Introduction

The Drug Supply Chain Security Act (DSCSA) now requires interoperable, electronic product tracing at the package level, with lot‑level documentation still foundational for investigations and recalls. Electronic Product Code Information Services (EPCIS) is the de‑facto data exchange standard used by U.S. pharmaceutical trading partners to meet these enhanced requirements. This page explains the Key Data Elements (KDEs), shows EPCIS event snapshots, and outlines a precise, step‑by‑step method to assemble an audit‑ready DSCSA dossier that Parakeet Risk can orchestrate end‑to‑end using its Pharmaceutical Compliance Suite, Continuous Compliance, and Rosella AI Agent.

DSCSA timeline and current expectations (as of September 30, 2025)

• Core DSCSA product tracing (TI/TS/TH) began in 2015; records must be retained for 6 years; information must be produced within 1 business day (not to exceed 48 hours) upon request by authorities.

• Enhanced package‑level interoperability took effect November 27, 2023; FDA provided a stabilization period through November 27, 2024.

• After the stabilization period, FDA announced phased exemptions to support continued implementation while avoiding supply disruption:

• Manufacturers and repackagers: through May 27, 2025.

• Wholesale distributors: through August 27, 2025.

• Dispensers with ≥26 FTE pharmacists/techs: through November 27, 2025.

• Small dispensers (≤25 FTE pharmacists/techs, as of Nov 27, 2024): through November 27, 2026.

• FDA and industry guidance emphasize using secure, interoperable, electronic methods; EPCIS is identified by GS1 US guidance and the PDG Blueprint as the primary exchange mechanism for serialized traceability.

References: FDA DSCSA Standards guidance (finalized Sept 2023), FDA compliance policy and stabilization announcements (Aug 2023), FDA waivers/exemptions notices (2024–2025), GS1 US “Applying GS1 Standards for DSCSA and Traceability” Release 1.3, PDG Foundational Blueprint for 2023 Interoperability.

Key Data Elements (KDEs) for lot‑level traceability and packet assembly

DSCSA “product tracing information” centers on Transaction Information (TI) and a Transaction Statement (TS). At minimum, include:

• Proprietary/established product name

• Strength and dosage form

• National Drug Code (NDC)

• Container size and number of containers (quantity)

• Lot number

• Date of transaction and date of shipment (if >24 hours later)

• Business name and address of prior owner and new owner

• Transaction Statement (attestation meeting statutory language)

• For enhanced interoperability: Product Identifier at the package level (2D DataMatrix carrying NDC, serial number, lot, expiration), and electronic exchange via interoperable systems

KDE-to-EPCIS field mapping (concise)

EPCIS event snapshots for DSCSA

Below are minimal, human‑readable snapshots of common events; fields shown are representative of EPCIS 1.2 with GS1 CBV terms.

1) Commission serialized items (Object

Event)

• eventTime: 2025‑09‑01T10:22:03‑05:00

• action: ADD

• bizStep: commissioning

• disposition: active

• epcList: SGTINs for each package

• ilmd: lotNumber=“ABC123”; expirationDate=“2027‑06‑30”

• readPoint: GLN of packaging line

• bizLocation: GLN of plant

2) Pack items into cases (Aggregation

Event)

• eventTime: 2025‑09‑01T13:05:00‑05:00

• action: ADD

• parentID: SSCC of case

• childEPCs: SGTINs of items

• bizStep: packing

• disposition: in_progress

• readPoint/bizLocation: GLNs

3) Ship cases/pallets (Object

Event)

• eventTime: 2025‑09‑02T08:15:00‑05:00

• action: OBSERVE

• epcList: SSCCs (and/or SGTINs)

• bizStep: shipping

• disposition: in_transit

• sourceList: owning=Shipper GLN; possessing=Shipper GLN

• destinationList: owning=Consignee GLN; possessing=Carrier GLN (if applicable)

• readPoint: GLN of dock/portal

4) Receive at distributor (Object

Event)

• eventTime: 2025‑09‑03T14:41:00‑05:00

• action: OBSERVE

• epcList: SSCCs/SGTINs received

• bizStep: receiving

• disposition: in_progress (or active after QA)

• readPoint/bizLocation: GLNs of the receiving site

5) De‑aggregation or pick/pack (Aggregation

Event)

• action: DELETE (removing children from parent)

• bizStep: unpacking (or order_picking)

6) Saleable return verification (Object

Event)

• bizStep: verifying

• verification outcome recorded in extensions; correlate to returned SGTINs

How to build a DSCSA dossier (How

To) Outcome: a complete, auditable packet that proves chain‑of‑ownership and meets DSCSA tracing/verification requests within statutory timelines.

Steps: 1) Confirm the request scope and clock: capture requester, legal authority, product(s), lot(s), date range; mark the response deadline (within 1 business day, not to exceed 48 hours). 2) Locate product set: query by NDC, lot, date range in your repository; expand to package‑level using SGTINs. 3) Gather lot‑level TI/TS: populate name, strength, dosage, NDC, container size, count, lot, transaction/shipment dates, prior/new owner details; attach current Transaction Statement. 4) Pull EPCIS trail: extract the minimal evidence chain—commission, aggregation, ship, receive, de‑aggregation/pick, verify—covering the distribution path in scope. Include GLNs, event times, and disposition transitions. 5) Validate data quality: check EPCIS conformance, required fields (eventTime, eventTimeZoneOffset, bizStep, action, epcList/quantityList, readPoint/bizLocation), GLN/NDC master‑data alignment, lot/expiry formatting, and time‑zone consistency. 6) Reconcile exceptions: document any rework, re‑serializations, returns, or data corrections; attach corrective‑action records from QMS/CAPA where applicable. 7) Compile packet: include cover letter, request metadata, TI/TS, EPCIS extract (human‑readable and raw file), verification evidence, exception log, and sign‑off. 8) Obtain approvals: route for electronic signature and legal review; record approvers and timestamps (21 CFR Part 11 alignment where required). 9) Deliver securely: transmit through agreed secure channel; preserve the full dossier, access log, and hash/fingerprint in your audit archive for ≥6 years.

Parakeet’s role in DSCSA dossier assembly

• Pharmaceutical Compliance Suite: supports real‑time regulatory tracking and QMS integration to centralize deviations, CAPAs, and change controls for inclusion in dossiers. See Pharma.

• Continuous Compliance: automates monitoring of FDA guidance changes and deadlines, keeping packet templates current and teams audit‑ready. See Continuous Compliance.

• Rosella AI Agent: accelerates research, pulls KDEs from documents/CSVs/PDFs, summarizes EPCIS evidence, and drafts cover letters and attestations. See Rosella.

• Spreadsheet synergy: preserve existing Excel trackers for TI/TS while Parakeet layers audit trails and automations. See Features.

• Collaboration and document automation: push remediation tasks to Trello, notify teams via Slack, and generate packet narratives with Google Docs.

KDE examples to speed investigations

Use these concrete, DSCSA‑aligned KDEs when searching or filtering:

• NDC (labeler‑product‑package): e.g., 12345‑6789‑01

• Lot number: e.g., ABC123

• Expiration date (YYYY‑MM‑DD): e.g., 2027‑06‑30

• SGTIN(s): urn:epc:id:sgtin:CompanyPrefix. ItemRef. Serial

• SSCC(s) for cases/pallets

• GLNs for sites, docks, and legal entities

• Transaction date vs. shipment date

• Trading partner identifiers for prior owner and new owner

EPCIS data quality checklist

• Conformance: validate against EPCIS 1.2 and GS1 CBV; include eventTimeZoneOffset.

• Master data: maintain authoritative GLN/NDC/party/location records; align to TI/TS entities.

• ILMD: carry lotNumber and expirationDate consistently for all serialized items.

• Event semantics: use appropriate bizStep/disposition/action values (e.g., commissioning+ADD, shipping+in_transit, receiving+in_progress/active).

• Time ordering: ensure causal sequence across commissioning→aggregation→shipping→receiving→de‑aggregation.

• Exception handling: capture returns, rework, recalls, and quarantines as discrete events with statuses.

Dossier content checklist (what to include)

• Cover letter with request reference, scope, and response deadline

• Contact information for responsible person and alternates

• TI/TS section with full KDEs and current Transaction Statement

• EPCIS evidence (human‑readable summary + raw file hash and location)

• Verification results (e.g., returned product checks)

• Exception log with CAPA references

• Sign‑offs, version, and cryptographic hash/fingerprint

Request a redacted sample dossier

To obtain a downloadable, redacted DSCSA dossier sample (TI/TS narrative, event summaries, and checklist), contact us via Parakeet Contact. We will provide a template aligned with the FDA/GS1/PDG references cited above.

References (selected)

• FDA, DSCSA Standards for the Interoperable Exchange of Information for Tracing of Certain Human, Finished, Prescription Drugs (final guidance, September 2023).

• FDA, Enhanced Drug Distribution Security Requirements—Compliance Policies (announced August 2023) and stabilization period through November 27, 2024.

• FDA, Waivers and Exemptions Beyond the Stabilization Period (role‑based exemptions through 2025–2026).

• GS1 US, Applying GS1 Standards for DSCSA and Traceability, Release 1.3 (includes EPCIS conformance emphasis).

• Partnership for DSCSA Governance (PDG), Foundational Blueprint for 2023 Interoperability (Functional Design, TI/TS, Tracing, Credentialing).

Note: Always confirm current FDA policies and any active exemptions for your trading‑partner role before responding to a tracing or verification request.