Coverage: 2021 (Jun–Dec), 2022 (Jan–Dec), 2023 (Jan–Dec), 2024 (Jan–Dec), 2025 (Jan–Dec)

How to read this: This comparison does not assume a straight line of progress. It tracks how the same five themes evolve from early signals, to framework-building, to operational roll‑out, and then into constraints that affect feasibility, timelines, and acceptance.

Between mid-2021 and the end of 2025, regulators didn’t suddenly “embrace” real-world evidence (RWE). What changed was how clearly expectations were articulated — and how tightly they were applied.

Looking across five years of regulatory updates, a few patterns stand out:

• Early years (2021–2022) focused on fundamentals: data quality, registries, ethics routing, lawful use
• 2023 introduced structure: frameworks, pilots, sandboxes, and clearer positioning
• 2024 made things operational: systems, quality frameworks, cybersecurity, mandated artefacts
• 2025 exposed the pressure: acceptance became more conditional, feasibility more constrained

The direction has been broadly supportive of RWE — but delivery has become harder, not easier. Increased clarity came with increased structure, governance, and scrutiny.

This is why many teams experienced 2025 as a year of tension: RWE was more visible in regulatory and access discussions, yet harder to execute at scale.

This isn’t a failure of RWE. It’s the natural result of moving from aspiration to implementation.

(Based on RWR Regulatory Updates, 2021–2025)

Cross‑Year Maturity Map (at‑a‑glance)

The maturity map reflects longitudinal regulatory evolution of each trend across the full reporting period and is independent of the country signal tables, which provide contextual snapshots rather than inputs to the maturity assessment.

Scale used:
E = Emerging signals
F = Frameworks / formal positioning
O = Operational roll‑out (tools, systems, pilots)
C = Consolidation (more consistent application)
X = Execution pressure / feasibility constraint

Note: 2021 is a partial year (June–December). The maturity labels for 2021 reflect only what is visible in that reporting window.

2021 (baseline): Largely not visible as a defined RWE governance topic. The 2021 focus is on RWE fundamentals (data sources, registries, ethics routing, privacy posture).
2022: Early signals begin to appear, often via ethics and data governance references where large datasets and AI‑enabled methods are in scope.
2023: The shift becomes clearer: regulators start using controlled validation models (e.g., sandbox concepts) and lifecycle thinking for ML‑enabled technologies.
2024: Oversight models become more practical and repeatable; AI is increasingly discussed in terms of governance and accountability rather than novelty.
2025: AI is no longer a “topic” — it is treated as part of a regulated evidence lifecycle with ongoing monitoring expectations. The challenge becomes operational: proving performance over time and demonstrating controls across the model lifecycle.

Cross‑year takeaway: AI governance moves from “emerging ethics concern” to “operational evidence control requirement.” The biggest change is the move from one‑off validation discussions toward lifecycle oversight.

2021 (baseline): Early visibility requirements and trust issues appear alongside national data programme changes. “Access” is already more than a feasibility question; it is linked to transparency and public confidence.

2022: Formal architecture begins to dominate (notably in Europe): secondary‑use frameworks and early network steps become explicit programme priorities.
2023: Pilots and network participation become more visible; multi‑country capability and data partner onboarding move from concept into work plans.
2024: Implementation becomes more tangible: governance mechanisms, readiness expectations, and delivery infrastructure affect practical timelines.
2025: Data access and standards alignment become direct constraints. “Data readiness” becomes inspectable (permissions, linkage governance, audit trails, technical standards), and access‑body/system transitions become visible drivers of delay.

Cross‑year takeaway: Data access evolves from “availability of data” to “ability to use data within defined systems.” By 2025, infrastructure and governance are part of feasibility, not separate from it.

2021 (baseline): Strong early movement toward clearer expectations for RWD quality and defensible use of EHR/claims/registries. Key signals point to documentation, provenance, and “show your work” expectations.

2022: Expectations become more visible inside workflows (e.g., making RWD/RWE use explicit and trackable). The “how it is used” becomes more formal.
2023: Method is treated less as guidance and more as an assessment basis (pre‑specification, transparency, and decision‑linked justification are increasingly expected).
2024: Assessable frameworks and structured criteria become more prominent. Methodological expectations are easier for regulators to apply consistently.
2025: Method becomes a constraint when it is not met. Non‑interventional work is increasingly expected to look “regulatory style” in pre‑specification, transparency, and defensibility.

Cross‑year takeaway: The arc runs from principles → workflow visibility → assessable criteria → acceptance conditions. By 2025, “fit‑for‑purpose RWE” is not optional wording; it is the practical basis for review.

2021 (baseline): Privacy and trust are already visible as feasibility issues (including program pauses and transparency requirements).
2022: Expansion of data protection laws and governance expectations becomes clearer across regions; public understanding/acceptance remains a visible risk factor.
2023: Cross‑border transfer routes and consent/legal basis discussions become more operational and more country‑specific.
2024: Cybersecurity obligations begin to appear more directly in the research delivery chain (vendors, service providers, contracting, incident handling).
2025: Privacy and cybersecurity are explicit gating factors for feasibility. Vendor assurance, transfer logic, and controller/processor clarity are routinely part of operational readiness.

Cross‑year takeaway: This trend shifts from “compliance workstream” to “study feasibility requirement.” The practical impact is biggest in multinational programmes and vendor ecosystems.

2021 (baseline): Many process‑level updates appear (ethics routing, submission mechanics, templates) — small individually, but they begin standardising “how” work is done.
2022: Model agreements, portals, and structured navigation for NIS become more prominent. Standard artefacts start to shape start‑up timelines.
2023: Standardisation accelerates and becomes less flexible (non‑modifiable sections, mandated templates tied to submission pathways). Operational compliance becomes a meaningful risk factor.
2024: Standardisation is widely embedded (templates, systems, and reporting expectations). Version control and process discipline become recurring themes.
2025: Standardisation is a constraint: mandated artefacts and defined processes reduce local variation but increase precision requirements. Operational readiness becomes inspectable and auditable.

Cross‑year takeaway: Operational standardisation moves from helpful consistency to mandatory precision. The strongest “execution pressure” effect sits here.

Across 2021–2025, three patterns become clear:

1. Enablement increased, but so did controls = The direction supports RWE use, while the delivery expectations become more structured and enforceable.

2. Acceptance is use‑case specific = Over time, regulators become clearer about where RWE is expected (e.g., safety and post‑authorisation contexts) and where it remains conditional.

3. Operational readiness became a differentiator = By 2025, feasibility is increasingly shaped by governance, permissions, auditability, cybersecurity posture, and mandated artefact compliance — not only scientific design.

Across the 2021–2025 reporting period, the language used in practice shifts away from broad claims about “good” RWE toward fitness-based framing:

• Fit‑for‑use RWD: Data provenance, relevance, completeness, governance, known limitations

• Fit‑for‑purpose RWE: Decision‑linked design and analysis, transparency, and defensible interpretation

This framing is more consistent with how regulators assess evidence in practice than a universal label such as “regulatory‑grade.”

Based on the observed 2025 position, 2026 is likely to be shaped less by new concepts and more by application: More consistent use of existing frameworks, more scrutiny of operating controls, and more focus on evidence that is clearly linked to defined regulatory or reimbursement questions.

Scale used:
E = Emerging signals
F = Frameworks / formal positioning
O = Operational roll-out
C = Consolidation
X = Execution pressure / feasibility constraint