ICH GCP E6 Is Changing — And Digital Health Technologies Are at the Center
The modernization of ICH GCP E6 marks the most important shift in Good Clinical Practice in over two decades. With the transition from E6(R2) to E6(R3), regulators are explicitly acknowledging that clinical trials are now digital, decentralized, and data-rich.
For Digital Health Technologies (DHTs)—including wearables, apps, sensors, eCOA, and digital endpoints—this is not a cosmetic update. It is a structural change in how compliance, oversight, and evidence generation are expected to work.
This article explains what is changing, why it matters, and what sponsors, CROs, and DHT providers must now do differently—with direct regulatory references.
1. From Process Compliance to Risk-Based, System-Level Control What changed in ICH GCP E6(R3)
E6(R3) moves away from rigid procedural checklists toward risk-proportionate oversight, focusing on critical-to-quality factors.
For DHTs, this means:
Not every system needs identical validation depth
Risk, impact, and intended use determine control expectations
Continuous data flows require continuous oversight—not periodic review
Key implication for DHTs:
A wearable collecting exploratory data is governed differently from a SaMD producing a primary endpoint—but both must be demonstrably controlled.
Regulatory reference
ICH GCP E6(R3) Draft, Principles 2.1, 2.3, 2.7
ICH Reflection Paper on Risk-Based Quality Management (RBQM)
2. DHTs Are No Longer “Just Tools” — They Are Trial-Critical Systems
E6(R3) explicitly recognizes that technology can directly affect participant safety and data reliability.
This aligns with recent guidance from the U.S. Food and Drug Administration and European Medicines Agency, which now treat many DHTs as:
Data-generating systems
Endpoint-defining instruments
In some cases, medical devices in their own right
What is new
Sponsors must justify why a DHT is fit-for-purpose
Validation is tied to endpoint relevance, not generic “software validation”
Consumer devices require documented equivalence when used for clinical claims
Regulatory reference
FDA, Digital Health Technologies for Remote Data Acquisition in Clinical Investigations (Dec 2023)
ICH GCP E6(R3) Draft, Section 3 (Data Governance & Systems)
3. Data Integrity Now Extends Across the Entire Digital Pipeline
E6(R3) reframes data integrity as an end-to-end obligation, from signal capture to regulatory submission.
For DHT-enabled trials, this includes:
Device firmware and software versions
Mobile OS updates
Data transfer, transformation, and aggregation layers
AI/ML processing where applicable
This is a major shift
Under E6(R2), many of these layers sat outside formal GCP oversight. Under E6(R3), they are in scope if they influence trial data or decisions.
Key expectation
Sponsors must demonstrate data lineage, traceability, and auditability across all digital components.
Regulatory reference
ICH GCP E6(R3) Draft, Principles 2.5, 2.8
FDA 21 CFR Part 11
EU MDR 2017/745, Annex I (for device-based data)
4. Decentralized Trials Are Assumed — Not Exceptional
E6(R3) is written with decentralized and hybrid trials as the norm, not the exception.
This directly impacts DHT deployment:
Remote consent, monitoring, and endpoint capture are expected
Home-use devices must address usability, training, and support
Oversight cannot rely solely on site visits
New operational reality
Patient-facing technology = part of the GCP environment
Language, accessibility, and support become compliance issues
Logistics, provisioning, and lifecycle control matter
Regulatory reference
FDA, Conducting Clinical Trials with Decentralized Elements (Sept 2024)
ICH GCP E6(R3) Draft, Section on Roles & Responsibilities
5. Accountability Is Sharper — Especially for Sponsors
E6(R3) removes ambiguity around who is responsible for digital systems.
Clear message
Outsourcing technology does not outsource accountability.
Sponsors must:
Understand how DHTs work—not just contract for them
Maintain oversight of vendors and sub-vendors
Control changes, updates, and deviations mid-study
For DHT vendors:
Expect deeper audits
Expect role clarification (manufacturer, supplier, service provider)
Expect alignment with QMS principles (even if not a “device manufacturer”)
Regulatory reference
ICH GCP E6(R3) Draft, Sponsor Responsibilities
EU MDR 2017/745, Articles 10, 13–16 (economic operators)
6. What This Means in Practice for Digital Health Technologies
Under E6(R3), compliant DHT use requires:
Explicit classification: Tool vs endpoint vs medical device
Fit-for-purpose validation: Proportionate to risk and impact
Lifecycle control: Versioning, updates, change impact assessments
Operational governance: Provisioning, training, support, decommissioning
Inspection readiness: Traceability across systems, vendors, and geographies
This is not theoretical. Inspectors are already asking these questions.
Final Thought: E6(R3) Is a Signal, Not a Suggestion
ICH GCP E6(R3) doesn’t just “allow” Digital Health Technologies.
It expects them—and demands that they are controlled with the same rigor as any other trial-critical system.
For organizations running digital, decentralized trials, the message is clear:
If your DHT can influence safety, efficacy, or decisions — it is now part of GCP.
* Note: ICH GCP E6(R3) refers to the latest version of the International Council for Harmonisation's (ICH) guideline for Good Clinical Practice (GCP), which sets global ethical and scientific quality standards for designing, conducting, recording, and reporting clinical trials involving human participants, with the recent update (R3) focusing on flexibility for new technologies, diverse trial types, and incorporating a risk-based Quality by Design (QbD) approach for data integrity and patient safety.
