Introduction: The Seal Culture Problem Highlighted by the COVID-19 Pandemic
The global COVID-19 pandemic forced many companies to transition to remote work. However, in Japan, a widely recognized problem emerged: employees were required to come to the office, risking infection, solely to affix their seals (hanko) to documents. This “coming to work for a seal” issue starkly revealed the severity of Japan’s dependence on seals in business practices.
The author has only worked for foreign-affiliated companies and, except for government-related documents, has rarely encountered the seal culture within organizations. This experience has provided an external perspective to objectively observe how the seal-dependent business processes unique to Japanese companies have become a significant barrier to digitalization.
Fundamental Differences Between Handwritten Signatures and Seals
The greatest advantage of handwritten signatures is their ability to prove identity even in faxed or scanned documents. This is because handwriting itself possesses biometric authentication characteristics that identify an individual. Handwriting analysis can scientifically verify whether a signature was made by the purported individual. Therefore, when obtaining approval, returning a signature via fax can ensure identity without physically transporting the document.
On the other hand, seals have an inherent problem. A seal itself is merely a physical tool, and it is impossible to identify who actually affixed it. When seals are not properly managed, “impersonation” by others becomes easy. Article 228, Paragraph 4 of the Japanese Code of Civil Procedure adopts the “two-step presumption” theory, which presumes that documents with seals were “created based on the will of the person.” However, this is merely a legal presumption; the seal itself does not have biometric authentication capabilities to prove identity.
This fundamental difference creates disparities in requirements for digitalization.
The Essence of Electronic Signature Regulatory Requirements
Electronic signatures are governed by regulatory requirements such as the U.S. Food and Drug Administration’s (FDA) 21 CFR Part 11 “Electronic Records; Electronic Signatures” (enacted in 1997, amended in 2023), and Japan’s Ministry of Health, Labour and Welfare’s “Guidelines on the Use of Electronic Records and Electronic Signatures in Applications for Approval or Permission of Pharmaceuticals, etc.” (issued April 1, 2005, Notification No. 0401022, commonly known as the ER/ES Guidelines). Notably, the FDA issued updated guidance in October 2024 regarding electronic records and electronic signatures in clinical trials, clarifying considerations for cloud systems and digital health technologies.
However, a crucial point must be understood here.
21 CFR Part 11 and the ER/ES Guidelines establish requirements for digitizing handwritten signatures. These regulations were not formulated as requirements for digitizing seals.
As mentioned above, handwritten signatures can only be created by the individual due to the unique characteristics of handwriting. However, electronic signatures lack this “handwriting” biometric element, making it possible for anyone to “impersonate” another person when creating an electronic signature without appropriate technical and administrative controls.
Therefore, 21 CFR Part 11 and the ER/ES Guidelines were established to provide electronic signatures with authenticity equivalent to handwritten signatures. These regulations define the following requirements:
Key Requirements:
- Two-factor authentication combining user ID and password
- Automatic recording of audit trails
- Access control and system validation
- Reliable linking of electronic signatures and electronic records
- Ensuring authenticity, readability, and durability
These requirements enable electronic signatures to possess identity verification capabilities and legal validity equivalent to handwritten signatures.
Contradictions and Challenges in Digitizing Seals
This raises a fundamental problem.
Normally, in pharmaceutical manufacturing and medical device manufacturing, GxP documents such as manufacturing records and quality test records use seals (including date stamps) for approval. Isn’t it somewhat unreasonable to require full compliance with 21 CFR Part 11 or the ER/ES Guidelines when digitizing these documents?
This is because, although seals in the original paper-based records cannot prove identity, strict identity verification equivalent to handwritten signatures is demanded when digitizing them. If “equivalence” with paper media is required upon digitization, shouldn’t “electronic seals”—digitized versions of seals that lack identity verification capabilities—also be accepted while similarly lacking identity verification capabilities?
Legal Status of Electronic Seals in Japan
In Japan’s legal system, the “Act on Electronic Signatures and Certification Business” (Electronic Signature Act) was enacted in 2001, clarifying the legal validity of electronic signatures. Article 3 of this law stipulates that “when an electronic signature is made by the principal regarding information recorded in an electronic record, it shall be presumed to have been duly executed.”
However, electronic seals as mere seal image data do not meet the requirements of the Electronic Signature Act (identity and non-repudiation) and therefore have extremely limited legal evidentiary value. On the other hand, electronic seals combined with electronic certificates issued by certification authorities meet the requirements of the Electronic Signature Act and are recognized as legally valid.
This situation provides important implications for document management under GxP regulations.
Gaps in Regulatory Requirements and Future Prospects
Current regulatory requirements do not explicitly address the appropriateness or management requirements for the use of seals themselves.
Ideally, GxP-related documents and records should eliminate seals and adopt handwritten signatures from the perspective of ensuring authenticity. Otherwise, it is impossible to adequately prove the authenticity of paper records.
However, considering that seal culture is deeply rooted in Japanese business practices, allowing the use of electronic seals under certain conditions may be a practical solution. In such cases, the following management requirements should be met:
Recommended Management Requirements for Electronic Seal Use:
- Establishment of procedures for issuing and managing electronic seals
- Clear identification of users and their usage authority
- Recording of usage history and retention of audit trails
- Technical measures to prevent unauthorized use
- Regular review and auditing of usage status
The ER/ES Guidelines were essentially formulated with reference to 21 CFR Part 11. However, considering Japan’s unique seal culture, the failure to include specific requirements for seals and electronic seals (including their management requirements) represents an incompleteness in the guidelines.
As of 2024, with the promotion of Digital Transformation (DX), many companies are advancing the digitalization of business processes. Within this trend, clearer and more practical guidance on handling seals is being demanded.
Conclusion and Recommendations
Ensuring data integrity in the pharmaceutical and medical device industries is a critical issue directly related to patient safety and product quality. Ideally, returning to the fundamental purpose of ensuring authenticity, the use of seals that cannot prove identity should be gradually eliminated and transitioned to handwritten signatures or appropriate electronic signatures.
However, as a realistic transitional measure, I propose the following:
- Adopt a Phased Approach: Progressively transition from documents of high importance to handwritten signatures or electronic signatures
- Establish a Hybrid Period: During the transition period, impose strict management requirements on seal use
- Conditional Acceptance of Electronic Seals: Allow electronic seal use only when appropriate management requirements are met
- Advocacy to Regulatory Authorities: Request the development of practical guidance through industry associations
Ultimately, for true data integrity assurance, complete transition to authentication methods that can prove identity is desirable. Regulatory authorities, industry, and individual companies must cooperate to build systems that prioritize patient safety and product quality above all else.
Author’s Note: This column reflects the author’s personal views and does not represent the official position of any organization. While based on current regulatory requirements and industry practices as of January 2026, readers should consult with regulatory affairs specialists and legal advisors for specific implementation decisions.
Comment