What the New Chapter 4 Means for GMP Documentation
The draft revision of EU GMP Chapter 4, which governs documentation practices, represents the most substantial rewrite in over a decade. Published in July 2025, this update brings documentation fully into the modern era—integrating digital formats, hybrid systems, data governance, and risk-management principles that were previously unaddressed.
A New Structural Approach
The revised Chapter 4 has been significantly expanded, increasing from its original length to a more detailed guideline comprising 17 pages plus a glossary. It has been reorganized to include sections such as:
Foundational Principles
Data Governance Systems
Risk Management
General Requirements for Documentation
Master Documents
Generation and Control of Documentation
Good Documentation Practice
Signatures in GMP-Relevant Documentation
Document Retention
Data Integrity in Documentation
Hybrid Systems
Glossary
This structural redefinition shifts the narrative from static rules about paper records to a comprehensive lifecycle-aware, technology-agnostic approach to all forms of documentation.
Documentation Principles Refined
The foundations of documentation now explicitly demand inclusion of all modern formats—paper, electronic, hybrid, and multimedia—within the pharmaceutical quality system. Documentation must be controlled via lifecycle thinking and risk-based methods, ensuring integrity, accuracy, availability, and legibility through every stage of use. This brings documentation in line with broader GMP principles that emphasize traceability and patient safety.
Introducing Data Governance Systems
A core addition is the requirement for a robust, documented data governance system. Such a system must be integrated into the Pharmaceutical Quality System (PQS) and structured around risk-based principles. It must define how data—whether raw or derived—is created, retained, destroyed, managed, and owned, ensuring that integrity is maintained throughout its lifecycle.
Embedding Risk Management
Risk management has moved from being an optional GMP concept to a central pillar. The revised Chapter 4 requires organizations to tailor documentation controls to the criticality of the data and the complexity of the systems. This extends to documentation generation, control, retention, and integrity.
Master Documents Expanded
Traditional core documents like SOPs, batch records, Site Master Files, and specifications remain in place but are now joined by new requirements—such as the Validation Master Plan—which must outline the site's validation strategy. Specifications themselves must now comprehensively capture all attributes impacting product quality, and automated documentation must adhere to strict validation or verification standards.
Generation and Control of Documentation
The update clarifies that every document, including its forms, logs, and checklists, must be understood, documented, and validated. The guidance moves away from vague phrasing about “keeping documents current” to require precise instructions and procedures governing document governance.
Good Documentation Practice (GDP)
GP practices now formally embody the ALCOA++ principles—documents must be Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available, and Traceable. Corrections must preserve visibility of original entries, be signed and dated, and include justifications. Controls for paper records (like numbered forms and bound notebooks) are specified to avoid data manipulation and loss.
Signatures: Elevated Expectations
A dedicated section now clarifies the role and expectations for signatures, including electronic ones. Signatures must be traceable to an individual, include date and time, and comply with ALCOA++. A signature policy is required to define who is authorized to sign, why, and under what conditions. Integrity must be maintained over the document's lifecycle, and the system must accommodate this within the data governance framework. Hybrid paper-electronic signature systems are permissible only if clearly defined.
Retention and Archiving of Records
Retention requirements now come with explicit expectations for the integrity of both paper and digital records. Proper backup, restoration, and archiving methods must exist to ensure long-term readability and access. Risk management and validation must drive retention strategies.
Data Integrity in Documentation
ALCOA++ forms the foundation of a dedicated data integrity section. Organizations must ensure that all documentation conforms to these principles, with controls and reviews aligned with the risks associated with data criticality and system complexity.
Managing Hybrid Systems
Unlike prior guidance, the draft expressly acknowledges hybrid systems (combining electronic and paper elements). Organizations must define, validate, and control the interfaces and data flow between formats, ensuring data remains trustworthy across transitions and over time.
Glossary for Clarity
For the first time, Chapter 4 includes a glossary defining key terms—such as hybrid systems, data governance, audit trail, metadata, raw and derived data—to reduce ambiguity and support consistent interpretation across organizations and inspections.
Why It Matters
This revision marks a paradigm shift—documentation is no longer a checkbox but a regulated, governed system demanding modern controls. Organizations will need to adapt through:
Gap assessments comparing current practices against new requirements
Creation or enhancement of data governance frameworks
Upgraded processes and validation to cover digital, hybrid, and AI-supported workflows
Comprehensive training to build competency in lifecycle documentation management
Organizational change management to embed these expectations into culture and operations
Looking Ahead
The draft was published on 7 July 2025, and the consultation period runs through 7 October 2025. Final adoption and enforcement are anticipated in early 2026. Stakeholders are encouraged to prepare now to ensure smooth compliance when the new requirements take effect.
