Global eConsent Country Readiness Guide 2025

Global eConsent Country Readiness Guide 2025

Based on FDA's 2025 DRAFT Guidance

Contains Nonbinding Recommendations

Lisa Charlton

Chief Product Officer

On this page

Executive summary

13

GO

14

Conditional go

5

Conditional no-go

1

No-go

Key findings

  • Deployable in 27 of 33 countries with preparation (go plus conditional go).
  • Top barriers: QES and national eID expectations, data localization, and ethics committee conservatism (including Turkey).
  • The eIDAS closed-system exemption (Article 2.2, EMA 2023) is the strongest EU argument.
  • Patient compliance risk is driven by email dependency, not digital literacy.
  • A paper fallback is non-negotiable in every market.

How to use this document. Clinical operations leads use the global dashboard (Section 3) to prioritize deployment. Regulatory affairs use the regional deep dives (Sections 5 to 7) for country-specific arguments. Local study teams use the country cards for site-level pathway decisions. Project managers use the open questions to track action items.

Castor eConsent system overview

How the flow works

  1. Site pre-identifies the patient (known patient).
  2. A secure unique link is sent to the patient’s email.
  3. The patient authenticates via OTP.
  4. The patient reviews consent content at their own pace.
  5. Click Sign, then a step-up OTP re-authentication.
  6. The signature is captured with an audit trail.
  7. A locked PDF is generated and the patient gets a copy.
  8. The investigator countersigns (MFA-protected).


Regulatory position, three pillars.

  • Closed system (eIDAS Article 2.2). EMA 2023: eIDAS is not applicable to closed systems. Castor is closed, so no QES is required. Caveat: national civil code requirements in Austria (ABGB §886) and Poland (Article 78(1)) may override this exemption.
  • Non-interventional exclusion. EU CTR 536/2014 excludes NIS. Signature requirements are proportionate to risk.
  • Approximated AES controls. Unique link, step-up OTP, audit trail, locked PDF, and investigator countersign. SMS OTP is on the near-term roadmap for true two-channel authentication.

Optional investigator-witnessed televisit. For remote participants: real-time video discussion, visual ID verification, and witnessed signing. Required in Belgium (remote), Spain (phone or video), and Italy (remote). Recommended in 15 or more additional countries.

Global readiness dashboard

Master verdict table

CountryCodeRegionVerdictRiskQES riskHard blockers
AustraliaAUSAPACGOLowNoneNone
SwitzerlandCHEEuropeGOLowNoneNone
United KingdomGBREuropeGOLowNoneNone
IsraelISRMEGOLowNoneNone
NetherlandsNLDEUGOLowLowNone
United StatesUSAAmericasGOLowNoneNone
CanadaCANAmericasGOLowNoneNone
DenmarkDNKEUGOLow-medLowNone
FranceFRAEUGOLow-medLowNone
IrelandIRLEUGOLowLowNone
South KoreaKORAPACGOLow-medLowNone
SingaporeSGPAPACGOLowNoneNone
TaiwanTWNAPACGOLow-medNoneNone
UAEAREMECOND GOLowNoneNone
ArgentinaARGAmericasCOND GOMediumLowWitness sig req
BelgiumBELEUCOND GOLow-medMediumNone (with televisit)
BrazilBRAAmericasCOND GOHighMediumCEP conservatism
ChileCHLAmericasCOND GOLow-medLowDirector sig req
GermanyDEUEUCOND GOLowHighEC QES demand
SpainESPEUCOND GOMed-highMediumCEIm QES demand
FinlandFINEUCOND GOLow-medMediumFTN institutional
ItalyITAEUCOND GOHighHighFEQ/SPID if demanded
MexicoMEXAmericasCOND GOMed-highLow2-witness req
Saudi ArabiaSAUMECOND GOLow-medNoneData hosting (confirm)
SwedenSWEEUCOND GOLowMediumBankID expectation
ThailandTHAAPACCOND GOMed-highNoneEC conservatism
IndiaINDAPACCOND GOHighNoneIEC conservatism; confirm NIS exemption
AustriaAUTEUCOND NO-GOMediumVery highBASG QES mandate
ChinaCHNAPACCOND NO-GOCriticalNoneData loc + email
PolandPOLEUCOND NO-GOCriticalVery highCivil Code QES
South AfricaZAFAfricaCOND NO-GOCriticalNoneMobile + email
TurkeyTUREuropeCOND NO-GOMed-highHighNo eConsent framework
RussiaRUSEuropeNO-GON/AN/ASanctions + 3 fatal

Decision tree

Can I use eConsent here?

  1. Is this country on the no-go list? Yes (Russia), stop, paper only.
  2. Is this country conditional no-go? AUT, CHN, POL, ZAF, TUR, check specific blockers.
  3. Is there a QES risk at the EC level? DEU high, ITA high, ESP/SWE/BEL/FIN medium, pre-engage the EC.
  4. Is televisit required for remote consent? BEL, ESP, ITA (remote), deploy the televisit pathway.
  5. Standard eConsent pathway: deploy email plus OTP plus click-to-sign. Paper fallback always available.

A paper fallback must be available in all countries. For conditional no-go countries, attempt eConsent only if the specific blocker is mitigated and the EC pre-confirms. For Russia (no-go), paper consent only.

Regional deep dives — EU/EEA (12)

Austria (AUT)

COND NO-GO

Austria requires QES for informed consent under the BASG interpretation of ABGB §886. The closed-system exemption under eIDAS Article 2.2 has not been tested with Austrian authorities. ID Austria reached 4.8M users (53%) after Handy-Signatur retired in December 2023, but QES activation requires an in-person visit to a registration authority, impractical for participants.

Key regulation AMG, ABGB §886, eIDAS
Compliance risk Medium
Signature req QES required (BASG)
QES risk Very high
Data localization No
Recommended Paper default; eConsent only if BASG confirms

Key risks

  • BASG likely to reject the closed-system argument without precedent.
  • ID Austria QES requires in-person activation, not viable for remote.
  • Academic center ECs near-certain to demand a handwritten signature.

Belgium (BEL)

COND GO

Austria requires QES for informed consent under the BASG interpretation of ABGB §886. The closed-system exemption under eIDAS Article 2.2 has not been tested with Austrian authorities. ID Austria reached 4.8M users (53%) after Handy-Signatur retired in December 2023, but QES activation requires an in-person visit to a registration authority, impractical for participants.

Key regulation AMG, ABGB §886, eIDAS
Compliance risk Medium
Signature req QES required (BASG)
QES risk Very high
Data localization No
Recommended Paper default; eConsent only if BASG confirms

Key risks

  • BASG likely to reject the closed-system argument without precedent.
  • ID Austria QES requires in-person activation, not viable for remote.
  • Academic center ECs near-certain to demand a handwritten signature.

Germany (DEU)

COND GO

Germany is the highest-stakes EU market. The MFG 2024 modernized the legal framework, and the BGB §126b text-form argument supports electronic consent for NIS. However, Germany has 53 independent ethics committees, and individual ECs may demand QES regardless of the legal argument. D-Trust Video-Ident with passport provides a QES fallback (feasibility: medium).

Key regulation MFG 2024, BGB §126/126b
Compliance risk Low
Signature req OTP OK; EC may demand QES
QES risk High
Data localization No
Recommended On-site preferred plus EC pre-engagement

Key risks

  • 53 independent ECs, each may set its own QES requirement.
  • Closed-system argument under eIDAS Article 2.2 not uniformly tested.
  • QES fallback via D-Trust Video-Ident adds cost and complexity.
  • State data protection authorities may impose additional requirements.

Denmark (DNK)

GO

Denmark offers a pragmatic regulatory framework. BEK 825/2020 Section 15(2) accepts electronic consent. ECs are generally accommodating and familiar with electronic processes.

Key regulation Committee Act, BEK 825/2020 §15(2)
Compliance risk Low-med
Signature req Electronic signature accepted
QES risk Low
Data localization No
Recommended Standard eConsent

Key risks

  • Specific EC preferences may vary by institution.
  • NemID/MitID cultural expectation may surface at some sites.
  • Translation requirements for non-Danish-speaking participants.

Spain (ESP)

COND GO

Spain requires mandatory synchronous interaction for consent, by phone or video. The AEMPS DCT 2024 guidance sets this requirement. CEIm acceptance of OTP vs QES varies significantly across the 82-plus committees. Pre-engagement with the specific CEIm before deployment is essential.

Key regulation AEMPS DCT 2024, Law 14/2007
Compliance risk Med-high
Signature req OTP plus mandatory synchronous interaction
QES risk Medium
Data localization No
Recommended Televisit or phone plus eConsent

Key risks

  • 82-plus CEIm committees with varying QES expectations.
  • Synchronous interaction requirement adds operational complexity.
  • Phone consent may not satisfy all CEIm, video is safer.
  • Regional language requirements (Catalan, Basque, Galician).

Finland (FIN)

COND GO

Finland’s Medical Research Act accommodates electronic consent and most ECs accept OTP-based authentication. The key caveat is HUS (Helsinki University Hospital): its institutional practice may require FTN authentication. This is a site-level requirement, not a universal TUKIJA rule. Elderly internet access is better than expected: 48% daily for ages 75 to 89.

Key regulation Medical Research Act 488/1999
Compliance risk Low-med
Signature req OTP OK; HUS may require FTN
QES risk Medium
Data localization No
Recommended Standard eConsent; monitor FTN at HUS

Key risks

  • HUS institutional FTN requirement could block Helsinki sites.
  • FTN integration not available in Castor, would need a workaround.
  • Site-by-site variation in authentication expectations.

France (FRA)

GO

France’s Jardé Law places NIS in the lightest regulatory category, and the CNIL reference methodologies (MR-003, MR-004) govern data processing without imposing signature-level requirements beyond what OTP provides. CPP committees are generally pragmatic for NIS consent.

Key regulation Jardé Law, CNIL MR-003/004
Compliance risk Low-med
Signature req OTP sufficient
QES risk Low
Data localization No
Recommended Standard eConsent

Key risks

  • CPP committee preferences may vary regionally.
  • CNIL data processing compliance requires careful documentation.
  • French-language consent documents mandatory.

Ireland (IRL)

GO

Ireland is one of the most permissive EU markets. The HSE National Policy accepts consent in “written, electronic or other format.” HPRA alignment is strong. The regulatory environment is straightforward and well-suited to standard eConsent deployment.

Key regulation HSE National Policy, HPRA
Compliance risk Low
Signature req OTP sufficient
QES risk Low
Data localization No
Recommended Standard eConsent

Key risks

  • Individual hospital REC preferences may add minor requirements.
  • Cross-border data transfer documentation for EU adequacy.

Italy (ITA)

COND GO

Italy is one of the most complex EU markets. The CAD distinguishes between FEQ (firma elettronica qualificata / QES) and simple e-signatures. Individual CET may demand FEQ or SPID authentication regardless of the closed-system argument. AIFA Determination 425/2024 does not endorse eConsent.

Key regulation CAD, eIDAS, AIFA 425/2024
Compliance risk High
Signature req OTP OK; CET may demand FEQ/SPID
QES risk High
Data localization No
Recommended Televisit plus paper fallback ready

Key risks

  • CET may demand FEQ/SPID, no national uniformity.
  • AIFA 425/2024 does not cover eConsent (common misinterpretation).
  • SPID/CIE integration not available in Castor.
  • Televisit mandatory for any remote consent pathway.

Netherlands (NLD)

GO

The Netherlands is a natural fit for eConsent. The WMO amendment and CCMO guidance explicitly recognize electronic consent. Dutch ECs are pragmatic and experienced with eConsent from extensive CRO operations in the Netherlands. Castor is headquartered here, adding local credibility.

Key regulation WMO amendment, CCMO
Compliance risk Low
Signature req OTP sufficient
QES risk Low
Data localization No
Recommended Standard eConsent

Key risks

  • Low risk overall, mainly standard operational considerations.
  • Multi-center studies may still have site-level EC preferences.

Poland (POL)

COND NO-GO

Poland has one of the most rigid legal frameworks in the EU. Civil Code Article 78(1) requires a QES for declarations of will, which Poland interprets to include informed consent. The closed-system argument under eIDAS Article 2.2 has minimal precedent in Polish administrative practice. Unlike Austria, there is no near-term pathway to resolve this.

Key regulation Civil Code Article 78(1)
Compliance risk Critical
Signature req QES required (Civil Code)
QES risk Very high
Data localization No
Recommended Paper default only

Key risks

  • Civil Code QES requirement has no known exemption for NIS.
  • Polish practice does not recognize closed-system carve-outs.
  • No viable QES integration pathway for study participants.
  • Paper consent is the only reliable option for the foreseeable future.

Sweden (SWE)

COND GO

Sweden’s Ethical Review Act accommodates electronic consent and the framework supports OTP. However, BankID is deeply embedded in Swedish digital culture. ECs and participants may question why BankID is not used. While not legally required for NIS, prepare a compelling argument for why OTP with step-up authentication is sufficient.

Key regulation Ethical Review Act, eIDAS
Compliance risk Low
Signature req OTP OK; BankID expected culturally
QES risk Medium
Data localization No
Recommended Standard eConsent; prepare BankID argument

Key risks

  • Strong cultural expectation for BankID may cause friction.
  • Individual ECs may informally request BankID integration.
  • Participant trust may be lower without the familiar BankID flow.

Regional deep dives — non-EU Europe and Americas (8)

Switzerland (CHE)

GO

The most eConsent-friendly country in this assessment. swissethics published dedicated eIC Guidelines v2.1 with specific technical and procedural guidance for electronic informed consent. Swiss ECs are experienced and actively supportive. The framework is mature and well-documented.

Key regulation swissethics eIC v2.1
Compliance risk Low
Signature req OTP sufficient
QES risk None
Data localization No
Recommended Standard eConsent

Key risks

  • Swiss state e-ID launching summer 2026 may create future expectations.
  • Canton-level data protection requirements may vary.
  • Minimal risk overall, strongest regulatory foundation assessed.

United Kingdom (GBR)

GO

The HRA and MHRA issued a joint statement explicitly supporting eConsent, one of the clearest endorsements globally. Post-Brexit, the UK is not bound by eIDAS, eliminating QES complications entirely. Simple electronic signatures are accepted and the approach is highly pragmatic. RECs are well-versed in eConsent from COVID-era experience.

Key regulation HRA/MHRA joint statement
Compliance risk Low
Signature req Simple e-signature accepted
QES risk Low
Data localization No
Recommended Standard eConsent

Key risks

  • Post-Brexit UK GDPR divergence, monitor adequacy decisions.
  • NHS Trust-level IT policies may affect deployment at specific sites.

United States (USA)

GO

The global benchmark for electronic records and signatures in clinical research. 21 CFR Part 11 defines the requirements for electronic records, and the E-SIGN Act and UETA recognize electronic signatures broadly. FDA guidance on eConsent is well-established. OTP-based authentication fully meets Part 11. IRBs are highly experienced.

Key regulation 21 CFR Part 11, E-SIGN Act
Compliance risk Low
Signature req Part 11 compliant OTP
QES risk None
Data localization No
Recommended Standard eConsent

Key risks

  • Part 11 audit trail requirements must be demonstrable.
  • State-level privacy laws (CCPA and others) add data handling nuance.
  • Minimal risk, most mature eConsent market globally.

Canada (CAN)

GO

Canada’s TCPS2 and PIPEDA align closely with the US framework, making it one of the simpler deployments. eConsent is well-accepted in Canadian clinical research. Provincial privacy legislation (for example Quebec’s Law 25) adds some complexity for data handling but does not block eConsent workflows.

Key regulation TCPS2, PIPEDA
Compliance risk Low
Signature req OTP sufficient
QES risk Low
Data localization No
Recommended Standard eConsent

Key risks

  • Quebec Law 25 imposes additional privacy requirements.
  • Provincial REB preferences may vary.
  • Bilingual consent documents required for Quebec sites.

Chile (CHL)

COND GO

Chile’s bioethics law (Ley 20.120) and electronic signature law (Ley 19.799) provide the framework. FES (firma electrónica simple) is likely sufficient for NIS consent. The key complication is that the law requires the principal investigator (director) to personally sign consent documents, which may need a specific workflow accommodation.

Key regulation Ley 20.120, Ley 19.799
Compliance risk Low-med
Signature req FES likely sufficient
QES risk Low
Data localization No
Recommended On-site preferred

Key risks

  • Director signature requirement needs workflow accommodation.
  • Chilean ECs generally prefer on-site consent processes.
  • FES sufficiency for research consent not explicitly confirmed.
  • Limited eConsent precedent in Chilean clinical research.

Mexico (MEX)

COND GO

Mexico’s NOM-012 governs clinical research, and the emerging PROY-NOM-262 (which references ICH E6(R2)) will further define requirements. FES is likely sufficient for the signature itself. The unique challenge is Mexico’s two-witness requirement for consent, which requires a purpose-built electronic workflow. Rural internet improved to 68.5% (INEGI ENDUTIH 2024).

Key regulation NOM-012, PROY-NOM-262
Compliance risk Med-high
Signature req FES likely; 2 witnesses needed
QES risk Low
Data localization Conditional
Recommended On-site plus electronic witness workflow

Key risks

  • Two-witness electronic workflow has no established precedent.
  • PROY-NOM-262 not yet finalized, requirements may change.
  • FES sufficiency for research consent not conclusively settled.
  • Witness identity verification in electronic format undefined.

Regional deep dives — APAC, Middle East and Africa (12)

Australia (AUS)

GO

One of the most permissive eConsent frameworks globally. The Electronic Transactions Act 1999 broadly recognizes electronic signatures, and NHMRC guidance explicitly supports electronic consent. No QES or national eID requirements. The HREC system is experienced with eConsent from multinational trials.

Key regulation ETA 1999, NHMRC guidance
Compliance risk Low
Signature req OTP sufficient
QES risk None
Data localization No
Recommended Standard eConsent

Key risks

  • State and territory privacy legislation may add minor requirements.
  • Minimal risk overall, one of the cleanest deployments.

Singapore (SGP)

GO

A highly permissive and well-defined framework. The Electronic Transactions Act 2010 and PDPA provide a clear legal basis. SingHealth and NHG institutional frameworks are accommodating of electronic processes. No QES requirements and no data localization barriers.

Key regulation ETA 2010, PDPA
Compliance risk Low
Signature req OTP sufficient
QES risk Low
Data localization No
Recommended Standard eConsent

Key risks

  • Institutional review at SingHealth/NHG may add timeline.
  • Minimal risk, strong regulatory and institutional support.

South Korea (KOR)

GO

The 2020 Electronic Signature Act reform was pivotal: it removed the previous government-certificate monopoly, making OTP-based approaches legally viable for the first time. BSA Article 16(1) governs consent requirements. Korean IRBs are increasingly familiar with eConsent from multinational trial participation.

Key regulation BSA Article 16(1), ESA 2020
Compliance risk Low-med
Signature req OTP OK post-2020 reform
QES risk Low
Data localization No
Recommended Standard eConsent

Key risks

  • Pre-2020 institutional IRBs may not be aware of ESA reform implications.
  • Korean-language consent localization and cultural adaptation needed.
  • Data protection under PIPA requires cross-border transfer documentation.

Taiwan (TWN

GO

Taiwan’s TFDA has issued specific eConsent guidance supporting electronic consent for clinical research, one of the few APAC regulators with an explicit framework. The environment is pragmatic, but Taiwanese practice strongly favors on-site consent. Remote eConsent is technically permissible but uncommon.

Key regulation TFDA eConsent guidance 2019
Compliance risk Low-med
Signature req OTP sufficient
QES risk None
Data localization No
Recommended On-site preferred; remote possible

Key risks

  • Cultural preference for in-person consent may cause site pushback.
  • IRB comfort with remote eConsent varies significantly.
  • Mandarin-language consent document requirements.

Thailand (THA)

COND GO

Thailand lacks explicit eConsent guidance, creating fundamental regulatory uncertainty. The National Health Act §9 governs consent but is silent on electronic modalities. The PDPA provides data protection requirements but does not address consent format. Thai ECs tend toward conservatism, and the absence of explicit endorsement means each EC must be individually convinced.

Key regulation National Health Act §9, PDPA
Compliance risk Med-high
Signature req No explicit guidance
QES risk None
Data localization No
Recommended On-site only; EC pre-engagement required

Key risks

  • No regulatory guidance, each EC interprets requirements independently.
  • Thai EC culture is conservative; eConsent is unfamiliar territory.
  • Rural participant populations may have limited digital access.
  • Language and literacy considerations for informed consent.

China (CHN)

COND NO-GO

China presents a triple barrier making remote eConsent non-viable: PIPL/CSL/DSL mandate data localization for health data; email-based delivery is incompatible with Chinese digital behavior (WeChat and WeCom dominate); and NMPA/CDE acceptance of eConsent remains uncertain. WeCom is a compliance best practice, not a legal mandate.

Key regulation PIPL/CSL/DSL, NMPA/CDE
Compliance risk Critical
Signature req Email not viable; WeCom ecosystem
QES risk None
Data localization Yes
Recommended On-site paper or tablet only

Key risks

  • Data localization mandate requires Chinese server infrastructure.
  • Email delivery model incompatible with Chinese participant behavior.
  • NMPA/CDE has not explicitly endorsed remote eConsent for NIS.
  • Shanghai vs Beijing FTZ regulatory environments are distinct.

India (IND)

COND GO

India’s ICMR National Ethical Guidelines 2017 Section 5.5 permits eConsent with safeguards for NIS. The NDCT Rules 2019 AV recording requirement applies to interventional trials only, not non-interventional studies. OTP is not recognized under IT Act §3A (covers Aadhaar only). Conditional on IEC pre-approval.

Key regulation ICMR 2017 (NIS), NDCT 2019 (interventional only)
Compliance risk High
Signature req OTP not recognized (IT Act §3A)
QES risk None
Data localization Conditional
Recommended On-site eConsent with IEC pre-approval

Key risks

  • IT Act §3A explicitly excludes OTP from recognized e-signatures.
  • AV recording of full consent process is mandatory for interventional trials.
  • DPDPA Rules still being finalized, may change data requirements.
  • Rural digital infrastructure limits remote participant access.

Israel (ISR)

GO

Taiwan’s TFDA has issued specific eConsent guidance supporting electronic consent for clinical research, one of the few APAC regulators with an explicit framework. The environment is pragmatic, but Taiwanese practice strongly favors on-site consent. Remote eConsent is technically permissible but uncommon.

Key regulation TFDA eConsent guidance 2019
Compliance risk Low-med
Signature req OTP sufficient
QES risk None
Data localization No
Recommended On-site preferred; remote possible

Key risks

  • Cultural preference for in-person consent may cause site pushback.
  • IRB comfort with remote eConsent varies significantly.
  • Mandarin-language consent document requirements.

UAE (ARE)

COND GO

Permissive but fragmented across Emirates. The federal PDPL governs data protection, but healthcare regulation varies by Emirate (DOH Abu Dhabi, DHA Dubai, MOH federal). eConsent is not explicitly blocked but not explicitly endorsed. Data localization may apply depending on Emirate and data classification. Televisit recommended for a stronger evidence trail.

Key regulation PDPL, Emirate-level rules
Compliance risk Low
Signature req OTP plus televisit recommended
QES risk None
Data localization Conditional
Recommended Televisit plus eConsent

Key risks

  • Fragmented regulation across Emirates adds compliance complexity.
  • Data localization requirements unclear and potentially Emirate-specific.
  • No explicit eConsent endorsement from any Emirate health authority.
  • Arabic-language consent documents likely required.

Saudi Arabia (SAU)

COND GO

SFDA and NCBE do not explicitly block eConsent. OTP is sufficient for signatures. The main uncertainty is data localization: the PDPL may require local hosting depending on data classification. NCBE ethics review is centralized, which simplifies EC engagement compared to fragmented European systems.

Key regulation SFDA, NCBE, PDPL
Compliance risk Low-med
Signature req OTP sufficient
QES risk None
Data localization Potential — confirm (dashboard says “TBD”)
Recommended On-site preferred

Key risks

  • PDPL data localization requirements not yet fully defined.
  • On-site consent strongly preferred by Saudi clinical culture.
  • NCBE has not explicitly endorsed remote eConsent.
  • Vision 2030 digital health push may accelerate acceptance.

South Africa (ZAF)

COND NO-GO

ECTA 2002 recognizes electronic signatures, but the population’s digital access pattern makes email-based consent delivery non-viable for many participants. Mobile internet reached 66.3%, but this is predominantly mobile-only access with limited email usage. The barrier is infrastructure, not law. On-site paper with mobile-assisted notification is the realistic pathway.

Key regulation ECTA 2002, POPIA
Compliance risk Critical
Signature req E-sig legal; email not viable
QES risk None
Data localization Conditional
Recommended On-site paper; SMS or WhatsApp notification

Key risks

  • Email dependency is a fatal flaw for significant participant populations.
  • Mobile-only internet access means no traditional email workflow.
  • Load shedding affects digital infrastructure reliability.
  • SAHPRA/REC acceptance of eConsent for NIS not established.

Russia (RUS)

NO-GO

ECTA 2002 recognizes electronic signatures, but the population’s digital access pattern makes email-based consent delivery non-viable for many participants. Mobile internet reached 66.3%, but this is predominantly mobile-only access with limited email usage. The barrier is infrastructure, not law. On-site paper with mobile-assisted notification is the realistic pathway.

Key regulation ECTA 2002, POPIA
Compliance risk Critical
Signature req E-sig legal; email not viable
QES risk None
Data localization Conditional
Recommended On-site paper; SMS or WhatsApp notification

Key risks

  • Email dependency is a fatal flaw for significant participant populations.
  • Mobile-only internet access means no traditional email workflow.
  • Load shedding affects digital infrastructure reliability.
  • SAHPRA/REC acceptance of eConsent for NIS not established.

Conclusion

The global regulatory landscape for eConsent has reached real maturity, with frameworks now supporting digital consent in the majority of assessed countries. The finalization of ICH E6(R3) guidelines and continued regulatory evolution show a strong commitment to modernizing clinical trial processes while maintaining high standards of participant protection and data integrity.

As pharmaceutical companies increasingly adopt digital technologies, eConsent is a core component of modern clinical trial infrastructure. Organizations should make use of this regulatory maturity while paying careful attention to country-specific requirements and ongoing developments, particularly around specific eSignature standards like QES in Europe.

Why choose Castor for eConsent?

Castor provides a unified, patient-centric platform designed for global scale. Our eConsent solution offers 21 CFR Part 11 compliant eSignatures, full audit trails, and data security aligned with GDPR and HIPAA. While we are transparent about the current QES limitation under eIDAS, the platform is optimized for usage in the majority of global jurisdictions, enabling flexible, hybrid trial designs that maximize enrollment and retention.

Ready, set, go: using eConsent in your trial

The best time to implement eConsent is sooner rather than later. Readiness has to happen at both the regulatory and site level.

Related Posts

To read the rest of this content, please provide a little info about yourself

EDC For Researchers, Designed By Researchers

Discover all the features offered by Castor EDC

Discover Now