DSCSA: Recent Timeline
- May 27, 2025: Final enforcement begins. After an 18-month “stabilization” grace period, the FDA officially started enforcing DSCSA’s full suite of final requirements—including mandatory electronic, serialized exchange of transaction information, history, and statements (T3) via EPCIS—marking the end of the informal compliance deadline from November 2023.
- Staggered extension deadlines via FDA exemptions: In October 2024, the FDA issued phased deadlines for remaining trading partners relying on stabilization exemptions:
- Manufacturers and repackagers had until May 27, 2025
- Wholesale distributors until Aug. 27, 2025
- Dispensers with 26+ staff until Nov. 27, 2025, while smaller dispensers enjoy relief until Nov. 27, 2026
- Scheduled FDA town halls on DSCSA phaseouts. The last one is set for Sept. 24, 2025
Enforcement of the Drug Supply Chain Security Act—otherwise known as DSCSA—is currently in full swing.
After the FDA ruled that it would enact phased deadlines for compliance this year, manufacturers and repackagers have had to implement interoperable data exchange, along with package-level traceability by the May 27 deadline. Meanwhile, wholesalers have until Aug. 27 to meet the deadline for serialized data sharing and verification system compliance. These represent the immediate deadlines, as compliance dates for dispensers with 26 or more full-time employees and those with less than that have until Nov. 27, 2025, and Nov. 27, 2026, respectively.
Michael Rowe, Two Labs’ senior director of DSCSA/serialization compliance services, sat down with Pharma Commerce to discuss a wide range of topics, from the Healthcare Distribution Alliance’s (HDA) Distribution Management Conference coverage of this piece of legislation, the industry’s overall readiness for the DSCSA to take full effect, and much more.
PC: What were your overall thoughts on this year’s HDA Distribution Management Conference?
Rowe: The HDA Distribution Management Conference is a pretty wide-ranging conference in that it covers a lot of topics in the pharmaceutical supply chain. In particular, I’ll probably talk and comment more around the different conversations and roundtables that were happening around the DSCSA.
There was a whole series of presentations and roundtables, where it was focused just on the DSCSA, given its prominence and its impact on the pharmaceutical supply chain.
Overall, the conference went well. Definitely new things that were being discussed, but also some familiar topics that we’ve talked a lot about in years past. I think the biggest highlight for me was more regulatory engagement from both the FDA and the state regulator side.
PC: Where do you believe the industry stands in terms of DSCSA readiness?
Rowe: The mood and sentiment from the conference this year was a little bit different in that most were saying that they were exchanging data at a much higher rate. Most of the distributors and manufacturers were saying, “we’re fully connected with most, if not all, of our customers, and that data is actually moving,” so the pipes have been made. Data is moving through the pipes. Generally, the sense is that—not a formal survey—the success rate seems to be around 90% to 95%, so it’s not only that data is moving, but it’s moving at a much higher quality than what we saw this time last year.
The amount of improvement has been tremendous. I think the conference was less of an implicit plea to regulators that we need more time; we’re going to be pitching for this delay. I think the sentiment was, we’ve got the delays that we needed. We have this phased exemption period moving throughout 2025, it’s how do we now deal with the upcoming deadline. A 90% to 95% success rate is good on paper. When I was in school, that would have gotten you an A or an A-minus. That sounds pretty good.
When you put that in terms of the volumes in which we’re dealing with in the US pharmaceutical supply chain, on a daily basis, that could mean tens of thousands of product potentially getting quarantined, and so there is still concern around the speed in which exceptions can get handled and fixed. That was a big part of the conversation at the conference as well—exception handling. It has been for years. I think it will continue to be the hot topic in our industry. I think there’s acknowledgement that we’re never going to get to 100%, but when an issue comes up, how do we quickly resolve it?
PC: Could you detail some of the supply chain disruptions that stakeholders are reporting?
Rowe: There’s a couple different things, DSCSA-related or not. I think, generally, master data management seems to be the Achilles’ heel of the industry. If you have improper master data management, it can cause the system to fail. I think we’ve seen a lot of challenges with GLNs—the global location numbers—where GS1 and the industry have tried to do the best they could to go through what’s called an enumeration project to create GLNs for people.
But now what’s happening is you’ve got different dispensers or pharmacies with three or four different GLNs. Their group purchasing organization made one for them, their wholesaler made one for them. GS1 made one for them. Now it’s like, “Hey, we’re trying to connect. I don’t even know what’s the right GLN,” and that’s causing challenges.
I think master data management is huge. And just the flexibility of the serialization systems in general. When you think about exception handling, in many cases, that requires either re-triggering a file or maybe sending what’s called a supplemental file. The serialization systems have been generally somewhat inflexible, and there’s been a lack of standards, as to how exceptions would be fixed.
Just right before the conference, GS1 actually published an exception handling standards guide that’s like 400 pages. It’s coming in here right at the tail end of implementation. I think there’s going to be some bumps in the road as the serialization vendors look to adopt and standardize some of those exception handling tools. The other big disruption that was a hot topic during the conference as well was that the change in the national drug code (NDC). The NDC 12 is coming. This is all non-official, but the rumors that are circulating is that the agency might finalize that proposed rule sometime this year, where the NDC-10 will move to an NDC-12 over the next five to seven years, and that will have a major impact across the entire pharmaceutical supply chain, from manufacturing, distribution, dispensing, reimbursement, and government price reporting.
It will impact dispensing, payment, and distribution processes across the entire industry, and it breaks some of the logic that we’ve built on the DSCSA side on embedding a lot of information to the 2D barcode. This is going to be a major disruption to the industry, kind of like what we dealt with serialization, with new barcodes, new labeling. The same thing’s going to happen with the new NDC-12, but it’s now not just impacting the packaging and the distribution—it’s going to impact how people get paid and the dispensing of product.
PC: What topics are at the top of the agenda for Two Labs?
Rowe: I think the major dynamic that’s going on in the short term is the increased engagement from the FDA in doing DSCSA inspections, as well as state regulators, and how they’re starting to engage in DSCSA, is really giving a lot of clients pause to say, “We set up these DSCSA SOPs a couple of years ago. Have we updated them appropriately? What’re the growing trends? Can we actually execute on these SOPs that we built?”
I think the biggest thing that we heard at the conference, and is resonating with a lot of our clients—as well as prospective clients—is we kind of did almost a copy-paste. Not that we have done copy-paste projects with our clients, but rather, we’ve had clients where we’ve inherited SOPs that have been kind of a copy-paste job, where it just outlines what the law is, but it doesn’t really share in detail how you actually document your process, how you prove to a regulator that you’re following it.
I think there’re a lot of folks taking a pause and saying, “Okay, we feel like we’ve got all the data infrastructure in place, how do we actually document what we’re doing?” Right now, the hot topic in the industry is SOPs, because as state regulators engage, as FDA engages, they’re asking and they’re saying, “Prove to me that you can do a verification within one day. How many verifications have you been doing? Can you share documentation with me? Is your serialization system validated?”
When you do a verification, you’re using your serialization database. How do you know that that’s an accurate database?
I think a lot of companies are going to be going back and saying, “Alright, we’ve been in a rush-build mode. How do we maintain this?”
