From the FDA ESG website:
"The Food and Drug Administration (FDA) Electronic Submissions Gateway (ESG) is an Agency-wide solution for accepting electronic regulatory submissions. The FDA ESG enables the secure submission of regulatory information for review.
The FDA ESG is the central transmission point for sending information electronically to the FDA. Within that context, the FDA ESG is a conduit along which submissions travel to reach their final destination. It does not open or review submissions; it automatically routes them to the proper FDA Center or Office."
"FDA forms (e.g., 1571, 356h) and documents require a signature. The FDA's General Counsel (GC) has said that the FDA must be able to determine the origin of a submission in order to implement fully electronic submissions. The PKI (x.509 version 3 class I) certificate employed by the ESG allows the FDA to determine the origin of the submission through the use of a public/private key exchange."
GlobalSign offers the required X.509 V3 client digital certificate, allowing users to electronically submit data to the FDA.
FDA ESG Checklist
The FDA's Webtrader Account Checklist will help you keep track of your progress and provide additional details on the account setup process.
- Which GlobalSign products work with the FDA ESG?
GlobalSign's PersonalSign products are fully compatible with the FDA ESG.
- Can I use a 3rd party e-mail address like Yahoo or GMail for my WebTrader account?
No, you must use an e-mail address associated with your business. The e-mail must also contain your name.
- Is the ESG compatible with GlobalSign's SHA-256 certificates?
Yes, you can use the SHA-256 certificates to make FDA submissions.
Update: The FDA supports SHA-256 for both the ESG and for S/MIME (secure/encrypted email purposes). All customers should use SHA-256 Certificates for FDA related use cases. Please note: GlobalSign will be deprecating SHA-1 PersonalSign (Client Certificates) by December 2017.
- The FDA is in the midst of migrating to a new S/MIME proxy which supports SHA-256. Any newly added users are being added to this new system.
- The FDA is allowing those customers with unexpired SHA-1 certificates to continue to use them. The migration is domain by domain, so if one person from an existing domain which is still on the old S/MIME system wants to upgrade to SHA-256, all users set up for S/MIME from their domain would have to be migrated over at the same time to support that. The FDA is working with those who need to be moved over earlier as well, vs. waiting for their migration phase.
- What is the policy on shared accounts?
- ESG accounts cannot be shared.
- Each individual must have their own account.
- Each individual is limited to one account.
- There is no limit to the total number of accounts held by a company.
- The registered e-mail address must be for an individual and not a group e-mail.
- The FDA references an option to create a self signed certificate using Adobe Acrobat. How does that work?
These certificates are created within Adobe Acrobat and are not legally binding. The FDA requires certain forms (e.g., 1571, 356h) have an embedded signature, whether it's a scanned signature or placed from a certificate prior to submission through the ESG. These certificates are only for visible signatures inside PDFs and cannot be used to sign a full submission to the ESG.
- I received an error message from the FDA, now what?
Please view the Common Errors article for a solution.