A Starter Guide to GMP Annex 22: Ensuring AI Compliance in Pharma Manufacturing

As regulatory affairs specialists, quality assurance managers, compliance officers, and pharmaceutical manufacturing professionals, your role in ensuring AI compliance is crucial. This practical, audit-ready guide to the EU/PIC/S draft GMP Annex 22 on AI—what changed, how it links to Annex 11 and Chapter 4, and the actions to take now, is of utmost importance.

On 7 July 2025, the European Commission, in collaboration with PIC/S Inspectors, initiated a joint stakeholders’ consultation on three pivotal EU/PIC/S GMP texts. These texts include a new Annex 22 (Artificial Intelligence), a revised Annex 11 (Computerised Systems), and a revised Chapter 4 (Documentation). The consultation, aimed at supporting innovation while safeguarding product quality, patient safety, and data integrity, closed on 7 October 2025.

Understanding GMP Annex 22: AI-Specific Requirements

Annex 22 — definition, change, impact, evidence, and the need for proactive planning. This is not just about compliance, but about planning for the future of AI in pharmaceutical manufacturing. Definition (plain).Annex 22 is the EU/PIC/S draft GMP annex that sets AI-specific requirements for computerised systems used in manufacturing when AI affects patient safety, product quality or data integrity.

The regulators have made significant changes. They have specified that only static, deterministic AI models are permissible in critical GMP applications. Dynamic/adaptive models and probabilistic or generative/LLM systems are now out of scope for such use. For non-critical use, a human-in-the-loop is expected. The annex now requires range of new documentation and validation processes.

Why it matters, this narrows permissible AI to what you can validate, repeat, and explain—without introducing variability or opaque decisions—while signalling how to use non-critical AI safely (with trained, accountable humans in the loop).

The evidence required for compliance with Annex 22 is thorough and meticulous, reflecting the high standards set by the inspectors.

• Intended use dossier with input data characterisation, limits/edge cases, and SME accountability.

• Acceptance criteria & metrics (e.g., sensitivity/specificity/F1) set before testing and at least as good as the process replaced.

• Independent, verified test data (size, labelling QA, pre-processing rationale; no leakage).

• Explainability artefacts (feature attribution/heatmaps) were reviewed for appropriateness.

• Confidence thresholds and “undecided” handling for low-confidence outputs.

• Ops controls: change/config management, performance/drift monitoring, and records of HITL review, which were relied upon.

What to do next.

• Define intended use and sample space; appoint an accountable SME.

• Set metrics/acceptance criteria and subgroup thresholds pre-test.

• Build an independent test dataset and lock access with an audit trail.

• Implement explainability reviews and confidence gating.

• Plan ops monitoring and put the whole model under change control.

In short: Annex 22 lets you use only explainable, deterministic AI for critical GMP—and tells you how to prove it.

Key Changes in Annex 11 and Chapter 4 Relevant to AI

Annex 11 governs all computerised systems used in GMP. The 2025 draft revision doubles down on lifecycle validation, QRM, security, audit trails, e-signatures, and periodic review—and it’s developed with PIC/S for global alignment.

What changed.

The draft requires validation throughout the lifecycle, clear system requirements and traceability, robust supplier/service control, and that replacing a manual step must not increase risk to quality, safety, or data integrity. It also adds detailed security, backup, and archiving expectations.

Why it matters: even if your AI meets Annex 22, the system around it (platforms, interfaces, identities, logs, backups) must meet Annex 11. That’s what an inspector will check end-to-end.

Show evidence.

• URS/requirements reflecting actual implemented functionality; traceability to tests.

• Qualification/validation with focus on data integrity, alarms, calculations, boundary/negative tests, and restore from backup.

• Identity & access management (unique accounts, least privilege, MFA for remote, access/audit logs).

• Audit trails that capture who/what/when/why and cannot be disabled or edited; risk-based reviews before batch release.

• Security & patching (segmentation, firewalls, timely OS support/patching, USB control, AV, penetration tests).

What to do next.

• Map Annex 22 model artefacts into Annex 11 validation/lifecycle controls.

• Tighten supplier and internal IT SLAs/KPIs for AI-reliant systems.

• Schedule periodic reviews to keep the system fit for intended use.

In short, Annex 22 is the AI layer; Annex 11 is the system spine. You need both.

Chapter 4 — documentation & data governance for AI

.Chapter 4 sets expectations for documentation and data governance across the data lifecycle, irrespective of paper, electronic, or hybrid systems.

What changed.

The draft clarifies data governance (ownership, controls, risk-based reviews), embeds ALCOA++, and explicitly states that where AI or automated scripts support manufacturing decisions, Annex 11 (and Annex 22 for AI) applies.

Why it matters. Your AI story is only as strong as your records. Inspectors will look for complete, consistent, enduring, available data—with metadata—plus clear signature policies, retention, and hybrid-system controls.

Show evidence.

• Data lifecycle controls (creation→processing→verification→decision→retention→retirement).

• Reasonable documentation practice procedures, and contemporaneous records.

• Hybrid system descriptions with validated interfaces and review procedures.

What to do next.

• Update SOPs to reflect AI support, data governance roles, and ALCOA++.

• Define raw data & metadata for AI outputs; avoid paper fallbacks unless validated true copies.

• Align signatures and retention rules to electronic-first practice.

In short: If it’s not documented and governable, it’s not compliant.

QRM context from Chapter 1 — make your risk story traceable

Chapter 1 outlines the Pharmaceutical Quality System, now updated to mirror ICH Q9(R1), including risk-based prevention/mitigation of shortages and managing subjectivity in QRM.

What changed.

More explicit use of knowledge + QRM through the lifecycle, early-warning systems, and recognition of product-availability risks as part of quality.

Why it matters: your AI justifications (datasets, thresholds, confidence) are risk decisions. Regulators expect formal risk identification→analysis→control→review, with reduced subjectivity and management oversight.

Action.

• Trace every AI acceptance criterion to a QRM decision.

• Trend model and process KPIs in PQRs/management review.

• Document rationales and residual risks; escalate where patient/product/data risks rise.

EU focus, AU outlook (PIC/S alignment)

The consultation makes clear that these drafts were co-developed with PIC/S, supporting global alignment. This matters for Australia (a PIC/S member): while no EU effective date is set yet (subject to consultation), PIC/S alignment often informs TGA expectations over time. Treat Annex 22/11/Chapter 4 as directional signals and start readiness work now (projection).

Scope note: This article covers manufacturing/GMP documentation, systems, and AI expectations—not GCP/clinical site SOPs.

Readiness checklist (evidence you can show)

• Map intended use (inputs, subgroups, edge cases) and appoint an SME owner.

• Pre-define metrics & acceptance criteria (incl. per subgroup) and justify vs. replaced process.

• Lock test data independence and labelling quality; record access via audit trail.

• Integrate explainability and confidence thresholds into release decisions.

• Validate the host system per Annex 11 with full traceability and negative tests.

• Harden security (MFA, patching, backups, segmentation, AV, pen tests).

• Update documentation (ALCOA++, hybrid system controls, signatures, retention).

• Run periodic reviews; trend KPIs; keep “no risk increase” evidence current.

FAQs

1. Can we use a large language model in batch disposition or parameter release?

No. Generative/LLM systems are explicitly out for critical GMP uses; consider them only for non-critical tasks with trained HITL review and clear records.

2. We already have an ML model on the line. Do we need to “re-do” validation?

If it’s dynamic or probabilistic, it won’t pass Annex 22 for critical use. If static/deterministic, bring it under Annex 11 lifecycle, test per Annex 22, and ensure no risk increase vs. the manual process.

3. What counts as “independent test data”?

Data never used in development/training/validation, protected by access control and audit trail, with documented split and reuse tracking.

4. How do Annex 22 and Chapter 4 interact?

If AI supports decisions, Chapter 4 expects governed documentation and ALCOA++, while Annex 22/11 define model/system controls. Link them in your URS, SOPs, and evidence packs.

5. We rely on a vendor/cloud service—what does that change?

Nothing about accountability: you remain responsible for supplier/service oversight, SLAs/KPIs, documentation access, audits, and inspection support.