaining requirements for validation, risk assessment, and human oversight that are consistent with the missing middle philosophy.
The agency has also indicated interest in AI applications that can enhance regulatory processes themselves, including automated analysis of manufacturing data for inspection purposes and AI-assisted review of regulatory submissions. These applications could potentially streamline regulatory interactions while maintaining appropriate oversight and accountability mechanisms.
International Harmonization: Toward Global Standards
The development of AI governance frameworks in pharmaceutical manufacturing is increasingly taking place within international forums that seek to harmonize approaches across different regulatory jurisdictions. The International Conference on Harmonisation (ICH) has begun considering how existing guidelines might need to be modified to address AI applications, particularly in areas such as quality risk management and pharmaceutical quality systems.
The European Medicines Agency (EMA) has published reflection papers on AI use throughout the medicinal product lifecycle, providing broader context for how AI applications might be governed beyond manufacturing applications. These documents emphasize the importance of human-centric approaches that maintain patient safety and product quality while enabling innovation.
The Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme (PIC/S) has also begun developing guidance on AI applications, recognizing the need for international coordination in this rapidly evolving area. The alignment between Annex 22 and PIC/S approaches suggests movement toward harmonized international standards that could facilitate global implementation of AI applications.
Industry Standards: Complementing Regulatory Requirements
Professional organizations and industry associations are developing standards and best practices that complement regulatory requirements while providing more detailed guidance for implementation. The International Society for Pharmaceutical Engineering (ISPE) has published guidance on AI governance frameworks that emphasize risk-based approaches and lifecycle management principles.
Emerging Considerations: Preparing for Future Developments
The regulatory landscape for AI in pharmaceutical manufacturing continues to evolve as regulators gain experience with specific applications and technologies advance. Several emerging considerations are likely to influence future regulatory developments and should be considered by organizations planning AI implementations.
The potential for AI applications to generate novel insights that challenge established practices raises questions about how regulatory frameworks should address innovation that falls outside existing precedents. The missing middle philosophy provides a framework for managing these situations by maintaining human accountability while enabling AI-driven insights to inform decision-making.
The increasing sophistication of AI technologies, including advances in explainable AI and federated learning approaches, may enable applications that are currently excluded from critical GMP processes. Regulatory frameworks will need to evolve to address these capabilities while maintaining appropriate safeguards for patient safety and product quality.
Challenges and Limitations: Navigating the Complexities of AI Implementation
Despite the promise of AI applications in pharmaceutical manufacturing, significant challenges and limitations must be addressed to realize the full potential of human-machine collaboration in GMP environments. These challenges span technical, organizational, and regulatory dimensions and require careful consideration in the design and implementation of AI systems.
Technical Challenges: Ensuring Reliability and Performance
The implementation of AI in GMP environments faces significant technical challenges related to data quality, system validation, and performance consistency. Pharmaceutical manufacturing generates vast amounts of data from multiple sources, including process sensors, laboratory instruments, and quality control systems. Ensuring that this data is of sufficient quality to train and operate AI systems requires robust data governance frameworks and quality assurance processes.
Data integrity requirements in GMP environments are particularly stringent, demanding that all data be attributable, legible, contemporaneous, original, and accurate (ALCOA principles). AI systems must be designed to maintain these data integrity principles throughout their operation, including during data preprocessing, model training, and prediction generation phases. This requirement can complicate AI implementations and requires careful attention to system design and validation approaches.
System validation presents another significant technical challenge. Traditional validation approaches for computerized systems rely on deterministic testing methodologies that may not be fully applicable to AI systems, particularly those that employ machine learning algorithms. Annex 22 addresses some of these challenges by focusing on static, deterministic AI models, but even these systems require validation approaches that can demonstrate consistent performance across expected operating conditions.
The black box nature of some AI algorithms creates challenges for meeting explainability requirements. While Annex 22 mandates that AI systems provide transparent justifications for their decisions, achieving this transparency can be technically challenging for complex machine learning models. Organizations must balance the analytical capabilities of sophisticated AI algorithms with the transparency requirements of GMP environments.
Organizational Challenges: Building Capabilities and Managing Change
The successful implementation of AI in pharmaceutical manufacturing requires significant organizational capabilities that many companies are still developing. The missing middle approach demands that organizations build fusion skills across their workforce while maintaining existing competencies in traditional pharmaceutical quality practices.
Skills development represents a particular challenge, as it requires investment in both technical training for AI systems and conceptual training for understanding how to collaborate effectively with AI. Quality professionals must develop capabilities in data analysis, statistical interpretation, and AI system interaction while maintaining their expertise in pharmaceutical science, regulatory requirements, and quality assurance principles.
Change management becomes critical when implementing AI systems that alter established workflows and decision-making processes. Traditional pharmaceutical organizations often have deeply embedded cultures that emphasize risk aversion and adherence to established procedures. Introducing AI systems that recommend changes to established practices or challenge conventional thinking requires careful change management to ensure adoption while maintaining appropriate risk controls.
The integration of AI systems with existing pharmaceutical quality systems presents additional organizational challenges. Many pharmaceutical companies operate with legacy systems that were not designed to interface with AI applications. Integrating AI capabilities while maintaining system reliability and regulatory compliance can require significant investments in system upgrades and integration capabilities.
The evolving nature of regulatory requirements for AI applications creates uncertainty for pharmaceutical organizations planning implementations. While Annex 22 provides important guidance, it is still in draft form and subject to change based on consultation feedback. Organizations must balance the desire to implement AI capabilities with the need to ensure compliance with final regulatory requirements.
The international nature of pharmaceutical manufacturing creates additional regulatory challenges, as organizations must navigate different AI governance frameworks across multiple jurisdictions. While there is movement toward harmonization, differences in regulatory approaches could complicate global implementations.
Inspection readiness represents a particular challenge for AI implementations in GMP environments. Traditional pharmaceutical inspections focus on evaluating documented procedures, training records, and system validations. AI systems introduce new elements that inspectors may be less familiar with, requiring organizations to develop new approaches to demonstrate compliance and explain AI-driven decisions to regulatory authorities.
The dynamic nature of AI systems, even static models as defined by Annex 22, creates challenges for maintaining validation status over time. Unlike traditional computerized systems that remain stable once validated, AI systems may require revalidation as they are updated or as their operating environments change. Organizations must develop lifecycle management approaches that maintain validation status while enabling continuous improvement.
Future Implications: The Evolution of Pharmaceutical Quality Assurance
The integration of AI into pharmaceutical manufacturing represents more than a technological upgrade; it signals a fundamental transformation in how quality assurance is conceptualized and practiced. As AI capabilities continue to advance and regulatory frameworks mature, the implications for pharmaceutical quality assurance extend far beyond current applications to encompass new paradigms for ensuring product safety and efficacy.
The Transformation of Quality Professional Roles
The missing middle philosophy suggests that AI integration will transform rather than eliminate quality professional roles in pharmaceutical manufacturing. Future quality professionals will likely serve as AI collaborators who combine domain expertise with AI literacy to make more informed decisions than either humans or machines could make independently.
These evolved roles will require professionals who can bridge the gap between pharmaceutical science and data science, understanding both the regulatory requirements that govern pharmaceutical manufacturing and the capabilities and limitations of AI systems. Quality professionals will need to develop skills in AI system management, including understanding how to train, validate, and monitor AI applications while maintaining appropriate skepticism about their outputs.
The emergence of new role categories seems likely, including AI trainers who specialize in developing and maintaining AI models for pharmaceutical applications, AI explainers who help interpret AI outputs for regulatory and business purposes, and AI sustainers who ensure that AI systems continue to operate effectively over time. These roles reflect the missing middle philosophy by combining human expertise with AI capabilities to create new forms of value.
Fusion Skill
Category
Definition
Pharmaceutical Quality Application
Current Skill Level (Typical)
Target Skill Level (AI Era)
Intelligent Interrogation
Machines Augment Humans
Knowing how to ask the right questions of AI systems across levels of abstraction to get meaningful insights
Querying AI systems for deviation analysis, asking specific questions about historical patterns and root causes
Low – Basic
High – Advanced
Judgment Integration
Machines Augment Humans
The ability to combine AI-generated insights with human expertise and judgment to make informed decisions
Combining AI recommendations with regulatory knowledge and professional judgment in quality decisions
Medium – Developing
High – Advanced
Reciprocal Apprenticing
Humans + Machines (Both)
Mutual learning where humans train AI while AI teaches humans, creating bidirectional skill development
Training AI on quality patterns while learning from AI insights about process optimization
Low – Basic
High – Advanced
Bot-based Empowerment
Machines Augment Humans
Working effectively with AI agents to extend human capabilities and create enhanced performance
Using AI-powered inspection systems while maintaining human oversight and decision authority
Low – Basic
High – Advanced
Holistic Melding
Machines Augment Humans
Developing robust mental models of AI capabilities to improve collaborative outcomes
Understanding AI capabilities in predictive maintenance to optimize intervention timing
Low – Basic
Medium – Proficient
Re-humanizing Time
Humans Manage Machines
Using AI to free up human capacity for distinctly human activities like creativity and relationship building
Automating routine data analysis to focus on strategic quality improvements and regulatory planning
Medium – Developing
High – Advanced
Responsible Normalizing
Humans Manage Machines
Responsibly shaping the purpose and perception of human-machine interaction for individuals and society
Ensuring AI implementations align with GMP principles and patient safety requirements
Medium – Developing
High – Advanced
Relentless Reimagining
Humans + Machines (Both)
The discipline of creating entirely new processes and business models rather than just automating existing ones
Redesigning quality processes from scratch to leverage AI capabilities while maintaining compliance
Low – Basic
Medium – Proficient
Advanced AI Applications: Beyond Current Regulatory Boundaries
While current regulatory frameworks focus on static, deterministic AI models, the future likely holds opportunities for more sophisticated AI applications that could further transform pharmaceutical quality assurance. Dynamic learning systems, currently excluded from critical GMP applications by Annex 22, may eventually be deemed acceptable as our understanding of their risks and benefits improves.
Generative AI applications, while currently limited to non-critical applications, could potentially revolutionize areas such as deviation investigation, regulatory documentation, and training material development. As these technologies mature and appropriate governance frameworks develop, they may enable new forms of human-AI collaboration that further expand the missing middle in pharmaceutical manufacturing.
The integration of AI with other emerging technologies, such as digital twins and advanced sensor networks, could create comprehensive pharmaceutical manufacturing ecosystems that continuously optimize quality while maintaining human oversight. These integrated systems could enable unprecedented levels of process understanding and control while preserving the human accountability that regulations require.
Personalized Medicine and Quality Assurance Implications
The trend toward personalized medicine presents unique challenges and opportunities for AI applications in pharmaceutical quality assurance. Traditional GMP frameworks are designed around standardized products manufactured at scale, but personalized therapies may require individualized quality approaches that adapt to specific patient or product characteristics.
AI systems could enable quality assurance approaches that adjust to the unique requirements of personalized therapies while maintaining appropriate safety and efficacy standards. This might involve AI-driven risk assessments that consider patient-specific factors or quality control approaches that adapt to the characteristics of individual therapeutic products.
The regulatory frameworks for these applications will likely need to evolve beyond current approaches, potentially incorporating more flexible risk-based approaches that can accommodate the variability inherent in personalized medicine while maintaining patient safety. The missing middle philosophy provides a framework for managing this complexity by ensuring that human judgment remains central to quality decisions while leveraging AI capabilities to manage the increased complexity of personalized manufacturing.
Global Harmonization and Regulatory Evolution
The future of AI in pharmaceutical manufacturing will likely be shaped by efforts to harmonize regulatory approaches across different jurisdictions. The current patchwork of national and regional guidelines creates complexity for global pharmaceutical companies, but movement toward harmonized international standards could facilitate broader AI adoption.
The development of risk-based regulatory frameworks that focus on outcomes rather than specific technologies could enable more flexible approaches to AI implementation while maintaining appropriate safeguards. These frameworks would need to balance the desire for innovation with the fundamental regulatory imperative to protect patient safety and ensure product quality.
The evolution of regulatory science itself may be influenced by AI applications, with regulatory agencies potentially using AI tools to enhance their own capabilities in areas such as data analysis, risk assessment, and inspection planning. This could create new opportunities for collaboration between industry and regulators while maintaining appropriate independence and oversight.
Recommendations for Industry Implementation
Based on the analysis of current regulatory frameworks, technological capabilities, and industry best practices, several key recommendations emerge for pharmaceutical organizations seeking to implement AI applications that align with the missing middle philosophy and regulatory expectations.
Developing AI Governance Frameworks
Organizations should establish comprehensive AI governance frameworks that address the full lifecycle of AI applications from development through retirement. These frameworks should align with existing pharmaceutical quality systems while addressing the unique characteristics of AI technologies. The governance framework should define roles and responsibilities for AI oversight, establish approval processes for AI implementations, and create mechanisms for ongoing monitoring and risk management.
The governance framework should explicitly address the human oversight requirements outlined in Annex 22, ensuring that qualified personnel remain accountable for all decisions that could impact patient safety, product quality, or data integrity. This includes defining the knowledge and training requirements for personnel who will work with AI systems and establishing procedures for ensuring that human operators understand AI capabilities and limitations.
Risk assessment processes should be integrated throughout the AI lifecycle, beginning with initial feasibility assessments and continuing through ongoing monitoring of system performance. These risk assessments should consider not only technical risks but also regulatory, business, and ethical considerations that could impact AI implementations.
AI Family
Description
Key Characteristics
Annex 22 Classification
GMP Applications
Validation Requirements
Risk Level
Rule-Based Systems
If-then logic systems with predetermined decision trees and fixed algorithms
Not applicable – prohibited for critical GMP applications
High
Federated Learning
Distributed learning across multiple sites while keeping data local
Privacy-preserving distributed training, model aggregation
Prohibited for Critical GMP
Multi-site model training while preserving data privacy
Not applicable – prohibited for critical GMP applications
Medium
detailed classification table of AI families and their regulatory status under the draft EU Annex 22
Building Organizational Capabilities
Successful AI implementation requires significant investment in organizational capabilities that enable effective human-machine collaboration. This includes technical capabilities for developing, validating, and maintaining AI systems, as well as human capabilities for collaborating effectively with AI.
Technical capability development should focus on areas such as data science, machine learning, and AI system validation. Organizations may need to hire new personnel with these capabilities or invest in training existing staff. The technical capabilities should be integrated with existing pharmaceutical science and quality assurance expertise to ensure that AI applications align with industry requirements.
Human capability development should focus on fusion skills that enable effective collaboration with AI systems. This includes intelligent interrogation skills for querying AI systems effectively, judgment integration skills for combining AI insights with human expertise, and reciprocal apprenticing skills for mutual learning between humans and AI. Training programs should help personnel understand both the capabilities and limitations of AI systems while maintaining their core competencies in pharmaceutical quality assurance.
Implementing Pilot Programs
Organizations should consider implementing pilot programs that demonstrate AI capabilities in controlled environments before pursuing broader implementations. These pilots should focus on applications that align with current regulatory frameworks while providing opportunities to develop organizational capabilities and understanding.
Pilot programs should be designed to generate evidence of AI effectiveness while maintaining rigorous controls that ensure patient safety and regulatory compliance. This includes comprehensive validation approaches, robust change control processes, and thorough documentation of AI system performance.
The pilot programs should also serve as learning opportunities for developing organizational capabilities and refining AI governance approaches. Lessons learned from pilot implementations should be captured and used to inform broader AI strategies and implementation approaches.
Engaging with Regulatory Authorities
Organizations should actively engage with regulatory authorities to understand expectations and contribute to the development of regulatory frameworks for AI applications. This engagement can help ensure that AI implementations align with regulatory expectations while providing input that shapes future guidance.
Regulatory engagement should begin early in the AI development process, potentially including pre-submission meetings or other formal interaction mechanisms. Organizations should be prepared to explain their AI approaches, demonstrate compliance with existing requirements, and address any novel aspects of their implementations.
Industry associations and professional organizations provide valuable forums for collective engagement with regulatory authorities on AI-related issues. Organizations should participate in these forums to contribute to industry understanding and influence regulatory development.
Conclusion: Embracing the Collaborative Future of Pharmaceutical Quality
The convergence of the missing middle concept with the regulatory reality of Annex 22 represents a defining moment for pharmaceutical quality assurance. Rather than viewing AI as either a replacement for human expertise or a mere automation tool, the industry has the opportunity to embrace a collaborative paradigm that enhances human capabilities while maintaining the rigorous oversight that patient safety demands.
The journey toward effective human-AI collaboration in GMP environments will not be without challenges. Technical hurdles around data quality, system validation, and explainability must be overcome. Organizational capabilities in both AI technology and fusion skills must be developed. Regulatory frameworks will continue to evolve as experience accumulates and understanding deepens. However, the potential benefits—enhanced product quality, improved operational efficiency, and more effective regulatory compliance—justify the investment required to address these challenges.
The missing middle philosophy provides a roadmap for navigating this transformation. By focusing on collaboration rather than replacement, by maintaining human accountability while leveraging AI capabilities, and by developing the fusion skills necessary for effective human-machine partnerships, pharmaceutical organizations can position themselves to thrive in an AI-augmented future while upholding the industry’s fundamental commitment to patient safety and product quality.
Annex 22 represents just the beginning of this transformation. As AI technologies continue to advance and regulatory frameworks mature, new opportunities will emerge for expanding the scope and sophistication of human-AI collaboration in pharmaceutical manufacturing. Organizations that invest now in building the capabilities, governance frameworks, and organizational cultures necessary for effective AI collaboration will be best positioned to benefit from these future developments.
The future of pharmaceutical quality assurance lies not in choosing between human expertise and artificial intelligence, but in combining them in ways that create value neither could achieve alone. The missing middle is not empty space to be filled, but fertile ground for innovation that maintains the human judgment and accountability that regulations require while leveraging the analytical capabilities that AI provides. As we move forward into this new era, the most successful organizations will be those that master the art of human-machine collaboration, creating a future where technology serves to amplify rather than replace the human expertise that has always been at the heart of pharmaceutical quality assurance.
The integration of AI into pharmaceutical manufacturing represents more than a technological evolution; it embodies a fundamental reimagining of how quality is assured, how decisions are made, and how human expertise can be augmented rather than replaced. The missing middle concept, operationalized through frameworks like Annex 22, provides a path forward that honors both the innovative potential of AI and the irreplaceable value of human judgment in ensuring that the medicines we manufacture continue to meet the highest standards of safety, efficacy, and quality that patients deserve.
The environment for commissioning, qualification, and validation (CQV) professionals remains defined by persistent challenges. Rapid technological advancements—most notably in artificial intelligence, machine learning, and automation—are constantly reshaping the expectations for validation. Compliance requirements are in frequent flux as agencies modernize guidance, while the complexity of novel biologics and therapies demands ever-higher standards of sterility, traceability, and process control. The shift towards digital systems has introduced significant hurdles in data management and integration, often stretching already limited resources. At the same time, organizations are expected to fully embrace risk-based, science-first approaches, which require new methodologies and skills. Finally, true validation now hinges on effective collaboration and knowledge-sharing among increasingly cross-functional and global teams.
Overlaying these challenges, three major regulatory paradigm shifts are transforming the expectations around risk management, contamination control, and data integrity. Data integrity in particular has become an international touchpoint. Since the landmark PIC/S guidance in 2021 and matching World Health Organization updates, agencies have made it clear that trustworthy, accurate, and defendable data—whether paper-based or digital—are the foundation of regulatory confidence. Comprehensive data governance, end-to-end traceability, and robust documentation are now all non-negotiable.
Contamination control is experiencing its own revolution. The August 2023 overhaul of EU GMP Annex 1 set a new benchmark for sterile manufacturing. The core concept, the Contamination Control Strategy (CCS), formalizes expectations: every manufacturer must systematically identify, map, and control contamination risks across the entire product lifecycle. From supply chain vigilance to environmental monitoring, regulators are pushing for a proactive, science-driven, and holistic approach, far beyond previous practices that too often relied on reactive measures. We this reflected in recent USP drafts as well.
Quality risk management (QRM) also has a new regulatory backbone. The ICH Q9(R1) revision, finalized in 2023, addresses long-standing shortcomings—particularly subjectivity and lack of consistency—in how risks are identified and managed. The European Medicines Agency’s ongoing revision of EudraLex Chapter 1, now aiming for finalization in 2026, will further require organizations to embed preventative, science-based risk management within globalized and complex supply chain operations. Modern products and supply webs simply cannot be managed with last-generation compliance thinking.
The EU Digital Modernization: Chapter 4, Annex 11, and Annex 22
With the rapid digitalization of pharma, the European Union has embarked on an ambitious modernization of its GMP framework. At the heart of these changes are the upcoming revisions to Chapter 4 (Documentation), Annex 11 (Computerised Systems), and the anticipated implementation of Annex 22 (Artificial Intelligence).
Chapter 4—Documentation is being thoroughly updated in parallel with Annex 11. The current chapter, which governs all aspects of documentation in GMP environments, was last revised in 2011. Its modernization is a direct response to the prevalence of digital tools—electronic records, digital signatures, and interconnected documentation systems. The revised Chapter 4 is expected to provide much clearer requirements for the management, review, retention, and security of both paper and electronic records, ensuring that information flows align seamlessly with the increasingly digital processes described in Annex 11. Together, these updates will enable companies to phase out paper where possible, provided electronic systems are validated, auditable, and secure.
Annex 11—Computerised Systems will see its most significant overhaul since the dawn of digital pharma. The new guidance, scheduled for publication and adoption in 2026, directly addresses areas that the previous version left insufficiently covered. The scope now embraces the tectonic shift toward AI, machine learning, cloud-based services, agile project management, and advanced digital workflows. For instance, close attention is being paid to the robustness of electronic signatures, demanding multi-factor authentication, time-zoned audit trails, and explicit provisions for non-repudiation. Hybrid (wet-ink/digital) records will only be acceptable if they can demonstrate tamper-evidence via hashes or equivalent mechanisms. Especially significant is the regulation of “open systems” such as SaaS and cloud platforms. Here, organizations can no longer rely on traditional username/password models; instead, compliance with standards like eIDAS for trusted digital providers is expected, with more of the technical compliance burden shifting onto certified digital partners.
The new Annex 11 also calls for enhanced technical controls throughout computerized systems, proportional risk management protocols for new technologies, and a far greater emphasis on continuous supplier oversight and lifecycle validation. Integration with the revised Chapter 4 ensures that documentation requirements and data management are harmonized across the digital value chain.
The introduction of Annex 22 represents a pivotal moment in the regulatory landscape for pharmaceutical manufacturing in Europe. This annex is the EU’s first dedicated framework addressing the use of Artificial Intelligence (AI) and machine learning in the production of active substances and medicinal products, responding to the rapid digital transformation now reshaping the industry.
Annex 22 sets out explicit requirements to ensure that any AI-based systems integrated into GMP-regulated environments are rigorously controlled and demonstrably trustworthy. It starts by mandating that manufacturers clearly define the intended use of any AI model deployed, ensuring its purpose is scientifically justified and risk-appropriate.
Quality risk management forms the backbone of Annex 22. Manufacturers must establish performance metrics tailored to the specific application and product risk profile of AI, and they are required to demonstrate the suitability and adequacy of all data used for model training, validation, and testing. Strong data governance principles apply: manufacturers need robust controls over data quality, traceability, and security throughout the AI system’s lifecycle.
The annex foresees a continuous oversight regime. This includes change control processes for AI models, ongoing monitoring of performance to detect drift or failures, and formally documented procedures for human intervention where necessary. The emphasis is on ensuring that, even as AI augments or automates manufacturing processes, human review and responsibility remain central for all quality- and safety-critical steps.
By introducing these requirements, Annex 22 aims to provide sufficient flexibility to enable innovation, while anchoring AI applications within a robust regulatory framework that safeguards product quality and patient safety at every stage. Together with the updates to Chapter 4 and Annex 11, Annex 22 gives companies clear, actionable expectations for responsibly harnessing digital innovation in the manufacturing environment.
Life Cycle Integration, Analytical Validation, and AI/ML Guidance
Across global regulators, a clear consensus has taken shape: validation must be seen as a continuous lifecycle process, not as a “check-the-box” activity. The latest WHO technical reports, the USP’s evolving chapters (notably <1058> and <1220>), and the harmonized ICH Q14 all signal a new age of ongoing qualification, continuous assurance, change management, and systematic performance verification. The scope of validation stretches from the design qualification stage through annual review and revalidation after every significant change.
A parallel wave of guidance for AI and machine learning is cresting. The EMA, FDA, MHRA, and WHO are now releasing coordinated documents addressing everything from transparent model architecture and dataset controls to rigorous “human-in-the-loop” safeguards for critical manufacturing decisions, including the new draft Annex 22. Data governance—traceability, security, and data quality—has never been under more scrutiny.
Regulatory Body
Document Title
Publication Date
Status
Key Focus Areas
EMA
Reflection Paper on the Use of Artificial Intelligence in the Medicinal Product Lifecycle
Oct-24
Final
Risk-based approach for AI/ML development, deployment, and performance monitoring across product lifecycle including manufacturing
EMA/HMA
Multi-annual AI Workplan 2023-2028
Dec-23
Final
Strategic framework for European medicines regulatory network to utilize AI while managing risks
EMA
Annex 22 Artificial Intelligence
Jul-25
Draft
Establishes requirements for the use of AI and machine learning in the manufacturing of active substances and medicinal products.
FDA
Considerations for the Use of AI to Support Regulatory Decision Making for Drug and Biological Products
Feb-25
Draft
Guidelines for using AI to generate information for regulatory submissions
FDA
Discussion Paper on AI in the Manufacture of Medicines
May-23
Published
Considerations for cloud applications, IoT data management, regulatory oversight of AI in manufacturing
FDA/Health Canada/MHRA
Good Machine Learning Practice for Medical Device Development Guiding Principles
Mar-25
Final
10 principles to inform development of Good Machine Learning Practice
WHO
Guidelines for AI Regulation in Health Care
Oct-23
Final
Six regulatory areas including transparency, risk management, data quality
MHRA
AI Regulatory Strategy
Apr-24
Final
Strategic approach based on safety, transparency, fairness, accountability, and contestability principles
EFPIA
Position Paper on Application of AI in a GMP Manufacturing Environment
Sep-24
Published
Industry position on using existing GMP framework to embrace AI/ML solutions
The Time is Now
The world of validation is no longer controlled by periodic updates or leisurely transitions. Change is the new baseline. Regulatory authorities have codified the digital, risk-based, and globally harmonized future—are your systems, people, and partners ready?
Ready or not, the EU’s draft revision of Annex 11 is moving toward finalization, and its brand-new Section 13 on electronic signatures is a wake-up call for anyone still treating digital authentication as just Part 11 with an accent. In this post I will take a deep dive into what’s changing, why it matters, and how to keep your quality system out of the regulatory splash zone.
Section 13 turns electronic signatures from a check-the-box formality into a risk-based, security-anchored discipline. Think multi-factor authentication, time-zone stamps, hybrid wet-ink safeguards, and explicit “non-repudiation” language—all enforced at the same rigor as system login. If your current SOPs still assume username + password = done, it’s time to start planning some improvements.
Why the Rewrite?
Tech has moved on: Biometric ID, cloud PaaS, and federated identity management were sci-fi when the 2011 Annex 11 dropped.
Threat landscape: Ransomware and credential stuffing didn’t exist at today’s scale. Regulators finally noticed.
Global convergence: The FDA’s Computer Software Assurance (CSA) draft and PIC/S data-integrity guides pushed the EU to level up.
Must equal or exceed login strength; first sign = full re-auth, subsequent signs = pwd/biometric; smart-card-only = banned
Two identification components
Forces MFA or biometrics; goodbye “remember me” shortcuts
Time & Time-Zone
Date + time (manual OK)
Auto-captured and time-zone logged
Date + time (no TZ)
Multisite ops finally get defensible chronology
Signature Meaning Prompt
Not required
System must ask user for purpose (approve, review…)
Required but less prescriptive
Eliminates “mystery clicks” that auditors love to exploit
Manifestation Elements
Minimal
Full name, username, role, meaning, date/time/TZ
Name, date, meaning
Closes attribution gaps; boosts ALCOA+ “Legible”
Indisputability Clause
“Same impact”
Explicit non-repudiation mandate
Equivalent legal weight
Sets the stage for eIDAS/federated ID harmonization
Record Linking After Change
Permanent link
If record altered post-sign, signature becomes void/flagged
Link cannot be excised
Ends stealth edits after approval
Hybrid Wet-Ink Control
Silent
Hash code or similar to break link if record changes
Silent
Lets you keep occasional paper without tanking data integrity
Open Systems / Trusted Services
Silent
Must comply with “national/international trusted services” (read: eIDAS)
Extra controls, but legacy wording
Validates cloud signing platforms out of the box
The Implications
Multi-Factor Authentication (MFA) Is Now Table Stakes
Because the draft explicitly bars any authentication method that relies solely on a smart card or a static PIN, every electronic signature now has to be confirmed with an additional, independent factor—such as a password, biometric scan, or time-limited one-time code—so that the credential used to apply the signature is demonstrably different from the one that granted the user access to the system in the first place.
Time-Zone Logging Kills Spreadsheet Workarounds
One of the more subtle but critical updates in Draft Annex 11’s Section 13.4 is the explicit requirement for automatic logging of the time zone when electronic signatures are applied. Unlike previous guidance—whether under the 2011 Annex 11 or 21 CFR Part 11—that only mandated the capture of date and time (often allowing manual entry or local system time), the draft stipulates that systems must automatically capture the precise time and associated time zone for each signature event. This seemingly small detail has monumental implications for data integrity, traceability, and regulatory compliance. Why does this matter? For global pharmaceutical operations spanning multiple time zones, manual or local-only timestamps often create ambiguous or conflicting audit trails, leading to discrepancies in event sequencing. Companies relying on spreadsheets or legacy systems that do not incorporate time zone information effectively invite errors where a signature in one location appears to precede an earlier event simply due to zone differences. This ambiguity can undermine the “Contemporaneous” and “Enduring” principles of ALCOA+, principles the draft Annex 11 explicitly reinforces throughout electronic signature requirements. By mandating automated, time zone-aware timestamping, Draft Annex 11 Section 13.4 ensures that electronic signature records maintain a defensible and standardized chronology across geographies, eliminating the need for cumbersome manual reconciliation or retrospective spreadsheet corrections. This move not only tightens compliance but also supports modern, centralized data review and analytics where uniform timestamping is essential. If your current systems or SOPs rely on manual date/time entry or overlook time zone logging, prepare for significant system and procedural updates to meet this enhanced expectation once the draft Annex 11 is finalized. .
Hybrid Records Are Finally Codified
If you still print a batch record for wet-ink QA approval, Section 13.9 lets you keep the ritual—but only if a cryptographic hash or similar breaks when someone tweaks the underlying PDF. Expect a flurry of DocuSign-scanner-hash utilities.
Open-System Signatures Shift Liability
Draft Annex 11’s Section 13.2 represents perhaps the most strategically significant change in electronic signature liability allocation since 21 CFR Part 11 was published in 1997. The provision states that “Where the system owner does not have full control of system accesses (open systems), or where required by other legislation, electronic signatures should, in addition, meet applicable national and international requirements, such as trusted services”. This seemingly simple sentence fundamentally reshapes liability relationships in modern pharmaceutical IT architectures.
Defining the Open System Boundary
The draft Annex 11 adopts the 21 CFR Part 11 definition of open systems—environments where system owners lack complete control over access and extends it into contemporary cloud, SaaS, and federated identity scenarios. Unlike the original Part 11 approach, which merely required “additional measures such as document encryption and use of appropriate digital signature standards”, Section 13.2 creates a positive compliance obligation by mandating adherence to “trusted services” frameworks.
This distinction is critical: while Part 11 treats open systems as inherently risky environments requiring additional controls, draft Annex 11 legitimizes open systems provided they integrate with qualified trust service providers. Organizations no longer need to avoid cloud-based signature services; instead, they must ensure those services meet eIDAS-qualified standards or equivalent national frameworks.
The Trusted Services Liability Transfer
Section 13.2’s reference to “trusted services” directly incorporates European eIDAS Regulation 910/2014 into pharmaceutical GMP compliance, creating what amounts to a liability transfer mechanism. Under eIDAS, Qualified Trust Service Providers (QTSPs) undergo rigorous third-party audits, maintain certified infrastructure, and provide legal guarantees about signature validity and non-repudiation. When pharmaceutical companies use eIDAS-qualified signature services, they effectively transfer signature validity liability from their internal systems to certified external providers.
This represents a fundamental shift from the 21 CFR Part 11 closed-system preference, where organizations maintained complete control over signature infrastructure but also bore complete liability for signature failures. Draft Annex 11 acknowledges that modern pharmaceutical operations often depend on cloud service providers, federated authentication systems, and external trust services—and provides a regulatory pathway to leverage these technologies while managing liability exposure.
Practical Implications for SaaS Platforms
The most immediate impact affects organizations using Software-as-a-Service platforms for clinical data management, quality management, or document management. Under current Annex 11 and Part 11, these systems often require complex validation exercises to demonstrate signature integrity, with pharmaceutical companies bearing full responsibility for signature validity even when using external platforms.
Section 13.2 changes this dynamic by validating reliance on qualified trust services. Organizations using platforms like DocuSign, Adobe Sign, or specialized pharmaceutical SaaS providers can now satisfy Annex 11 requirements by ensuring their chosen platforms integrate with eIDAS-qualified signature services. The pharmaceutical company’s validation responsibility shifts from proving signature technology integrity to verifying trust service provider qualifications and proper integration.
Integration with Identity and Access Management
Draft Annex 11’s Section 11 (Identity and Access Management) works in conjunction with Section 13.2 to support federated identity scenarios common in modern pharmaceutical operations. Organizations can now implement single sign-on (SSO) systems with external identity providers, provided the signature components integrate with trusted services. This enables scenarios where employees authenticate through corporate Active Directory systems but execute legally binding signatures through eIDAS-qualified providers.
The liability implications are significant: authentication failures become the responsibility of the identity provider (within contractual limits), while signature validity becomes the responsibility of the qualified trust service provider. The pharmaceutical company retains responsibility for proper system integration and user access controls, but shares technical implementation liability with certified external providers.
Cloud Service Provider Risk Allocation
For organizations using cloud-based LIMS, MES, or quality management systems, Section 13.2 provides regulatory authorization to implement signature services hosted entirely by external providers. Cloud service providers offering eIDAS-compliant signature services can contractually accept liability for signature technical implementation, cryptographic integrity, and legal validity—provided they maintain proper trust service qualifications.
This risk allocation addresses a long-standing concern in pharmaceutical cloud adoption: the challenge of validating signature infrastructure owned and operated by external parties. Under Section 13.2, organizations can rely on qualified trust service provider certifications rather than conducting detailed technical validation of cloud provider signature implementations.
Harmonization with Global Standards
Section 13.2’s “national and international requirements” language extends beyond eIDAS to encompass other qualified electronic signature frameworks. This includes Swiss ZertES standards and Canadian digital signature regulations,. Organizations operating globally can implement unified signature platforms that satisfy multiple regulatory requirements through single trusted service provider integrations.
The practical effect is regulatory arbitrage: organizations can choose signature service providers based on the most favorable combination of technical capabilities, cost, and regulatory coverage, rather than being constrained by local regulatory limitations.
Supplier Assessment Transformation
Draft Annex 11’s Section 7 (Supplier and Service Management) requires comprehensive supplier assessment for computerized systems. However, Section 13.2 creates a qualified exception for eIDAS-certified trust service providers: organizations can rely on third-party certification rather than conducting independent technical assessments of signature infrastructure.
This significantly reduces supplier assessment burden for signature services. Instead of auditing cryptographic implementations, hardware security modules, and signature validation algorithms, organizations can verify trust service provider certifications and assess integration quality. The result: faster implementation cycles and reduced validation costs for signature-enabled systems.
Audit Trail Integration Considerations
The liability shift enabled by Section 13.2 affects audit trail management requirements detailed in draft Annex 11’s expanded Section 12 (Audit Trails). When signature events are managed by external trust service providers, organizations must ensure signature-related audit events are properly integrated with internal audit trail systems while maintaining clear accountability boundaries.
Qualified trust service providers typically provide comprehensive signature audit logs, but organizations remain responsible for correlation with business process audit trails. This creates shared audit trail management where signature technical events are managed externally but business context remains internal responsibility.
Competitive Advantages of Early Adoption
Organizations that proactively implement Section 13.2 requirements gain several strategic advantages:
Reduced Infrastructure Costs: Elimination of internal signature infrastructure maintenance and validation overhead
Enhanced Security: Leverage specialized trust service provider security expertise and certified infrastructure
Global Scalability: Unified signature platforms supporting multiple regulatory jurisdictions through single provider relationships
Accelerated Digital Transformation: Faster deployment of signature-enabled processes through validated external services
Risk Transfer: Contractual liability allocation with qualified external providers rather than complete internal risk retention
Section 13.2 transforms open system electronic signatures from compliance challenges into strategic enablers of digital pharmaceutical operations. By legitimizing reliance on qualified trust services, the draft Annex 11 enables organizations to leverage best-in-class signature technologies while managing regulatory compliance and liability exposure through proven external partnerships. The result: more secure, cost-effective, and globally scalable electronic signature implementations that support advanced digital quality management systems.
How to Get Ahead (Instead of Playing Cleanup)
Perform a gap assessment now—map every signature point to the new rules.
Prototype MFA in your eDMS or MES. If users scream about friction, remind them that ransomware is worse.
Update validation protocols to include time-zone, hybrid record, and non-repudiation tests.
Rewrite SOPs to include signature-meaning prompts and periodic access-right recertification.
Train users early. A 30-second “why you must re-authenticate” explainer video beats 300 deviations later.
Final Thoughts
The draft Annex 11 doesn’t just tweak wording—it yanks electronic signatures into the 2020s. Treat Section 13 as both a compliance obligation and an opportunity to slash latent data-integrity risk. Those who adapt now will cruise through 2026/2027 inspections while the laggards scramble for remediation budgets.
We live in a fascinating inflection point in quality management, caught between traditional document-centric approaches and the emerging imperative for data-centricity needed to fully realize the potential of digital transformation. For several decades, we’ve been in a process that continues to accelerate through a technology transition that will deliver dramatic improvements in operations and quality. This transformation is driven by three interconnected trends: Pharma 4.0, the Rise of AI, and the shift from Documents to Data.
The History and Evolution of Documents in Quality Management
The history of document management can be traced back to the introduction of the file cabinet in the late 1800s, providing a structured way to organize paper records. Quality management systems have even deeper roots, extending back to medieval Europe when craftsman guilds developed strict guidelines for product inspection. These early approaches established the document as the fundamental unit of quality management—a paradigm that persisted through industrialization and into the modern era.
The document landscape took a dramatic turn in the 1980s with the increasing availability of computer technology. The development of servers allowed organizations to store documents electronically in centralized mainframes, marking the beginning of electronic document management systems (eDMS). Meanwhile, scanners enabled conversion of paper documents to digital format, and the rise of personal computers gave businesses the ability to create and store documents directly in digital form.
In traditional quality systems, documents serve as the backbone of quality operations and fall into three primary categories: functional documents (providing instructions), records (providing evidence), and reports (providing specific information). This document trinity has established our fundamental conception of what a quality system is and how it operates—a conception deeply influenced by the physical limitations of paper.
Breaking the Paper Paradigm: Limitations of Document-Centric Thinking
The Paper-on-Glass Dilemma
The maturation path for quality systems typically progresses mainly from paper execution to paper-on-glass to end-to-end integration and execution. However, most life sciences organizations remain stuck in the paper-on-glass phase of their digital evolution. They still rely on the paper-on-glass data capture method, where digital records are generated that closely resemble the structure and layout of a paper-based workflow. In general, the wider industry is still reluctant to transition away from paper-like records out of process familiarity and uncertainty of regulatory scrutiny.
Paper-on-glass systems present several specific limitations that hamper digital transformation:
Constrained design flexibility: Data capture is limited by the digital record’s design, which often mimics previous paper formats rather than leveraging digital capabilities. A pharmaceutical batch record system that meticulously replicates its paper predecessor inherently limits the system’s ability to analyze data across batches or integrate with other quality processes.
Manual data extraction requirements: When data is trapped in digital documents structured like paper forms, it remains difficult to extract. This means data from paper-on-glass records typically requires manual intervention, substantially reducing data utilization effectiveness.
Elevated error rates: Many paper-on-glass implementations lack sufficient logic and controls to prevent avoidable data capture errors that would be eliminated in truly digital systems. Without data validation rules built into the capture process, quality systems continue to allow errors that must be caught through manual review.
Unnecessary artifacts: These approaches generate records with inflated sizes and unnecessary elements, such as cover pages that serve no functional purpose in a digital environment but persist because they were needed in paper systems.
Cumbersome validation: Content must be fully controlled and managed manually, with none of the advantages gained from data-centric validation approaches.
Broader Digital Transformation Struggles
Pharmaceutical and medical device companies must navigate complex regulatory requirements while implementing new digital systems, leading to stalling initiatives. Regulatory agencies have historically relied on document-based submissions and evidence, reinforcing document-centric mindsets even as technology evolves.
Beyond Paper-on-Glass: What Comes Next?
What comes after paper-on-glass? The natural evolution leads to end-to-end integration and execution systems that transcend document limitations and focus on data as the primary asset. This evolution isn’t merely about eliminating paper—it’s about reconceptualizing how we think about the information that drives quality management.
In fully integrated execution systems, functional documents and records become unified. Instead of having separate systems for managing SOPs and for capturing execution data, these systems bring process definitions and execution together. This approach drives up reliability and drives out error, but requires fundamentally different thinking about how we structure information.
A prime example of moving beyond paper-on-glass can be seen in advanced Manufacturing Execution Systems (MES) for pharmaceutical production. Rather than simply digitizing batch records, modern MES platforms incorporate AI, IIoT, and Pharma 4.0 principles to provide the right data, at the right time, to the right team. These systems deliver meaningful and actionable information, moving from merely connecting devices to optimizing manufacturing and quality processes.
AI-Powered Documentation: Breaking Through with Intelligent Systems
A dramatic example of breaking free from document constraints comes from Novo Nordisk’s use of AI to draft clinical study reports. The company has taken a leap forward in pharmaceutical documentation, putting AI to work where human writers once toiled for weeks. The Danish pharmaceutical company is using Claude, an AI model by Anthropic, to draft clinical study reports—documents that can stretch hundreds of pages.
This represents a fundamental shift in how we think about documents. Rather than having humans arrange data into documents manually, we can now use AI to generate high-quality documents directly from structured data sources. The document becomes an output—a view of the underlying data—rather than the primary artifact of the quality system.
Data Requirements: The Foundation of Modern Quality Systems in Life Sciences
Shifting from document-centric to data-centric thinking requires understanding that documents are merely vessels for data—and it’s the data that delivers value. When we focus on data requirements instead of document types, we unlock new possibilities for quality management in regulated environments.
At its core, any quality process is a way to realize a set of requirements. These requirements come from external sources (regulations, standards) and internal needs (efficiency, business objectives). Meeting these requirements involves integrating people, procedures, principles, and technology. By focusing on the underlying data requirements rather than the documents that traditionally housed them, life sciences organizations can create more flexible, responsive quality systems.
ICH Q9(R1) emphasizes that knowledge is fundamental to effective risk management, stating that “QRM is part of building knowledge and understanding risk scenarios, so that appropriate risk control can be decided upon for use during the commercial manufacturing phase.” We need to recognize the inverse relationship between knowledge and uncertainty in risk assessment. As ICH Q9(R1) notes, uncertainty may be reduced “via effective knowledge management, which enables accumulated and new information (both internal and external) to be used to support risk-based decisions throughout the product lifecycle.”
This approach helps us ensure that our tools take into account that our processes are living and breathing, our tools should take that into account. This is all about moving to a process repository and away from a document mindset.
Documents as Data Views: Transforming Quality System Architecture
When we shift our paradigm to view documents as outputs of data rather than primary artifacts, we fundamentally transform how quality systems operate. This perspective enables a more dynamic, interconnected approach to quality management that transcends the limitations of traditional document-centric systems.
Breaking the Document-Data Paradigm
Traditionally, life sciences organizations have thought of documents as containers that hold data. This subtle but profound perspective has shaped how we design quality systems, leading to siloed applications and fragmented information. When we invert this relationship—seeing data as the foundation and documents as configurable views of that data—we unlock powerful capabilities that better serve the needs of modern life sciences organizations.
The Benefits of Data-First, Document-Second Architecture
When documents become outputs—dynamic views of underlying data—rather than the primary focus of quality systems, several transformative benefits emerge.
First, data becomes reusable across multiple contexts. The same underlying data can generate different documents for different audiences or purposes without duplication or inconsistency. For example, clinical trial data might generate regulatory submission documents, internal analysis reports, and patient communications—all from a single source of truth.
Second, changes to data automatically propagate to all relevant documents. In a document-first system, updating information requires manually changing each affected document, creating opportunities for errors and inconsistencies. In a data-first system, updating the central data repository automatically refreshes all document views, ensuring consistency across the quality ecosystem.
Third, this approach enables more sophisticated analytics and insights. When data exists independently of documents, it can be more easily aggregated, analyzed, and visualized across processes.
In this architecture, quality management systems must be designed with robust data models at their core, with document generation capabilities built on top. This might include:
A unified data layer that captures all quality-related information
Flexible document templates that can be populated with data from this layer
Dynamic relationships between data entities that reflect real-world connections between quality processes
Powerful query capabilities that enable users to create custom views of data based on specific needs
The resulting system treats documents as what they truly are: snapshots of data formatted for human consumption at specific moments in time, rather than the authoritative system of record.
Electronic Quality Management Systems (eQMS): Beyond Paper-on-Glass
Electronic Quality Management Systems have been adopted widely across life sciences, but many implementations fail to realize their full potential due to document-centric thinking. When implementing an eQMS, organizations often attempt to replicate their existing document-based processes in digital form rather than reconceptualizing their approach around data.
Current Limitations of eQMS Implementations
Document-centric eQMS systems treat functional documents as discrete objects, much as they were conceived decades ago. They still think it terms of SOPs being discrete documents. They structure workflows, such as non-conformances, CAPAs, change controls, and design controls, with artificial gaps between these interconnected processes. When a manufacturing non-conformance impacts a design control, which then requires a change control, the connections between these events often remain manual and error-prone.
This approach leads to compartmentalized technology solutions. Organizations believe they can solve quality challenges through single applications: an eQMS will solve problems in quality events, a LIMS for the lab, an MES for manufacturing. These isolated systems may digitize documents but fail to integrate the underlying data.
Data-Centric eQMS Approaches
We are in the process of reimagining eQMS as data platforms rather than document repositories. A data-centric eQMS connects quality events, training records, change controls, and other quality processes through a unified data model. This approach enables more effective risk management, root cause analysis, and continuous improvement.
For instance, when a deviation is recorded in a data-centric system, it automatically connects to relevant product specifications, equipment records, training data, and previous similar events. This comprehensive view enables more effective investigation and corrective action than reviewing isolated documents.
Looking ahead, AI-powered eQMS solutions will increasingly incorporate predictive analytics to identify potential quality issues before they occur. By analyzing patterns in historical quality data, these systems can alert quality teams to emerging risks and recommend preventive actions.
Manufacturing Execution Systems (MES): Breaking Down Production Data Silos
Manufacturing Execution Systems face similar challenges in breaking away from document-centric paradigms. Common MES implementation challenges highlight the limitations of traditional approaches and the potential benefits of data-centric thinking.
MES in the Pharmaceutical Industry
Manufacturing Execution Systems (MES) aggregate a number of the technologies deployed at the MOM level. MES as a technology has been successfully deployed within the pharmaceutical industry and the technology associated with MES has matured positively and is fast becoming a recognized best practice across all life science regulated industries. This is borne out by the fact that green-field manufacturing sites are starting with an MES in place—paperless manufacturing from day one.
The amount of IT applied to an MES project is dependent on business needs. At a minimum, an MES should strive to replace paper batch records with an Electronic Batch Record (EBR). Other functionality that can be applied includes automated material weighing and dispensing, and integration to ERP systems; therefore, helping the optimization of inventory levels and production planning.
Beyond Paper-on-Glass in Manufacturing
In pharmaceutical manufacturing, paper batch records have traditionally documented each step of the production process. Early electronic batch record systems simply digitized these paper forms, creating “paper-on-glass” implementations that failed to leverage the full potential of digital technology.
Advanced Manufacturing Execution Systems are moving beyond this limitation by focusing on data rather than documents. Rather than digitizing batch records, these systems capture manufacturing data directly, using sensors, automated equipment, and operator inputs. This approach enables real-time monitoring, statistical process control, and predictive quality management.
An example of a modern MES solution fully compliant with Pharma 4.0 principles is the Tempo platform developed by Apprentice. It is a complete manufacturing system designed for life sciences companies that leverages cloud technology to provide real-time visibility and control over production processes. The platform combines MES, EBR, LES (Laboratory Execution System), and AR (Augmented Reality) capabilities to create a comprehensive solution that supports complex manufacturing workflows.
Electronic Validation Management Systems (eVMS): Transforming Validation Practices
Validation represents a critical intersection of quality management and compliance in life sciences. The transition from document-centric to data-centric approaches is particularly challenging—and potentially rewarding—in this domain.
Current Validation Challenges
Traditional validation approaches face several limitations that highlight the problems with document-centric thinking:
Integration Issues: Many Digital Validation Tools (DVTs) remain isolated from Enterprise Document Management Systems (eDMS). The eDMS system is typically the first step where vendor engineering data is imported into a client system. However, this data is rarely validated once—typically departments repeat this validation step multiple times, creating unnecessary duplication.
Validation for AI Systems: Traditional validation approaches are inadequate for AI-enabled systems. Traditional validation processes are geared towards demonstrating that products and processes will always achieve expected results. However, in the digital “intellectual” eQMS world, organizations will, at some point, experience the unexpected.
Continuous Compliance: A significant challenge is remaining in compliance continuously during any digital eQMS-initiated change because digital systems can update frequently and quickly. This rapid pace of change conflicts with traditional validation approaches that assume relative stability in systems once validated.
Data-Centric Validation Solutions
Modern electronic Validation Management Systems (eVMS) solutions exemplify the shift toward data-centric validation management. These platforms introduce AI capabilities that provide intelligent insights across validation activities to unlock unprecedented operational efficiency. Their risk-based approach promotes critical thinking, automates assurance activities, and fosters deeper regulatory alignment.
We need to strive to leverage the digitization and automation of pharmaceutical manufacturing to link real-time data with both the quality risk management system and control strategies. This connection enables continuous visibility into whether processes are in a state of control.
The 11 Axes of Quality 4.0
LNS Research has identified 11 key components or “axes” of the Quality 4.0 framework that organizations must understand to successfully implement modern quality management:
Data: In the quality sphere, data has always been vital for improvement. However, most organizations still face lags in data collection, analysis, and decision-making processes. Quality 4.0 focuses on rapid, structured collection of data from various sources to enable informed and agile decision-making.
Analytics: Traditional quality metrics are primarily descriptive. Quality 4.0 enhances these with predictive and prescriptive analytics that can anticipate quality issues before they occur and recommend optimal actions.
Connectivity: Quality 4.0 emphasizes the connection between operating technology (OT) used in manufacturing environments and information technology (IT) systems including ERP, eQMS, and PLM. This connectivity enables real-time feedback loops that enhance quality processes.
Collaboration: Breaking down silos between departments is essential for Quality 4.0. This requires not just technological integration but cultural changes that foster teamwork and shared quality ownership.
App Development: Quality 4.0 leverages modern application development approaches, including cloud platforms, microservices, and low/no-code solutions to rapidly deploy and update quality applications.
Scalability: Modern quality systems must scale efficiently across global operations while maintaining consistency and compliance.
Management Systems: Quality 4.0 integrates with broader management systems to ensure quality is embedded throughout the organization.
Compliance: While traditional quality focused on meeting minimum requirements, Quality 4.0 takes a risk-based approach to compliance that is more proactive and efficient.
Culture: Quality 4.0 requires a cultural shift that embraces digital transformation, continuous improvement, and data-driven decision-making.
Leadership: Executive support and vision are critical for successful Quality 4.0 implementation.
Competency: New skills and capabilities are needed for Quality 4.0, requiring significant investment in training and workforce development.
The Future of Quality Management in Life Sciences
The evolution from document-centric to data-centric quality management represents a fundamental shift in how life sciences organizations approach quality. While documents will continue to play a role, their purpose and primacy are changing in an increasingly data-driven world.
By focusing on data requirements rather than document types, organizations can build more flexible, responsive, and effective quality systems that truly deliver on the promise of digital transformation. This approach enables life sciences companies to maintain compliance while improving efficiency, enhancing product quality, and ultimately delivering better outcomes for patients.
The journey from documents to data is not merely a technical transition but a strategic evolution that will define quality management for decades to come. As AI, machine learning, and process automation converge with quality management, the organizations that successfully embrace data-centricity will gain significant competitive advantages through improved agility, deeper insights, and more effective compliance in an increasingly complex regulatory landscape.
The paper may go, but the document—reimagined as structured data that enables insight and action—will continue to serve as the foundation of effective quality management. The key is recognizing that documents are vessels for data, and it’s the data that drives value in the organization.
Investigations of a Dog 