EMA HTTP schema disabling and ICSR submissions

The European Medicines Agency (EMA) has announced the initiative “EudraVigilance disabling HTTP schemas”, introducing changes to the technical references used for the submission of Individual Case Safety Reports (ICSRs) via Gateway and EVWEB. This is a technical update aimed at strengthening the security of data transmissions and limited to the modalities cases are submitted to EudraVigilance. This article outlines what this change means for pharmaceutical companies and how to address it in a controlled and straightforward manner.

Why EMA is disabling HTTP access to EudraVigilance XML schemas

EMA is progressively phasing out the use of HTTP across its online resources because this protocol requires data to be transmitted in plain text, exposing information to the risk of interception, reading or alteration during transmission. For this reason, HTTP is no longer considered suitable for the exchange of regulatory information.

As a replacement, EMA has adopted HTTPS (HTTP Secure), which enables protected data transmission and meets the security standards required for handling sensitive information.
This change also affects ICSR submissions: when cases are created in EVWEB or generated within company systems, the XML files transmitted to EudraVigilance and the related acknowledgement messages (ACKs) reference the R3 schemas, which must now be accessible exclusively via HTTPS.

What changes technically in ICSR submission

From a technical perspective, the content of the cases does not change. The update affects the XML header of ICSRs and ACKs, i.e. the section of the message that contains the technical references to the XML schemas (the structured format used to represent and exchange data in a standardised way). These references are used for file validation and allow EudraVigilance to correctly interpret the structure of the message.

Who is affected by the EMA HTTP schema disabling

Pharmaceutical companies that use their own safety database to create, manage and submit ICSRs via Gateway or via upload in EVWEB, or that download ACKs or ICSRs from EVWEB for use in their own systems, must update their XML schema references in line with EMA requirements.

ICSR submission via Gateway

For ICSR submissions via Gateway, EMA has announced that HTTP access to the XML schemas for ICSRs and the related acknowledgements will be disabled as of:

15 January 2026: only HTTPS endpoints will be accepted.

ICSR submission via EVWEB

When EVWEB is used as the channel for ICSR submission, EMA has defined a progressive timeline for disabling HTTP references to XML schemas. The plan includes:

15 January 2026: start of the testing phase.
The external test environment (XCOMP) for ICSRs accepts both HTTP and HTTPS; ACKs already reference HTTPS only.
The production environment continues to accept HTTP only for both ICSRs and ACKs.
15 April 2026: start of the optional production phase.
Test and production environments accept both HTTP and HTTPS for ICSRs. ACKs reference HTTPS only.
15 July 2026: start of full production.
Test and production environments accept HTTPS only for both ICSRs and ACKs.

Potential issues in the absence of alignment with EMA requirements

Without a technical update to the systems used for ICSR submission, it will no longer be possible to complete case submissions correctly, resulting in a disruption of transmission flows.
It is therefore necessary to align with EMA requirements before the indicated deadlines in order to ensure operational continuity and regulatory alignment.

How to align with EMA requirements for ICSR submission

SafetyDrugs already provides the update required by EMA through a dedicated fix. The update modifies the XML header in line with EMA guidance, disabling HTTP schema references and adopting HTTPS exclusively. The SafetyDrugs solution covers both scenarios: ICSR XML generation for the uploading in EVWEB and submission via Gateway. For SafetyDrugs customers, alignment with EMA requirements is ensured through the installation of a dedicated fix.

Operational continuity and long-term regulatory compliance

The disabling of HTTP access to XML schemas is part of a structured evolution of the EudraVigilance infrastructure, aimed at strengthening security and reliability requirements in the exchange of regulatory information. This is a technical change that does not affect the content of the cases, but requires a targeted update of the systems used for ICSR submission.

Addressing this transition in a timely manner allows pharmaceutical companies to preserve continuity in submission flows and maintain stable alignment with EMA requirements, reducing the risk of operational disruptions. In this context, having tools that are already compliant with the new requirements is a key factor in ensuring long-term regulatory compliance and the robustness of pharmacovigilance processes.

EMA HTTP schema disabling: how to prevent issues in ICSR submissions

Why EMA is disabling HTTP access to EudraVigilance XML schemas

What changes technically in ICSR submission

Who is affected by the EMA HTTP schema disabling

ICSR submission via Gateway

ICSR submission via EVWEB

Potential issues in the absence of alignment with EMA requirements

How to align with EMA requirements for ICSR submission

Operational continuity and long-term regulatory compliance

Related Posts

European Pharmacovigilance Congress 2025: what to expect

MedDRA 28.1: what’s new for pharmacovigilance from terminology to the Desktop Browser

GVP Module VI Addendum II: how to comply with the new EMA Rules on ICSR data

Risk communication in pharmacovigilance: a new approach to managing EMs and DHPCs

Risk Minimisation Measures (RMMs): the new approach in GVP Module XVI Revision 3

AFI Symposium 2025: agenda, key topics and a focus on pharmacovigilance