Join us now

Manufacturing Traceability Compliance Guide: FDA, EU, ISO Standards

Navigate manufacturing traceability regulations with confidence. Complete guide to FDA serialization, EU MDR, ISO 22005, and GS1 compliance requirements.

Guides
7 min read
By Laurent Schaffner
Updated December 28, 2025

Manufacturing traceability regulations are complex and constantly evolving. Non-compliance can result in massive fines, product recalls, and market access restrictions.

This guide breaks down the key regulations affecting manufacturers globally and provides practical compliance strategies that actually work in real-world operations.

FDA serialization requirements (Pharmaceutical)

The FDA's Drug Supply Chain Security Act (DSCSA) requires comprehensive pharmaceutical traceability by 2023, with enhanced requirements through 2027.

Core requirements

Serialization mandate:

  • Unique serial numbers on all prescription drug packages
  • Lot-level tracking through the supply chain
  • Electronic transaction records and statements
  • Product verification capabilities

Timeline and phases:

  • 2023: Enhanced drug distribution security
  • 2024: Verification system interoperability
  • 2027: Electronic, interoperable traceability system

Technology compliance options

QR codes for DSCSA:

  • ✅ Support GS1 DataMatrix and QR code standards
  • ✅ Cost-effective for generic manufacturers
  • ✅ Consumer verification through smartphones
  • ✅ Flexible encoding for complex requirements
  • ❌ Sequential scanning requirements

RFID for DSCSA:

  • ✅ Bulk reading for high-volume operations
  • ✅ Integration with automated pharmacy systems
  • ❌ High implementation costs
  • ❌ Limited consumer accessibility

Practical compliance strategy

Phase 1: Basic serialization

  1. Implement GS1-compliant product identifiers
  2. Deploy printing and verification systems
  3. Establish data capture and storage
  4. Connect to existing ERP systems

Phase 2: Enhanced tracking

  1. Integrate with trading partner systems
  2. Implement verification workflows
  3. Establish suspect product procedures
  4. Enable electronic transaction records

Phase 3: Interoperability

  1. Connect to industry-wide verification systems
  2. Implement real-time data sharing
  3. Establish automated compliance reporting
  4. Enable advanced analytics and monitoring

EU Medical Device Regulation (MDR)

The EU MDR requires comprehensive traceability for medical devices sold in European markets, with full implementation since May 2021.

Unique Device Identification (UDI) requirements

UDI system components:

  • Device identifier (DI): Manufacturer-specific device identifier
  • Production identifier (PI): Batch, serial number, expiration date
  • UDI carrier: Human-readable and automatic identification method

Database requirements:

  • European Database on Medical Devices (EUDAMED) registration
  • Comprehensive device and manufacturer information
  • Real-time updates for device changes
  • Economic operator compliance data

Implementation approaches

QR code UDI implementation:

  • Lower implementation costs for small to medium manufacturers
  • Easier integration with cloud-based UDI databases
  • Consumer and healthcare professional accessibility
  • Flexible encoding for complex device hierarchies

RFID UDI implementation:

  • Automated reading in healthcare settings
  • Integration with hospital inventory systems
  • Higher implementation costs but operational efficiency
  • Limited consumer accessibility for verification

Compliance checklist

Manufacturer requirements:

  • UDI assignment to all applicable devices
  • UDI carrier application and verification
  • EUDAMED database registration
  • Post-market surveillance data collection
  • Periodic safety update reports

Economic operator requirements:

  • UDI verification and documentation
  • Economic operator registration
  • Device availability and distribution tracking
  • Adverse event reporting procedures

ISO 22005 food traceability

ISO 22005 provides international standards for food traceability system design and implementation.

Core principles

Traceability system elements:

  • Traceability plan: Documented procedures and responsibilities
  • Prerequisite programs: Basic hygiene and safety requirements
  • Product identification: Clear and unique product identification
  • Data collection: Systematic information gathering
  • Record keeping: Comprehensive documentation systems

Technology implementation

QR code advantages for food traceability:

  • Consumer transparency and engagement
  • Rapid recall response capabilities
  • Integration with farm-to-fork tracking
  • Support for complex supply chain networks

Implementation framework:

  1. Identify critical tracking events (CTEs)

    • Receiving raw materials
    • Processing and transformation
    • Packaging and labeling
    • Storage and handling
    • Shipping and distribution

  2. Define critical tracking data (CTD)

    • Product identifiers and descriptions
    • Quantity and measurement data
    • Date and time stamps
    • Location and facility information
    • Supplier and customer details

  3. Establish data capture procedures

    • Automatic identification technologies
    • Manual data entry protocols
    • Verification and validation procedures
    • Error handling and correction processes

Recall management compliance

Rapid response requirements:

  • Product identification within 4 hours
  • Supplier notification within 24 hours
  • Customer communication within 48 hours
  • Regulatory reporting as required

Documentation requirements:

  • Complete product genealogy
  • Supply chain partner information
  • Processing and handling records
  • Distribution and customer data

GS1 global standards

GS1 provides worldwide standards for product identification and data sharing across industries.

Key standards for manufacturing

GTIN (Global Trade Item Number):

  • Unique identification for products and services
  • Supports multiple levels of packaging hierarchy
  • Enables global supply chain interoperability
  • Required for most retail and healthcare applications

GLN (Global Location Number):

  • Unique identification for physical locations
  • Supports supply chain mapping and verification
  • Enables automated trading partner identification
  • Required for EDI and electronic commerce

SSCC (Serial Shipping Container Code):

  • Unique identification for logistics units
  • Supports automated shipping and receiving
  • Enables supply chain visibility and tracking
  • Required for efficient logistics operations

Implementation best practices

QR code GS1 implementation:

JavaScript 
QR Code Contents:
(01)12345678901234  // GTIN
(17)251231          // Expiration Date  
(10)ABC123          // Batch/Lot
(21)54321          // Serial Number

Benefits of GS1 compliance:

  • Global supply chain interoperability
  • Reduced trading partner integration costs
  • Automated data capture and processing
  • Enhanced supply chain visibility

Implementation steps:

  1. Obtain GS1 company prefix
  2. Design numbering scheme
  3. Implement data capture systems
  4. Test with trading partners
  5. Deploy across supply chain

Industry-specific compliance strategies

Pharmaceutical manufacturing

Regulatory landscape:

  • FDA DSCSA (US)
  • EU FMD (Falsified Medicines Directive)
  • Health Canada regulations
  • Global harmonization initiatives

Technology recommendations:

  • QR codes for consumer engagement and cost-effectiveness
  • Cloud-based serialization platforms for scalability
  • Integration with existing quality systems
  • Automated compliance reporting capabilities

Food and beverage manufacturing

Regulatory requirements:

  • FDA Food Safety Modernization Act (FSMA)
  • EU General Food Law
  • ISO 22005 traceability standards
  • Country-specific labeling requirements

Technology recommendations:

  • QR codes for consumer transparency
  • Integration with supplier data systems
  • Rapid recall response capabilities
  • Supply chain visibility platforms

Medical device manufacturing

Regulatory framework:

  • EU MDR/IVDR
  • FDA UDI requirements
  • ISO 13485 quality management
  • Global harmonization task force guidelines

Technology recommendations:

  • UDI-compliant identification systems
  • Integration with quality management systems
  • Real-time compliance monitoring
  • Automated regulatory reporting

Audit and inspection preparation

Documentation requirements

System documentation:

  • Traceability system validation protocols
  • Standard operating procedures
  • Training records and competency assessments
  • Change control procedures

Operational records:

  • Product genealogy and batch records
  • Supplier qualification documentation
  • Customer notification procedures
  • Corrective action and preventive action (CAPA) records

Common inspection findings

Data integrity issues:

  • Incomplete or inaccurate records
  • Lack of electronic signature controls
  • Inadequate audit trail maintenance
  • Missing validation documentation

System capability gaps:

  • Insufficient traceability scope
  • Poor integration between systems
  • Inadequate recall procedures
  • Missing performance monitoring

Inspection readiness checklist

30 days before inspection:

  • Review and update all documentation
  • Conduct internal audit and gap analysis
  • Train inspection team on procedures
  • Prepare demonstration scenarios

During inspection:

  • Provide clear system demonstrations
  • Show real-world traceability examples
  • Document any inspector feedback
  • Commit to follow-up actions with timelines

Future regulatory trends

Enhanced serialization requirements

Track and trace expansion:

  • More industries adopting serialization
  • Increased granularity requirements
  • Real-time verification mandates
  • Global interoperability standards

Technology evolution:

  • Blockchain integration for verification
  • AI-powered anomaly detection
  • IoT sensors for environmental monitoring
  • Advanced analytics for risk prediction

Global harmonization efforts

International cooperation:

  • Standardized identification formats
  • Mutual recognition agreements
  • Harmonized inspection procedures
  • Shared compliance databases

Industry initiatives:

  • Cross-industry learning and collaboration
  • Best practice sharing platforms
  • Technology standardization efforts
  • Regulatory advocacy and engagement

Frequently asked questions

What happens if we don't comply with traceability regulations?

Non-compliance can result in warning letters, fines, product seizures, import bans, and criminal prosecution. Recent FDA fines have exceeded $1M for serious violations. Prevention through proper implementation is far less expensive than remediation.

How do we choose between QR codes and RFID for compliance?

Both technologies can meet regulatory requirements. QR codes offer lower costs and consumer engagement, while RFID provides automation benefits. Consider your operational needs, budget, and long-term strategy when selecting technology.

What documentation do regulators expect to see?

Regulators expect comprehensive validation documentation, standard operating procedures, training records, and evidence of system effectiveness. Focus on demonstrating that your system reliably achieves its intended traceability objectives.

How often do compliance requirements change?

Regulations evolve continuously. Subscribe to regulatory updates, participate in industry associations, and maintain relationships with regulatory consultants to stay informed of changes that might affect your operations.

Can we use existing ERP systems for compliance?

Existing ERP systems often need enhancement to meet specific traceability requirements. Assess current capabilities against regulatory requirements and plan for necessary upgrades or integrations with specialized traceability platforms.

What training is required for compliance?

Training requirements vary by regulation but typically include system operation, data integrity, record keeping, and emergency procedures. Document all training and maintain competency assessments to demonstrate ongoing compliance.

Regulatory compliance in manufacturing traceability requires ongoing attention, investment, and adaptation. Success comes from understanding requirements clearly, implementing robust systems, maintaining comprehensive documentation, and staying ahead of regulatory evolution.

Focus on building systems that exceed current requirements and can adapt to future changes. This approach provides compliance confidence while supporting business objectives and operational excellence.

About the Author

LS

Laurent Schaffner

Founder & Engineer at Linkbreakers

Passionate about building tools that help businesses track and optimize their digital marketing efforts. Laurent founded Linkbreakers to make QR code analytics accessible and actionable for companies of all sizes.

Related Articles

Advanced contact card strategies for business networking

Leverage contact card analytics, automation, and integration features to transform networking from chance encounters into systematic relationship building

Can ChatGPT generate QR codes?

ChatGPT cannot directly generate QR codes but can provide instructions and recommend tools. Learn about AI limitations and QR code generation alternatives.

How to scan a QR code from a screenshot?

Scan QR codes from screenshots using built-in phone features, Google Lens, or dedicated apps. Works on iPhone, Android, and desktop computers.

Back to Help Center