The Regulatory Deep Dive
Regulatory Tightening:
- Change Control under EU GMP Annex 1, Chapter 4, and Annex 11
- For QA and Regulatory Managers, regulatory compliance requires addressing the latest updates.
- The EU GMP framework is tightening, placing immense pressure on documentation and computerizedsystem changes.
Here are the critical Change Control demands from the updated EU Annexes and Chapters:
EU GMP Chapter 4 (Documentation Update):
Specific Demand:
- Any change impacting a document’s content, format, control, or retention must be controlled.
- This includes the move to electronic systems or changes in data governance principles.
Application:
- Chapter 4 reinforces that records must be retained in an easily retrievable, secure, and unalterable form.
Changes must ensure the new documentation process fully adheres to data integrity principles, particularly the Attributable, Legible, Contemporaneous, Original, and Accurate (ALCOA+) standard.
Annex 1: Sterile Manufacturing & Contamination Control Strategy (CCS)
Specific Demand:
- Every change must be evaluated against the comprehensive, integrated Contamination Control Strategy (CCS).
Application:
- This requires assessing the impact on Aseptic Process Simulation (APS), changes to VHP/Sterilisation Cycles, and any change impacting Grade A/B environmental monitoring points.
Failure to demonstrate control over the CCS is a high-risk finding.
Annex 11: Computerised Systems
Specific Demand:
- Changes to hardware or software must be formally authorized and include a Data Integrity impact assessment
Application:
- Control applies to system interfaces, security patches, and operating system updates—all must be managed through Change Control to ensure the system remains validated and secure, fulfilling 21 CFR Part 11 requirements on audit trails and security.
Annex 22: Artificial Intelligence (AI) and Machine Learning (ML)
Specific Demand:
- Changes to the AI model, algorithm, training data, or infrastructure must be managed through Change Control.
- The change process must ensure the system’s robustness, reliability, and reproducibility are maintained.
Application:
- Unlike traditional software, changes to AI/ML models require control over the input data and re-training parameters.
Changes here must be strictly controlled to prevent “drift” that could silently impact quality decisions.
Takeaways
- Use the Classification/Risk Assessment stage to determine the Regulatory Filing Path before implementation.
- Never implement a Major Change requiring Prior Regulatory Approval (PAS/Type II) until the approval is received.
- Your submission strategy (timing and content) must be directly traceable to your internal risk classification.
Resource Person: BARBARA PIROLA
