traqxGxP Compliance Software
Annex 22 · Annex 11

Annex 22 vs Annex 11: how the AI annex complements the computerised-systems annex

Reading time ~9 min · Daniel Herrmann

EU GMP · ANNEX 22 (DRAFT) · ARTIFICIAL INTELLIGENCE AI MODEL Static DETERMINISTIC FROZEN · TESTED HUMAN OVERSIGHT Human approves ATTRIBUTED · REASONED ✓ REVIEW GATE GMP RECORD Evidenced & versioned AUDIT-TRAIL TRACEABLE INTENDED USE TEST SPLIT EXPLAINABILITY MONITORING CRITICAL USES · GENERATIVE AI ONLY WITH HUMAN REVIEW

Annex 11 is the generic EU GMP annex for computerised systems — it applies to any regulated software, AI as software included. Annex 22 (draft) does not replace it; it lays an AI-specific layer on top: for systems that derive their function from data-based learning rather than explicit code. Meaning: an AI system in a critical GMP application must satisfy both — the Annex 11 base (access control, audit trail, data control) and the Annex 22 additions (intended use, independent test data, explainability, human-in-the-loop).

Why “Annex 22 or Annex 11?” is the wrong question

As soon as AI enters GMP processes, the same question comes up: does Annex 22 apply now — or still Annex 11? The answer is uncomfortable for anyone who wants a single owner: both apply, at the same time.

Annex 11 (Computerised Systems) is the established, generic framework for computerised systems in EU GMP. In its applicable version it dates from 2011 — long before productive machine learning. Annex 22 (Artificial Intelligence) is the first GMP annex specifically for AI; its draft was published for consultation in July 2025, together with a revision of Annex 11 (details in the Annex 22 overview).

Put simply: Annex 11 governs the system, Annex 22 complements the model within it. This article shows who covers what — and where the responsibility overlaps.

What Annex 11 covers generically — for every computerised system

Annex 11 sets the frame every GMP-relevant computerised system must satisfy — classical software or AI:

  • Access control & attribution: physical and logical access controls; an unambiguous, timestamped attribution of user identities at every data entry.
  • Audit trail: system-generated, tamper-evident trails for all GMP-relevant data changes and deletions.
  • Operational controls: backups, data transfers / migrations, change and configuration management, incident management.
  • Business continuity: measures to maintain critical processes during system outages.
  • Electronic signatures: the requirements for legally sound e-signatures — the most prominent use case being batch release by a Qualified Person (whose certification duty itself stems from Annex 16).

These requirements do not disappear with AI — they remain the base on which everything else stands. They are also the foundation of data integrity under ALCOA+.

What Annex 22 adds for AI

Annex 22 picks up exactly where Annex 11 reaches its limits: at systems that derive their functionality through data-based learning rather than being explicitly programmed. It adds AI-specific requirements a pre-ML framework did not know:

  • Intended use & human-in-the-loop: a precise purpose and a built-in human oversight over the model result.
  • Static models: for critical applications, deterministically operated, frozen models rather than systems that keep learning in operation.
  • Test data & test data independency: controlled data and a demonstrably independent test-data separation.
  • Explainability & confidence: traceability of the model results and a handling of model confidence.
  • Operation: the ongoing operation of the model including monitoring.

That is the gap Annex 22 closes: the behaviour of the model, which Annex 11 as a software framework could not address.

Annex 22 takes hold where a system learns its function from data — instead of from explicit code.

The relationship: layering, not replacement

It is a layering: Annex 11 as the foundation for the computerised system, Annex 22 as the layer above for the learning model. An AI system therefore inherits all Annex 11 obligations (access, audit trail, data control) and additionally satisfies the Annex 22 requirements on the model.

On generative AI / LLMs specifically: per the current draft state, LLMs are not generally banned in the GMP environment; in non-critical applications they are not excluded under the human-in-the-loop principle. The exact technical specifications for this are, however, not yet spelled out in the draft — track this point against the final document rather than fixing it on assumptions.

Two layers, one compliance

Annex 11 is the base layer for the system, Annex 22 the AI layer for the model within it. An AI system in a critical GMP application must address both — Annex 11 as the applicable base, Annex 22 as the coming layer.

What this means in practice for QA and validation teams

From the relationship follows a clear way of working:

  • Secure the Annex 11 baseline first. Access, audit trail, backup/change control, e-signature — this base must stand for every system before AI specifics even become relevant.
  • Map the Annex 22 additions on top. For every model in a critical application: intended use, independent test data, explainability, human-in-the-loop, operational monitoring — what that looks like in practice is in the GAMP 5 validation path for AI.
  • Separate critical from supporting. Along this line it is decided how strictly Annex 22 applies — and whether generative AI is an option at all.
  • Track the draft state. Annex 22 and the Annex 11 revision are drafts; the final version can shift details.

Whoever builds their AI work on source binding, attributed human release and a demonstrable audit trail pays into both layers with the same architecture — the Annex 11 base and the Annex 22 additions. That is what the traqx approach to AI in GxP is built for: as a control framework, not a promise of fulfilment.

The honest limits

Three clarifications:

  • Applicable vs. draft: the applicable Annex 11 version is from 2011. The Annex 11 revision and Annex 22 exist as drafts — always check the current state for decisions.
  • Some details are still open. For example, the exact technical specifications for LLMs in non-critical applications are not yet spelled out in the draft — do not presume them.
  • This is orientation, not advice. The original documents and your context-validated assessment, aligned with QA, are what govern.

Draft state — not final law

Annex 11 (2011) applies; the Annex 11 revision and Annex 22 are drafts (consultation July 2025). Details of the final version can differ. Orientation, not legal or compliance advice.

Key takeaways

  • It is not either/or: Annex 11 (computerised systems) and Annex 22 (AI) apply together — Annex 22 does not replace Annex 11.
  • Annex 11 covers generically: access control / timestamped attribution, audit trail, operational controls, business continuity and legally sound electronic signatures.
  • Annex 22 adds AI-specifics — for data-based learning: intended use/human-in-the-loop, static models, test data independency, explainability, confidence, operation.
  • An AI system in a critical application must satisfy both: the Annex 11 base (system) + the Annex 22 additions (model).
  • LLMs are not generally banned; possible in non-critical applications under human-in-the-loop — but the exact technical specs are still open in the draft.

Sources

Author

Daniel Herrmann

Daniel Herrmann is the founder of traqx and has worked for years at the intersection of GxP validation, quality assurance and AI governance. This article contextualises publicly accessible regulation (EU Annex 11, draft Annex 22, GAMP 5) on the basis of the consultation/applicable state; the final version of the drafts may differ. It is orientation, not legal or compliance advice and does not replace an assessment for your specific scope. Where traqx is mentioned, the text describes the provable way of working — sources first, AI as a suggestion, the human decides, the audit trail remains.

On your work case

Start a Workspace trial on your GxP process.

One team, one source space, one real work case: you use Workspace directly, check sources first, let AI work as a suggestion and keep human release.