Mukul Lakhani Exposes How Pharmaceutical Companies’ Digital Dependencies Create New Vulnerability Categories
Mukul Lakhani‘s presentation positioned pharmaceutical digital transformation as accountability amplification rather than risk reduction, requiring organizational maturity development alongside technological sophistication, Naresh Nunna of Neo Science Hub reports.
In a technical presentation of analytica India Lab 2025, Mukul Lakhani from Dr. Reddy’s Laboratories delivered a sobering analysis of how pharmaceutical industry digitalization creates unprecedented regulatory vulnerability despite promises of enhanced compliance and efficiency. His presentation on “Inspection Readiness in the Digital Age” revealed how companies’ increasing dependence on vendor-managed digital systems fundamentally shifts accountability frameworks while introducing new categories of regulatory risk.
47-Subject Deletion: A Digital Age Cautionary Tale
Lakhani opened with a case study that encapsulates the central paradox of pharmaceutical digitalization. During an FDA BIMO (Bioresearch Monitoring) inspection, investigators discovered that a vendor had deleted electronic Clinical Outcome Assessment (eCOA) data for 47 subjects from the sponsor’s system. The sponsor’s response—blaming the vendor for the data loss—failed to satisfy regulatory expectations about ultimate accountability.
“The sponsor was not at all aware that what has happened. So, the root cause for this is sponsor has not done the proper oversight of the vendor and the impact was they got the warning citing that there was inadequate sponsor oversight,” Lakhani explained, illustrating how digital systems amplify rather than reduce sponsor liability.
This case reveals fundamental misconceptions about risk transfer in digital transformation. While pharmaceutical companies adopt cloud-based systems and vendor-managed platforms to improve efficiency and reduce operational burden, regulatory agencies maintain that sponsors remain fully accountable for data integrity regardless of technical implementation details or vendor relationships.
Compliance Complexity Multiplication
Lakhani’s systematic analysis of digital transformation challenges revealed how technological sophistication multiplies rather than simplifies regulatory compliance requirements. The integration of Clinical Trial Management Systems (CTMS), Electronic Trial Master Files (eTMF), Laboratory Information Management Systems (LIMS), and Manufacturing Execution Systems (MES) creates interconnected dependencies that traditional validation approaches cannot address effectively.
“We have many tools in our company… everywhere we are using the digital tool and because of that there are different vendors involved and there are different cloud based system,” Lakhani observed, describing how system proliferation creates oversight challenges that many pharmaceutical companies underestimate.
The complexity extends beyond technical integration to encompass regulatory compliance across multiple jurisdictions. EU GDPR requirements, US HIPAA guidelines, and emerging data privacy regulations create overlapping obligations that pharmaceutical companies must satisfy simultaneously while maintaining system functionality and accessibility for regulatory inspections.
Remote Inspection Reality: Prepared or Exposed?
The shift toward remote and hybrid inspections following the COVID-19 pandemic represents fundamental change in regulatory oversight that pharmaceutical companies struggle to accommodate effectively. Lakhani’s discussion revealed how many organizations lack systematic approaches to providing appropriate inspector access without compromising data security or revealing confidential information.
“They are also demanding that we should have the remote access. If you are, system is not ready, we have seen when we are facing the inspection, then we see that system is either not opening the data or we are giving too much access to the inspector,” Lakhani explained, highlighting how unprepared systems create compliance vulnerabilities during inspections.
The challenge involves balancing transparency obligations with confidentiality requirements. Electronic Trial Master Files may contain unblinded data, randomization codes, or other sensitive information that requires restricted access. Organizations that fail to design appropriate access controls face either data exposure risks or inspector access limitations that could generate compliance findings.
CSV-to-CSA Evolution: Risk-Based Validation Reality
Lakhani’s explanation of the transition from Computer System Validation (CSV) to Computer Software Assurance (CSA) revealed how regulatory thinking has evolved toward risk-based approaches that many pharmaceutical companies struggle to implement effectively. While CSV requires comprehensive testing of all software features regardless of criticality, CSA focuses validation efforts on patient safety and data integrity risks.
“CSA is the concept from the FDA… you need to apply the risk based approach and you have to focus on the patient safety and data and the area where you see that there is a risk to the patient or there is a risk to the data,” Lakhani explained, describing how modern validation approaches emphasize risk prioritization over comprehensive testing.
However, the transition requires sophisticated risk assessment capabilities that many pharmaceutical companies lack. Organizations accustomed to exhaustive validation protocols struggle to develop appropriate risk-based methodologies while maintaining regulatory confidence in their validation approaches.
Continuous Monitoring: Validation Paradigm Shift
The presentation’s emphasis on “continuous monitoring versus one-time validation” addressed fundamental changes in how pharmaceutical companies must approach system lifecycle management. Traditional validation assumes that comprehensive testing at implementation ensures ongoing compliance, while digital systems require continuous assessment due to frequent updates, configuration changes, and evolving regulatory requirements.
“After 3 years, there might be change in the regulatory requirement… once you declare the system there, there might be chance that you will get to know more information about the system that you can leverage,” Lakhani observed, describing how system validation becomes ongoing process rather than discrete project.
This paradigm shift requires organizational capability development beyond technical validation expertise. Companies must establish continuous monitoring processes, change control procedures, and periodic revalidation frameworks that maintain system compliance throughout extended lifecycles while accommodating business requirements for system enhancement and modification.
Digital Promise Meets Implementation Reality
Lakhani’s analysis of decentralized clinical trials revealed how technological capabilities often exceed organizational ability to implement them safely and compliantly. While regulatory agencies encourage patient-centric trial designs that reduce site visit requirements, practical implementation creates new categories of data integrity and oversight challenges.
“In India there is huge population where there are illiterate people who don’t know how to operate the digital system and if you have even if the patient has accepted those approach even if they are entering the data they are not sure who is entering the data,” Lakhani explained, highlighting how digital trial approaches create verification challenges that traditional site-based monitoring can address more effectively.
The implementation challenges extend beyond patient literacy to encompass medication storage, device reliability, data backup procedures, and audit trail maintenance. Organizations that adopt decentralized approaches without comprehensive risk mitigation strategies face data integrity challenges that could undermine entire studies.
Vendor Oversight: Accountability Transfer Illusion
The presentation’s extensive discussion of vendor oversight challenges revealed how pharmaceutical companies often misunderstand accountability transfer when outsourcing digital system management. While vendors may provide sophisticated platforms and technical expertise, sponsors remain fully responsible for data integrity, system compliance, and regulatory adherence.
“Certain vendors are reluctant in giving their SOP. They are reluctant in giving the IQ, IQ, PQ activities which they have performed while doing the validation,” Lakhani noted, describing how vendor cooperation limitations create sponsor compliance risks that service agreements cannot eliminate.
Effective vendor oversight requires comprehensive due diligence, ongoing monitoring, detailed service level agreements, and systematic audit programs that many pharmaceutical companies lack resources or expertise to implement effectively. Organizations that treat vendor relationships as accountability transfers rather than extended compliance obligations face systematic regulatory vulnerabilities.
AI/ML Integration
The discussion of artificial intelligence and machine learning integration revealed significant gaps between technological capabilities and regulatory acceptance frameworks. While pharmaceutical companies invest substantially in AI/ML applications for data analysis, process optimization, and predictive analytics, regulatory validation requirements often exceed organizational capabilities.
“From the regulatory perspective, we need to justify that how we have integrated our AI ML. There are modules which we need to test. We need to segregate the data,” Lakhani explained, describing validation requirements that many pharmaceutical companies struggle to satisfy comprehensively.
The challenge involves demonstrating AI/ML system reliability, data integrity, and decision-making transparency in ways that satisfy regulatory expectations for reproducibility and auditability. Organizations that implement AI/ML systems without appropriate validation frameworks face compliance risks that could undermine broader digital transformation initiatives.
Case Study Analysis
Lakhani’s three detailed case studies revealed common implementation failures that sophisticated digital systems cannot prevent without appropriate organizational procedures and cultural support:
Informed Consent Delays: The case of delayed implementation of revised informed consent forms demonstrated how procedural failures can occur despite digital tracking capabilities. Organizations that rely on manual processes for critical compliance activities face systematic delays that digital alerts and automation could prevent.
Access Control Failures: The principal investigator access example illustrated how training requirements and system access dependencies create compliance vulnerabilities when not properly coordinated. Patient safety events requiring immediate unblinding cannot wait for completion of training requirements.
Role-Based Access Violations: The CRA access level case demonstrated how access control systems require ongoing monitoring and validation to prevent inappropriate permissions that could compromise data integrity or regulatory compliance.
Mindset versus Milestone Distinction
Lakhani’s concluding emphasis on inspection readiness as “mindset” rather than “milestone” addressed fundamental misconceptions about compliance achievement in digital environments. Traditional quality management approaches treat validation and compliance as discrete objectives that can be accomplished and maintained through procedural adherence.
However, digital systems require continuous adaptation, ongoing monitoring, and systematic risk assessment that demand cultural commitment rather than procedural compliance. Organizations that treat digital compliance as technical achievement rather than organizational capability development will struggle to maintain regulatory readiness as systems and requirements evolve.
Global Harmonization
The presentation’s discussion of global regulatory harmonization through ICH guidelines, EU Clinical Trial Regulation, and FDA modernization initiatives suggested increasing alignment of international requirements while revealing implementation complexity that pharmaceutical companies must navigate simultaneously.
While harmonized standards theoretically simplify compliance across multiple jurisdictions, practical implementation requires understanding nuanced differences in interpretation, enforcement, and technical requirements that can create compliance challenges for globally operating pharmaceutical companies.
Technology Serving Patient Safety
Throughout the presentation, Lakhani consistently returned to patient safety and data integrity as fundamental objectives that must guide technology implementation decisions. His emphasis that “Technology must serve the patient safety and upload the data integrity always” positioned technical sophistication as means rather than end in pharmaceutical compliance strategies.
This principle challenges pharmaceutical companies to evaluate digital transformation initiatives based on patient safety enhancement and data integrity improvement rather than operational efficiency or cost reduction alone. Organizations that prioritize technological sophistication over fundamental compliance objectives may achieve impressive technical capabilities while failing to satisfy regulatory expectations.
The Implementation Reality Gap
Lakhani’s presentation revealed pharmaceutical digital transformation as creating rather than resolving compliance challenges for many organizations. While digital systems offer unprecedented capabilities for data management, process automation, and regulatory reporting, successful implementation requires comprehensive organizational development that extends far beyond technical system deployment.
The persistent gaps between digital transformation aspirations and implementation realities suggest that pharmaceutical companies must approach digitalization as organizational transformation rather than technical upgrade. Success depends on developing appropriate governance frameworks, risk management capabilities, vendor oversight processes, and cultural commitment to continuous compliance rather than simply acquiring sophisticated digital platforms.
The organizations that achieve effective digital transformation will likely be those that recognize technology as enabler of enhanced compliance rather than substitute for fundamental quality management capabilities, while maintaining systematic focus on patient safety and data integrity regardless of technical complexity or operational convenience.
