EU GMP Annex 1 Guidelines for Sterile Drugs

Q: What does EU GMP Annex 11 actually require for computerised systems in pharmaceutical manufacturing?

Annex 11 applies when computerised system replaces manual operation in GMP scope. Core requirements: risk management (ICH Q9 to determine validation level and controls; not every system requires same depth); system lifecycle (specification, design, build, qualification IQ/OQ/PQ, operation, periodic review, retirement; documented and managed); supplier management (commercial systems — supplier's quality system evaluated, custom — development team's quality system); validation documentation (URS, FS, DS, validation protocols, test scripts and results, summary report); data integrity (ALCOA+: Attributable, Legible, Contemporaneous, Original, Accurate plus Complete, Consistent, Enduring, Available; preserved through lifecycle); electronic signatures and records (signature linkage, electronic record preservation, retrieval); audit trail (time-stamped events, user actions, changes; reviewable by authorised personnel); access control (authorisation, authentication, role-based; periodic review); change control (changes follow formal procedure, impact assessment, re-validation as needed); periodic review (system periodically reviewed for fitness); backup and recovery (data backed up, recovery tested); business continuity (failure procedures ensuring continuity); incident management (failures, deviations, security events logged, investigated, resolved). Scope: applies to systems affecting product quality, patient safety, or data integrity within GMP; productivity, internal analytics, marketing outside scope; misidentifying scope causes either under-validation or over-validation.

Q: How do Annex 11 requirements differ from 21 CFR Part 11 for the same AI system?

Overlap in intent but differ in detail. Scope: Part 11 — electronic records and signatures; applies broadly across FDA-regulated (drug, device, biologics, food, veterinary). Annex 11 — computerised systems in pharma manufacturing; narrower industry but broader system coverage. For AI in pharma both apply: Part 11 governs records/signatures; Annex 11 broader system aspects. Audit trail: Part 11 required, who/what/when of changes, reasons; Annex 11 required, more explicit on review process and retention. Electronic signatures: Part 11 detailed (two distinct ID/password or biometric, meaning, certification, linkage); Annex 11 similar, refers to applicable laws (EU eIDAS for advanced/qualified). Validation: Part 11 implicit, references CSV; Annex 11 explicit, risk-based via ICH Q9. Supplier management: Part 11 implicit through CSV; Annex 11 explicit, risk-based. Risk-based approach: Part 11 less explicit (FDA clarified via PCCP and AI/ML guidance); Annex 11 explicit, ICH Q9 referenced. AI specifically: both technology-neutral, AI must meet requirements like any software; specific AI considerations (training data documentation, model versioning, retraining change control) addressed via GAMP 5 and emerging guidance. Practical handling: global manufacturers maintain single quality system meeting both; same validation package satisfies both with framework-specific annexes where requirements differ; region-specific compliance is documentation overhead more than fundamental design difference.

Q: Where does Annex 11 apply specifically to AI/ML-based computerised systems?

Annex 11 applies to AI/ML in GMP scope. Application points: in-process monitoring (AI/ML monitoring manufacturing variables — pressure, temperature, particle counts, fill-volume detection; outputs affect batch records, deviations, release; Annex 11 applies). Quality control/assurance (AI/ML for batch record review, deviation triage, analytical result evaluation; outputs GMP-scope; applies). Process control (automated control loops with AI/ML — advanced process control, model-predictive; outputs control regulated processes; applies). Inspection automation (AI/ML-based visual inspection — particle, label verification, fill checking; outputs affect release; applies). Environmental monitoring (AI/ML for cleanroom data analysis — trend, anomaly detection; outputs affect product quality; applies). Data analytics and reporting (AI/ML producing reports used for product quality decisions — release, recall, CAPA; applies). AI/ML considerations: training data as part of validation (training data is part of validated state, changes are changes to system); model versioning as configuration item (deployment follows change control); retraining as controlled change (produces new model version, subject to change control, risk-based depth); continuous monitoring of performance (production performance monitored, degradation is deviation); documentation of model behaviour (sufficient for qualification, explainability where possible, performance characterisation). 2025 revision further elaborates these for AI/ML.

Q: What does an Annex 11–compliant validation package contain (risk assessment, electronic records, audit trail, change control)?

Typical package: system risk assessment (ICH Q9 application, risks — data integrity, process control, patient safety — mapped to controls, informs validation depth); URS (functional, performance, regulatory requirements); FS (data flows, interfaces, calculations, alerts); DS (software architecture, database schema, integration, security); IQ (installation verification — hardware, software version, connectivity); OQ (operates as specified — function tests, failure mode tests, error handling); PQ (performs as required under expected use — representative cases, expected vs observed); VSR (summary, deviations, conclusions, release for production); SOPs (user, admin, backup/restore, change); training records (users trained, trainer-of-record); electronic records/signatures package (retention configuration, signature linkage, format conversion, validation); audit trail review procedure (who, when, what; periodic review records); change control documentation (each change, impact assessment, re-validation, current state); backup/recovery validation (procedures tested, recovery from backup tested); business continuity plan (failure procedures, manual fallback if applicable); periodic review record (recent review, findings, corrective actions); decommissioning plan (end-of-life, data migration or archival). Size varies: small workflow 50-100 pages; major MES with AI thousands.

Q: How is the draft 2025 Annex 11 revision changing requirements for AI-driven systems?

Revision addresses gaps in original (2011). AI/ML explicit treatment: original technology-neutral; revision adds specific guidance — training data documentation and lifecycle, model versioning and change control, continuous performance monitoring, explainability expectations (proportional to risk), retraining as controlled change. Risk-based scaling: clearer guidance on validation depth based on risk; reduces over-validation of low-risk. Data integrity emphasis: stronger throughout data lifecycle (not just at record creation); references recent EMA and PIC/S guidance. Cloud and SaaS treatment: explicit for cloud-hosted and SaaS; supplier qualification expectations for cloud providers; data location and sovereignty. Cybersecurity: increased emphasis on controls; references NIS2 directive and pharma-specific. Continuous validation/qualification: framework for systems changing continuously (cloud SaaS updating frequently); approach not requiring full re-qualification per update. Lifecycle and retirement: stronger requirements for retirement, data migration, long-term data preservation. Adoption timeline: EU adoption typically 2-3 years from draft to enforcement; revision expected in active enforcement 2027-2028. Practical impact: align practice with revision principles now (revision codifies practices already considered best practice); inventory AI/ML systems and assess against revision expectations; plan for stronger documentation requirements; engage notified bodies and regulators early on AI/ML qualification.

Q: Which Annex 11 controls demand special evidence when the underlying model is retrained?

Retraining is change to validated state; Annex 11 controls apply with AI/ML-specific evidence. Change control: documented as change, impact assessment, required validation activities determined. Risk re-assessment: particularly risks dependent on data or behaviour that retraining might affect. Training data documentation: source, lineage, quality assessment, representativeness, inclusion/exclusion criteria. Model version control: version updated, previous retained for rollback. Performance evidence: evaluation on validation set, comparison against previous, demonstration meets or exceeds. Regression testing: tested against test sets representing each sub-population deployed model serves; no regression on any sub-population. Drift documentation: if retraining in response to detected drift, evidence part of change rationale; retrained model's drift-handling documented. Bias and fairness evidence: if applicable, re-assessment. Explainability evidence: if applicable, updated model card or equivalent. Validation activities (risk-based): minor retraining (incremental data, no architecture change) limited OQ/PQ re-execution; major retraining (architecture change, distribution shift) fuller re-validation. PCCP approach: if company has filed or aligned with predetermined change control plan, retraining within scope pre-authorised, documentation defined upfront; FDA terminology, EMA converging via EU AI Act framework. User training: if model behaviour changes meaningfully, users re-trained. Principle: retraining change-control treats AI/ML system like any computerised system change — risk-based, documented, validated proportionally; specifics adapt to AI/ML but framework established.

Introduction

EU GMP Annex 1 (contamination control for sterile drug products) sets the manufacturing-floor requirements; EU GMP Annex 11 (computerised systems) sets the requirements for the software, automation, and increasingly AI/ML systems that monitor and control sterile production. Sterile manufacturing in 2026 cannot be evaluated through Annex 1 alone — the data integrity, system validation, electronic records, audit trail, and AI-model governance that Annex 11 defines are the operational substrate that Annex 1 contamination control relies upon. Misunderstanding Annex 11 leads to either non-compliance (under-validating regulated systems) or over-compliance (applying Annex 11 to systems that fall outside its scope). See the life sciences landing for the broader programme.

This article focuses on Annex 11 — what it actually requires for computerised systems in pharmaceutical manufacturing, how it differs from FDA’s 21 CFR Part 11, where it applies to AI/ML, what an Annex 11–compliant validation package contains, and how the 2025 revision is reshaping requirements.

What this means in practice

Annex 11 governs computerised systems in regulated pharmaceutical manufacturing — not all software in pharma.
AI/ML systems used in GxP scope fall under Annex 11 with additional considerations.
Annex 11 and 21 CFR Part 11 overlap but differ in audit trail, e-signature, and risk-based scope.
The 2025 revision strengthens AI/ML treatment and clarifies risk-based validation.

What does EU GMP Annex 11 actually require for computerised systems in pharmaceutical manufacturing?

Annex 11 applies when “a computerised system replaces a manual operation” in GMP scope. The core requirements:

Risk management. Apply ICH Q9 risk management to determine the level of validation and controls. Not every system requires the same depth.

System lifecycle. Specification, design, build, qualification (IQ/OQ/PQ), operation, periodic review, retirement. The lifecycle is documented and managed.

Supplier and service provider management. For commercial systems, the supplier’s quality system is evaluated; for custom systems, the development team’s quality system is evaluated.

Validation documentation. URS (User Requirements Specification), FS (Functional Specification), DS (Design Specification), validation protocols (IQ, OQ, PQ), test scripts and results, validation summary report.

Data integrity. ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, Available). Data must be preserved through the system’s lifecycle.

Electronic signatures and records. Requirements for electronic signatures (linking signature to record, ensuring authenticity), electronic records (long-term preservation, retrieval).

Audit trail. Time-stamped record of system events; user actions; changes to data; reviewable by authorised personnel.

Access control. Authorisation, authentication, role-based permissions; periodic review of access.

Change control. Changes to validated systems follow formal procedure; impact assessment; re-validation as needed.

Periodic review. The validated system is periodically reviewed to ensure it remains fit for purpose.

Backup and recovery. Data is backed up; recovery procedures are tested.

Business continuity. Procedures for system failure ensuring continuity of operations.

Incident management. System failures, deviations, security events are logged, investigated, and resolved.

The scope question. Annex 11 applies to systems that affect product quality, patient safety, or data integrity within GMP scope. Productivity tools, internal analytics, marketing systems are outside scope. Misidentifying scope causes either under-validation (regulated system treated as non-regulated) or over-validation (non-regulated system treated as regulated).

How do Annex 11 requirements differ from 21 CFR Part 11 for the same AI system?

The frameworks overlap in intent but differ in detail:

Scope:

Part 11. Electronic records and electronic signatures specifically; applies broadly across FDA-regulated industries (drug, device, biologics, food, veterinary).

Annex 11. Computerised systems in pharmaceutical manufacturing specifically; narrower regulated industry but broader system coverage within it.

For an AI system in pharma manufacturing, both apply: Part 11 governs the records and signatures aspect; Annex 11 governs the broader computerised system aspects.

Audit trail:

Part 11. Required; specifications include who, what, when of changes to records; reasons for change.

Annex 11. Required; more explicit on review process (who reviews, with what frequency); explicit on retention period.

Electronic signatures:

Part 11. Detailed requirements: signature components (two distinct ID/password or biometric), signature meaning, signature certification, linkage to record.

Annex 11. Similar requirements; refers to applicable laws (EU eIDAS regulation for advanced/qualified signatures).

Validation:

Part 11. Validation expectation implicit; references CSV (Computer System Validation) guidance.

Annex 11. Validation expectation explicit; risk-based depth based on ICH Q9.

Supplier management:

Part 11. Implicit through CSV practices.

Annex 11. Explicit requirement to assess supplier; risk-based depth.

Risk-based approach:

Part 11. Less explicit; FDA has clarified via Predetermined Change Control Plan (PCCP) and recent AI/ML guidance.

Annex 11. Explicit risk-based; ICH Q9 referenced.

For AI systems specifically. Both Annex 11 and Part 11 are technology-neutral; AI/ML systems must meet the requirements like any other software. Specific AI considerations (training data documentation, model versioning, retraining change control) are addressed via GAMP 5 (Good Automated Manufacturing Practice) and emerging guidance.

The practical handling. Global pharma manufacturers maintain a single quality system that meets both frameworks; the same validation package satisfies both, with framework-specific annexes where requirements differ. Region-specific compliance is documentation overhead more than fundamental design difference.

Where does Annex 11 apply specifically to AI/ML-based computerised systems?

Annex 11 applies to AI/ML systems used in GMP scope. Specific application points:

In-process monitoring. AI/ML systems that monitor manufacturing process variables (pressure, temperature, particle counts, fill-volume detection). Outputs affect batch records, deviations, release decisions; Annex 11 applies.

Quality control / quality assurance. AI/ML for batch record review, deviation triage, analytical result evaluation. Outputs are GMP-scope; Annex 11 applies.

Process control. Automated control loops with AI/ML elements (advanced process control, model-predictive control). Outputs control regulated processes; Annex 11 applies.

Inspection automation. AI/ML-based visual inspection systems (particle inspection, label verification, fill checking). Outputs affect release decisions; Annex 11 applies.

Environmental monitoring. AI/ML for environmental monitoring data analysis (trend detection, anomaly detection in cleanroom data). Outputs affect product quality assessment; Annex 11 applies.

Data analytics and reporting. AI/ML producing reports used for product quality decisions (release, recall, CAPA). Annex 11 applies.

Specific AI/ML considerations under Annex 11:

Training data as part of validation. The training data is part of the validated state; changes to training data are changes to the system.

Model versioning as part of change control. Each model version is a configuration item; deployment follows change control.

Retraining as a controlled change. Retraining produces a new model version; subject to change control; risk-based validation depth.

Continuous monitoring of model performance. The model’s production performance is monitored; degradation is a deviation.

Documentation of model behaviour. Sufficient documentation to support qualification; explainability where possible; performance characterisation.

The 2025 revision (described below) further elaborates these for AI/ML.

What does an Annex 11–compliant validation package contain (risk assessment, electronic records, audit trail, change control)?

A typical Annex 11 validation package for a computerised system:

System risk assessment. ICH Q9 application; identifies risks (data integrity, process control, patient safety); maps risks to controls; informs validation depth.

User Requirements Specification (URS). What the user needs the system to do; functional, performance, regulatory requirements.

Functional Specification (FS). How the system meets the URS; data flows, interfaces, calculations, alerts.

Design Specification (DS). Implementation details; software architecture, database schema, integration points, security architecture.

Installation Qualification (IQ). Documentation that the system is installed correctly; hardware verification, software version verification, connectivity verification.

Operational Qualification (OQ). Documentation that the system operates as specified; tests of all functions; tests of failure modes; tests of error handling.

Performance Qualification (PQ). Documentation that the system performs as required under expected use; representative test cases; expected results matching observed.

Validation Summary Report (VSR). Summary of validation activities; deviations encountered; conclusions; release for production use.

Standard Operating Procedures (SOPs). User SOPs for operating the system; admin SOPs for maintenance; backup, restore, change procedures.

Training records. Users trained; trainer-of-record documented.

Electronic records and electronic signatures package. Configuration of electronic record retention, signature linkage, format conversion; validation of these specific functions.

Audit trail review procedure. Who reviews, when, what is reviewed; periodic audit trail review records.

Change control documentation. Each change since validation; impact assessment; re-validation activities; current validated state.

Backup and recovery validation. Backup procedures tested; recovery from backup tested; documented.

Business continuity plan. System failure procedures; manual fallback if applicable.

Periodic review record. Most recent periodic review of the system; findings; corrective actions.

Decommissioning plan. End-of-life procedures; data migration or archival.

The size of the package varies with system complexity and risk. A small workflow system might be 50-100 pages; a major MES (Manufacturing Execution System) with AI elements might be thousands of pages.

How is the draft 2025 Annex 11 revision changing requirements for AI-driven systems?

The 2025 Annex 11 revision (in draft and being adopted) addresses several gaps in the original:

AI/ML explicit treatment. The original Annex 11 (2011) is technology-neutral; the revision adds specific guidance for AI/ML systems including:

Training data documentation and lifecycle;
Model versioning and change control;
Continuous performance monitoring;
Explainability expectations (proportional to risk);
Retraining as controlled change.

Risk-based scaling. The revision provides clearer guidance on how to scale validation depth based on risk; reduces over-validation of low-risk systems.

Data integrity emphasis. Stronger emphasis on data integrity throughout the data lifecycle (not just at record creation); references recent EMA and PIC/S guidance on data integrity.

Cloud and SaaS treatment. Explicit treatment of cloud-hosted and SaaS systems; supplier qualification expectations for cloud providers; data location and sovereignty considerations.

Cybersecurity. Increased emphasis on cybersecurity controls; references NIS2 directive and pharma-specific cyber requirements.

Continuous validation / continuous qualification. Framework for systems that change continuously (cloud SaaS that updates frequently); qualification approach that doesn’t require full re-qualification per update.

Lifecycle and retirement. Stronger requirements for system retirement, data migration, long-term data preservation.

The adoption timeline. EU regulatory adoption typically takes 2-3 years from draft to enforcement; the 2025 revision is expected to be in active enforcement by 2027-2028.

The practical impact. Pharma manufacturers should:

Begin aligning practice with revision principles now (the revision codifies practices already considered best practice by leading manufacturers).

Inventory AI/ML systems and assess them against revision expectations.

Plan for stronger AI/ML documentation requirements in upcoming validation packages.

Engage with notified bodies and regulators early on AI/ML qualification approaches.

Which Annex 11 controls demand special evidence when the underlying model is retrained?

Retraining is a change to the validated state; Annex 11 controls apply with AI/ML-specific evidence requirements:

Change control. Retraining is documented as a change; impact assessment evaluates effect on validated functions; required validation activities determined.

Risk re-assessment. Re-assess risks for the retrained model; particularly risks that depend on data or behaviour characteristics that retraining might affect.

Training data documentation. New training data documented: source, lineage, quality assessment, representativeness, inclusion/exclusion criteria.

Model version control. Model version is updated; previous version retained for rollback capability.

Performance evidence. Performance evaluation on validation set; comparison against previous model; demonstration that retrained model meets or exceeds previous on required metrics.

Regression testing. The retrained model tested against test sets representing each sub-population the deployed model serves; ensure no regression on any sub-population.

Drift documentation. If retraining is in response to detected drift, the drift evidence is part of the change rationale; the retrained model’s drift-handling is documented.

Bias and fairness evidence. If applicable (depending on use case), bias and fairness re-assessment.

Explainability evidence. If applicable, updated explainability documentation (model card or equivalent).

Validation activities. Risk-based: minor retraining (incremental data, no architecture change) might require limited OQ/PQ re-execution; major retraining (architecture change, distribution shift) requires fuller re-validation.

Predetermined Change Control Plan (PCCP) approach. If the company has filed (or aligned with) a PCCP, the retraining within the PCCP scope is pre-authorised; documentation requirements are defined upfront. This is FDA terminology; EMA is converging via the EU AI Act framework.

User training. If model behaviour changes meaningfully, users are re-trained on the new behaviour.

The principle. The retraining change-control process treats the AI/ML system like any computerised system change: risk-based, documented, validated proportionally to risk. The specifics adapt to AI/ML characteristics but the framework is established.

How TechnoLynx Can Help

TechnoLynx works with pharma operations on Annex 11 (and Part 11) compliance for AI/ML systems — validation strategy, evidence package design, retraining change control, alignment with the 2025 revision. If your team is scoping a regulated AI/ML deployment, contact us.

Image credits: Freepik