EudraVigilance: electronic reporting

  • Email
  • Help

Marketing authorisation holders and sponsors of clinical trials must report and evaluate suspected adverse drug reactions during the development and following the marketing authorisation of medicinal products in the European Economic Area (EEA). Marketing authorisation holders must also electronically submit information on medicinal products authorised in the European Union (EU).

Reporting obligations are defined in the EU the pharmacovigilance legislation and the clinical trials legislation and guidance, and apply to the electronic submission and exchange of:

  • individual case safety reports (ICSRs) and acknowledgement messages in the context of clinical trials;
  • ICSRs and acknowledgement messages for centrally and non-centrally authorised medicinal products;
  • extended EudraVigilance medicinal product report messages (XEVPRMs) and acknowledgements related to information on investigational medicinal products in clinical trials;
  • XEVPRMs and acknowledgements related to information on authorised medicinal products.

On this page

 

Who needs to report what?

Interventional clinical trials

WhoWhatReference
  • Sponsors of clinical trials
  • Marketing authorisation holders
  • National competent authorities
  • Reports of suspected unexpected serious adverse reactions via safety reports (ICSRs/acknowledgements)
  • Directive 2001/20/EC
  • Detailed guidance on the collection, verification and presentation of adverse event/reaction reports arising from clinical trials on medicinal products for human use (CT-3)
  • Sponsors of clinical trials
  • Marketing authorisation holders

 

  • Information on investigational medicinal products via product reports (XEVPRMs/acknowledgements)
  • Detailed guidance on the collection, verification and presentation of adverse event/reaction reports arising from clinical trials on medicinal products for human use (CT-3)

Spontaneous reports and non-interventional clinical trials

WhoWhatReference
  • Marketing authorisation holders
  • National competent authorities

 

  • Reports of suspected serious adverse reactions for authorised medicinal products via safety reports (ICSRs/acknowledgements):
  • suspected serious adverse reactions occurring within
    and outside the EEA
  • suspected non-serious adverse reactions occurring
    within the EEA
  • Marketing authorisation holders
  • Information on authorised medicinal products via product reports (XEVPRMs/acknowledgements)

Back to top

 

Preparing for the electronic transmission of safety reports

EudraVigilance supports the electronic transmission of ICSRs between electronic data interchange (EDI) partners: EMA, national competent authorities (NCAs), marketing authorisation holders (MAHs) and sponsors of clinical trials in the European Economic Area (EEA).

Organisations are required to perform testing before they can initiate the electronic transmission with the EudraVigilance production environment. This is to ensure that their local safety/pharmacovigilance database is compatible with the EudraVigilance system and compliant with messaging format and terminology requirements.

At least one user per organisation should be trained using EudraVigilance, who can subsequently train other in-house staff as necessary. For details on the training offerings see EudraVigilance training and support. Following successful completion of the training, users can register with EudraVigilance.

Type of organisation

Testing applies to organisations that electronically report ICSRs to EudraVigilance for the first time (“new organisations”) or organisations that introduce a major change to their local safety/pharmacovigilance database which might impact the electronic reporting of ICSRs (“major changes”). 

In addition, EMA supports initial testing of software/system solutions by IT vendors and third party service providers (“third party service providers”).

Below is an overview of the steps users should follow for the electronic transmission of ICSRs depending on their type of organisation and technical infrastructure:

 Type of organisation Steps

New organisation using a gateway and a local safety/pharmacovigilance database

  • National competent authorities
  • Marketing authorisation holders
  • Sponsors of clinical trials
Complete steps 1 to 6 (see testing steps below)

New organisation using EVPOST and a local safety/pharmacovigilance database 

  • National competent authorities
  • Marketing authorisation holders
  • Sponsors of clinical trials
Complete steps 1, 4, 5 and 6 (see testing steps below) 

New organisation using EVWEB

  • National competent authorities
  • Marketing authorisation holders
  • Sponsors of clinical trials
Complete step 1 (see testing steps below)

Major change (gateway and/or a local safety/pharmacovigilance database)

  • National competent authorities
  • Marketing authorisation holders
  • Sponsors of clinical trials
Complete steps 4, 5 and 6 (see testing steps below)
Third party service providersComplete steps 1 to 6 (see testing steps below)

 

In order to initiate testing steps 5a and 5b (see below) organisations need to book a testing timeslot by sending an e-mail to qattesting@ema.europa.eu specifying the organisation's name and sender identifier for the Eudravigilance test environment (XCOMP).

The number of timeslots per week is limited and EMA will allocate them on a 'first come, first served' basis. Organisations must complete the testing during their allocated timeslot, otherwise they will have to re-book.

Organisations using software developed by a vendor should check if the vendor has already completed vendor testing for the version and configuration settings in use. If no modifications/customisations are made to the vendor software, organisations should contact qattesting@ema.europa.eu to confirm if step 5a or step 5b can be performed without the need for confirmation by the Agency.

Please consult EudraVigilance change management for testing instructions to prepare for the launch of the new EudraVigilance System.

Use of EudraVigilance test system (XCOMP)

EMA enables EDI partners to register and connect to XCOMP to analyse and test whether their software/IT system is interoperable with EudraVigilance. 

Please note, the Agency accepts no responsibility or liability arising out of or in connection with XCOMP (including but not limited to any direct or consequential loss or damage that might occur to you and/or any other third party).

The Agency aims to minimise disruption caused by technical errors. However, the Agency cannot guarantee that XCOMP will not be interrupted or otherwise affected by such problems. The Agency accepts no responsibility whatsoever with regard to such problems incurred as a result of using the system.

This disclaimer is not intended to limit the liability of the Agency in contravention of any requirements laid down in applicable legislation or to exclude its liability for matters, which may not be excluded under that law.

Eudravigilance testing steps

Step 1: Register with EudraVigilance

To complete the registration of a new organisation for the submission of ICSRs, follow the processes described in EudraVigilance: how to register.

Step 2: Obtain EudraVigilance gateway confirmation

Organisations need to obtain a confirmation to use EudraVigilance gateway. The Agency does not mandate any particular software for the electronic reporting of ICSRs, however the software needs to adhere to the standards as outlined in chapter IV of: 

Step 3: Communication test

This test will assure successful gateway-to-gateway communication. To establish the connection, organisations need to:

  • document their transport choice;
  • exchange profile information;
  • exchange public keys for encryption;
  • test the connection.

Once a successful connection has been established, safety and acknowledgement messages can be transferred between each party in the programme by sending an encrypted safety and acknowledgement message to the EV gateway. Here, it will be decrypted, checked for basic accuracy, then re-encrypted and sent to the ultimate destination.

This test is required between EMA and all organisations connected to the gateway.

Once the communication testing has been completed successfully, EMA will confirm this and the organisation can move on to the next steps of testing.

Step 4: Development and validation testing

EDI partners can carry out their own development and validation testing with XCOMP. Once organisations have completed this test phase, they should notify EMA and other potential EDI partners to move to the XML test phase.

Any deliberate abuse of XCOMP (e.g. by sending a large volume of data, preventing others from testing) will result in the withdrawal of access to the system.

Step 5a: XML test phase for organisations using the E2B(R2) format

Eight sample cases need to be sent as XML files to the receiver identifier specified in the safety message as either EVTEST or EVCTMTEST in XCOMP. This will allow EMA to check if the XML files are correct and comply with the required specifications: syntax, field lengths, minimum information and data coding against ICH E2B (R2) and ICH M1 and M2 standard terminology.

The following zip file contains the 8 sample test cases, perform the following steps:

Depending on the available software it may be necessary to manually set a receiving organisation identifier within the XML files.

The messages need to be loaded into the organisation’s system and then sent back to EVTEST or EVCTMTEST as applicable.

In every case a suspect medicine called ‘Spare drug’ has been included, enabling the organisation to import and process a case for its own medicine. It has ‘Spare MAH’ as the marketing authorisation holder and ‘Spare substance’ as the substance. It is optional to amend any of the fields which are populated in this section, but none of the other drug sections may be changed and no other fields may be added to this medicine. The medicine is not referenced in the narrative.

For cases 1-6, changes in no more than these sections should be necessary:

  • safety report ID (A.1.0.1);
  • receive date (A.1.6b);
  • receipt date (A.1.7b);
  • suspect medicine ‘Spare drug’ and the populated fields within that section.

For cases 7 and 8, there are specific instructions in the sender’s comment field on what follow-up to do. Testers need to send the first versions of these two ICSRs along with the other ICSRs (making the same changes as in cases 1-6), then make the required additional changes and send them again.

If applicable, EMA will confirm the successful completion of the testing via email. The following disclaimer applies:

  • The confirmation provided upon completion of the testing process through the EudraVigilance test system (XCOMP) is for information purposes only, and does not entail any implicit or explicit recommendation or endorsement by the Agency. The EDI partner is restricted from using this confirmation as an endorsement by the Agency.
  • By confirming the completion of the testing process the Agency makes no warranty of any kind, implicit or explicit, including, without limitation, the implied warranty of merchantability, fitness for a particular purpose, non-infringement and data accuracy of the software. The Agency neither represents nor warrants that the operation of the software will be uninterrupted or error-free, or that any defects will be corrected. The Agency does not warrant or make any representations regarding the use of the software or results thereof including but not limited to the correctness accuracy, reliability, or usefulness of the software.

Step 5b: XML test phase for organisations using the E2B(R3) format

Organisations will be able to test the new E2B(R3) format in the XCOMP environment as of 26 June 2017. However, the E2B(R3) format can only be used for reporting to the EudraVigilance production environment once the new EudraVigilance system goes live on 22 November 2017. Until then, organisations implementing a new system need to perform E2B(R2) testing detailed in step 5a.

Eight sample cases need to be sent as XML files to the receiver identifier specified in the safety message as either EVTEST or EVCTMTEST in XCOMP. This will allow EMA to check if the XML files are correct and comply with the required specifications: syntax, field lengths, minimum information and data coding against the applicable standard terminology.

The following zip file contains the 8 sample test cases:

Depending on the available software it may be necessary to manually set a receiving organisation identifier within the XML file.

The messages need to be loaded into the organisation’s system and then sent back to EVTEST or EVCTMTEST, as applicable.

In every case a suspect medicine called ‘Spare drug’ has been included, enabling the organisation to import and process a case for its own medicine. It has ‘Spare MAH’ as the marketing authorisation holder and ‘Spare substance’ as the substance. It is optional to amend any of the fields populated in this section, but none of the other drug sections may be changed and no other fields may be added to this medicine. The medicine is not referenced in the narrative.

For cases 1-6, only changes in these sections should be necessary:

  • safety report ID (C.1.1);
  • receive date (C.1.4);
  • receipt date (C.1.5);
  • suspect medicine ‘Spare drug’ and the populated fields within that section.

For cases 7 and 8, there are specific instructions in the sender’s comment field on what follow-up to do. Testers need to send the first versions of these two ICSRs together with the other ICSRs (making the same changes as in cases 1-6), then make the required additional changes and send them again.

If applicable, EMA will confirm the successful completion of the testing via email. The same disclaimer under point 5a applies.  

Step 6: Production

EDI partners who are in the EDI process with EudraVigilance or using their locally established pharmacovigilance system need to acknowledge that for all legal and regulatory purposes, a safety or acknowledgement message or a message disposition notification (MDN) is just as valid as an equivalent paper document. 

Once all tests are successfully completed, production can start with operational electronic transmission of ICSRs.

EDI partners must communicate major technical changes immediately in writing to EMA. Major technical changes may require re-testing as described above.

 

Back to top

 

Preparing for the electronic exchange of product reports

Step 1: Register with EudraVigilance

To complete the registration of a new marketing authorisation holder (MAH) and/or sponsor organisation for the submission of XEVPRMs in the new XEVPRM community, organisations should follow the processes described in: EudraVigilance: How to register.

Organisations who wish to use a local gateway can perform transmission testing and load XEVPRMs using the XCOMP environment. MAHs/sponsor organisations wishing to use EVWEB for XEVPRM submissions can skip to step 5.

Step 2: Obtain EudraVigilance gateway certification

Organisations need to obtain a certification to use the EudraVigilance gateway. EMA does not mandate any particular software for the electronic reporting of XEVPRMs, however, the software needs to adhere to the standards outlined in chapter IV of:

Step 3: Communication test

This test will assure successful gateway-to-gateway communication. To establish the connection, organisations need to:

  • document their transport choice;
  • exchange profile information;
  • exchange public keys for encryption,
  • test the connection.

Once a successful connection has been established, safety and acknowledgement messages can be transferred between each party in the programme by sending an encrypted safety and acknowledgement message to the EudraVigilance gateway. Here, it will be decrypted, checked for basic accuracy, then re-encrypted and sent to the ultimate destination.

This test is required between EMA and all organisations except national competent authorities (NCAs) – the EudraVigilance gateway already links to all NCAs in the EEA.

Once the communication testing has been completed successfully, EMA will certify this and the organisation can move on to the next stages of testing.

Step 4: Development and validation tests

Electronic data interchange (EDI) partners carry out their own development and validation testing with the external compliance testing environment (XCOMP).

This step is required to test the data exchange between EMA and the MAH/sponsor organisation. Other EDI partners may follow the same step.

Step 5: Production

EDI partners who are either in the EDI process with EMA or using their locally established pharmacovigilance system need to acknowledge that for all legal and regulatory purposes, a product or acknowledgement message or a message disposition notification (MDN) is just as valid as an equivalent paper document.

Once all tests are successfully completed by gateway users, production can start with operational electronic transmission of medicinal product messages.

Major technical changes must be communicated immediately in writing between the electronic data interchange partners. Major technical changes may require both test phases to be re-initiated.

 

Back to top

 

What to do in case of system failure

Organisations should make sure that adequate business continuity processes and back-up systems are in place to deal with system failures in line with the recommendations given in good pharmacovigilance practices (GVP) Module I.B.11.3. 'Critical pharmacovigilance processes and business continuity'. This will ensure that any system failures can be resolved within a short period of time and reporting compliance is maintained.

The process to follow in case of system failure will change with the implementation of simplified reporting. The following sections explain what users need to do during the transition period and after.

Transitional procedures until the implementation of simplified reporting 

If electronic reporting of ICSRs is not possible within the expected reporting timelines due to mechanical, software, electronic or communication failures, alternative procedures should be followed:

If a system failure affects an organisation’s expected electronic reporting of ICSRs to one or more national competent authorities, NCAs also need to be informed.

To facilitate communication during a system failure, the forms listed below should be used. The numbering of the forms is not always consecutive as some are used internally by EMA or in case of additional information requests.

Procedure to follow after the implementation of simplified reporting 

The move to simplified electronic reporting of ADRs directly into the EudraVigilance database means that EMA no longer supports the submission of CIOMS I forms via fax or post and these options should not feature in business continuity processes.

In case of a gateway failure at the sender’s side, if the organisation is able to generate valid safety message(s) these can be submitted via physical media (CD-ROM or DVD). Eudralink account can also be used to send files securely.

The acknowledgement messages for the cases received on physical media will be returned via the EudraVigilance gateway. Since no ICSR-MDN will be generated in this process, the date of despatch of the report on physical media will be sufficient to prove regulatory compliance. 

Before initiating this procedure users should contact the EMA IT Service Desk (Tel. +44 (0)20 3660 7523) to inform them of this issue and of the expected timeframe for its resolution. 

Failure of message receipt by the Eudravigilance gateway at the level of the EMA

In the event of prolonged unavailability of the EudraVigilance gateway, including the EV-Post function, which could affect the sender’s ability to meet regulatory reporting timeframes, the report sender can send the ICH E2B(R3) safety messages to EMA when the gateway becomes available again. Reports submitted within two EMA business days of the gateway being made available again will have their reporting compliance calculated against the first day of system failure. 

EMA will provide the official dates of when the EudraVigilance gateway was unavailable.

Failure of the EudraVigilance web application

In the event of prolonged unavailability of the EudraVigilance web application during EMA business hours which could affect the sender's ability to meet regulatory reporting timeframes, the report sender should send the safety messages to  EMA when the web application becomes available again. These reports will be excluded from reporting compliance monitoring as long as they are submitted within two EMA business days of the EudraVigilance web application becoming available again.

Procedure to follow during the planned downtime of EudraVigilance in November 2017

EMA will shortly publish additional guidance explaining what users need to do for reports to be submitted to EMA and NCAs during the planned downtime of EudraVigilance in November 2017.

Back to top

 

 

 

 

 

How helpful is this page?

Average rating:

 Based on 22 ratings

Add your rating:

See all ratings
11 ratings
3 ratings
2 ratings
2 ratings
4 ratings
    

Tell us more

Related content

Related documents

Related EU legislation