EPCIS Traceability Standard – Sharing “What, When, Where, Why” Events Across Supply Chains

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated October 2025 • Traceability & Compliance • WMS, MES, QMS

EPCIS (Electronic Product Code Information Services) is the GS1 standard for capturing and sharing item/lot/serial event data across organizations—commissioning, packing, shipping, receiving, transformation, and verification. It creates a common language so partners can exchange exactly what happened to which objects, at which time and place, under which business step and reason. In practice, EPCIS binds barcodes/UDI/RFID to business events and master data (GTIN, lot, expiry, SSCC), enabling interoperable visibility for recalls, investigations, sustainability, and regulatory programs such as FSMA 204 and device UDI.

“If partners can’t agree on the event and the identifiers, they can’t agree on the truth. EPCIS standardizes both.”

1) What It Is

EPCIS represents supply-chain history as a timeline of events against identifiers. Core events include Object, Aggregation, Transaction, and Transformation; each carries where, when, business step (e.g., ship, receive, pack), and disposition (e.g., in_progress, in_transit, active, destroyed). Identifiers reference GS1 keys (GTIN, Lot/Batch, Serial, SSCC, GLN). V2.0 adds JSON-LD and stronger semantics, improving web-scale exchange and validation. Executed records from shop floor and warehouse systems must map precisely to these events and be preserved per your Data Retention & Archival policy.

2) Regulatory Anchors & Scope

Food, pharma, and devices require chain-of-custody and transformation evidence. In food, FSMA 204 defines Critical Tracking Events (CTEs) and Key Data Elements (KDEs) that align naturally to EPCIS; in devices, UDI demands serial/lot lineage; in pharma, aggregation and inference are common in serialization. When events are electronic, Part 11 and Annex 11 expectations apply to identity, audit trails, signatures, and retention. EPCIS implementations therefore cover:

• Identification (GTIN, lot/serial, SSCC) and locations (GLN) under master-data control.
• Event capture from MES/WMS (pack, ship, receive, transform, deaggregate).
• Partner exchange using EPCIS event files/APIs with acknowledgements.
• Security & integrity including signing, audit trails, and tamper resistance.
• Periodic review to keep mappings, steps, and partner endpoints current.
• Retention & archival ensuring readability and context for the required period.

3) Event Lifecycle: From Capture to Exchange

Creation & numbering. Events are generated from validated points of use (e.g., pack station, line printer, dock). Each flow receives a unique ID and configuration (objects, steps, dispositions), and is mapped to products, lines, and partners for impact analysis. Controlled fields for label/UDI masters and BOM pack rules ensure later linkage.

Review & approval. Event schemas and partner agreements move through role-based Approval Workflow (author → technical reviewer(s) → QA/IT → regulatory/commercial). QA verifies alignment with CSV status and related procedures; approvals are signed under Part 11 controls.

Effective dating & training. Go-live dates balance compliance deadlines with readiness. Training plans derive from event roles; systems may enforce training gating—blocking publish/receive until completion.

Distribution & control of copies. Partners access current specs and test payloads via controlled portals. Obsolete specs are superseded and read-only for history.

Revision & change control. Changes follow formal Change Control with impact assessments on labels, pack rules, interfaces, and risk files (HACCP/FMEA). The system keeps redlines, rationale, and audit trails.

Archival & decommissioning. Retain event payloads and metadata (versions, signatures, trails, effective periods) per policy; validate reader/rendering to ensure future access.

4) Events & Data in Scope (Examples)

• Commission & serialize: create serial/lot identities for items and cases.
• Aggregation & deaggregation: link items ↔ cases ↔ pallets via SSCC.
• Shipping & receiving: ship/arrive, with locations (GLN), times, and carriers.
• Transformation: consume inputs to produce outputs (mix, rework, kitting).
• Status & verification: quality holds/releases, verification/attestations.
• Master data: GTIN attributes, allergen/expiry, handling, and pack hierarchies.

5) Technical Controls for EPCIS Interfaces

• Identity & access. Unique users, role-based permissions, keys/certs; no shared accounts.
• Audit trails. Immutable logs for event capture, signing, publish/receive, corrections.
• Electronic signatures. Part 11-compliant approvals for schemas and go-lives.
• Versioning & supersede logic. Automatic effective/retire; runtime enforcement.
• Linkage to execution. Events bound to label templates, lots, and Genealogy.
• Validation. Positive/negative tests; schema and semantics checks; partner acks.
• Search & retrieval. Filter by GTIN/lot/serial/SSCC/GLN/time; rapid rendering for inspection.
• Integration. Validated exchange with WMS/MES/ERP/LIMS via the V5 Connect API.

6) Common Failure Modes & How to Avoid Them

• Identifier drift. GTIN/lot/serial not synchronized with labels/ERP. Fix: master-data governance and runtime validation.
• Aggregation gaps. Pallet not reflecting case contents. Fix: enforce scan interlocks and case/pallet reconciliation.
• Clock & location errors. Wrong timestamps/GLNs. Fix: NTP and location controls; validation on publish.
• Payload mismatch. Missing KDEs for FSMA 204. Fix: pre-submit checks and blocking on absence/inconsistency.
• Partner incompatibility. Different profiles of EPCIS 1.2 vs 2.0. Fix: profile negotiation and translation at the edge.
• Weak change control. Unreviewed schema tweaks. Fix: formal change control with QA/IT approvals.

7) Metrics That Prove Control

• First-pass event acceptance (no schema/semantic rejects) by partner.
• Recall readiness time (lot→ship-to→case/pallet drill-down) in minutes.
• Aggregation accuracy (pallet/case/item) from scan reconciliation.
• FSMA 204 completeness (% records with required CTE/KDE coverage).
• Exception rate (publish failures, late acks, identifier conflicts).

8) How It Relates to V5

V5 by SG Systems Global captures EPCIS-ready events at pack, print, ship, receive, and transform. In V5 WMS, Directed Picking and FEFO select the right lots; SSCC and label templates are controlled; ship confirm generates complete event payloads. In V5 MES, transformation events tie inputs to outputs for genealogy. V5 QMS provides Part 11/Annex 11 audit trails and approval workflows. V5 publishes/receives EPCIS via V5 Connect, validates schema/semantics, and maintains history for inspections and partner investigations.

9) FAQ

Q1. Do we need EPCIS if we already send spreadsheets?
Spreadsheets break at scale and are ambiguous. EPCIS delivers machine-readable, standardized events with acknowledgements and validation.

Q2. How does EPCIS support FSMA 204?
CTEs (e.g., ship/receive/transform) and KDEs map directly to EPCIS events/fields. V5 enforces required data before publish and blocks incomplete payloads.

Q3. What about serialized devices and UDI?
EPCIS expresses serial commissioning, aggregation, and shipping; UDI data rides in event identifiers and master data for end-to-end lineage.

Q4. Can we mix EPCIS 1.2 and 2.0?
Yes, with profile negotiation or translation. 2.0’s JSON-LD improves interoperability; gateways can convert while preserving semantics.

Q5. How do we verify a trading partner’s events?
Use schema and semantic validators, GLN/GTIN checks, clock drift tolerances, and business rules; reject or quarantine suspect payloads with audit trails.

Related Reading
• Standards & IDs: Batch Genealogy | CoA | Approval Workflow
• Execution & Control: Directed Picking | Dynamic Lot Allocation | Barcode Validation | Bin / Location Management
• Compliance: 21 CFR Part 11 | Annex 11 | Data Integrity | Data Retention & Archival