We're coming to the very last months before enforcement of the Drug Supply Chain Security Act, concluding a decade-long transformation of the pharma supply chain. As of November 27, 2023, DSCSA supply chain serialization will be in effect, meaning that every product must be traceable at the individual package level, with EPCIS files logging every event since its creation, including transfers and aggregation into pallets and cases. Transactions will be handled entirely through electronic data exchanges, via interoperable connections between each pair of trading partners.
It's a tall order, having been rolled out in phases since the law was enacted in 2013. But what actually happens this year? What happens if your business -- or a trading partner's business -- isn't compliant in time?
We're already seeing a change underway. In our test environment, EPCIS file exchanges are rising drastically, and we expect the pace to accelerate to the end of 2023 and beyond. Trading partners at all stages of their DSCSA journey are trying to gauge what to expect in terms of shipping and logistics this year. Crucially, some are setting their own deadlines for suppliers, with fines attached.
This just adds pressure and incentive to something any business needs when onboarding new technology and processes: time to try, fail, and learn.
The businesses we're talking to generally will have DSCSA solutions in place far in advance of the deadline. Some are ready now. But it's inevitable that some will delay too long.
There are pharma businesses that will wait until October or later, having underestimated the complexity of fully implementing DSCSA and making operational changes to their supply chain operations. Others will simply have failed to move forward with DSCSA at all, perhaps believing, wrongly, that business will more or less continue as usual. They may have the notion that the FDA would grant enforcement discretion, a case there's no evidence will happen.
Trading partners who aren't compliant with DSCSA are already getting tough questions from others with whom they do business. These will likely concern interoperability, where compliant businesses are pressing their partners to collaborate on forming the connections needed for DSCSA data exchanges. (This is the principal element where fines might be involved, since not moving forward with these represents a potential business disruption.)
And it's important to mention the reality of FDA and other regulatory audits, which can impose heavy fines on top of lost business and damaged partner relationships.
On a day-to-day level, lacking a DSCSA solution will risk having exceptions bring your business to a crawl. Essentially, a trading partner who isn't compliant with DSCSA will know something's wrong when their transactions fail. or take a great amount of exacting manual work to process. An exception occurs when data doesn't accompany the physical product, or if the data doesn't match the product as delivered. So, if a company cannot deliver or accept EPCIS files properly -- or lacks the means to quickly process and correct them -- their operations will become difficult, and doing business with them will also be difficult.
At core, an exception keeps product from moving, causing it to be quarantined until the mismatch or missing data is resolved. If it can't be resolved, outcomes can include returning the product or even destroying it. This is to ensure that illegitimate or suspect product is consistently removed from the supply chain, and has no chance of harming patients.
Thus, businesses that don't take DSCSA compliance seriously are only going to hurt themselves. Even if there's nothing wrong with the product they're delivering or accepting, there will be no way for them to legitimately transfer or sell it if they can't properly account for it in their data. And, of course, after the deadline, they'll be at risk of regulatory penalties.
Altogether, ignoring exceptions management will be impossible. Those who try are going to have a hard start to 2024 and lose business -- and will need help quickly.
The final DSCSA deadline lands right after Thanksgiving. This is not, to put it lightly, a day, week, or even month (the arriving December) during which you'd want to deal with new shipping problems, as it follows a national holiday and Black Friday, and coincides with Cyber Monday. Besides, at that point, we're already into the Christmas business season, which brings any number of challenges.
So, the rapid coordination needed to introduce new systems at this point in the year may not be easily possible. Even if the key personnel within your business are available, those at your trading partners may not be. This, alongside any Q4 challenges a business may normally face in December, makes December aharsh timeframe for introducing any new systems, let alone ones that are essential to your ability to both legally and practically do business.
Long before then, of course, we'll have seen EPCIS rates reach much higher levels, and businesses -- particularly hospitals and dispensers, which need to layer this change on top of a high-traffic, patient-facing environment -- will have already faced greater pressure from partners to implement DSCSA if they haven't yet done so.
Realistically, then, businesses will face relationship-level and operational challenges long before they'll need to deal with penalties of non-compliance. This means that the deadline can't be dismissed as a single challenge, relegated to its business quarter; successful transactions and the efficient, unobstructed flow of product are going to grow as concerns throughout this year, starting now.
From that view, it's clear that the DSCSA deadline isn't the thing to worry about. Instead, focus on making the DSCSA decisions now to preserve your business relationships, improve your supply chain operations, optimize your budget, and manage your stress levels.