DSCSA: Historic Change To Commerce

Back in 2010 I posted an RxTrace essay called “California Pedigree Law:  Historic Change To Commerce” that pointed out the significant change that was then scheduled to occur once the California law was to go into full effect in 2016.  Of course, that state law was preempted by the Drug Supply Chain Security Act (DSCSA) back in 2013 so we never actually experience that change.  But what about the DSCSA?  Will it change the way commerce happens in a historic way?  Let’s take a look.

Back then, the point I was making was that, for the first time, once that now obsolete California law was to go into effect:

“…the value of a legitimate pharmaceutical in the supply chain in California [would] be determined by the combination of the physical condition of the product and its package, and the seller’s ability to provide the buyer with an electronic pedigree.

If you didn’t have a valid pedigree for a given drug package in your inventory, that package would have had no value whatsoever.  It would have had no value because no one would be willing to buy it, because they wouldn’t be able to comply with the law since the pedigree would have been broken.  So under the fully operational California Pedigree Law, the value of a drug product was going to be determined by your ability to provide your customer with an electronic certified chain of ownership pedigree back to the original manufacturer.


The DSCSA is not a pedigree law, which means, you don’t have to provide your customer with a certified chain of ownership pedigree back to the original manufacturer.  Instead, from November 2015 until November 2023, trading partners in the supply chain must provide their customers with something the DSCSA calls “Transaction History” (TH), which contains the “Transaction Information” (TI) for each change of ownership back to the original manufacturer (see “DSCSA: Transaction Information” and “DSCSA: Transaction History”). 

The distinction between a “California pedigree” and a “DSCSA TH” is small but significant.  California was going to require each trading partner in the ePedigree to “sign” someone’s name to their part of the history, certifying to its accuracy.  Under the DSCSA, there are no signatures.  Each party providing TI and TH must also provide a “Transaction Statement”, which is an unsigned statement attesting to the accuracy of the information supplied in the TI and TH (see “DSCSA: Transaction Statement”). 

The attestations contained in DSCSA Transaction Statements do not get accumulated like they would have been in a California ePedigree.  Instead, each recipient must simply keep those they receive and those they send for a period of six years and be ready to provide them to an authorized government inspector when requested during that time (see “DSCSA: A Closer Look At The Six-Year Record-Keeping Requirement”).  By providing these documents to a government inspector upon request, you are, in effect, “signing” them.


Starting on November 27, 2023, companies in the supply chain no longer must provide their customers with the TH.  But instead, every member of the supply chain is obligated by the DSCSA to exchange the TI and TS “…in a secure,  interoperable, electronic manner in accordance with the standards established under the guidance issued [by the FDA]” (see “EDDS: The New Data Exchange Requirements”).  This is the start of what the DSCSA calls, the Enhanced Drug Distribution Security (EDDS) phase.  Presumably, the secure, interoperable, electronic system that the FDA establishes through guidance will include some way of promptly facilitating the gathering of the information necessary to produce the TIs for every change of ownership back to the original manufacturer, because that’s what must happen whenever an authorized government inspector requests it for a given drug package.

Also in 2023, all TIs must include the serial numbers of the drug packages included in each shipment.  That means they won’t be encoded and transmitted within Electronic Data Interchange (EDI) 856 Advance Shipment Notices (ASNs).  They will presumably need to be formatted and sent inside of GS1 Electronic Product Code Information Services (EPCIS) events (see “DSCSA: Interoperable Data Exchange In 2023”).

How is all that going to happen in the next 4 ½ years?  Obviously the FDA has a much bigger role to play than they have up to this point in the industry response to the DSCSA pre-2023 requirements.  But the industry also needs to work closely with the FDA to help them define workable and implementable guidance, as required by the DSCSA.  That’s the whole point of the work the Pharmaceutical Distribution Security Alliance (PDSA) has been doing recently (see “PDSA Brainstorms Vision For DSCSA Governance Organization With Stakeholders” and “PDSA’s Proposal for Governance of DSCSA Phase II Interoperability”).

In the end, companies in the supply chain will find that the value of their inventory after November 2023 will depend on their ability to provide their customers with valid serialized TI and TS, and the ability of their customers to promptly facilitate the gathering of information necessary to produce the TIs for every change of ownership back to the original manufacturer, based on the unique Standardized Numerical Identifier (SNI) on each unit in their shipments (see “FDA Aligns with GS1 SGTIN For SNDC”). 

In my view, this is just as historic as the change to commerce the California Pedigree Law was going to impose.  Companies need to take it seriously now, or risk going out of business in 2023.  That’s right, you won’t be able to stay in business unless your customers can meet their DSCSA obligations for the products they purchase from you.  Yes, that’s true today, but after November 27, 2023, it will get a whole lot harder.