Every pharmaceutical manufacturer selling in India has heard the term "serialization" thrown around in the same breath as CDSCO, track-and-trace, and export compliance. Fewer teams can explain, precisely, what the regulation requires versus what their ERP vendor is trying to sell them.

This matters because getting it wrong is expensive twice over: once in penalties for non-compliance, and again in the false confidence that a compliant barcode also means a counterfeit-proof one. It doesn't, automatically. Serialization and authentication solve different problems, and the gap between them is exactly where fake medicines slip through.

What CDSCO serialization actually mandates

India's Central Drugs Standard Control Organisation requires unique product identification on packaging for specific export categories, with barcoding rules tightening progressively across primary, secondary, and tertiary packaging levels. The intent is traceability — knowing which batch, which manufacturing date, and which distribution path a strip of tablets travelled through.

A compliant system needs to generate and print a unique serial number per saleable unit, link it to batch and expiry data, and make that data retrievable at each supply chain checkpoint — manufacturing, distribution, and dispensing.

Serialization tells you where a product has been. It does not, by itself, tell you whether the product in your hand right now is genuine.

— Ratifye Brand Protection Desk

How this compares to US DSCSA

The US Drug Supply Chain Security Act follows a similar unit-level serialization logic but layers in stricter verification obligations — trading partners must be able to verify product identifiers at the package level before further distribution, and the end goal is a fully interoperable electronic system by law.

RequirementCDSCO (India)DSCSA (US)
Unit-level serializationMandatory for export-focused categoriesMandatory nationwide
Verification obligationTraceability-focusedActive verification before resale
Interoperable data exchangeEmerging requirementCore requirement
Counterfeit detectionNot inherent — needs added authenticationNot inherent — needs added authentication
2-week
typical go-live time to add cryptographic authentication on top of existing serialized barcodes

Where serialization needs authentication layered on top

A serial number printed on packaging can be copied. A counterfeiter who obtains one genuine strip can photograph and reprint the exact same barcode across thousands of fake units — and a basic scan will still return "valid" because the number matches a real batch record.

This is the gap Ratifye's ECDSA-based cryptographic signing closes. Each unit gets a signature that can't be cloned even if the visible barcode is copied, so a scan verifies the specific unit, not just whether that serial number exists somewhere in a database.

Take Action

Get started

Already serialized? Add authentication without touching your packaging line.

Talk to Our Team →

What to check before choosing a serialization vendor

For most manufacturers already meeting CDSCO's baseline, the highest-leverage next step isn't more serialization — it's making the existing barcode unclonable.