The pharmaceutical quality landscape is undergoing a seismic shift. Traditional compliance frameworks like EU GMP Annex 1, which governs the manufacture of sterile medicinal products, remain critical. At the same time, new layers of regulation linked to digitalisation, artificial intelligence (AI) and data systems are emerging.
The result: QA teams must not only maintain mastery of GMP fundamentals but also develop new competencies in digital systems, risk-based controls and machine learning oversight.
The enduring importance of Annex 1
While the focus of many quality professionals is drawn toward the digital frontier, the revised Annex 1 still demands close attention. The 2023/24 update places greater emphasis on contamination control strategy (CCS), barrier technologies and robust environmental monitoring.
A recent survey found that around 75 % of participants reported having achieved at least 75 % compliance with the revised Annex 1 by mid-2024. Yet compliance gaps remain, especially in CCS and single-use/basis-technology areas.
For QA teams, this means ongoing vigilance: inspections are increasingly focusing on how contamination control strategies are documented, reviewed and integrated, not just whether they exist.
Enter digital, AI and data-driven quality
Beyond classical GMP, the regulatory momentum has shifted toward digital quality systems, computerised systems assurance and the use of AI/ML tools in manufacturing, analytics and control. The introduction of the EU AI Act, which came into force in August 2024, brings a risk-based regulatory framework for AI systems with major implications for pharma.
Additionally, pharma-specific publications such as the industry position paper by European Federation of Pharmaceutical Industries and Associations (EFPIA) recognise the need to apply existing GMP frameworks (e.g., computerised system validation) to AI/ML usage in GMP manufacturing.
And quality professionals are already seeing how documentation demands are changing: one article highlights the new “AI compliance documentation” requirements around risk assessments, audit trails, data integrity and human-in-the-loop provisions.
Implications for QA/QC Teams
Risk-based oversight becomes more strategic. AI-based systems deployed in manufacturing or analytics are increasingly treated as high-risk when they impact patient safety or product quality. The AI Act classifies them accordingly and mandates controls such as human oversight, transparency, data governance and documentation.
For QA teams, this means evolving from checking “did we test the system?” to “have we assessed all the risks, validated data pipelines and ensured human review of decisions?”
Integration of digital systems into the QMS. Many organisations are already challenged by ensuring that their computerised systems (QMS, LIMS, MES) align with EU GMP Annex 11. With AI oversight in the mix, QA needs to map AI tools into the QMS, change-control, system life cycle and audit-trail processes.
QA leads should ask: “Is this tool a critical quality attribute monitor? Does a model change trigger a deviation? How is data drift monitored?”
Documentation and training demands increase. The regulatory narrative has shifted: regulators are looking for evidence of proactive quality culture, governance and oversight, rather than a stack of static SOPs. For example, the AI-compliance article notes that only 9 % of life sciences professionals feel they understand AI regulation well today.
QA departments must therefore upskill teams in data-driven risk assessment, AI model governance and digital system validation. SOPs should reflect new workflows: model training, model monitoring, human override logs and change control for algorithms.
Regulatory scrutiny is evolving. With both Annex 1 and AI regulation enforcement ramping up, inspections will probe broader themes. The survey on Annex 1 found that over 50 % of respondents reported that regulators evaluated their Annex 1 compliance during inspection, focusing especially on CCS and barrier tech.
Meanwhile, future inspections may include scrutiny of algorithm logs, data-integrity trails and how AI decisions get overridden by humans. The “human-in-the-loop” principle is likely to become a key differentiator in inspection readiness.
Practical Steps for QA Teams
- Conduct a regulatory gap analysis. Map your sterile manufacturing sites against the updated Annex 1 (CCS, barrier systems, environmental monitoring) and your digital systems against AI/algorithm oversight requirements (AI Act, Annex 11/22).
- Build a digital quality roadmap. Prioritise systems where AI or advanced analytics influence quality decisions and ensure they are embedded in QMS governance: change control, data integrity, audit trails and human review.
- Train and engage staff. Ensure QA/QC professionals understand why algorithm drift, bias mitigation, data lineage and human oversight matter. Embed this in routine training.
- Enhance documentation. For any AI/ML system in production or QA decision support, ensure you have: context-of-use documentation, data provenance, model validation report, monitoring plan, change-control triggers and human override logs.
- Prepare for evolving inspections. Regulators will increasingly ask how digital tools are governed, how quality decisions made via advanced systems are reviewed and how contamination control strategy is embedded in the overall quality culture.
Conclusion
The intersection of classic GMP quality expectations and emerging digital-AI oversight is where the pharmaceutical industry finds itself in 2025. From the robust requirements of Annex 1 to the new frontier of the AI Act and digital system governance, QA teams must evolve to meet the challenge.
By reframing compliance as a proactive digital quality agenda, rather than just a set of checklists, quality professionals can position their organisations to move ahead with confidence, innovate safely and maintain compliance in an increasingly complex regulatory landscape.
If you’re looking to strengthen your Quality Assurance team, connect with QA Resources today. We’ll help you find experienced QA professionals who can support your compliance goals and keep your organisation inspection-ready.