The Commencement of ER/ES Inspections by Regulatory Authorities: Historical Context and Current Practices

Introduction to ER/ES Inspections (2008 Perspective)

At the GCP (Good Clinical Practice) training session held on October 20, 2008, regulatory authorities announced an overview of reliability investigations concerning EDC (Electronic Data Capture) systems. Three and a half years had passed since the Ministry of Health, Labour and Welfare (MHLW) issued the ER/ES guidelines, and full-scale ER/ES inspections were about to commence in earnest.

The announced reliability investigation checklist required further revision and official publication at that time. Therefore, inspections were not to be conducted immediately. Nevertheless, preparations needed to be made urgently.

Editor’s Note (2026): Since this original column was written in 2008, ER/ES inspections have become routine practice in Japan. The MHLW’s ER/ES guidelines, formally titled “Regarding the Use of Electronic Records and Electronic Signatures in Applications for Approval or Permission of Pharmaceuticals, etc.” (implemented April 1, 2005), now serve as the foundation for all electronic records used in pharmaceutical regulatory submissions. Current inspection practices have matured significantly, with inspectors routinely examining audit trails, system validations, and electronic signature implementations across EDC systems, eCTD submissions, and manufacturing systems.

Historical Background of the ER/ES Guidelines

The draft ER/ES guidelines were announced on June 4, 2003 (Heisei 15) by the Pharmaceutical and Medical Safety Bureau, Evaluation Division of the MHLW. At that time, it was explained that these guidelines were created to establish standards for using electronic records and electronic signatures in applications for approval or permission of pharmaceuticals. This development was based on the fact that eCTD (electronic Common Technical Document) had reached Step 4 trilateral agreement at the ICH Steering Committee meeting held in Washington, DC, in September 2002.

In other words, the MHLW ER/ES guidelines were originally requirements for implementing eCTD. This could be inferred from the email address for submitting public comments, which was ectdshishin@mhlw.go.jp (where “ectdshishin” means “eCTD guidelines”).

However, even three and a half years after the commencement of eCTD submission acceptance (as of the original writing in 2008), the number of companies submitting via eCTD remained around 20, showing sluggish growth. That said, the number of submissions had increased, suggesting that the same companies were repeatedly making eCTD submissions.

Current Status (2026): The landscape has changed dramatically since 2008. eCTD has become the standard submission format in Japan, with mandatory implementation for new drug applications beginning in 2016. As of 2026, virtually all major pharmaceutical companies submit via eCTD format. The PMDA (Pharmaceuticals and Medical Devices Agency) now processes thousands of eCTD submissions annually. The eCTD specifications have evolved through versions 3.2.2 and 4.0, with ongoing harmonization efforts through ICH to further streamline international submissions.

EDC as the First Practical Application

Although the MHLW ER/ES guidelines were originally created for eCTD, when the lid was opened, EDC became the first application. Previously, for document-based inspections, original records were brought to the regulatory authorities. However, in cases where electronic records serve as originals, such as eCRFs (electronic Case Report Forms) in EDC systems, inspectors began visiting pharmaceutical companies to conduct investigations.

The reason for this was the verification of audit trails. Not limited to EDC, future inspections were expected to examine electronically created records at pharmaceutical companies in accordance with the MHLW ER/ES guidelines.

Contemporary Practice (2026): On-site inspections of electronic systems have become standard practice. Inspectors now routinely examine not only EDC systems but also CTMS (Clinical Trial Management Systems), eTMF (electronic Trial Master File), safety databases, quality management systems, and electronic batch records. The focus has expanded beyond simple audit trail review to include comprehensive computer system validation (CSV) documentation, data integrity controls, access management, backup and recovery procedures, and cybersecurity measures. The MHLW and PMDA have issued additional guidance documents clarifying expectations for data integrity in GxP systems, aligned with international standards such as MHRA’s “GXP Data Integrity Guidance” and FDA’s “Data Integrity and Compliance With Drug CGMP” guidance.

The Typewriter Excuse Does Not Apply

Through previous newsletters and publications, it has been repeatedly stated that the “typewriter excuse” does not apply. In so-called hybrid systems, handwritten signatures or seals on paper are merely paper-based representations, while the records themselves are electronic.

Therefore, even if approval is conducted on paper, electronic records must never be deleted. During consultations provided to pharmaceutical companies, the following argument is often heard:

“At our company, approval is conducted on paper after the responsible person confirms all processes. Therefore, the paper is the original and the authentic record.”

In other words, they want to claim that the paper is correct because it is guaranteed by the responsible person. However, it must be understood that regulatory authorities worldwide question that responsible person.

Most incidents that disturb society, such as contaminated rice scandals or beef falsification problems, are executed under the direction of company executives. What if, just before an inspection, a responsible person orders the alteration of electronic records, reprints them, and then provides approval? If regulatory authorities do not verify the audit trails of electronic records, the tampering would not be discovered.

Expanded Understanding (2026): The concept of data integrity has been formalized through the ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, and Available). Global regulatory authorities have emphasized that the electronic record is the original, regardless of whether paper printouts exist for review or approval purposes. The paper printout is considered a “true copy” at best, not the original. Hybrid systems where electronic records are maintained but approvals occur on paper are still subject to full ER/ES compliance requirements. Regulatory authorities now recognize that data integrity risks are not limited to deliberate fraud but can arise from poor system design, inadequate training, or inappropriate workarounds. The focus has shifted from simply maintaining audit trails to implementing robust data governance frameworks that prevent, detect, and correct data integrity issues throughout the data lifecycle.

EMEA ANNEX 11 Requirements for Hybrid Systems

The draft revision of EMEA’s ANNEX 11 required that when inspections are conducted using paper media, all audit trails must be printed. Even in such cases, if the printed audit trails are complex, it states that inspectors can directly reference electronic records at any time.

The revision of Part 11 would likely incorporate similar requirements. At the end of that month (October 2008), the “Pharmaceutical GQP/GMP Study Group” sponsored by the Japan Pharmaceutical Manufacturers Association was scheduled to be held, and an overview of the “Computerized System Guidelines” was to be announced.

This was a revision of the “Guidelines for Appropriate Management of Pharmaceutical Manufacturing Sites Using Computers (Yakkan No. 11),” which was issued in 1992 (Heisei 4) and withdrawn on March 30, 2005 (Heisei 17). Attention was focused on how Japan’s CSV guidelines would be modified.

Regulatory Evolution (2026): The EMA’s ANNEX 11 “Computerised Systems” was formally revised and came into effect on June 30, 2011. This revision significantly strengthened requirements for computerized systems, emphasizing risk management approaches, validation lifecycle, and data integrity controls. Key requirements include:

Requirement Area	Key Points
Risk Management	Risk-based approach to system validation and control
System Validation	Validation throughout the lifecycle, not just at implementation
Audit Trail	All GMP-relevant changes and deletions must be recorded with reason
Change and Configuration Management	Formal processes required
Security	Physical and logical security, including disaster recovery
Data Integrity	Focus on ALCOA+ principles throughout data lifecycle

The FDA’s 21 CFR Part 11 has not undergone formal revision but has been supplemented by numerous guidance documents, most notably the 2003 Guidance for Industry “Part 11, Electronic Records; Electronic Signatures — Scope and Application,” which adopted a more risk-based approach to compliance. In 2016, FDA issued draft guidance on data integrity, further clarifying expectations.

In Japan, the MHLW issued “基準適合性調査等における電磁的記録の信頼性確保に関する留意事項について” (Points to Consider Regarding Ensuring the Reliability of Electronic Records in Conformity Assessment) in 2020, providing additional clarity on data integrity expectations aligned with international standards. The MHLW also issued guidance on CSV for pharmaceutical manufacturing in 2012, superseding the 1992 guidelines mentioned in the original column.

Critical Defects in Some EDC Systems

In one well-known EDC system, there was a very significant defect: audit trails were deleted when users were deactivated. For security reasons, when LPO (Last Patient Out – final case completion) occurs, users at the relevant medical institution must be deactivated. In such cases, alternative measures such as changing passwords rather than deactivation were desired.

Modern System Requirements (2026): The defect described above—deletion of audit trails upon user deactivation—would now be considered a critical data integrity failure and would likely result in regulatory action. Current regulatory expectations clearly state that audit trails must be retained for the entire retention period of the associated records, regardless of user status. Modern EDC systems must:

• Retain all audit trails permanently, independent of user account status
• Maintain user identification information even for deactivated accounts
• Implement role-based access control that allows secure deactivation without data loss
• Provide comprehensive audit trail review capabilities including filters for deactivated users
• Ensure audit trails are tamper-evident and cannot be modified or deleted by any user

Regulatory authorities now conduct thorough examination of vendor audit reports (such as SOC 2 Type II reports), system validation documentation, and actual system configurations to verify these capabilities before approving EDC systems for use in clinical trials. The concept of “supplier qualification” has become standard practice, requiring sponsors to assess and document the adequacy of vendor systems before implementation.

The Undetectable Misconduct: Password Disclosure

When regulatory authorities inspect electronic records, there is one type of misconduct that cannot be detected: password disclosure. If a principal investigator teaches their password to another person and has them execute the electronic signature on their behalf, this fact would not be known.

This act is equivalent to entrusting one’s official seal to another person. It is absolutely unacceptable. Despite the convenience brought by digitalization, it is undeniable that everything depends on the morals of the people who use these systems.

Enhanced Controls and Detection Methods (2026): While password sharing remains difficult to detect directly, modern systems and practices have implemented multiple layers of control to prevent and detect such behavior:

Technical Controls:

• Multi-factor authentication (MFA) requiring both something you know (password) and something you have (token, phone) or something you are (biometric)
• Behavioral analytics that detect unusual login patterns, access times, or locations
• Device fingerprinting to identify when the same account is used from multiple devices
• Session management that limits concurrent logins
• Continuous authentication requiring periodic re-authentication during long sessions

Administrative Controls:

• Regular training emphasizing the personal accountability associated with electronic signatures
• Clear policies stating that electronic signatures have the same legal standing as handwritten signatures
• Confidentiality agreements specifically addressing password security
• Periodic recertification of users regarding security obligations
• Investigation of anomalous patterns such as signatures occurring at unusual times or locations

Monitoring and Detection:

• Analysis of audit trails for patterns suggesting shared accounts (e.g., impossible travel times between logins, rapid succession of signatures by different individuals from same device)
• Regular review of access patterns by quality assurance and IT security teams
• Whistleblower mechanisms encouraging reporting of observed password sharing
• Forensic capabilities to investigate suspected violations

Regulatory Expectations: Global regulatory authorities have emphasized that organizations must implement comprehensive security controls and conduct periodic risk assessments. The consequences of password sharing can be severe, including warning letters, clinical hold, rejection of data, and potential criminal prosecution for fraud. Organizations are expected to demonstrate through documentation that they have implemented reasonable measures to prevent, detect, and respond to password sharing and other security violations.

Conclusion and Forward-Looking Perspective

The landscape of electronic records and signatures in pharmaceutical regulation has evolved dramatically since the early days of ER/ES implementation in 2008. What began as guidelines specifically designed for eCTD submissions has become the foundation for all electronic systems used in pharmaceutical development, manufacturing, and regulatory submissions.

Key lessons that remain relevant from the original column include:

• Electronic records are the original records, regardless of paper printouts
• Audit trails are essential and must be maintained and reviewable
• Regulatory authorities will verify electronic records directly
• System validation and data integrity controls are mandatory, not optional
• Individual accountability for electronic signatures cannot be compromised

The modern regulatory environment has added additional layers of sophistication:

• Risk-based approaches to validation and controls
• Data integrity as a holistic concept, not just audit trails
• Cybersecurity as an integral component of data integrity
• Supplier qualification and ongoing monitoring
• Harmonization of global standards while respecting regional requirements

As technology continues to evolve with cloud computing, artificial intelligence, blockchain, and other innovations, the fundamental principles established in the MHLW ER/ES guidelines and international standards remain constant: electronic records must be trustworthy, reliable, and attributable to specific individuals at specific times. Organizations must implement appropriate controls, maintain comprehensive documentation, and foster a culture of integrity and compliance.

The journey that began with the tentative steps toward electronic submissions in the early 2000s has transformed into a mature regulatory framework that enables innovation while protecting public health. The ongoing challenge is to balance technological advancement with regulatory compliance, ensuring that electronic systems serve their intended purpose of improving efficiency and quality while maintaining the highest standards of data integrity and patient safety.