EU GMP Annex 11 Revision: Computerised Systems, Data Integrity and AI Rules Arriving in 2026

The European Union is finalizing the biggest rewrite of EU GMP Annex 11 since 2011. The draft, published on 7 July 2025 and closed for consultation on 7 October 2025, expands Annex 11 from a five page guideline into a 19 page document organized in 17 chapters. It covers validation, audit trails, supplier oversight, identity and access management, and, for the first time, cybersecurity as a core GMP requirement. A brand new Annex 22 on artificial intelligence arrives alongside it. Final publication is expected in mid-2026. If your company exports medicinal products or active substances to the EU, the time to run a gap assessment is now, not after the final text lands.

Executive Summary

The European Commission and PIC/S published the draft revision of EU GMP Annex 11 (Computerised Systems) on 7 July 2025, together with a new Annex 22 (Artificial Intelligence) and a revised Chapter 4 (Documentation). The public consultation closed on 7 October 2025 and final versions are expected from mid-2026.
The draft grows from 5 pages to 19 pages and is structured in 17 chapters plus a glossary, with eight overarching principles.
Major new or expanded areas include system alarms, supplier and service management with nine mandatory contract elements, ten subsections on audit trails, periodic reviews, and a 20 subsection security chapter covering patching, penetration testing, firewalls and USB controls.
The companion Annex 22 limits AI in GMP critical applications to static, deterministic models. Dynamic models, generative AI and large language models are excluded from critical use.
Canadian exporters to the EU should map current computerized system controls against the draft now. Most companies will find gaps in audit trail review, supplier contracts, access management and IT security evidence.

What Is the EU GMP Annex 11 Revision?

What is it? EU GMP Annex 11 is the guideline in EudraLex Volume 4 that sets requirements for computerized systems used in the manufacture of medicinal products and active substances. The current version dates from 2011. The 2025 draft revision, prepared jointly by the EMA GMP/GDP Inspectors Working Group and PIC/S, is a complete rewrite that reflects cloud services, outsourced IT, modern cyber threats and digital data flows.

Why does it matter? The 2011 version was written before cloud computing, software as a service and ransomware became everyday realities in pharmaceutical operations. Inspectors have spent a decade citing data integrity findings against a guideline that never mentioned multifactor authentication, penetration testing or service level agreements. The revision closes that gap and tells industry exactly what EU and PIC/S inspectors will expect.

What should companies do? Run a structured gap assessment of every GMP computerized system against the draft text, prioritize remediation by risk to product quality, patient safety and data integrity, and update supplier contracts, audit trail review procedures and security controls before the final version takes effect.

How does it affect compliance? Once final, the revised Annex 11 becomes the inspection standard for EU GMP certificates. Because PIC/S plans to adopt an equivalent version, the same expectations will flow into inspections by PIC/S member authorities, including Health Canada, over time.

Timeline: From Concept Paper to Final Text

The revision has been signalled for years. The consultation drafts confirm the direction and the structure. Here is the verified timeline.

Milestone	Date
Current Annex 11 came into operation	June 2011
EMA and PIC/S concept paper announced a full revision	November 2022
Draft Annex 11, new Annex 22 and revised Chapter 4 published for consultation	7 July 2025
Public consultation closed	7 October 2025
Final versions expected	Mid-2026
Operative date	To be set in the final text

The drafts were prepared by the EMA GMP/GDP Inspectors Working Group together with PIC/S, which means the EU and PIC/S texts are expected to stay aligned. For exporters, that alignment matters: the same requirements will eventually appear in inspections far beyond Europe.

From 5 Pages to 17 Chapters: What the New Annex 11 Covers

The draft keeps the familiar name but little else. The 2011 version had a principle section and 17 short clauses spread over five pages. The draft is a 19 page document with eight principles and 17 structured chapters, each with detailed subsections, plus an expanded glossary.

Chapter	Focus	Status vs 2011
1. Scope	All computerized systems used in manufacturing of medicinal products and active substances	Clarified
2. Principles	Eight principles, including lifecycle validation, QRM, data integrity and security	Expanded
3. Pharmaceutical Quality System	Deviations, change control, internal audits, management review, senior management oversight	Expanded
4. Risk Management	QRM across the lifecycle, references ICH Q9(R1)	Expanded
5. Personnel and Training	Cooperation among process owner, system owner, QA, QP, IT, vendors; system specific training	Expanded
6. System Requirements	URS for all systems including SaaS, user ownership, traceability to testing	Expanded
7. Supplier and Service Management	Vendor audits, SLAs, KPIs and nine mandatory contract elements	Expanded
8. Alarms	Alarm settings, acknowledgement, non-editable alarm logs and periodic alarm review	New
9. Qualification and Validation	Follows Annex 15, risk based scope, traceability matrix, conditional approval rules	Expanded
10. Handling of Data	Input plausibility checks, validated interfaces over manual transcription, encryption	Expanded
11. Identity and Access Management	Unique accounts, MFA for remote access, auto locking, segregation of duties, least privilege	Expanded
12. Audit Trails	Who, what, when and why captured at the time of the event; targeted, timely, independent reviews	Expanded
13. Electronic Signatures	Re-authentication, signature manifestation, unbreakable links, hybrid solutions	Expanded
14. Periodic Review	Twelve item review scope to confirm systems remain validated and fit for use	New
15. Security	Twenty subsections: ISMS, firewalls, patching, USB control, antivirus, penetration testing	New
16. Backup	Physical and logical separation of backups, documented restore tests	Expanded
17. Archiving	Read only protection, checksum verification, durability of media, searchable retrieval	New

Three of these chapters deserve a closer look from any quality or IT team planning a gap assessment.

The Eight Principles Behind the Draft

The draft opens with eight principles that frame every other requirement. In plain language they say: validate systems before use and keep them validated; apply quality risk management across the lifecycle; alternative practices are acceptable if you can prove equal or better control; data integrity per ALCOA+ is critical; documented system requirements are the basis of validation; outsourcing never transfers responsibility away from the regulated user; security threats must be tracked and addressed in a timely way; and a computerized system replacing a manual process must never increase overall risk.

The outsourcing principle carries the most practical weight. Whether a system runs in your server room, in a vendor cloud or under an internal IT department, the regulated user remains fully responsible for compliance and must hold the evidence and produce it at inspection.

Validation Under the Draft: Requirements, Traceability and Conditional Approval

The draft puts system requirements at the centre of validation. A user requirements specification is expected for every GMP system, whether developed in house, purchased off the shelf or consumed as a service. If a vendor supplies the requirements document, the regulated user must review it, adapt it, formally approve it and take ownership of it.

Three specifics will change daily practice for many companies. First, documented traceability between requirements, design specifications and test cases is mandatory, and test cases that do not trace to a requirement do not count as validation. Second, testing focus shifts to GMP critical functionality: access privileges, calculations, audit trails, error handling, alarms, boundary and negative testing, interfaces and restore from backup. Third, the draft formally allows conditional approval to use a system before every acceptance criterion is closed, but only with a documented assessment that open items do not impact product quality, patient safety or data integrity, an explicit statement in the validation report and close follow up.

For validation planning, the draft points to GMP Annex 15 and to quality risk management as the basis for scope and depth. Companies that already maintain a validation master plan with risk based system categorization are well positioned. Companies relying on vendor test summaries without their own review and authorization are not.

Supplier and Service Management: Nine Contract Elements

Cloud and SaaS providers are now squarely inside the GMP perimeter. Where a regulated user relies on a vendor, a service provider or an internal IT department, the draft requires risk based audits or assessments, defined oversight through SLAs and KPIs, and documentation that is accessible and explainable from the regulated user's own facility during inspection.

The draft lists nine elements that contracts with service providers must cover: the activities and documentation to be provided; the company procedures and regulatory requirements to be met; reporting and oversight arrangements including answer and resolution times; conditions for supplier audits; support during regulatory inspections; resolution of issues raised in audits and inspections; communication of quality and security issues; an exit strategy that lets the regulated user retain control of system data; and the process for releasing new system versions, including the user's opportunity to test before release.

Most existing IT contracts were not written with this list in mind. Reviewing and renegotiating supplier agreements is one of the longest lead time items in any Annex 11 readiness plan, which is exactly why it should start first.

Audit Trails and Data Integrity: Review Before Batch Release

The 2011 Annex 11 mentioned audit trails in a single clause. The draft devotes ten subsections to them, and they are the heart of the data integrity GMP expectations in the new text.

Systems where users can create, modify or delete data must log all manual interactions automatically. Each entry must capture who made the change including their role, what changed including old and new values, when it happened including time zone where applicable, and why, with the system prompting the user for a reason. Audit trail functionality must be enabled and locked at all times, and only an administrator with no involvement in GMP activities may hold the keys.

The review expectations are equally specific. Reviews must follow a documented procedure, be targeted and risk based rather than line by line, be performed by personnel not involved in the activity reviewed, and be completed before batch release unless a later review is justified. Audit trail reviews with direct impact on product release must be available to the Qualified Person at the time of batch certification. It must also be possible to produce a complete, searchable electronic copy of system data including the audit trail; flat or locked files are explicitly not acceptable.

If your current procedure says audit trails are reviewed "periodically" without defining who, what and when, that procedure will not survive contact with the new Annex 11. Our quality assurance team sees this gap in most data integrity assessments we run.

Identity, Access and Alarms

The identity and access management chapter turns common data integrity citations into explicit rules. Every user needs a unique, personal account; shared accounts are a data integrity violation unless strictly read only. Remote access to critical systems from outside controlled perimeters requires multifactor authentication. Accounts must auto lock after failed login attempts, sessions must time out on inactivity, and systems must keep a searchable access log. Two guiding principles govern privileges: segregation of duties, meaning GMP users do not hold administrator rights, and least privilege, meaning nobody holds more access than their job requires. Managers must recurrently review and confirm their employees' access.

The alarms chapter is entirely new. Where a process relies on a system alarm, alarm limits must be justified and validated, critical alarms may only be acknowledged by authorized users with a recorded comment, and every alarm and acknowledgement must flow automatically into an alarm log that GMP users cannot edit or deactivate. Alarm logs must be searchable, sortable and periodically reviewed for trends. Manufacturers running building management, environmental monitoring or process control systems should look closely at this chapter, because few legacy systems meet the non-editable log expectation out of the box.

Cybersecurity Becomes a GMP Requirement

The security chapter is the clearest sign of how much the world changed since 2011. Twenty subsections set expectations that read like an ISO 27001 control set translated into GMP language: an effective information security management system; recurrent security awareness training with effectiveness checks such as simulated phishing; physical protection of servers and data centres; disaster recovery plans with defined recovery time objectives; network segmentation and firewalls with periodically reviewed rules; operating systems kept on supported versions; security patches deployed in a timely manner, immediately for critical vulnerabilities; isolation of unsupported or unpatched systems from networks; strict control of USB and other bidirectional devices, with ports deactivated by default on critical systems; updated antivirus; encrypted remote connections; and regular penetration testing of critical internet facing systems.

For quality units, the practical shift is that IT security evidence becomes GMP evidence. Patch records, firewall rule reviews and penetration test reports will be inspectable documents. Quality and IT can no longer operate as separate worlds with separate audit universes, a theme we also explored in our post on FDA's 2026 pharmaceutical quality agenda.

CSV vs CSA: How the EU Draft Compares with FDA's Approach

Many Canadian manufacturers serve both the EU and US markets, so a frequent question is how the Annex 11 revision lines up with FDA's computer software assurance thinking. FDA finalized its guidance, Computer Software Assurance for Production and Quality System Software, on 24 September 2025, replacing Section 6 of the 2002 software validation guidance for production and quality system software.

Dimension	Traditional CSV	FDA CSA (final, September 2025)	Draft Annex 11 (2025)
Core idea	Document heavy validation of everything	Risk based assurance, least burdensome evidence	Risk based validation with defined documentation expectations
Testing approach	Scripted testing as default	Mix of scripted, unscripted and exploratory testing by risk	Approved plans, protocols and detailed, repeatable test scripts
Evidence	Extensive protocols and signatures	Records appropriate to risk, leveraging vendor activities	Executed test scripts, screen dumps where relevant, traceability matrix
Vendor reliance	Limited, often duplicated testing	Encouraged where justified	Permitted after audit, review and formal authorization by the regulated user
Primary scope	Industry practice, not a regulation	Medical device production and quality system software	All computerized systems in medicinal product and API manufacturing

The two frameworks share the same risk based philosophy, and both let you leverage vendor documentation. The difference is in evidence expectations: the EU draft still expects formal test scripts traceable to requirements, while CSA explicitly opens the door to unscripted testing for lower risk functions. Companies serving both markets should build one risk based framework that satisfies the stricter evidence requirement wherever the two diverge, rather than maintaining parallel methodologies.

Annex 11 vs Part 11: Different Instruments, Converging Expectations

The draft also narrows the long standing gap between EU Annex 11 and FDA's 21 CFR Part 11, the US regulation on electronic records and electronic signatures. The draft even borrows Part 11 vocabulary, including the concept of open systems, and its electronic signature chapter mirrors familiar Part 11 expectations on signature manifestation and record linking.

Aspect	EU GMP Annex 11 (draft 2025)	FDA 21 CFR Part 11
Legal nature	GMP guideline under EudraLex Volume 4	Binding US federal regulation (1997)
Scope	All computerized systems in GMP manufacturing	Electronic records and electronic signatures across predicate rules
Audit trails	Detailed content, locking and review requirements, tied to batch release	Required to ensure record integrity; review expectations set out in guidance
Electronic signatures	Re-authentication, meaning, manifestation, unbreakable record link, hybrid rules	Signature manifestation, record linking, certification letter to FDA
Cybersecurity	Dedicated 20 subsection chapter	Not directly addressed in the regulation
Artificial intelligence	Companion Annex 22 for AI in critical applications	Separate draft guidance on AI for regulatory decision making (January 2025)

The practical takeaway: a system remediated to meet the draft Annex 11 will generally satisfy Part 11 technical controls, but the reverse is not true. Part 11 compliance alone leaves open gaps in supplier contracts, periodic review, alarms and security that EU inspectors will now probe.

Annex 22: AI Enters the GMP Rulebook

The new Annex 22 (Artificial Intelligence) is the first GMP text dedicated to AI in manufacturing. Its scope is deliberately narrow. It applies where AI models are used in critical applications with direct impact on product quality, patient safety or data integrity, and it only permits static models in those applications: models that are locked after training and produce deterministic, repeatable outputs. Dynamic models that keep learning in production, generative AI and large language models are excluded from critical applications. They may support non-critical uses, but only with human oversight. The annex also warns against testing models with artificially generated data unless the approach is justified and documented.

Expectations for permitted models follow familiar GMP logic: defined intended use, documented performance requirements and acceptance criteria, controlled test data that is independent of training data, explainability measures, change control over model versions and monitoring in operation. If your facility is piloting AI for visual inspection, deviation triage or batch record review, Annex 22 is the document your validation strategy needs to anticipate. Canadian readers will recognize the direction from Health Canada's machine learning guidance for medical devices, which we covered in our PCCP explainer.

What the Revision Means for Canadian Exporters

Canadian manufacturers exporting to the EU feel this revision through three channels.

First, EU GMP certificates. Sites named on EU marketing authorizations or supplying EU importers must demonstrate EU GMP compliance, and the revised Annex 11 becomes part of that standard the day it takes effect. Our guide on how and why to get an EU GMP compliance certificate explains the certification pathway.

Second, the PIC/S channel. Health Canada is a PIC/S participating authority, and the revision was drafted jointly with PIC/S. When PIC/S adopts the parallel text, the same expectations will progressively shape Health Canada's own inspection practice for computerized systems, just as earlier PIC/S annexes did.

Third, the supply chain channel. EU importers and Qualified Persons will push the new audit trail, data handling and supplier oversight expectations down to Canadian sites through quality agreements and supplier audits, often before any regulator does.

This post is the third in our EU GMP 2026 series. The revised Chapter 4 on documentation redefines what counts as a GMP record, including photos and video, and the Annex 1 contamination control strategy guide covers the sterile manufacturing expectations that EU inspectors already enforce. Together with Annex 11 and Annex 22, they describe the EU's 2026 vision: digital records, controlled systems, secured infrastructure and disciplined data governance across pharmaceutical operations.

Gap Assessment Roadmap: A 90 Day Plan

You do not need the final text to start. The consultation draft is stable enough to act on, and the items below rarely get easier with time.

Days 1 to 15: Build the system inventory. List every computerized system touching GMP activities, including SaaS tools, spreadsheets used for GMP decisions, building management and lab systems. Record system owner, vendor, hosting model and GMP impact.
Days 15 to 40: Assess against the 17 chapters. Score each system against the draft chapter by chapter. Focus first on audit trails, access management, alarms and security, where the draft adds the most new detail.
Days 40 to 60: Review supplier contracts. Map every vendor and service agreement against the nine required contract elements. Flag missing exit strategies, inspection support clauses and version release testing rights for renegotiation.
Days 60 to 75: Prioritize remediation by risk. Rank gaps by impact on product quality, patient safety and data integrity. Quick wins usually include enabling and locking audit trails, removing shared accounts and formalizing audit trail review procedures.
Days 75 to 90: Plan the long lead items. Budget and schedule MFA rollout, penetration testing, legacy system isolation or replacement, alarm log upgrades and periodic review procedures. Feed the plan into your quality management review so senior management oversight, itself a draft requirement, is documented from day one.

Annex 11 Readiness Checklist

System inventory complete, with hosting model and GMP impact recorded for every system
URS exists, is current and is owned by you for every GMP system, including SaaS
Traceability matrix links requirements to test cases for validated systems
Audit trails enabled, locked and capturing who, what, when and why
Audit trail review procedure defines reviewer independence, scope, timing and batch release linkage
No shared write-access accounts anywhere in the GMP environment
MFA enforced for remote access to critical systems
Segregation of duties: no GMP user holds administrator privileges
Supplier contracts cover all nine draft elements, including exit strategy and inspection support
Security patching, antivirus and firewall reviews documented and current
Penetration testing scheduled for critical internet facing systems
Backups physically and logically separated, with documented restore tests
Archived GMP data protected as read only with verified integrity
Periodic review procedure and schedule established for all validated systems
Senior management review of computerized system compliance documented

Common Mistakes to Avoid

The most frequent failure we see is treating the revision as an IT project. The draft makes the quality unit and senior management explicitly accountable, so remediation owned solely by IT will miss the procedural and oversight requirements. The second mistake is waiting for the final text. The structural requirements, supplier contracts, access management and audit trail review will not materially change, and they carry the longest lead times. Third, companies assume their cloud vendor's SOC 2 or ISO 27001 certificate answers the supplier oversight chapter. It helps, but the draft still requires your own risk based audit or assessment, your own contract terms and documentation you can access and explain at your own facility. Fourth, validation teams keep testing everything at equal depth instead of concentrating on GMP critical functionality, which wastes effort the draft explicitly tells you to redirect. Finally, legacy systems with non-compliant audit trails get grandfathered informally. The draft offers no grandfather clause; it offers risk assessment, remediation or replacement.

Frequently Asked Questions

When will the final revised Annex 11 be published?

The European Commission and PIC/S published the draft on 7 July 2025 and closed the consultation on 7 October 2025. Final versions of Annex 11, Annex 22 and Chapter 4 are expected from mid-2026, with the operative date to be confirmed in the final texts.

Does the new Annex 11 apply to cloud and SaaS systems?

Yes. The draft applies to all computerized systems used in GMP activities regardless of hosting model. For cloud and SaaS, the regulated user remains fully responsible, must audit or assess the provider based on risk, must hold a contract covering nine defined elements and must be able to access and explain the compliance documentation from its own facility.

What changes for audit trails?

Audit trails must automatically capture who changed what, when and why, with old and new values, at the time of the event. They must be permanently enabled and locked, reviewed by independent personnel under a documented procedure, and generally reviewed before batch release. Reviews affecting release must be available to the Qualified Person at certification.

Is Annex 11 the same as FDA 21 CFR Part 11?

No. Part 11 is a binding US regulation focused on electronic records and signatures, while Annex 11 is an EU GMP guideline covering computerized systems broadly. The 2025 draft converges with Part 11 on electronic signatures and open systems but goes further on cybersecurity, supplier management, alarms and periodic review.

Does Annex 22 ban AI in pharmaceutical manufacturing?

No. Annex 22 permits AI in GMP critical applications when the model is static, deterministic and properly validated. It excludes dynamic models, generative AI and large language models from critical applications, though they may be used in non-critical roles under human oversight.

How does the revision affect Canadian manufacturers?

Canadian sites exporting to the EU must meet the revised Annex 11 to maintain EU GMP compliance. Because Health Canada participates in PIC/S and the text was drafted jointly with PIC/S, equivalent expectations are expected to reach Canadian inspections and customer audits over time.

What should a gap assessment cover?

All 17 chapters, with priority on audit trails, identity and access management, alarms, supplier contracts and security. The assessment should produce a risk ranked remediation plan with documented senior management oversight.

How MFLRC Can Help

MF License and Regulatory Consultants supports pharmaceutical, biotech and API manufacturers across Canada, the US and the EU with computerized system compliance. Our senior consultants conduct Annex 11 gap assessments against the draft text, build and remediate validation documentation including URS, traceability matrices and validation master plans, develop audit trail review and data integrity procedures through our quality assurance services, and prepare suppliers and contracts for the new oversight expectations through supplier and internal audits. For companies entering the EU market, our regulatory affairs and licensing team manages the full pathway from gap assessment to EU GMP certification.

Need help preparing for the 2026 Annex 11 requirements? Book a consultation with MFLRC for a gap assessment roadmap tailored to your systems and your markets.

Book an Annex 11 Gap Assessment

Conclusion

The Annex 11 revision is not an incremental update. It is a 17 chapter restatement of how EU and PIC/S regulators expect computerized systems, data and the people around them to be governed, secured and inspected. The direction is settled even before final publication: risk based validation anchored in owned requirements, audit trails reviewed before release, suppliers under contract and oversight, security treated as a GMP discipline and AI admitted only under strict conditions. Companies that start their gap assessment now will spread the cost over a comfortable timeline and walk into their next EU inspection with answers. Companies that wait for the final text will compress the same work into months while their competitors' QPs are already certifying batches against the new standard.

Sources and References

European Commission, Stakeholders' Consultation on EudraLex Volume 4: Chapter 4, Annex 11 and New Annex 22: https://health.ec.europa.eu/consultations/stakeholders-consultation-eudralex-volume-4-good-manufacturing-practice-guidelines-chapter-4-annex_en
European Commission, Draft Annex 11: Computerised Systems (consultation version, July 2025): https://health.ec.europa.eu/document/download/40231f18-e564-4043-94de-c031f813d38b_en?filename=mp_vol4_chap4_annex11_consultation_guideline_en.pdf
European Commission, EudraLex Volume 4, EU Guidelines for Good Manufacturing Practice: https://health.ec.europa.eu/medicinal-products/eudralex/eudralex-volume-4_en
PIC/S, Pharmaceutical Inspection Co-operation Scheme: https://picscheme.org
FDA, Computer Software Assurance for Production and Quality Management System Software (final guidance, September 2025): https://www.fda.gov/regulatory-information/search-fda-guidance-documents/computer-software-assurance-production-and-quality-management-system-software
FDA, Part 11, Electronic Records; Electronic Signatures, Scope and Application: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application
ICH, Q9(R1) Quality Risk Management: https://www.ich.org/page/quality-guidelines
Health Canada, Good Manufacturing Practices Guide for Drug Products (GUI-0001): https://www.canada.ca/en/health-canada/services/drugs-health-products/compliance-enforcement/good-manufacturing-practices/guidance-documents/gmp-guidelines-0001.html