MHRA continues to position its “Guidance on GxP data integrity” as applicable across all GxP sectors, explicitly including good pharmacovigilance practice (GVP), and describes it as a resource focused on core elements of compliant data governance. MHRA also notes the guidance addresses fundamental failures identified by MHRA and international regulatory partners during inspections across GLP, GCP, GMP and GDP.
For pharmacovigilance teams, the operational implication is that PV processes and PV computerised systems should be able to demonstrate data integrity through governance and control design that is defensible under inspection. This includes maintaining evidence that computerised systems comply with regulatory requirements and are validated for their intended purpose, as discussed in the MHRA PDF.
In parallel, the European Medicines Agency (EMA) has published a concept paper proposing revision of EU GMP Annex 11 (computerised systems). The concept paper signals direction of travel that includes enhanced data integrity expectations for both “data in motion” and “data at rest” (including backup, archive and disposal). EMA also indicates expectations around configuration hardening and integrated controls to safeguard data integrity, and states that technical solutions and automation are preferable to manual controls. The concept paper further indicates that the update will consider “digital transformation” and similar newer concepts.
Taken together, these sources reinforce regulator expectations that organisations operating computerised systems in regulated contexts—where those systems create, modify, transfer, store, or generate regulated data and outputs—should be able to explain and evidence how data integrity is protected across the lifecycle. In PV, this can include safety databases and supporting tooling that touch regulated safety data, including any AI-enabled workflows used to extract, transform, or support decisions within PV data pipelines (as a governance and controls topic rather than a named product).
From a compliance and inspection-readiness perspective, PV leaders should treat MHRA’s explicit positioning of GVP within cross-GxP data integrity expectations as a prompt to revisit whether PV data governance controls map clearly to inspection-observed failure modes referenced by MHRA. For EU-facing operations, the EMA concept paper is a forward-looking signal to monitor as Annex 11 modernisation progresses, with potential implications for how organisations justify reliance on manual controls versus automated controls, and how they document and evidence configuration management, audit trails/metadata governance, and supplier controls.
Practical next steps, consistent with the regulator signals described, include (1) mapping PV computerised systems and data flows that create or modify regulated safety data, including any AI-assisted extraction, coding, triage, or literature surveillance tooling; (2) gap-assessing governance and validation documentation against MHRA’s GxP data integrity guidance with GVP explicitly in scope; and (3) for EU-facing operations, monitoring EMA Annex 11 revision activity and pre-emptively reviewing integrity controls for data at rest/in motion, configuration hardening, and the use of automation versus manual controls, ensuring vendor oversight and validation documentation can support those controls during inspection.
PV Quality, QPPV oversight, and PV Technology/CSV leadership should align on an inspection narrative that links system validation, governance, and supplier oversight to the data integrity control set implemented across PV systems and interfaces.