Setting a new bar for serialisation

Published: 20-Mar-2019

Not cut and paste: Russia’s track and trace regulation is no comparison to FMD and DSCSA, reports Brian Daleiden, VP of Industry Marketing and Community at TraceLink

Arguably, the most complicated track and trace regulation in the world, Russia’s regulations set a new bar for serialisation, compliance reporting and data management. With more than four times the compliance events compared with the EU European Falsified Medicines Directive (FMD) and with unique aggregation, cryptographically protected product identifiers and centralised reporting that isn’t found under the US Drug Supply Chain Security Act (DSCSA), complying with Russia requires starting almost from a blank slate.

The Russian track and trace regulation, Federal Law No. 425-FZ, sets the deadlines, including 1 January 2020, for all covered medicines and also outlines the requirements for all stakeholders (manufacturers, distributors, pharmacies, and healthcare organisations) who serve the Russia medicine supply chain.

Owing to its complexity, it is difficult for businesses to understand, plan for and implement the country’s mandates, particularly because the regulatory requirements and technical guidelines continue to evolve as the government prepares for the deadlines.

In the run-up to FutureLink Barcelona, Brian Daleiden, VP of Industry Marketing and Community at TraceLink, discusses how the Russian regulation compares and contrasts with the FMD and DSCSA, including his view of the challenges the industry will face owing to the complexities of the regulation.

Shorter implementation timescales

The EU FMD was first published in January 2013 and gave a deadline of February 2019 — a six-year window. The DSCSA was enacted by Congress in November 2013, giving the industry a phased 10-year implementation timeline for serialisation and track and trace ending in November 2023. In comparison, the two-year implementation timeline for Russia is incredibly short.

In Russia, full implementation of the serialisation, cryptographic coding and compliance reporting requirements must be completed by 1 January 2020. In fact, many companies may have shorter timelines as the law provides for intermediate timelines for medicines in certain classes.

Phased and uncertain implementation timing

Although the January 2020 deadline may seem short, the legislation poses additional compliance challenges for particular medicines:

  • 1 October 2019 (The 12 Nosologies): Serialisation and compliance reporting is required for medicines that include treatments for a class of 12 less common but expensive nosologies, including haemophilia, cystic fibrosis, pituitary dwarfism, Gaucher disease, myeloid leukaemia, multiple sclerosis, immunosuppressive therapy for organ transplant patients, haemolytic-uremic syndrome, juvenile arthritis with systemic onset and mucopolysaccharidosis I, II, and VI types.
  • TBD (VED [Vital and Essential Drugs] list): Serialisation and compliance reporting is required for medicines in the VED list, which include treatments for illnesses with a high prevalence in Russia, and whose cost is therefore controlled by the Russian Government to ensure access to treatment.

Organisations with 12 nosology products need to start complying even sooner because, according to the law, they will have to register with the government monitoring system and pass certain tests for the systems involved in early July 2019.

Setting a new bar for serialisation

Complex reporting and notification choreography

An important difference between the Russian law and the EU and US regulations is the requirement to track a wide range of product movements, transfers of custody, operational events and packaging changes. For Russia, dozens of events and transactions of interest need to be captured and reported on, triggering a wide range of received notifications.

As a result, there is a complex choreography of bidirectional data exchanges between the central government system and the Russian compliance system of each stakeholder.

The Russian government has indicated that a manufacturer may be responsible for more than 40 compliance events, depending on where the product is packaged, the supply chain route the product takes both into and within Russia, the state of the product and other details. For comparison, EU FMD has fewer than 10 compliance events or notifications to manage for a manufacturer.

Reporting to the government body, the Federal State Information System for Monitoring Drug Circulation (FSIS MDSC) FSIS MDC will be a very defined and structured process involving XML data exchange, electronic signatures and more. These are just some of the requirements that make the law potentially cumbersome and incredibly work-intensive when compared with EU and US counterparts.

Broader scope of products covered

Although track and trace requirements in the EU and US are focused on prescription (Rx) medicines, the Russian regulations cover a broad range of prescription and over-the-counter (OTC) products, necessitating additional master data management requirements compared to other countries.

This broad scope of medicines also expands the required investments and preparation at the serialization level, ensuring that packaging lines and sites are properly outfitted to cover products that may not have previously been serialised.

Cryptographic and aggregation requirements

Brian Daleiden, VP of Industry Marketing and Community, TraceLink

Brian Daleiden, VP of Industry Marketing and Community, TraceLink

Unique to Russia, each product identifier must also include a generated cryptographic key and code based on the GTIN and serial number. These cryptographic codes are generated through a separate process and system. As a result, either barcode sizes or the density of the barcode must increase.

Either way, cryptographic coding puts new strains on the packaging ecosystem of pharmaceutical Marketing Authorisation Holders (MAHs) and contract manufacturing organisations (CMOs). Additionally, it also creates yet another choreography to be developed between the enterprise serialisation management system, the Russia compliance system, the packaging site and the Russia crypto system.

The Russian law specifies several scenarios wherein aggregation is necessary and the management of aggregation data with the Russia central system is required. Cases must display a unique product identifier for that case. In addition, a data relationship between the case identifier and each of the unique package identifiers within that case must be created, reported and maintained.

Any changes to packaging configurations during the product’s journey are considered to be compliance events and may modify the aggregation relationship, which will typically trigger compliance reporting.

These regulatory aggregation requirements and crypto coding demands are not found in either the FMD or DSCSA. As a result, aggregation was regarded as out of scope by many businesses when they planned for serialisation.

A portion of the market has decided to introduce aggregation alongside serialisation as a value-added service; however, the rest will have to retrospectively implement it if they want to ship product in Russia – creating a potentially expensive burden.


There may be some temptation for companies operating in the region to consider compliance with the regulation as a simple "cut-and-paste" of the solution developed in response to the FMD or DSCSA. This is simply not the case.

Russia’s track and trace regulations are the most comprehensive and demanding of drug manufacturers and their supply chain partners than any other track and trace law in the world.

As definitive guidance and a standard compliance process from Russia is still being developed, businesses will need to develop compliance strategies built on partnerships with experienced and flexible vendors that have regulatory expertise and the ability to move quickly once guidelines and deadlines are finalised.

You may also like