Guest Column | January 6, 2021

6 Things We Need From FDA Before Full 2023 DSCSA Enforcement

By Mike Karhoff and Mark Karhoff, Ten Count Consulting, LLC

The journey to industry compliance with the U.S. Drug Supply Chain Security Act (DSCSA) continues to twist and turn with recent requirements going into effect for distributors and dispenser and subsequent delays on enforcement of some of those requirements until Nov. 27, 2023. While the FDA did well to respond to requests for delays in enforcement, the postponement does not remove the active requirements of the law, and stakeholders should continue to work towards ensuring compliance and documenting their efforts in the event of potential FDA inquires or investigations. It is important to continue working on these systems and communicating with trading partners to mitigate risk and take advantage of the opportunity to stabilize systems, processes, and data.

On Dec. 8-9, 2020, the FDA held a two day virtual public meeting for industry stakeholders to discuss issues and strategies related to enhanced drug distribution security and to learn about the results of the agency’s DSCSA pilot program. The event featured remarks from several CDER leaders, including Acting Director Patricia Cavazzoni, M.D., who emphasized the continued commitment to the implementation of DSCSA as an important law to help secure the U.S. supply chain against previously identified and emerging threats.

Most sectors and stakeholders involved in drug distribution were represented at the event, bringing a wide array of technical and operational perspectives — from established approaches to newer innovations unfolding in the industry. In addition, a significant number of participants from several FDA offices were active listeners in all the sessions, which should help in future efforts and guidance formation.

Throughout the two-day meeting, there was a clear sense of the need for alignment on DSCSA interoperability as we move rapidly towards the complex and less statutorily defined 2023 phase. (We found the Center for Supply Chain Studies [C4SCS] pilot to be informative on a possible path to expanding authentication and credentialling across more stakeholders.) While the FDA meeting format presented a few challenges, it was useful to have a mix of presentations and breakout sessions with a good diversity of sectors involved in each of the breakouts. It was also encouraging to see some participants joining the discussion from the dispenser sector — even more of their insights are needed on the impact of DSCSA on patients and healthcare providers.

Where Do We Go From Here?

The discussions and perspectives in the meeting were often conflicting and sometimes seemed to ignore insights developed over the past years by several industry workgroups. We would like to suggest some concrete actions the FDA can take now to help bring together a complex and diverse number of sectors in advance of 2023 enforcement:

1. Develop a clear timeline to 2023 with industry.

A plan for November 2023 compliance will take several years to develop, implement, and stabilize. In addition, product already in the supply chain may be moving without full chain-of-ownership transaction information or aggregation at the unique identifier (serial number) level. The FDA should look to leverage alignment already happening in the Partnership for DSCSA Governance (PDG) and other forums and address areas that need clarity now. A timeline that highlights needed guidance and outlines the solution development, testing, and ramp up phases would be beneficial. Presumably, there will be a lead group of early adopters, followed by later waves that will implement systems after they have been stabilized. This will minimize a spike in demand on equipment and suppliers in 2023. An applicable comparison can be made to the electronic VRS (verification routing service) systems, which are now in production and have most of the US GTINs (global trade item numbers) loaded. Most of these applications were designed and built between 2016 and 2018, and then piloted during 2019 and 2020, with production ramp-up beginning in 2020. We should expect full 2023 interoperability systems to be larger in scale and complexity, which will mean an even more significant timeline.

2. Solidify requirements for minimal compliance.

There are several areas in which the industry has made significant progress, but clarity from the FDA will be required to facilitate full alignment. These include:

  • Moving all current draft DSCSA guidance to final, utilizing industry feedback
  • Confirming the need for aggregation and inference by all manufacturers and distributors
  • Specifics on acceptable length of time for responding to enhanced tracing and verification (What do “efficiently gather” and “near real time” mean?)
  • Clear expectations on the need to focus on T3 data elements (transaction history, transaction information, and transaction statement) only and the ability for industry to align on future serial status sharing by scenario after 2023 (recalled, stolen, dispensed, etc.)
  • Authorization and credentialing requirements to keep the overall system secure between sometimes indirect but authorized trading partners
  • Any plans for automation of the Form FDA 3911 drug notifications and the ability to integrate, track, manage, and update them
  • The importance of GS1 EPCIS (Electronic Product Code Information Services) and GS1 Lightweight Verification Messaging as foundational and complimentary methods for sharing and aligning data when required to be made available for participants.

Without this clarity on these issues, variations in approaches likely will make interoperability nearly impossible — or at the very least require heavy manual work to facilitate gathering of data in the event needed. We highly recommend engaging with groups like PDG to gain more industry-wide insightful details on these and other related topics.

3. Encourage innovation.

While some organizations will need clear instruction on the foundational methods needed for wide adoption, others should be allowed the flexibility to advance technologies and platforms that may significantly reduce the cost and complexity of data sharing. For example, a manufacturer, distributor, and dispenser that handle a specific product may all agree to participate in one network system that can make data available in a more efficient and centralized way between them. They should be able to avoid exchanging repetitive data if they reach agreement on more efficient alternatives. This approach would allow the industry to freely choose from various solution providers that may partner to build such network systems while also ensuring data can flow through what could be competing network systems.

4. Grandfather transaction history data.

The current ability to rely on manufacturers’ transactional data alone for history sunsets in November 2023. Any product distributed into the supply chain prior to this date may be moving with a transaction statement and lot-level transaction information without the data required for ownership changes after 2023. This could lead some organizations downstream, like dispensers, to determine the product is legally noncompliant with DSCSA and therefore potentially suspect or unsaleable. The FDA should work with industry to understand this issue more deeply and provide clarity in guidance on either an ability to continue distributing this product or an early need for tracing systems.

5. Be flexible regarding exception handling.

It will likely take several years to stabilize the exponential amount of data handling that will be required to fully comply with DSCSA 2023. A shipment of 1,000 saleable units of a product today typically has one electronic file sent with only one line for each product and lot total. In the future, a serialized shipment may have two files, one of which will contain up to several thousand lines for each ownership event to be passed. Manufacturers have already experienced significant challenges in keeping data in sync, even within their own systems. As a result, we should expect it to take several years, at least, for data flow to become dependable — and even longer to achieve the level of precision needed. Any serialized product that arrives at a facility without each line of these large files correctly passed may be held until the issue is resolved. While this may be a best practice when transacting with newer or less-trusted partners, some flexibility should be given when transacting with longstanding and trusted partners. We recommend the FDA work with industry to develop guidance allowing flexibility for the product to move if sufficient assurance can be provided that the risk of suspect product is extremely low.

6. Engage the dispenser community.

While the recent delay in enforcement for dispensers provided much needed relief to ensure their compliance, it also slowed expansion of participation in DSCSA-related activities. The industry’s effort to achieve stakeholder alignment on critical issues will suffer without wider participation from dispensers. Their input is critical to understand the likelihood of adoption and work through areas that may require significant capital investment and adoption of new technologies and equipment. The FDA and the dispenser’s trade groups can help to raise awareness through training and better communication of the expectations for 2023, as well as help develop better requirements for industry governance and standards groups (like PDG and GS1) and solution providers.


The FDA virtual public meeting highlighted a growing need for alignment among stakeholders in the drug supply chain on how best to meet various aspects of DSCSA. We believe 2021 will be a critical year in determining if the industry can agree on how to build an interoperable system that meets the basic requirements for implementation in 2022 and 2023. Collaborative efforts like PDG — along with clear, timely, and well thought-through guidance from the FDA — are critical to avoid further confusion. Without these activities, there will be increased risk of misalignment, which could ultimately make true interoperability impossible and limit the ability to further protect patients.


About the Authors:

MikeMike Karhoff is a supply chain and project management consultant at Ten Count Consulting, LLC. He serves as the DSCSA assessment lead and coordinates a pharma manufacturer best practices forum. Mike has over 25 years of experience in project management, manufacturing quality, and engineering roles. He has a diverse background of project management and process improvement in the pharma, foundry, and automotive industries. You can reach him at or connect with him on LinkedIn.

MarkMark Karhoff is a supply chain consultant and founder of Ten Count Consulting, LLC. He has 25 years of experience in program management, process improvement, supply chain solutions, and blockchain, as well as DSCSA (Drug Supply Chain Security Act) compliance. Mark has served as a contracted pharmaceutical client representative with industry groups such as PDG (Partnership for DSCSA Governance), HDA, GS1, and PDSA to establish standards and build alignment on solutions to meet the unfolding U.S. law. You can reach him at or connect with him on LinkedIn.