A New Era in EU Pharmacovigilance: Changes and Our PharmaBASE Updates
Dear Clients and Industry Partners,
Significant updates have been made to the European Union’s pharmacovigilance regulations, which have guided the operations of our industry for over a decade. The Commission Implementing Regulation (EU) 2025/1466, published on July 22, 2025, brings a revision that does not repeal the old Commission Implementing Regulation (EU) No 520/2012 but rather improves, updates, and adds to its existing articles.
As a Contracted Pharmacovigilance Service Organization (CRO), we are acutely aware of how these changes will impact both our operational processes and yours. We are fully prepared to meet these new requirements to ensure your continued regulatory compliance in international markets. We are revising our PharmaBASE PBRER Management Module in light of these updates.
Here is a meticulous review of Regulation (EU) 2025/1466. We have prepared a detailed comparison of the most significant changes, highlighting their importance to your operations:
Detailed Comparison: Old vs. New Regulation
| Old Regulation (EU) No 520/2012 | New Regulation (EU) 2025/1466 | Change and Explanation |
| PSMF Content:
The marketing authorisation holder’s organisational structure must include the sites where specific pharmacovigilance activities, including “risk management plan management,” are undertaken. |
The organisational structure must now list the sites where the “preparation, implementation and maintenance of a risk management plan” activities are undertaken. | The definition of the activity has been expanded to cover the entire lifecycle of the risk management plan, not just its “management.” |
| PSMF Deviations:
Any deviation from the pharmacovigilance procedures, along with their impact and management, shall be documented. |
Only “major or critical deviations,” their impact, and their management shall be documented in the PSMF. | This change aims to reduce the administrative burden on competent authorities. Only the most significant deviations will need to be tracked. |
| Subcontracting:
A marketing authorisation holder may subcontract certain pharmacovigilance activities and must keep a list of these subcontracts. |
Two new paragraphs (3 and 4) have been added to Article 6. Contracts must now include a clear description of roles and responsibilities, safety data exchange, audit arrangements, and third parties’ consent to audits. Third parties are also prohibited from subcontracting an assigned task without the marketing authorisation holder’s written consent. | This establishes clear transparency and accountability for subcontracting activities. |
| Marketing Authorisation Holder Audits:
The quality system must be audited on a risk-based basis at regular intervals. |
Audits, while still risk-based and conducted at regular intervals, must now cover all pharmacovigilance activities . Third parties carrying out outsourced tasks may also be audited, even if this is not specified in the contract. | The scope of audits has been defined in more detail, and the audit obligation for subcontractors has been reinforced. |
| Competent Authority Audits:
National competent authorities and the Agency must perform quality system audits at regular intervals according to a common methodology. |
Audits performed by national competent authorities and the Agency, while still following a common methodology, must now cover a defined period and verify the conformity of the relevant activities with quality policies. | The scope of audits conducted by the competent authorities has been more clearly defined. |
| Eudravigilance Monitoring:
Marketing authorisation holders must monitor the data in the Eudravigilance database to the extent that they have access to it. |
Marketing authorisation holders must use the data available in the Eudravigilance database together with data from other available sources. | Data monitoring now requires a more holistic approach. |
| Signal Definition:
Only signals related to an “adverse reaction” are considered. |
Only signals related to a “suspected adverse reaction” are considered.. | A small but important terminological change has been made. |
| Signal Management (Article 21):
Article 21(2) provides a definition of signal validation. |
Article 21(2) has been completely deleted. | The definition of signal validation has been removed from the text, and the rules regarding signal management have been updated. |
| Signal Validation:
A “validated signal” that requires further analysis must be confirmed as soon as possible and no later than 30 days. |
A “signal validated by a national competent authority or the Agency” that requires further analysis must be confirmed as soon as possible and no later than 30 days. | This clarifies who is responsible for validating the signal, specifying the authority and responsibilities. |
| Signal Detection:
“Without prejudice to paragraphs 2 and 3, national competent authorities and the Agency shall validate and confirm any signal that they have detected during their continuous monitoring.” |
“Without prejudice to paragraph 3, national competent authorities and the Agency shall validate and confirm any signal that they have detected during their continuous monitoring.” | The reference to paragraph 2 has been removed due to its deletion. The fundamental obligation remains unchanged. |
| Eudravigilance database support:
The Agency shall ensure appropriate support for the monitoring of the database by marketing authorisation holders. |
The Agency shall ensure appropriate support for the use of the database by marketing authorisation holders. | The scope of support has been expanded from just “monitoring” to the overall “use” of the database. |
| Terminology and Standards: The XEVPRM format is mandatory for pharmacovigilance.
ISO standards from 2012 versions are used. |
XEVPRM or another agreed format may also be used.
Terminology Standards: ISO standards have been updated to more recent versions from 2017, 2018, and 2023. |
The mandatory use of XEVPRM has been removed, providing flexibility for alternative formats.
The pharmacovigilance system is brought into alignment with the latest international standards. |
| ICSR:
In the case of expedited reporting, “at least an identifiable reporter, an identifiable patient, one suspected adverse reaction…” are required. For literature references, “Vancouver style” and a comprehensive English summary are requested. The phrase “past-medical drug therapy” is used. |
In general “reporting,” “at least one identifiable reporter, one identifiable patient, at least one suspected adverse reaction…” is required. For literature references, a digital object identifier (DOI), if available, is also requested. The phrase “past medical treatment” is used. | The minimum reporting requirement now applies to all ICSRs. The DOI requirement enhances report tracking. The phrase regarding the patient’s history has been updated. |
| PSUR:
The report shall contain the results of assessments of the effectiveness of risk minimisation activities. |
The report shall contain updates on the implementation of the risk minimisation measures and the results of assessments of their effectiveness. | The content of PSURs now mandates reporting on the implementation phase of risk management, not just the assessment of its effectiveness. |
| PASS: The study protocol, abstract, and final report must be submitted. | The study protocol, abstract, and final report must now be entered into the electronic study register maintained by the Agency. | Post-authorisation safety studies will be tracked in a more transparent and centralized manner. |
A special note: We want to highlight the change concerning Periodic Safety Update Reports (PSURs). The new regulation requires PSURs to contain not only the assessment of the effectiveness of risk minimisation activities but also “updates on the implementation of those measures.”
To address this critical requirement, we are currently updating our PharmaBASE PBRER Management Module to meet the new regulations, thereby fulfilling our responsibilities through updated templates. Our module allows you to easily integrate this information and ensures your PSURs are fully compliant with the new regulation.
These changes aim to transform the European pharmacovigilance system into a more robust, transparent, and technologically integrated structure. As a CRO, we understand how critical it is to adapt to these new rules and manage your obligations with the utmost accuracy. For any questions or further information, please do not hesitate to contact us.
Sincerely,
Your Contracted Pharmacovigilance Service Organization
PharmaSoft
This article was generated with the assistance of AI technology and finalized by PharmaSoft’s expert team to ensure accuracy and compliance with current regulations.
