ICH E6(R3) Annex 2 insight brief SEO metadata package
ICH E6(R3) Annex 2, adopted 3 June 2026, establishes Good Clinical Practice standards for trials
GO
Conditional go
Conditional no-go
No-go
Key findings
How to use this document. Clinical operations leads use the global dashboard (Section 3) to prioritize deployment. Regulatory affairs use the regional deep dives (Sections 5 to 7) for country-specific arguments. Local study teams use the country cards for site-level pathway decisions. Project managers use the open questions to track action items.
Regulatory position, three pillars.
Optional investigator-witnessed televisit. For remote participants: real-time video discussion, visual ID verification, and witnessed signing. Required in Belgium (remote), Spain (phone or video), and Italy (remote). Recommended in 15 or more additional countries.
| Country | Code | Region | Verdict | Risk | QES risk | Hard blockers |
|---|---|---|---|---|---|---|
| Australia | AUS | APAC | GO | Low | None | None |
| Switzerland | CHE | Europe | GO | Low | None | None |
| United Kingdom | GBR | Europe | GO | Low | None | None |
| Israel | ISR | ME | GO | Low | None | None |
| Netherlands | NLD | EU | GO | Low | Low | None |
| United States | USA | Americas | GO | Low | None | None |
| Canada | CAN | Americas | GO | Low | None | None |
| Denmark | DNK | EU | GO | Low-med | Low | None |
| France | FRA | EU | GO | Low-med | Low | None |
| Ireland | IRL | EU | GO | Low | Low | None |
| South Korea | KOR | APAC | GO | Low-med | Low | None |
| Singapore | SGP | APAC | GO | Low | None | None |
| Taiwan | TWN | APAC | GO | Low-med | None | None |
| UAE | ARE | ME | COND GO | Low | None | None |
| Argentina | ARG | Americas | COND GO | Medium | Low | Witness sig req |
| Belgium | BEL | EU | COND GO | Low-med | Medium | None (with televisit) |
| Brazil | BRA | Americas | COND GO | High | Medium | CEP conservatism |
| Chile | CHL | Americas | COND GO | Low-med | Low | Director sig req |
| Germany | DEU | EU | COND GO | Low | High | EC QES demand |
| Spain | ESP | EU | COND GO | Med-high | Medium | CEIm QES demand |
| Finland | FIN | EU | COND GO | Low-med | Medium | FTN institutional |
| Italy | ITA | EU | COND GO | High | High | FEQ/SPID if demanded |
| Mexico | MEX | Americas | COND GO | Med-high | Low | 2-witness req |
| Saudi Arabia | SAU | ME | COND GO | Low-med | None | Data hosting (confirm) |
| Sweden | SWE | EU | COND GO | Low | Medium | BankID expectation |
| Thailand | THA | APAC | COND GO | Med-high | None | EC conservatism |
| India | IND | APAC | COND GO | High | None | IEC conservatism; confirm NIS exemption |
| Austria | AUT | EU | COND NO-GO | Medium | Very high | BASG QES mandate |
| China | CHN | APAC | COND NO-GO | Critical | None | Data loc + email |
| Poland | POL | EU | COND NO-GO | Critical | Very high | Civil Code QES |
| South Africa | ZAF | Africa | COND NO-GO | Critical | None | Mobile + email |
| Turkey | TUR | Europe | COND NO-GO | Med-high | High | No eConsent framework |
| Russia | RUS | Europe | NO-GO | N/A | N/A | Sanctions + 3 fatal |
A paper fallback must be available in all countries. For conditional no-go countries, attempt eConsent only if the specific blocker is mitigated and the EC pre-confirms. For Russia (no-go), paper consent only.
Austria requires QES for informed consent under the BASG interpretation of ABGB §886. The closed-system exemption under eIDAS Article 2.2 has not been tested with Austrian authorities. ID Austria reached 4.8M users (53%) after Handy-Signatur retired in December 2023, but QES activation requires an in-person visit to a registration authority, impractical for participants.
Key risks
Austria requires QES for informed consent under the BASG interpretation of ABGB §886. The closed-system exemption under eIDAS Article 2.2 has not been tested with Austrian authorities. ID Austria reached 4.8M users (53%) after Handy-Signatur retired in December 2023, but QES activation requires an in-person visit to a registration authority, impractical for participants.
Key risks
Germany is the highest-stakes EU market. The MFG 2024 modernized the legal framework, and the BGB §126b text-form argument supports electronic consent for NIS. However, Germany has 53 independent ethics committees, and individual ECs may demand QES regardless of the legal argument. D-Trust Video-Ident with passport provides a QES fallback (feasibility: medium).
Key risks
Denmark offers a pragmatic regulatory framework. BEK 825/2020 Section 15(2) accepts electronic consent. ECs are generally accommodating and familiar with electronic processes.
Key risks
Spain requires mandatory synchronous interaction for consent, by phone or video. The AEMPS DCT 2024 guidance sets this requirement. CEIm acceptance of OTP vs QES varies significantly across the 82-plus committees. Pre-engagement with the specific CEIm before deployment is essential.
Key risks
Finland’s Medical Research Act accommodates electronic consent and most ECs accept OTP-based authentication. The key caveat is HUS (Helsinki University Hospital): its institutional practice may require FTN authentication. This is a site-level requirement, not a universal TUKIJA rule. Elderly internet access is better than expected: 48% daily for ages 75 to 89.
Key risks
France’s Jardé Law places NIS in the lightest regulatory category, and the CNIL reference methodologies (MR-003, MR-004) govern data processing without imposing signature-level requirements beyond what OTP provides. CPP committees are generally pragmatic for NIS consent.
Key risks
Ireland is one of the most permissive EU markets. The HSE National Policy accepts consent in “written, electronic or other format.” HPRA alignment is strong. The regulatory environment is straightforward and well-suited to standard eConsent deployment.
Key risks
Italy is one of the most complex EU markets. The CAD distinguishes between FEQ (firma elettronica qualificata / QES) and simple e-signatures. Individual CET may demand FEQ or SPID authentication regardless of the closed-system argument. AIFA Determination 425/2024 does not endorse eConsent.
Key risks
The Netherlands is a natural fit for eConsent. The WMO amendment and CCMO guidance explicitly recognize electronic consent. Dutch ECs are pragmatic and experienced with eConsent from extensive CRO operations in the Netherlands. Castor is headquartered here, adding local credibility.
Key risks
Poland has one of the most rigid legal frameworks in the EU. Civil Code Article 78(1) requires a QES for declarations of will, which Poland interprets to include informed consent. The closed-system argument under eIDAS Article 2.2 has minimal precedent in Polish administrative practice. Unlike Austria, there is no near-term pathway to resolve this.
Key risks
Sweden’s Ethical Review Act accommodates electronic consent and the framework supports OTP. However, BankID is deeply embedded in Swedish digital culture. ECs and participants may question why BankID is not used. While not legally required for NIS, prepare a compelling argument for why OTP with step-up authentication is sufficient.
Key risks
The most eConsent-friendly country in this assessment. swissethics published dedicated eIC Guidelines v2.1 with specific technical and procedural guidance for electronic informed consent. Swiss ECs are experienced and actively supportive. The framework is mature and well-documented.
Key risks
The HRA and MHRA issued a joint statement explicitly supporting eConsent, one of the clearest endorsements globally. Post-Brexit, the UK is not bound by eIDAS, eliminating QES complications entirely. Simple electronic signatures are accepted and the approach is highly pragmatic. RECs are well-versed in eConsent from COVID-era experience.
Key risks
The global benchmark for electronic records and signatures in clinical research. 21 CFR Part 11 defines the requirements for electronic records, and the E-SIGN Act and UETA recognize electronic signatures broadly. FDA guidance on eConsent is well-established. OTP-based authentication fully meets Part 11. IRBs are highly experienced.
Key risks
Canada’s TCPS2 and PIPEDA align closely with the US framework, making it one of the simpler deployments. eConsent is well-accepted in Canadian clinical research. Provincial privacy legislation (for example Quebec’s Law 25) adds some complexity for data handling but does not block eConsent workflows.
Key risks
Chile’s bioethics law (Ley 20.120) and electronic signature law (Ley 19.799) provide the framework. FES (firma electrónica simple) is likely sufficient for NIS consent. The key complication is that the law requires the principal investigator (director) to personally sign consent documents, which may need a specific workflow accommodation.
Key risks
Mexico’s NOM-012 governs clinical research, and the emerging PROY-NOM-262 (which references ICH E6(R2)) will further define requirements. FES is likely sufficient for the signature itself. The unique challenge is Mexico’s two-witness requirement for consent, which requires a purpose-built electronic workflow. Rural internet improved to 68.5% (INEGI ENDUTIH 2024).
Key risks
One of the most permissive eConsent frameworks globally. The Electronic Transactions Act 1999 broadly recognizes electronic signatures, and NHMRC guidance explicitly supports electronic consent. No QES or national eID requirements. The HREC system is experienced with eConsent from multinational trials.
Key risks
A highly permissive and well-defined framework. The Electronic Transactions Act 2010 and PDPA provide a clear legal basis. SingHealth and NHG institutional frameworks are accommodating of electronic processes. No QES requirements and no data localization barriers.
Key risks
The 2020 Electronic Signature Act reform was pivotal: it removed the previous government-certificate monopoly, making OTP-based approaches legally viable for the first time. BSA Article 16(1) governs consent requirements. Korean IRBs are increasingly familiar with eConsent from multinational trial participation.
Key risks
Taiwan’s TFDA has issued specific eConsent guidance supporting electronic consent for clinical research, one of the few APAC regulators with an explicit framework. The environment is pragmatic, but Taiwanese practice strongly favors on-site consent. Remote eConsent is technically permissible but uncommon.
Key risks
Thailand lacks explicit eConsent guidance, creating fundamental regulatory uncertainty. The National Health Act §9 governs consent but is silent on electronic modalities. The PDPA provides data protection requirements but does not address consent format. Thai ECs tend toward conservatism, and the absence of explicit endorsement means each EC must be individually convinced.
Key risks
China presents a triple barrier making remote eConsent non-viable: PIPL/CSL/DSL mandate data localization for health data; email-based delivery is incompatible with Chinese digital behavior (WeChat and WeCom dominate); and NMPA/CDE acceptance of eConsent remains uncertain. WeCom is a compliance best practice, not a legal mandate.
Key risks
India’s ICMR National Ethical Guidelines 2017 Section 5.5 permits eConsent with safeguards for NIS. The NDCT Rules 2019 AV recording requirement applies to interventional trials only, not non-interventional studies. OTP is not recognized under IT Act §3A (covers Aadhaar only). Conditional on IEC pre-approval.
Key risks
Taiwan’s TFDA has issued specific eConsent guidance supporting electronic consent for clinical research, one of the few APAC regulators with an explicit framework. The environment is pragmatic, but Taiwanese practice strongly favors on-site consent. Remote eConsent is technically permissible but uncommon.
Key risks
Permissive but fragmented across Emirates. The federal PDPL governs data protection, but healthcare regulation varies by Emirate (DOH Abu Dhabi, DHA Dubai, MOH federal). eConsent is not explicitly blocked but not explicitly endorsed. Data localization may apply depending on Emirate and data classification. Televisit recommended for a stronger evidence trail.
Key risks
SFDA and NCBE do not explicitly block eConsent. OTP is sufficient for signatures. The main uncertainty is data localization: the PDPL may require local hosting depending on data classification. NCBE ethics review is centralized, which simplifies EC engagement compared to fragmented European systems.
Key risks
ECTA 2002 recognizes electronic signatures, but the population’s digital access pattern makes email-based consent delivery non-viable for many participants. Mobile internet reached 66.3%, but this is predominantly mobile-only access with limited email usage. The barrier is infrastructure, not law. On-site paper with mobile-assisted notification is the realistic pathway.
Key risks
ECTA 2002 recognizes electronic signatures, but the population’s digital access pattern makes email-based consent delivery non-viable for many participants. Mobile internet reached 66.3%, but this is predominantly mobile-only access with limited email usage. The barrier is infrastructure, not law. On-site paper with mobile-assisted notification is the realistic pathway.
Key risks
The global regulatory landscape for eConsent has reached real maturity, with frameworks now supporting digital consent in the majority of assessed countries. The finalization of ICH E6(R3) guidelines and continued regulatory evolution show a strong commitment to modernizing clinical trial processes while maintaining high standards of participant protection and data integrity.
As pharmaceutical companies increasingly adopt digital technologies, eConsent is a core component of modern clinical trial infrastructure. Organizations should make use of this regulatory maturity while paying careful attention to country-specific requirements and ongoing developments, particularly around specific eSignature standards like QES in Europe.
Castor provides a unified, patient-centric platform designed for global scale. Our eConsent solution offers 21 CFR Part 11 compliant eSignatures, full audit trails, and data security aligned with GDPR and HIPAA. While we are transparent about the current QES limitation under eIDAS, the platform is optimized for usage in the majority of global jurisdictions, enabling flexible, hybrid trial designs that maximize enrollment and retention.
The best time to implement eConsent is sooner rather than later. Readiness has to happen at both the regulatory and site level.
ICH E6(R3) Annex 2, adopted 3 June 2026, establishes Good Clinical Practice standards for trials

Most AI pitched at clinical research sites falls apart the moment a real site owner
Most clinical sites still capture protocol visit data on paper, and most AI pitched at
"*" indicates required fields
Discover all the features offered by Castor EDC
Discover Now