Russia Flirts with A ‘Crypto Code’

A few months ago, the government of the Russian Federation adopted Order Number 791-r, which appears to have significance for pharma serialization there. The primary deviation from the pharma serialization specification that has dictated the government pilot in Russia since early 2017 is the addition of two new data elements to the datamatrix barcode on secondary packaging. For the pilot, the datamatrix barcode contained:

  • The GS1 GTIN for the product package
  • A randomized serial number conforming to a subset of GS1 standards
  • Four digits of the FEACN code of the product
  • The batch number of the product
  • The expiration date of the product

Other than the FEACN code, these are the typical four data elements being mandated by most countries having a serialization requirement.  

But after the recent adoption of Russian Federation Order Number 791-r, the datamatrix barcode would apparently change to:

  • A unique product code
  • A randomized serial number conforming to a subset of GS1 standards
  • A 4-digit ‘Key’ (commodity code)
  • An 88-character ‘Signature’

Batch and expiration date would be optional data elements.  The Key and Signature data—a cryptographic code—would be issued for each unit of drugs, apparently at the time of packaging in real time.  In fact, the drawings I have seen indicate that the government expects the line-level packaging equipment to make a call to a cloud-based service of a subcontractor to the Russian Federation (or dedicated hardware for local drug manufacturers) to request each Key and Signature pair.  The Product Identifier and the serial number would need to be included in the request because they would be used to construct the Key and Signature.

Is the unique product code still a GS1 GTIN?  What is the impact on the serialization deadlines?

Unfortunately, there are so many unanswered questions about this apparent change that it is hard to discuss the full implications.  We understand that more details will be published by the Russian Federation—perhaps including the full requirements—in August.

If the Order is interpreted correctly, drug manufacturers are likely to have significant performance, security and reliability concerns regarding the call to a cloud-based service at the time of packaging.  Even a hardware-based solution (which has been mentioned for “local manufacturers”) raises security issues if the hardware must be supplied by a Russia-based third-party.

This is just one of the tricky issues facing companies who need to comply with pharma serialization regulations across Europe.  If you market drugs anywhere in Europe, including the EU, UK, Switzerland, Iceland, Norway, Russia, Turkey, Ukraine, you need to register for Systech’s What You Need to Know NOW!  Ensure compliance with European pharma serialization legislation webinar, July 24, 2018 at 11:00 AM EDT, or, if that date has passed check out the recording of that webinar.