Annex 22 vs Annex 11: how the AI annex complements the computerised-systems annex
Annex 11 is the generic EU GMP annex for computerised systems — it applies to any regulated software, AI as software included. Annex 22 (draft) does not replace it; it lays an AI-specific layer on top: for systems that derive their function from data-based learning rather than explicit code. Meaning: an AI system in a critical GMP application must satisfy both — the Annex 11 base (access control, audit trail, data control) and the Annex 22 additions (intended use, independent test data, explainability, human-in-the-loop).
Why “Annex 22 or Annex 11?” is the wrong question
As soon as AI enters GMP processes, the same question comes up: does Annex 22 apply now — or still Annex 11? The answer is uncomfortable for anyone who wants a single owner: both apply, at the same time.
Annex 11 (Computerised Systems) is the established, generic framework for computerised systems in EU GMP. In its applicable version it dates from 2011 — long before productive machine learning. Annex 22 (Artificial Intelligence) is the first GMP annex specifically for AI; its draft was published for consultation in July 2025, together with a revision of Annex 11 (details in the Annex 22 overview).
Put simply: Annex 11 governs the system, Annex 22 complements the model within it. This article shows who covers what — and where the responsibility overlaps.
What Annex 11 covers generically — for every computerised system
Annex 11 sets the frame every GMP-relevant computerised system must satisfy — classical software or AI:
- Access control & attribution: physical and logical access controls; an unambiguous, timestamped attribution of user identities at every data entry.
- Audit trail: system-generated, tamper-evident trails for all GMP-relevant data changes and deletions.
- Operational controls: backups, data transfers / migrations, change and configuration management, incident management.
- Business continuity: measures to maintain critical processes during system outages.
- Electronic signatures: the requirements for legally sound e-signatures — the most prominent use case being batch release by a Qualified Person (whose certification duty itself stems from Annex 16).
These requirements do not disappear with AI — they remain the base on which everything else stands. They are also the foundation of data integrity under ALCOA+.
What Annex 22 adds for AI
Annex 22 picks up exactly where Annex 11 reaches its limits: at systems that derive their functionality through data-based learning rather than being explicitly programmed. It adds AI-specific requirements a pre-ML framework did not know:
- Intended use & human-in-the-loop: a precise purpose and a built-in human oversight over the model result.
- Static models: for critical applications, deterministically operated, frozen models rather than systems that keep learning in operation.
- Test data & test data independency: controlled data and a demonstrably independent test-data separation.
- Explainability & confidence: traceability of the model results and a handling of model confidence.
- Operation: the ongoing operation of the model including monitoring.
That is the gap Annex 22 closes: the behaviour of the model, which Annex 11 as a software framework could not address.
Annex 22 takes hold where a system learns its function from data — instead of from explicit code.
The relationship: layering, not replacement
It is a layering: Annex 11 as the foundation for the computerised system, Annex 22 as the layer above for the learning model. An AI system therefore inherits all Annex 11 obligations (access, audit trail, data control) and additionally satisfies the Annex 22 requirements on the model.
On generative AI / LLMs specifically: per the current draft state, LLMs are not generally banned in the GMP environment; in non-critical applications they are not excluded under the human-in-the-loop principle. The exact technical specifications for this are, however, not yet spelled out in the draft — track this point against the final document rather than fixing it on assumptions.
Two layers, one compliance
Annex 11 is the base layer for the system, Annex 22 the AI layer for the model within it. An AI system in a critical GMP application must address both — Annex 11 as the applicable base, Annex 22 as the coming layer.
What this means in practice for QA and validation teams
From the relationship follows a clear way of working:
- Secure the Annex 11 baseline first. Access, audit trail, backup/change control, e-signature — this base must stand for every system before AI specifics even become relevant.
- Map the Annex 22 additions on top. For every model in a critical application: intended use, independent test data, explainability, human-in-the-loop, operational monitoring — what that looks like in practice is in the GAMP 5 validation path for AI.
- Separate critical from supporting. Along this line it is decided how strictly Annex 22 applies — and whether generative AI is an option at all.
- Track the draft state. Annex 22 and the Annex 11 revision are drafts; the final version can shift details.
Whoever builds their AI work on source binding, attributed human release and a demonstrable audit trail pays into both layers with the same architecture — the Annex 11 base and the Annex 22 additions. That is what the traqx approach to AI in GxP is built for: as a control framework, not a promise of fulfilment.
The honest limits
Three clarifications:
- Applicable vs. draft: the applicable Annex 11 version is from 2011. The Annex 11 revision and Annex 22 exist as drafts — always check the current state for decisions.
- Some details are still open. For example, the exact technical specifications for LLMs in non-critical applications are not yet spelled out in the draft — do not presume them.
- This is orientation, not advice. The original documents and your context-validated assessment, aligned with QA, are what govern.
Draft state — not final law
Annex 11 (2011) applies; the Annex 11 revision and Annex 22 are drafts (consultation July 2025). Details of the final version can differ. Orientation, not legal or compliance advice.
Key takeaways
- It is not either/or: Annex 11 (computerised systems) and Annex 22 (AI) apply together — Annex 22 does not replace Annex 11.
- Annex 11 covers generically: access control / timestamped attribution, audit trail, operational controls, business continuity and legally sound electronic signatures.
- Annex 22 adds AI-specifics — for data-based learning: intended use/human-in-the-loop, static models, test data independency, explainability, confidence, operation.
- An AI system in a critical application must satisfy both: the Annex 11 base (system) + the Annex 22 additions (model).
- LLMs are not generally banned; possible in non-critical applications under human-in-the-loop — but the exact technical specs are still open in the draft.
Sources
- EU GMP Annex 11 (Computerised Systems) — applicable version (2011) + draft revision 2025 — the generic framework for computerised systems: access, audit trail, data control, suppliers.
- European Commission — EudraLex Vol. 4, draft Annex 22 (Artificial Intelligence) (consultation from 7 July 2025) — the AI-specific layer: intended use, static models, test data independency, explainability, human-in-the-loop.
- ISPE — GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems, 2nd Edition (2022) — the industry guide that brings both layers together in a risk-based way.
- 21 CFR Part 11 (Electronic Records / Signatures) — the US counterpart for electronic records, signatures and audit trails.