Back to Resources

Blog

EU Regulation 2025/1466 and the PSMF: Deviations, Outsourcing, and Governance

Regulatory ComplianceJuly 2026

Learn how EU Regulation 2025/1466 affects PSMF expectations for major and critical deviations, outsourcing oversight, subcontractor governance, and inspection readiness.

EU Regulation 2025/1466 and the PSMF: Deviations, Outsourcing, and Governance

In Many Organizations, PSMFs Have Accumulated More Than They Needed To

PSMFs have historically included a broad range of deviation records, operational updates, and oversight documentation.

The challenge was not a lack of information.

The challenge was identifying what truly mattered.

Commission Implementing Regulation (EU) 2025/1466 changes that approach. Rather than simply expanding PSMF documentation requirements, the regulation introduces more focused expectations for deviation documentation and outsourcing governance. It places greater emphasis on significant pharmacovigilance deviations, stronger oversight of outsourced activities, and clearer accountability across increasingly complex vendor networks.

For MAHs, this is not simply a documentation change.

It is a governance change.

The focus shifts from recording everything to demonstrating control over what matters most.

Key Takeaway: Regulation (EU) 2025/1466 narrows PSMF deviation documentation to major and critical deviations from pharmacovigilance procedures while strengthening expectations around outsourcing oversight, subcontractor visibility, and risk-based governance. As a result, classification decisions, Annex management, audit trails, and QPPV oversight become even more important for maintaining an inspection-ready PSMF.


Why Regulation 2025/1466 Matters for PSMF Governance

Regulation (EU) 2025/1466 reflects a broader shift toward risk-proportionate pharmacovigilance governance.

Historically, PSMFs often accumulated records relating to a wide range of procedural deviations regardless of their significance. Over time, this could make it difficult for organizations to focus on issues that genuinely affected pharmacovigilance system performance.

The updated regulation aims to address that challenge. Instead of emphasizing volume, it emphasizes significance. The result is a PSMF that should function as a clearer governance record of important risks, oversight activities, and system controls rather than an archive of every operational exception.

While Regulation (EU) 2025/1466 entered into force in 2025, the key provisions affecting PSMF deviation documentation, outsourcing oversight, and audit expectations apply from 12 February 2026. Organizations should therefore ensure that current governance processes align with these updated expectations rather than treating them as future requirements.


The Shift From Recording Every Deviation to Recording Major and Critical Deviations

One of the most important changes affects deviation management.

Under the updated requirements, the focus moves to documenting major or critical deviations from pharmacovigilance procedures, including their impact and management, in the PSMF until they are resolved.

This represents a significant change in how organizations approach PSMF governance.

The objective is not to reduce oversight.

The objective is to ensure attention remains focused on deviations that may affect patient safety, data integrity, regulatory compliance, or the effective operation of the pharmacovigilance system.

For inspection readiness, this means organizations must be able to demonstrate not only that significant deviations were recorded, but also why they were classified as significant in the first place.


Why Classification Becomes More Important Than Volume

Reducing the number of deviations recorded in the PSMF does not reduce responsibility.

In many respects, it increases it.

When only major and critical deviations are expected to appear in the PSMF, organizations must apply clear and consistent classification criteria.

A deviation incorrectly classified as minor may not be documented in the PSMF. If inspectors later determine that the deviation should have been treated as major or critical, the issue may become a broader governance concern rather than a simple operational mistake.

This is where QPPV oversight, reviewer accountability, traceability, and documented decision-making become particularly important. Organizations need to demonstrate not only what was recorded, but also how decisions were made.

From deviation volume to deviation significance


What Changes for Outsourced Pharmacovigilance Activities

The second major theme of Regulation 2025/1466 is outsourcing governance.

Many pharmacovigilance systems rely on third parties to perform activities such as case processing, literature screening, safety database management, medical information support, and other operational pharmacovigilance functions.

The regulation reinforces the principle that outsourcing activities does not outsource responsibility. MAHs remain accountable for the pharmacovigilance activities performed on their behalf.

The updated framework also reinforces the ability of National Competent Authorities (NCAs) to inspect outsourced pharmacovigilance activities. Oversight expectations therefore extend beyond direct vendors and may include subcontracted activities involved in pharmacovigilance processes.

This increases the importance of maintaining visibility over responsibilities, audit arrangements, and governance controls throughout the outsourcing chain.

The New Focus on Subcontractor Visibility and Oversight

For many organizations, the operational challenge is not identifying their primary vendors.

The challenge is maintaining visibility across the entire outsourcing structure.

Regulation 2025/1466 places greater emphasis on transparency and control across outsourced and subcontracted pharmacovigilance activities. Organizations may now need clearer visibility into:

  • Primary pharmacovigilance vendors
  • Approved subcontractors
  • Data exchange pathways
  • Audit responsibilities
  • Oversight arrangements
  • Safety data handling locations

This increases the importance of maintaining accurate and current records within the pharmacovigilance system.


Why Annexes Become the Real Control Point

Many of these governance obligations ultimately become visible through annexes.

Vendor arrangements evolve. Affiliate responsibilities change. Oversight structures are updated. Subcontracting relationships expand.

These changes often occur more frequently than updates to the main PSMF narrative. As a result, annexes frequently become the primary location where organizations demonstrate that outsourcing arrangements remain controlled and current.

Annex I Change Log records become particularly important because they help demonstrate when major or critical deviations were identified and how they were updated in the PSMF.

This is also where traceability becomes essential.

Change Log entries should be recorded contemporaneously during the workflow. Version History should remain available. Tracked Changes and audit trails should demonstrate how updates moved through review and approval.

Without this visibility, demonstrating oversight becomes more difficult during inspections.

For additional reading, see our article on PSMF Change Tracking.

Why Annexes Become the Real Control Point


How Controlled Governance Supports Inspection Readiness

Inspectors are not simply reviewing whether a deviation was documented or whether a vendor contract exists.

They are evaluating whether the organization can demonstrate control. That includes:

  • How significant deviations were identified
  • How classification decisions were made
  • How outsourced activities were governed
  • How changes were reviewed
  • How records remained current

This is where governance evidence becomes critical. Version history, audit trails, reviewer workflows, Annex I records, and documented oversight activities help create the traceability inspectors expect to see.

For related reading, see What Inspectors Look For in Your PSMF During Inspections.


How PSMF Manager Supports Deviation and Outsourcing Governance

Managing deviations and outsourcing governance requires more than maintaining documents. It requires controlled workflows, traceable decisions, and visibility over change.

PSMF Manager supports this through:

Within PSMF Manager, updates follow a controlled workflow:

  1. Change request initiated or source data updated
  2. Data collected through controlled workflows or External Data Sources
  3. AI suggests Change Log content where applicable
  4. Reviewer checks, edits, and approves
  5. Audit trail records actions and archives previous versions
  6. Updated content becomes part of controlled PSMF records
  7. PDF version generated
  8. QPPV approval completed
  9. Version lock applied

AI supports review efficiency but does not approve changes, replace reviewers, replace QPPV oversight, or generate final PSMFs independently.

Human review remains central throughout the governance process.

Request a demo of PSMF Manager today to see how controlled workflows, audit trails, and version governance can help maintain an inspection-ready PSMF.


FAQs

Frequently Asked Questions

What is the main PSMF deviation change introduced by Regulation 2025/1466?+
The regulation shifts the focus toward documenting major and critical pharmacovigilance deviations rather than maintaining records of every procedural deviation.
Does Regulation 2025/1466 reduce pharmacovigilance oversight requirements?+
No. While the regulation narrows deviation documentation requirements, it increases expectations around classification decisions, governance, and traceability.
How does EU Regulation 2025/1466 affect outsourced pharmacovigilance activities?+
The regulation strengthens expectations around vendor oversight, subcontractor visibility, contractual governance, audit rights, and accountability across outsourced activities.
Why is Annex I important under Regulation 2025/1466?+
Annex I Change Log records help demonstrate when significant deviations were identified, how they were managed, and when they were resolved. This supports traceability and inspection readiness.
Can AI classify deviations or approve PSMF updates in PSMF Manager?+
No. AI only supports review activities, version comparisons, and Change Log suggestions. Final decisions remain the responsibility of reviewers and the QPPV.