EU GMP Annex 11 (2025 Draft): What Cannabis Producers Need to Know

Why should cannabis LPs treat a 2027 enforcement window as a today problem?

On 7 July 2025, the European Commission opened consultation on the biggest rewrite of EU GMP for computerised systems in more than a decade. The EU GMP Annex 11 2025 draft expands the 2011 text from five pages to nineteen, pairs with a redrafted Chapter 4 and a brand-new Annex 22 for AI, and sets a prescriptive bar for audit trails, identity and access, security, and data governance that most cannabis seed-to-sale systems cannot meet. Consultation closed 7 October 2025. Final publication is expected in 2026, with enforcement projected for 2027-2028 per PIC/S commentary.

For cannabis producers holding EU-GMP certification (Germany, UK, Australia, Israel, Czech Republic), every seed-to-sale tenant is in scope as a “computerised system used in the manufacturing of medicinal products” (EU GMP Annex 11 §1). Canadian and US cultivators pursuing entry are building today against the rules the 2027 auditor will be holding. This hub covers all three drafts: the five shifts (data governance, audit trails, identity and access, security, AI), the ALCOA++ versus ALCOA+ drift, the new hybrid-system rules, and a fifteen-item vendor checklist.

What the EU GMP Annex 11 2025 draft actually changes

The EU GMP Annex 11 2025 draft adds ten prescriptive audit-trail clauses, mandates MFA and unique accounts, introduces twenty security sub-clauses, and is paired with a new Annex 22 covering AI. It is a rewrite, not an edit.

What’s changing. EU GMP Annex 11 goes from 5 pages to 19, with 17 sections. Chapter 4 doubles from 9 to 17 pages with 85 clauses and a new data-governance subsection (§4.10-§4.18). Annex 22 is entirely new: 6 pages, 10 sections, providing “additional guidance to Annex 11 for computerised systems in which AI models are embedded” (§1). The package was drafted by the GMP/GDP Inspectors Working Group jointly with PIC/S, so expect alignment between EU and PIC/S authorities at enforcement.

What it means for your LP operations. The three documents are a single package. A QA team reading EU GMP Annex 11 alone misses the Chapter 4 data-governance obligation and Annex 22 AI obligations that apply to any vision-based defect classifier or yield predictor. Every SOP citing “EU GMP Annex 11 (2011)” is out of date the moment the 2026 text publishes.

How GrowerIQ covers it. GrowerIQ is a computerised system under EU GMP Annex 11 §1 and was independently revalidated by RQC in December 2025 as GxP-compliant under the current EU GMP Annex 11 and PIC/S text. Confirmed controls: role-based access, electronic signatures with traceability, activity logs, Document IQ for SOP management, and one-click Master Batch Record generation. The platform is designed and controlled to SOC 2 standards alongside EU GMP. The 2025 draft is not yet enforced; we are tracking its 17 sections clause by clause ahead of the 2027-2028 enforcement window. We own the computerised-system layer; the LP owns the PQS wrapper, URS, SOPs, and validation. See the Annex 11 computerised-systems, validation, and security guide.

Red flags if your system doesn’t support this:

• “Reading Annex 11 without Chapter 4 or Annex 22” misses the mandatory data-governance system and Annex 22 AI obligations.
• “Your vendor says the 2025 draft does not affect you because you are not EU-GMP certified yet” is wrong: you are building today to rules that will be enforced before you go live.
• “Your planning assumes 2030-plus enforcement” does not survive PIC/S commentary pointing to 2027-2028.

Why do the three drafts have to be read together?

Because they cross-reference each other. Chapter 4 §4.23 requires “compliance with all EU GMP provisions including Annex 11 if decision making in manufacturing … is supported by automatic validation scripts or artificial intelligence (Annex 22).” §4.24 locks accountability to the regulated user, not the vendor.

Three parallel obligations land on your desk. Your PQS (Chapter 4) names a data-governance system. Your computerised systems (EU GMP Annex 11) behave per §11-§17. Any AI you embed (Annex 22) has its own qualification, acceptance criteria, explainability artefact, and drift monitoring. GrowerIQ owns the computerised-system layer; Chapter 4 §4.10-§4.18 data governance is the LP’s SOP responsibility.

Red flags:

• “Your vendor sells ‘Annex 11 compliance’ without referencing Chapter 4 or Annex 22” is incomplete scope.
• “Your AI defect-classifier is certified by the vendor without an LP-approved intended-use description” is a §4.24 violation.
• “Your SOPs cite only the 2011 text” is out of date once the 2026 text publishes.

Why does this matter to cannabis LPs specifically?

EU GMP Annex 11 applies to “all types of computerised systems used in the manufacturing of medicinal products and active substances” (§1). No cannabis carve-outs. If you ship medicinal cannabis into any EU-GMP jurisdiction, your seed-to-sale software is in scope.

EU GMP Annex 11 §2.6 tightens outsourcing: “the regulated user remains fully responsible.” §3.1 requires a PQS covering all computerised systems and names senior management as accountable.

Existing EU-GMP LPs (Germany, UK, Australia, Israel, Czech Republic) will be inspected against the 2026 text from 2027-2028. Pre-certification Canadian or US LPs should build against the 2025 draft now. GrowerIQ is a Category 4 configured COTS system (GAMP framing): batch records, QC, release decisions, audit trails, e-signatures, and role-based access are GIQ-native. See features mapped on our EU-GMP, GACP, and GPP overview.

Red flags:

• “‘GMP-ready out of the box’ without a URS or traceability matrix” is an Annex 11 §6.1 and §6.5 violation.
• “SLA silent on regulatory-inspection support” is a §7.5 v violation.
• “Canadian LP with no EU-GMP gap assessment” is a planning-stage red flag.

The five big shifts

The EU GMP Annex 11 2025 draft introduces five shifts: data governance (Chapter 4), audit trails (§12), identity and access (§11), security (§15), and AI (Annex 22).

Shift 1: Data governance is now a mandatory PQS element

Chapter 4 introduces a new obligation. Your Pharmaceutical Quality System must include a documented data-governance system covering the full data lifecycle, data ownership, and periodic vendor review (§4.10-§4.18).

What’s changing. §4.10 requires “a data governance system integral to the pharmaceutical quality system.” §4.12 names a six-stage lifecycle (create, process, verify, decide, archive, dispose); §4.12 vi requires “Retirement or destruction of data … in a controlled manner.” §4.15 requires data ownership. §4.18 requires periodic review of service-provider data-management policies.

What it means for your LP operations. Your QA team authors a data-governance policy and attaches it to the PQS. It names each critical data class (batch weights, QA results, transfer records, release signatures), assigns an owner, states criticality, explains risk mitigation, and defines “controlled destruction.” Your internal auditor then reviews your vendor’s data-management policies.

How GrowerIQ covers it. GIQ provides the data-layer features (audit trails, role-based access, immutable records, backups, archival, electronic signatures) that a policy depends on. GIQ does not author the policy. Our existing ALCOA++ data integrity for cannabis manufacturing hub covers the attribute-by-attribute mapping. For the full Chapter 4 depth, see the full Chapter 4 2025 draft breakdown.

Red flags if your system doesn’t support this:

• “Your PQS does not contain a named data-governance procedure” is a §4.10 violation.
• “Your data-ownership mapping does not exist” is a §4.15 observation.
• “Your audit plan does not include the vendor’s data-management policies” is a §4.18 gap.
• “Your LP has no ‘controlled destruction’ process for expired raw data” is a §4.12 vi violation.

Shift 2: Audit trails, the new who, what, when, and why rule

EU GMP Annex 11 §12 expands from a single paragraph (2011) to ten prescriptive sub-clauses. The system itself must prompt the user for a reason on every change, the log cannot be edited or deactivated, and reviews must be risk-based, peer-conducted, and available to the QP at batch release. This clause will trigger the most urgent vendor-replacement conversations in 2026.

What’s changing. §12.2: “Where data is changed from an old value to a new value, systems should automatically prompt the user for, and register the reason, why the change was made.” §12.3 locks the log and restricts configuration changes to administrators not involved in GMP activities. §12.6 requires peer review. §12.7: full-log reviews “may not be effective”; reviews must be targeted and risk-based. §12.8 requires review before batch release. §12.10 requires review available to the QP at release.

What it means for your LP operations. You cannot retrofit §12.2 with an SOP. The system has to do the prompting. Your QA team schedules peer audit-trail reviews as a pre-release step; your QP expects the review in front of them at release.

How GrowerIQ covers it. GrowerIQ’s activity log captures every action across the facility: who performed it, what changed, and when. The log is read-only from the user interface and forms part of the evidence pack RQC reviewed when revalidating the platform as GxP-compliant in December 2025. For §12.2’s reason-capture requirement, GrowerIQ prompts operators to record the context behind critical changes, and the record travels with the batch into QP review. Your QA team should walk the §12 clause list with us during validation-scope discussions to confirm which prompts are configured for your workflows. See how the new Annex 11 §12 audit-trail rules reshape batch release.

Red flags if your system doesn’t support this:

• “Users change a field without the system capturing a reason” is a §12.2 violation.
• “Change reasons live in a separate comment field an operator may or may not fill in” is a §12.2 violation; reason capture is not discretionary.
• “Your ‘reason’ column is filled in by an administrator retrospectively” is a §12.2 plus §12.3 double violation.
• “Audit-trail review happens after batch release” is a §12.8 violation.

GROWERIQ SEED-TO-SALE

GrowerIQ ships Annex 11 controls out of the box

Independently validated as GxP-compliant by RQC against EU GMP Annex 11 and PIC/S. Immutable activity logs, role-based access, re-authenticated electronic signatures, one-click Master Batch Record. The controls an EU-GMP auditor expects, backed by third-party validation.

EXPLORE EU GMP

Shift 3: Identity and access management

EU GMP Annex 11 §11 makes unique personal accounts mandatory, classifies shared read-write accounts as a data-integrity violation, requires MFA for remote access on critical systems, forces automatic inactivity logout, and demands recurrent manager-led access reviews.

What’s changing. §11.1: shared accounts except read-only “constitute a violation of data integrity.” §11.6 requires MFA for remote authentication on critical systems. §11.7 requires auto-lock after failed attempts, unlockable only by an administrator. §11.8 requires automatic inactivity logout the user cannot disable. §11.10 names segregation of duties and least privilege. §11.11 requires manager-led access reviews.

What it means for your LP operations. Shared “grower” or “QC bench” logins are out. Every user gets a personal account, including contractors. Your QP logs in from home on MFA. Your head of production cannot also be the GIQ super-admin. Managers (not IT) sit through quarterly access reviews and sign them.

How GrowerIQ covers it. GrowerIQ supports unique personal accounts, configurable password policy, inactivity logout, role-based access with least-privilege defaults, and access logs per login. MFA for remote access under §11.6 is delivered via the identity provider your LP already operates; ask GrowerIQ for the current identity-provider integration options during your validation scoping. Access reviews are supported via role-assignment exports and remain an LP-operated control.

Red flags if your system doesn’t support this:

• “Your cultivation team uses one shared ‘grower’ login for the scanner” is a §11.1 violation.
• “Your QP logs in from home without MFA” is a §11.6 violation.
• “One person is both head of production AND GIQ super-admin” is a §11.10 segregation-of-duties violation.
• “Your last manager-led access review was ‘last year, roughly'” is a §11.11 observation.

Shift 4: Security

EU GMP Annex 11 §15 is the largest expansion in the 2025 draft. Twenty sub-clauses cover physical access, replication, DR, patching, USB control, anti-virus, penetration testing, and encryption. Security used to live in IT’s spreadsheet. It now lives in the audit binder.

What’s changing. §15.4 names physical-access MFA for server rooms. §15.6 requires critical-data replication to a geographically separate secondary data centre. §15.7 requires a DR plan with a defined Recovery Time Objective (RTO). §15.13 on critical vulnerabilities: “this might be immediately.” §15.14 requires un-patched systems be isolated. §15.17 requires USB ports in critical servers “deactivated by default, blocked or even removed.” §15.19 mandates penetration testing at regular intervals for internet-facing systems. §15.20 requires encrypted protocols for remote connections.

What it means for your LP operations. Your vendor produces the annual penetration-test report; ask for it at renewal. Your vendor documents the RTO. Your LP closes USB ports on production-floor PCs and scale terminals.

How GrowerIQ covers it. GrowerIQ runs as a hosted service on encrypted transport (TLS) with versioned backups, and is designed and controlled to SOC 2 standards alongside the RQC-validated EU GMP posture. For the specific §15 artefact expectations the 2025 draft introduces (pen-test cadence, DR plan with named RTO, geo-separated replication, patching SLA), ask your GrowerIQ account team for the current security and compliance overview as part of §2.6 and §7.5 vendor qualification. USB-port control and server-room MFA are LP-facility responsibilities.

Red flags if your system doesn’t support this:

• “Your vendor cannot produce a recent penetration-test report” is a §15.19 gap; it blocks EU-GMP certification.
• “No documented Recovery Time Objective” is a §15.7 gap.
• “Live USB ports on production-floor servers” is a §15.17 observation.
• “Remote access to the LIMS over unencrypted HTTP” is a §15.20 violation.

Shift 5: AI in regulated manufacturing

Annex 22 is brand-new and scoped tightly. In critical GMP applications, AI must be static (no continuous learning) and deterministic (identical inputs, identical outputs). Generative AI and LLMs are out of scope. Explainability (SHAP, LIME, heatmaps) is mandatory for every model decision affecting release.

What’s changing. Annex 22 §1 scopes the annex to static and deterministic models and excludes three categories from critical GMP: dynamic learning models, probabilistic-output models, and generative AI plus LLMs. §4.3 requires acceptance criteria to match or beat the process the model replaces (the draft cites “Annex 11 2.7”; the matching principle is actually EU GMP Annex 11 §2.8, a drafting typo). §8.1 requires explainability using “feature attribution (e.g. SHAP values or LIME) or visual tools like heat maps.” §6.5 requires test-data independence; where separation is impossible, the 4-eyes principle applies. §10.4 requires ongoing drift monitoring.

What it means for your LP operations. If you use AI for yield prediction, vision-based defect classification, auto-grading, or LIMS anomaly detection tied to release, the static plus deterministic plus explainability bar applies. If you use ChatGPT, Claude, or Gemini to draft release-feeding SOPs, deviations, or batch-review narratives, stop. Non-critical uses are permitted with a trained human-in-the-loop.

How GrowerIQ covers it. GrowerIQ does not ship generative-AI or dynamic-learning models inside critical GMP decisions. Our four AI template builders (Form, Report, Task Planner, Label Builder) are design-time tools, locked at runtime and non-critical under Annex 22. When third-party AI plugs into GIQ via the Integration Gateway, GIQ wraps it in audit-trail capture; Annex 22 qualification sits with the AI vendor. See the complete Annex 22 guide for cannabis LPs.

Red flags if your system doesn’t support this:

• “Your vision defect-classifier vendor cannot produce SHAP, LIME, or heatmap artefacts per classification” is a §8.1 violation; classification is disallowed in critical GMP.
• “Your yield-prediction model was trained and tested on the same pool of data” is a §6.1 and §6.5 violation.
• “You are using ChatGPT to draft batch-review narratives for release” is a §1 scope violation.
• “You have no drift-monitoring metric on your AI model’s input data” is a §10.4 violation.

ALCOA+ or ALCOA++? The terminology drift

Use ALCOA++ (10 attributes) from Chapter 4. EU GMP Annex 11 still says ALCOA+ (9 attributes), a drafting inconsistency expected to harmonise in the final 2026 text. Chapter 4 is the documentation-side authority, so align your SOPs there.

§4.63 Table 1 defines Traceable as “the ability to trace the history, modification or location of data.” Write your SOPs to ALCOA++ now. GrowerIQ maps to ALCOA++ today; see our existing ALCOA++ data integrity for cannabis manufacturing hub.

Red flags: “Your SOPs still reference the 5-letter ALCOA” means you are two versions behind. “Your vendor marketing says ‘ALCOA-compliant’ without specifying ++ or +” is immature positioning.

Hybrid paper plus electronic systems, why yours is probably non-compliant

Chapter 4 introduces a dedicated hybrid-systems subsection (§4.82-§4.85). Every hybrid system now requires a written description, validated contributing elements, and procedures for reviewing and archiving both halves.

§4.82 requires each contributing element be validated per risk-management principles. §4.83 requires a detailed description including paper-to-electronic interfaces. §4.85 requires procedures for review, approval, and archival of both halves. §4.70: “If records exist electronically such records should be signed electronically. The use of a hybrid system should be avoided.” Where wet-ink is unavoidable, EU GMP Annex 11 §13.9 prescribes calculating a hash code of the electronic record and printing it on the signature page.

Most LPs run hybrid whether they admit it or not: paper cultivation logs transcribed in, QA certificates signed wet-ink and scanned, clipboard cleaning logs. Author a hybrid-system description, attach it to the PQS, and move high-criticality records off paper first. GrowerIQ’s e-signature, forced-entry reason modals, and audit trail move most workflows out of hybrid territory.

Red flags:

• “Paper batch records scanned into GIQ as PDFs with no hash or checksum” is a §13.9 violation.
• “Your PQS does not include a written hybrid-system description” is a §4.83 observation.
• “Wet-ink signatures on records that exist electronically because the QP prefers it” is a §4.70 violation.

What to ask your seed-to-sale vendor right now

Use this in your next renewal conversation, RFP, or annual vendor review. Every item maps to a clause of the EU GMP Annex 11 2025 draft or partner documents. If your vendor cannot answer more than two cleanly, plan replacement before the 2027-2028 enforcement window.

1. URS and requirements traceability matrix: who supplies, who authors? (Annex 11 §6.1, §6.5)
2. Audit trail: does the platform auto-prompt for a reason on every change? (§12.2)
3. Audit trail editability: can any user or admin edit or deactivate it? (§12.3)
4. Peer audit-trail review: does the platform surface the review to a peer and the QP at release? (§12.6, §12.10)
5. MFA for remote access: supported and enforced tenant-wide? (§11.6)
6. Inactivity logout: configurable per tenant with a maximum ceiling? (§11.8)
7. Electronic signatures: does the platform re-authenticate at signature? (§13.3)
8. Exit strategy: what does data export look like if we leave? (§7.5 viii)
9. Penetration-test report: most recent date, scope, remediation status? (§15.19)
10. Secondary data centre and RTO: what is the RTO for a regional outage? (§15.6, §15.7)
11. Patching cadence and critical-patch SLA: what does “timely” mean in contract? (§15.13)
12. Backup frequency, retention, restore-test cadence: when did you last restore-test? (§16)
13. Archival: checksum verification before deletion of the live copy? (§17.2)
14. If AI features are present: static and deterministic? SHAP/LIME/heatmap artefact per decision? Test-data independence documented? (Annex 22 §1, §8.1, §6)
15. Named GMP support contact: who covers regulatory inspections? (§7.5 v)

GrowerIQ answers the fifteen items on our EU-GMP overview. To walk through with your QA lead, book a demo.

Red flags:

• “Vendor cannot answer items 9, 10, or 14” means plan replacement.
• “Those are enterprise-tier features, upgrade to access them” is itself a red flag; gating GMP controls behind a paywall does not survive an EU-GMP audit.
• “Data returned in proprietary format” is a §7.5 viii partial failure.

Frequently Asked Questions

This article summarises publicly-available draft guidelines; it is not legal or regulatory advice.

Last updated: April 2026

Ready for the 2027-2028 EU GMP enforcement window?

See how GrowerIQ’s RQC-validated platform supports your Annex 11 computerised-system layer so your QA team can focus on the PQS, URS, and SOPs that sit on top of it.

EXPLORE EU GMP

or book a seed-to-sale demo directly