When most UAE pharmacies describe their response to serialisation, they describe a scanner at goods-in. A pack arrives, its serialised identity is verified on receipt, and from that point it is handled like any other stock. The mental model is that serialisation is a check at the door. That model is comfortable because it makes serialisation a single, contained step that the rest of the operation does not have to change around. It is also the model that most underestimates what a national traceability obligation actually is, because traceability is not a check at the door. It is a property the operation has to maintain across the entire life of every pack.
This piece is a perspective on what serialisation under Tatmeen actually changes operationally for pharmacies. The argument is opinionated. We are not arguing that pharmacies are non-compliant, or that scanning at receipt is wrong. We are arguing that serialisation is a chain-of-custody obligation, not a goods-in step; that the serialised identity has to be carried and verified at every custody point from receipt through dispensing, returns, expiry, and reconciliation; and that multi-branch operations multiply this because custody moves between sites and every move is a point that has to remain verifiable. The underestimation is treating a custody system as a single scan, and it stays invisible until the chain is tested at a point that was never verified.
The audience for this analysis is owners and operators of UAE pharmacies and multi-branch pharmacy groups who have implemented receipt scanning and consider serialisation handled, and who have not yet felt the cost of the custody points beyond goods-in. The useful diagnostic question is not "do we scan packs in" but "for any dispensed pack, could we show its verified custody from receipt to dispense, including any branch transfer, returns handling, and the claim, as one chain".
A Scan at the Door, or a Custody Chain
Below is a representation of the pack custody chain in a pharmacy, shown two ways: the common implementation, where serialisation effectively stops after receipt, and the full traceability obligation, where the serialised identity is verified at every custody point. The point is not that scanning at receipt is wrong; it is that it is one node of a chain, and that the difference between a serialisation step and a serialisation system is everything after the door. Toggle between the two to see what is actually verified in each.
The pack custody chain, as commonly implemented versus as traceability requires
Toggle the mode to see which custody points are actually verified
Why a Custody Obligation Is Not a Goods-In Step
The reason serialisation cannot be contained at receipt is the nature of what serialisation is for. A serialised identity exists so that an individual pack can be traced and verified through the supply chain, which only has value if the identity is actually carried and checked at the points where custody changes or where the pack could leave or re-enter the dispensable chain. A scan at goods-in establishes the identity in the operation; it does not maintain custody of it. Tatmeen is a national serialisation and traceability system, and traceability is a statement about the whole journey, not about the moment of arrival. An implementation that verifies only arrival has implemented the prefix of the obligation, not the obligation.
The scale of the pharmacy estate makes the operational reach concrete. There were around 1,588 licensed pharmacies among Dubai's 5,372 facilities in 2024, a large share of them operating as multi-branch groups. In a multi-branch group a serialised pack does not have a single static location; it moves, between storage and dispensing, and between branches when stock is balanced or transferred. Every one of those moves is a custody point. A model that verifies only receipt at each branch leaves the custody chain unverified exactly where packs actually travel, which is the part of the chain a multi-branch operation has the most of.
This is why the underestimation is structural rather than careless. An operator can scan diligently at every goods-in and still have no verified custody of a pack between branches, at dispensing, on return, or at expiry, because diligence at one node does not create a chain. The cost stays invisible while nothing tests the unverified points, and becomes visible exactly when something does: a recall that needs pack-level trace, an expiry question, a discrepancy between what was billed and what was verifiably dispensed, a transfer that cannot be reconciled. The operator that is exposed here is not the one that scanned badly; it is the one that scanned only at the door.
The shift in one observation
Serialisation read as "scan the pack in" produces a serialisation step. Serialisation read as what traceability actually is produces a serialisation system: the serialised identity carried and verified from receipt through dispensing, returns, expiry, and reconciliation, across every branch the pack moves through. The pharmacies that underestimate Tatmeen are not the ones that fail to scan; they are the ones that scan once and assume the chain looks after itself.
Where the Goods-In Model Breaks
The receipt-only model breaks in four predictable places once the chain is actually exercised.
Custody lost after the door
Once a pack is scanned in and then handled as ordinary stock, its serialised custody effectively ends at goods-in. Everything after that point is unverified, so the operation cannot answer where a specific pack went, only that one like it was received. A serialised identity that is not carried forward is an identity that was captured and then discarded.
Branch transfers that cannot be traced
In a multi-branch group, packs move between sites, and each move is a custody handoff. If transfers are not verified against the serialised identity, the chain has a break at exactly the point a multi-branch operation relies on most, and a recall or discrepancy that crosses branches cannot be resolved cleanly.
Returns and expiry off the chain
Returned, quarantined, and expired packs handled informally rather than against their serialised identity create the most dangerous gap: a pack whose custody state is ambiguous and that could, in a loosely controlled chain, re-enter the dispensable stock. Off-chain handling of these states is where serialisation is supposed to help most and where the goods-in model helps least.
Claims that do not reconcile to packs
When the dispensed pack is not reconciled by serialised identity against the claim and the stock position, the operation cannot show that what was billed matches what was verifiably dispensed. The discrepancy is invisible until something forces a reconciliation, at which point it is a problem with no chain to resolve it against.
The Numbers
Two Ways to Read Serialisation
The difference between pharmacies that have implemented traceability and those that have implemented a scanner is how they read the obligation.
| Dimension | Serialisation as a step | Serialisation as a system |
|---|---|---|
| Where it acts | At goods-in, then the pack is ordinary stock. | At every custody point across the pack's whole life. |
| Branch transfers | Not verified against the serialised identity. | Each transfer a verified custody handoff. |
| Returns and expiry | Handled informally, custody state ambiguous. | Handled against the serialised identity, state explicit. |
| Claims | Not reconciled pack-to-claim. Discrepancies invisible. | Dispensed pack reconciled to claim and stock. |
| On a recall or query | Cannot trace a specific pack. Chain has breaks. | Pack-level trace produced from one verified chain. |
Tatmeen does not catch out the pharmacies that scan badly. It catches out the pharmacies that scan once, at the door, and assume the rest of the chain looks after itself. Traceability is a property maintained across the whole life of a pack, and a serialisation step is not a serialisation system however diligently the one scan is performed.
What End-to-End Custody Looks Like
The pattern in pharmacies that have implemented traceability rather than a scanner is recognisable. The serialised identity is verified into custody at receipt and then carried forward, so storage and any branch transfer are verifiable custody moves rather than untracked stock handling. Dispensing verifies and decommissions the specific pack against the dispense event. Returns, quarantine, and expiry are handled against the serialised identity, so a pack's custody state is always explicit and an expired or returned pack cannot quietly re-enter the dispensable chain. The dispensed pack reconciles by identity to the claim and the stock position, so billed and verifiably dispensed match. The result is that a recall or a query is answered from one verified chain rather than from a scan record and a set of assumptions.
This does not necessarily mean replacing the pharmacy or stock system already in place. In many operations end-to-end custody can be built around the existing systems, provided they can carry and verify the serialised identity beyond receipt and through transfers, dispensing, and reconciliation. Replacement becomes the better option mainly where the existing systems structurally cannot hold serialised custody past goods-in or cannot link it to the claim. Which applies is specific to the systems in place and the branch structure, and is established in scoping before any build commitment.
How This Sits Alongside the Operator's Own Responsibilities
The configuration keeps a clear separation. The pharmacy operator dispenses, holds the relationships with suppliers and the regulator, makes every clinical and pharmacy determination, and is responsible for its own Tatmeen and regulatory compliance. The software is the instrumentation: serialised custody carried and verified across the chain, returns and expiry handled by identity, and reconciliation to the claim.
This is the role BY BANKS is positioned for. We are an independent software engineering company based in the UAE. We design and build software and hand it over to the operator who runs it. We build to the published requirements of the relevant traceability system; we are not affiliated with, endorsed by, or acting on behalf of Tatmeen, its operators, or any authority, we do not make pharmacy or regulatory determinations, and we do not assume the operator's compliance responsibility. The operator owns the dispensing, the determinations, and its own compliance; we build the system that lets serialised custody be maintained across the chain. The accountable party leads and owns the obligations; we build to their direction.
Where This Analysis Is Useful
The conversations where this perspective is most useful tend to be at three moments: an operator that has implemented receipt scanning and is realising the rest of the chain is unverified; a multi-branch group that cannot reconcile a transfer or trace a specific pack across sites; or an owner who has had a recall, expiry, or claim discrepancy expose the absence of a verified chain. The honest answer is usually the same: scanning at the door is one node, traceability is the whole chain, and the cost of the difference stays hidden until something tests a point that was never verified.
For broader related work, see our perspective on what the 2025 shift of equipment regulation to the EDE means and our perspective on why claims in Dubai are decided at the point of care. The applied work sits across our pharmacy management software capability, within the broader healthcare software practice and our operational platforms work. Get in touch if a 45-minute conversation about a specific pharmacy operation would be useful.
Frequently Asked Questions
No. We are an independent software engineering company based in the UAE. We build software to the published requirements of the relevant traceability system, but we are not affiliated with, endorsed by, or acting on behalf of Tatmeen, its operators, or any authority, and we do not make pharmacy or regulatory determinations. References to Tatmeen in our work are descriptive of a publicly known system. The operator remains responsible for its own compliance; we build the system to their direction.
Scanning at goods-in is one custody point of serialisation, and an important one, but it is not the whole obligation. Traceability means the serialised identity is carried and verifiable across the pack's life, including transfers, dispensing, returns, expiry, and reconciliation. A receipt scan establishes the identity in your operation; it does not maintain custody of it. Whether your current implementation goes beyond the door is exactly the question this perspective is asking you to check.
The multi-branch complexity is largest for groups, because transfers add custody handoffs, but the core obligation applies to a single pharmacy too. Even without transfers, dispensing, returns, expiry, and claim reconciliation are custody points that a receipt-only model leaves unverified. The single-site case has fewer nodes, not a different obligation; the chain still has to hold from receipt to dispense and beyond.
Often not. In many operations end-to-end custody can be built around the pharmacy or stock system already in place, provided it can carry and verify the serialised identity beyond receipt and link it through dispensing, transfers, and reconciliation. Replacement becomes the better option mainly where the existing system structurally cannot hold serialised custody past goods-in or cannot link it to the claim. Which applies is specific to the systems in place and is established in scoping before any build commitment.
It is sequenced and does not require closing. The usual starting point is the custody points with the sharpest consequence and the largest current gap, typically dispensing decommission, and returns and expiry handling, so a pack cannot ambiguously re-enter the chain. Branch-transfer verification follows for groups, and claim reconciliation by identity comes once custody is reliable through dispense. The order is driven by where the unverified chain carries the most risk, which scoping establishes for the specific operation.
Serialisation under Tatmeen is widely read as a scan at goods-in and is in practice a chain-of-custody obligation that runs the whole life of every pack: receipt, storage, transfer, dispensing, returns, expiry, and reconciliation, across every branch the pack moves through. The pharmacies that underestimate it are not the ones that scan badly; they are the ones that scan once and assume the chain maintains itself. The build is software work; the dispensing, the pharmacy and regulatory determinations, and Tatmeen compliance remain entirely the operator's, and the system simply lets serialised custody be carried and verified across the chain rather than established at the door and lost after it.
References to Tatmeen serialisation and traceability are descriptive of a publicly known national system. The facility figure cited (approximately 1,588 licensed pharmacies among Dubai's facilities in 2024) is drawn from public sources listed on our Sources and Data page; the custody chain and other patterns in this article are observational generalisations rather than measured statistics, and represent no specific pharmacy or determination. BY BANKS is an independent software engineering company; we are not affiliated with, endorsed by, or acting on behalf of Tatmeen, its operators, or any authority, we do not make pharmacy or regulatory determinations, and we are not a regulated healthcare entity. On any healthcare engagement, the operator owns the dispensing, the determinations, and responsibility for its own Tatmeen and regulatory compliance. This article is not regulatory or legal advice; operators should obtain qualified advice for their specific obligations. Public sources used in this piece are listed on our Sources and Data page.
Ready to Build Something?
If this resonated, let's talk about how we can apply these ideas to your business.
Start a Conversation