The recent updates to Chapter IV (Documentation) and Annex 11 (Computerised Systems) should not be seen as isolated changes. Together, they represent a profound transformation in how companies are expected to manage information under GMP regulations. In addition, the new Annex 22 (Artificial Intelligence) introduces, for the first time, an explicit and formal framework for data governance. Its main objective is to ensure the integrity, traceability and governance of GMP data, moving beyond traditional document management.
Historically, GMP compliance focused on the correct handling of documents: procedures, records and files. With digitalisation, the focus has shifted. The data generated and stored within computerised systems has become the core element of information, while documents are now simply representations of that data. In other words, we are moving from document control to data lifecycle control.
Chapter IV, in its updated version, is no longer limited to document management. It now provides guidance for managing, governing and protecting GMP data within the Quality System. Annex 11 goes beyond the validation of computerised systems, establishing a technical framework to ensure that generated data remains complete, traceable and properly governed throughout its entire lifecycle. Annex 22 acts as a conceptual and organisational bridge, defining responsibilities, promoting a data integrity culture, and integrating governance with the Quality System, risk management and change control.
Since Artificial Intelligence operates on data rather than documents, data must be structured, traceable, complete, and supported by reliable metadata. Only under these conditions can algorithms operate on governed information and generate reliable, auditable outputs in GMP environments, enabling advanced analytical applications.
Without proper data governance, the use of Artificial Intelligence in GMP environments is not feasible. This regulatory approach becomes a key enabler for future applications such as automated batch record review, predictive deviation detection, process trend analysis, or assisted parametric release.
Key questions to assess organisational alignment:
• Do we know which GMP data we generate?
• Do we know the origin of that data?
• Who is the data owner for each data element?
• How does data flow across systems?
• How is it protected throughout its lifecycle?
Naturally, this shift in perspective also changes how regulatory compliance is assessed. It is no longer about reviewing a SOP or a paper record; it starts with a critical GMP data element and examines its full lifecycle, integrating people, systems, data, metadata, documents and records. Any weak link or uncontrolled element becomes a compliance gap.
In summary, the relationship between Chapter IV, Annex 11 and Annex 22 is neither coincidental nor redundant. It forms a regulatory architecture that transforms GMP information management and establishes a holistic approach, placing data at the centre of quality and compliance strategy. Documents are no longer the main focus but part of a broader data governance framework, where integrity, traceability and control are essential. Organisations that understand and apply this synergy will be prepared not only to meet current requirements, but also to safely leverage Artificial Intelligence and advanced analytics in a regulated environment.
