Viewpoint: Why pharma isn't ready for DSCSA compliance

There are only a few months left before the final November 27, 2023 deadline for DSCSA regulations take effect, yet many manufacturers have yet to reach compliance. Christoph Krähenbühl, senior director at Excellis Health Solutions and former AstraZeneca serialisation lead, shares insight into the current challenges; and how to overcome them in time.

The forthcoming Drug Supply Chain Security Act (DSCSA) final milestone will affect every pharmaceutical manufacturer operating in the US market. This critical legislation requires pharma companies to serialise their products with a unique identifier on each item of medication to make every product fully traceable. Some basic US requirements are similar to what manufacturers have had to put in place for other markets – such as each pack requiring a scannable barcode with a unique serialisation number which must be retained by the Marketing Authorisation Holder (MAH) – but the US approach is very different in that there’s no central repository.

That means manufacturers will have to send the data out with every shipment, as every pack makes its way through each step of the supply chain. For example, if a manufacturer sends 1,000 packs to someone, they would need to generate and send 1,000 serialisation numbers, while also making sure they can respond to queries – in real-time – about the legitimacy of any pack being scanned.

In Europe, such queries or alerts are raised at the point of dispense and responsibility bounces back immediately to the MAH through the EU-wide Medicines Verification System. However, without such a system in the US, there’s no single point where verification queries would be received. The question as to what the system infrastructure and the processes that MAHs have to put in place is therefore still one of the areas that needs urgent attention, and many pharma businesses are still unprepared for the November 2023 deadline. In recent research by Excellis Health Solutions, less than half of those surveyed were at full readiness, with only a small proportion of mid-large sized pharma manufacturers fully understanding DSCSA requirements.

The barriers to implementation are multi-faceted. Firstly, in contrast to Europe’s ‘big bang’ with the EU-FMD regulations, the US has taken a phased approach to serialisation implementation, with a gradual increase in obligation over time. This has meant less immediate pressure, but it’s also allowed people to quite naturally take their eye off the ball.

Secondly, because the early requirements were quite challenging, the FDA announced various enforcement holidays which reduced the sense of urgency. Thirdly, unlike in Europe where the EU regulations actually defined the systems and process of compliance in great detail, the US legislation remains at high level, setting out the need for an electronic, interoperable system but leaving it to industry stakeholders to define by test and trial what this will require in detail. The merit of this approach is that it will enable a solution that’s practical and effective. But it also means that unless companies are actively engaging with these working parties, they won’t be up to speed on developments because there’s been no serialisation ‘playbook’ this time around.

Fourthly, because of the way US processes work, it’s unavoidable that manufacturers will also have to incorporate aggregation; not only serialising and capturing codes on each sales pack, but also the cases those packs are shipped in, right up to pallet level. So unlike in Europe, this will require at least three levels of information to be managed. This capability is not yet something that all manufacturers have established.

The final obstacle is the obligation to quickly respond to queries. We talk about the Verification Routing Service (VRS) in terms of returned, serialised products, but how will that actually be done? This has been seen for a long time as a system component associated with returns, yet some pharma companies quite legitimately say that the nature of their product means they don’t accept returns.

However, even if manufacturers don’t normally accept returns, they will in practice have to deal with the inevitable mistakes during the pick-pack-ship process. Otherwise, there will be scenarios where products are ready to be loaded and are checked out of the system, only for the manufacturer to realise there’s a problem and be obliged to destroy thousands of dollars’ worth of product because of their no-returns policy.

Needless to say, technology will play a huge role in all readiness initiatives; we have to remove as much potential for human error as possible. But in the serialised world, data and physical product are integrally linked: if your data is wrong, the physical product is worthless. In order to verify the data with the US model, systems must be linked and integrated with all partners so you can easily send and receive data.

By now, all pharma companies should have made sure they know what the requirements mean for their products and supply chain set-up. Key considerations will be which third parties they will use, who the various obligations will fall to, whether all their bases are covered or whether they will need to connect to more trading partners, perform the necessary checks and get them onboarded. They will also need to know what their traceability repository – the EPCIS – will look like and have a process in place to deal with queries and responses, as well as exception handling.

In Europe, we’ve seen alert rates - even now, four years after go-live – of one in every 500 packs. Given the millions of packs processed every day, that’s a lot to be dealt with. In the US, the rate of alerts won’t be so high because we’ll have traceability through the whole supply chain, rather than at the last minute when the pharmacist scans the product. But still, whenever an exception happens, it must be addressed.

So, to the big question. Will the FDA delay the deadline again to allow more time? Possibly, but don’t bet on it. My advice is always to hope for the best but plan for the worst. Because if you’re not ready for November 27, you’ll no longer have legal products from November 28.

Christoph Krähenbühl is senior director at Excellis Europe and widely recognised as a thought leader and technical expert in supply chain, product security, coding, serialization and master data in life sciences/pharmaceuticals.