English
DeutschGerman (Switzerland)
Book a Meeting

Recap: DHC GxPert Talk on Annex 11 & Annex 22: Regulation meets Reality

On July 24, 2025, the time had come: the first DHC GxPert Talk offered executives and specialists from the life sciences industry an exclusive platform for exchange on the drafts of the EU GMP Guideline Annex 11 (“Computerised Systems”) and the entirely new Annex 22 (“Artificial Intelligence”) and their far-reaching consequences for GxP compliance, validation, and IT security.

Picture of Karsten Schulz, Director Sales, Marketing & Business Development, DHC GmbH
Karsten Schulz, Director Sales, Marketing & Business Development, DHC GmbH
'DHC GxPert Talk' logo on a light background — representing an expert event on current GxP compliance topics such as Annex 11 and Annex 22.

What is the DHC GxPert Talk?

With the GxPert Talk, DHC launches a new dialogue format that focuses on current regulatory, technological, and practically relevant developments. At its core are short keynote presentations, followed by interactive discussions that enable exchange among professional colleagues and with DHC experts. The premiere addressed a particularly pressing topic: the regulatory realignment by the EU Commission, published on July 7, 2025.

Question: What are the benefits of revising Annexes 11 and 22?

Dr. Wolfgang Schumacher, DGQ expert auditor and former Head of Quality Computer Systems at Roche, opened the discussion with an in-depth overview of the new regulatory drafts. He was accompanied by Dr. Lukas Klemmer, Senior Consultant at DHC, and Karsten Schulz, technical host and Sales Director at DHC.

Key topics of the keynote presentation were:

  • Annex 11: Extended requirements for risk management, audit trails, electronic signatures, cybersecurity, supplier contracts, and traceability.
  • Annex 22: First-ever regulatory classification of artificial intelligence in the GMP environment, with a focus on static AI, explainable models, human control, and data integrity.

A clear conclusion: The drafts contain an unprecedented level of detail that presents the industry with technical and strategic challenges.

Key Insights from the Discussion

During the open discussion round, participants shared their practical questions and assessments. Here are some key highlights:

Cybersecurity Becomes Mandatory

The new Annex 11 addresses the topic of cybersecurity extensively: requirements for firewalls, patching processes, penetration tests and encryption are becoming regulatory obligations. Small and medium-sized companies in particular are facing limited resources and high demands.

AI Between Regulatory Ambition and Innovation Constraint

The new Annex 22 on artificial intelligence aims to create legal certainty, but according to the discussion participants, it actually achieves the opposite. Points of criticism:

  • Focus only on static AI (LLMs are excluded)
  • The “human in the loop” requirement undermines automation potential
  • Lack of practical relevance makes meaningful implementation difficult

DHC is actively coordinating a task force to comment on Annex 22.

Traceability & Validation: Growing Complexity

The experts emphasized that a manually maintained traceability matrix, for example in Excel, is hardly practical anymore. Integrated tools (such as those used by Sartorius combining Jira and Q-Test) or solutions from the SAP Store are becoming the new standard. DHC has developed an innovative tool in this area together with SAP.

Audits, Cloud & Suppliers

Cloud service providers such as Microsoft or Amazon cannot realistically be audited. This requires smart contract design, secondary verification sources (e.g. whitepapers, SOX reports) and practical approaches for mid-sized companies.

Conclusion: Between Obligation and Opportunity

The new annex drafts mark a turning point in the regulatory landscape: highest requirements, new responsibilities, and increasing complexity, particularly through AI and cybersecurity. At the same time, they offer the opportunity to elevate validation, quality, and compliance to a new digital level.

The GxPert Talk clearly demonstrated: Only those who engage with the drafts early, question existing processes, and proactively address regulatory requirements can remain competitive, legally secure, and future-proof.

Would you like to explore this topic further?

Take the opportunity to discuss your individual questions about the annex drafts, validation strategies, or compliance requirements 

Book a free Initial Consultation
Author picture
Magazine

More Articles from the Blog

SAP Innovation Meets GxP Compliance
How Are Cloud, SaaS, AI & Frequent Releases Changing Validation?
SAP QIM End of Support 2027: Why Companies should act now
SAP QIM support ends in 2027: Learn what risks arise and why an early migration to QM in S/4HANA is
GxP Friendly Audit for Ledidi Trials: SaaS Platform for regulated Clinical Trials
As part of an independent GxP Friendly Audit, the SaaS platform Ledidi Trials was comprehensively evaluated by DHC.
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.