The Proper Approach to Batch Release Disposition

Introduction

Under both GMP regulations (for pharmaceuticals) and QMS regulations (for medical devices), manufacturers are required to conduct batch release disposition before releasing products to the market.

In the batch release disposition process, the Quality Assurance (QA) department is required to review manufacturing records and quality testing records before authorizing product release.

However, in many Japanese companies, if there are no deficiencies in manufacturing records or quality testing records, they simply affix a seal (or signature) for release authorization. Such a simplistic approach could be performed even by part-time or temporary employees.

In principle, batch release disposition should involve a third-party entity such as the Quality Assurance department conducting a thorough and comprehensive investigation of all manufacturing records and quality testing records, and only approving release when there are absolutely no questions or concerns.

International Perspective: The Role of Qualified Persons

As part of my professional work, I have the opportunity to audit overseas companies. In Europe, only a Qualified Person (QP; or Authorised Person (AP) in PIC/S member countries outside Europe) is authorized to approve product release. Even if someone is a company executive or factory manager, they cannot approve release without QP qualifications.

In European pharmaceutical companies, QPs typically employ a team of four to five subordinates who exhaustively investigate all manufacturing records and quality records. Moreover, they implement a double-check system.

Manufacturing records include validation records. Quality testing records include sampling records. Naturally, transcription errors, documentation errors, and calculation errors are also checked.

Special attention must be paid to the verification of changes to raw data. For electronic records, verification of audit trails is critical.

Additionally, depending on necessity, they may reference reagent management status, calibration records, training records, and other documentation.

The QP ultimately approves release only when they have complete confidence in the quality of the product in question.

Regulatory Requirements for Computerized Systems

PIC/S GMP Annex 11

The PIC/S GMP Annex 11 “Computerised Systems,” which was issued on January 1, 2011, contains the following provisions:

Section 15: Batch Release

When computerized systems are used for recording approvals and batch release, the system must permit only the Authorised Person to approve batch release and must clearly record the identity of the person who released, i.e., approved, the batch.

Electronic signatures must be used for this operation.

The name of the QP (or AP) who approved release must be clearly recorded for each batch. Once a QP (AP) approves release, even if there are errors by the manufacturing or quality departments, the person responsible for release disposition bears that responsibility.

The reason electronic signatures must be used here is that electronic signatures cannot be backdated (whereas handwritten signatures allow arbitrary dates to be written).

Recent Regulatory Updates (2025)

It is important to note that in July 2025, the European Commission and PIC/S released draft updates to three critical GMP guidance documents for stakeholder consultation: revised Chapter 4 (Documentation), revised Annex 11 (Computerised Systems), and new Annex 22 (Artificial Intelligence). The consultation period ran through October 2025, with final versions expected to be implemented in mid-2026.

The revised Annex 11 represents the most significant overhaul in over a decade, expanding from the 2011 version to address modern digital technologies including cloud infrastructure, artificial intelligence, machine learning systems, and enhanced cybersecurity requirements. The new draft is approximately four times the length of the current version and includes seven entirely new sections, reflecting the technological advances since 2011.

Key enhancements in the draft revised Annex 11 include:

• Expanded scope to cover all computerized systems with direct or indirect impact on product quality or data integrity
• Enhanced requirements for audit trail management, including technical setup and timely review expectations detailed in ten structured subsections
• Explicit requirements for IT security (firewalls, disaster recovery, patches, virus protection, and regular penetration tests for critical systems)
• Comprehensive guidance on data lifecycle management, requiring maintenance of documents, metadata, audit trails, and ownership responsibilities throughout their lifecycle
• Formal recognition of hybrid systems (combining paper and electronic records) which must be controlled under validated procedures
• Mandatory application of ALCOA++ principles (Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available) for all documentation systems

Furthermore, Annex 11 includes the following additional requirements:

Section 8: Printouts

8.1: For data stored electronically, it must be possible to produce clearly printed copies.

8.2: For records supporting batch release, it must be possible to generate printouts that show whether data has been changed since the original input.

Data stored electronically includes not only raw data but also metadata such as audit trails.

Records supporting batch release (that is, manufacturing records and quality testing records) must allow verification of whether changes have been made since the initial input. In other words, audit trails must be printable.

This is necessary because Quality Assurance departments, audit personnel, and regulatory inspection officers need to check audit trails.

In essence, mechanisms must be in place to detect tampering.

US FDA Requirements: 21 CFR Part 11

The regulation 21 CFR Part 11 “Electronic Records, Electronic Signatures,” which was enacted in August 1997, contains the following provision:

Section 11.10(h)

Use of device checks (such as terminal equipment) to determine, as appropriate, the validity of the source of data input or operational instructions.

This requirement is difficult to understand and ambiguous, and few people correctly comprehend it.

This requirement demands that during batch release disposition and similar operations, input must be verified to come from the correct terminal (i.e., the correct person), and that unauthorized individuals cannot perform batch release disposition.

FDA’s Current Approach and Computer Software Assurance

It should be noted that the FDA issued guidance in 2003 titled “Part 11, Electronic Records; Electronic Signatures – Scope and Application,” which exercised enforcement discretion on certain Part 11 requirements while maintaining focus on predicate rules and data integrity principles.

More recently, the FDA has been developing a Computer Software Assurance (CSA) approach, with draft guidance issued in September 2022. CSA aims to replace the traditional Computer System Validation (CSV) approach with a streamlined, critical thinking-driven process. Under CSA, validation efforts are scaled to the risk that software poses to quality. The draft guidance was on FDA’s FY 2025 agenda and is expected to be finalized by late 2025 or early 2026.

Despite these modernization efforts, the core principles of 21 CFR Part 11 remain vital in 2025, anchoring the trustworthiness of electronic records and signatures. The fundamental requirements for system validation, audit trails, secure user authentication, and record integrity continue to provide a proven framework ensuring electronic data can withstand scrutiny equivalent to paper records.

Personal Responsibility and Professional Accountability

I once had the opportunity to speak with a former Quality Assurance manager of a pharmaceutical company who had been responsible for batch release disposition for many years. He said that when he retired, he was finally able to sleep peacefully at night. This is because he felt responsible in case there were any quality issues with products he had approved for release that caused health harm to patients.

This anecdote powerfully illustrates the profound personal and professional responsibility inherent in the role of those who approve batch release. In the European system, this responsibility is formally recognized through the Qualified Person designation, which carries legal accountability defined in EU Directive 2001/83/EC. The QP’s role and personal accountability are enshrined in legislation, making it clear that the person certifying batch release bears direct responsibility for ensuring that each batch has been manufactured and tested in compliance with GMP requirements and marketing authorizations.

The EU GMP Annex 16 “Certification by a Qualified Person and Batch Release,” which was revised in 2016 to address the complexity of global supply chains, details the three-stage process of batch certification:

1. Checks of the manufacture and testing of the batch in accordance with defined release procedures
2. Confirmation that all necessary reviews have been completed
3. Final certification by the QP that the batch meets all requirements

The QP must have access to all documentation including deviations, investigations, change control, and Corrective and Preventive Actions (CAPA). They are expected to not only fulfill the basic principles of batch certification but also to ensure and guarantee that an appropriate Pharmaceutical Quality System is in place for both the medicinal product and the active pharmaceutical ingredient.

Conclusion and Recommendations

It is hoped that many pharmaceutical companies and medical device companies will properly understand the purpose of batch release disposition and, from the patient’s perspective, conduct thorough record checks before releasing products.

In an era of increasing digitalization and global supply chains, the principles underlying proper batch release disposition remain constant: records must be complete, accurate, and attributable; approvals must be genuine and accountable; and systems must be in a state of control. Whether operating under the European QP system, US FDA regulations, or PIC/S guidelines, the fundamental objective is the same: to ensure that only products meeting all quality standards reach patients.

Organizations should stay informed about the latest regulatory developments, including the forthcoming revised EU/PIC/S GMP guidance documents expected in 2026, and the FDA’s Computer Software Assurance approach. They should adapt their compliance programs to embrace risk-based methods while maintaining unwavering commitment to patient safety and product quality.

The complexity of modern pharmaceutical and medical device manufacturing, with its electronic systems, global supply chains, and advanced technologies, demands even greater vigilance and professional responsibility in batch release disposition. The role of those who certify batch release—whether as European Qualified Persons, US quality professionals, or their equivalents in other jurisdictions—carries both ethical and legal weight that must be taken seriously to protect public health.

Summary Table: Key Regulatory Requirements for Batch Release

Regulation	Key Requirements	Special Notes
PIC/S GMP Annex 11 (2011)	Electronic signatures required for batch release; Only Authorised Person can approve release; Clear recording of approver identity	Currently in revision; draft updated version released July 2025 for consultation
PIC/S GMP Annex 11 (Draft 2026)	Expanded scope including all computerized systems; Enhanced audit trail requirements; Mandatory ALCOA++ principles; IT security requirements including penetration testing	Expected implementation mid-2026; consultation period ended October 2025
PIC/S GMP Annex 16 (2016)	Three-stage batch certification process; QP must have access to all documentation; QP bears personal legal responsibility	Applies to EU and PIC/S member countries
21 CFR Part 11 (1997)	Device checks to verify authorized personnel; Audit trails required; Electronic signatures must be unique and linked to records	FDA exercised enforcement discretion via 2003 guidance; core principles remain vital
FDA CSA Approach (Draft 2022)	Risk-based validation scaled to software impact on quality; Critical thinking-driven process replacing traditional CSV	Expected finalization late 2025 or early 2026
EU GMP Chapter 4 (Draft 2025)	Data lifecycle management; Hybrid systems formally recognized; ALCOA++ principles mandatory	Part of July 2025 consultation package
EU GMP Annex 22 (New 2025)	First formal regulation of AI/ML in GMP environments; Applies to static, deterministic AI/ML models with direct GMP impact	Marks regulatory milestone acknowledging AI in pharmaceutical manufacturing

Key Takeaways for Practitioners

For Quality Assurance Professionals:

• Batch release disposition is not merely an administrative task but carries profound professional and legal responsibility
• Thorough investigation of all manufacturing and quality records is essential, not just checking for obvious deficiencies
• Double-check systems and comprehensive review teams should be considered best practice
• Stay informed about upcoming regulatory changes, particularly the revised Annex 11 expected in 2026

For Organizations:

• Invest in proper training and resources for personnel responsible for batch release disposition
• Implement robust electronic systems with complete audit trail capabilities and electronic signature functionality
• Prepare for upcoming regulatory changes by conducting gap analyses against draft requirements
• Ensure computerized systems comply with both current and forthcoming ALCOA++ and data integrity principles

For System Implementation:

• Electronic signatures must prevent backdating and clearly record the approver’s identity
• Audit trails must be printable and reviewable to detect any data tampering
• Access controls must ensure only authorized personnel can approve batch release
• Systems must support the verification of all changes to raw data from initial input through final approval

The evolution of regulations from the 1997 21 CFR Part 11 through the 2011 PIC/S Annex 11 to the forthcoming 2026 revisions demonstrates the pharmaceutical industry’s continuous commitment to adapting quality standards to technological advances while maintaining unwavering focus on patient safety. Organizations that proactively prepare for these changes will be better positioned to maintain compliance while leveraging modern digital technologies to enhance product quality and operational efficiency.