Skip to content
fda.ndexr.io · regulatory infrastructure

R submissions. Without the infrastructure burden.

The R Consortium has spent four pilots proving that R belongs in FDA regulatory submissions. The bottleneck was never R. It was the last mile: getting a running app in front of a reviewer without asking them to install Docker Desktop.

01 · the problem

The delivery mechanism hasn't caught up

What reviewers receive
  • A zip file containing a Shiny app and an renv.lock
  • Instructions: install R, restore renv, run shiny::runApp()
  • Occasionally: a Podman image they still have to build locally
  • Docker Desktop licensing restrictions on government machines
  • WSL friction, renv restore failures on reviewer hardware
What reviewers should receive
  • A URL
  • The app is already running — in a pinned container
  • renv.lock consumed once at build time, never by the reviewer
  • Auth token per submission, audit trail in Postgres
  • Isolated subdomain and container per sponsor/study
02 · the pilots

R Consortium Submissions Working Group — Pilot timeline

Pilot Year What it proved
Pilot 1 2021–22 R-based submission through eCTD gateway — FDA reproduced results from source code alone
Pilot 2 2022 Shiny app submission — FDA deployed and reviewed interactively for the first time
Pilot 3 2023–24 Full ADaM dataset generation in R with renv reproducibility; identical outputs across reviewer environments
Pilot 4 2024–25 Podman containers + WebAssembly for self-contained bundles — eliminated local Docker dependency
Pilot 5 2025+ Dataset-JSON format for machine-readable submission data
Pilot 6 2025+ AI-assisted ADaM/TLF generation
Pilot 7 2025+ Synthetic clinical trial data

Source: rconsortium.github.io/submissions-wg

03 · where ndexr fits

Hosted containers. The reviewer gets a URL.

Pilot 4 put a Podman image in the submission package. The reviewer still had to build it. ndexr moves the container to the server side — the same technology, already running, behind a URL and an auth token.

Reviewer gets a URL — no install, no build, no renv restore. Click, authenticate, review.
Container pins the environment at build time — renv.lock consumed once by the sponsor's CI, never by the reviewer. Identical results guaranteed.
Auth per submission — HMAC tokens issued per sponsor/study. Per-access audit trail in Postgres.
Each submission gets an isolated subdomain + container — no cross-contamination between sponsors; easy to revoke.
Podman on the server side — exactly what Pilot 4 explored, but hosted remotely. No Docker Desktop, no WSL, no government-machine friction.
Immutable images — the container that passed QC is the container the reviewer sees. Chain-of-custody preserved.
04 · how to engage

R Consortium Submissions WG

Working group

#wg-submissions on slack.r-consortium.org

Monthly meetings — first Friday of each month

director@r-consortium.org for Slack invite

Key contacts

Eric Nantz — Eli Lilly, led Pilot 4 Podman/WASM work

Paul Schuette — FDA statistical reviewer

Hye Soo Cho — FDA reviewer, Pilot 2–3 participant

Companies: Roche, Pfizer, Merck, Eli Lilly, Appsilon, J&J, Biogen, BMS, GSK, AbbVie

05 · proof-of-concept roadmap

Five steps from "interesting" to "submittable"

1
Stand up the Pilot 2 sample Shiny app on ndexr — send the working URL to the WG
2
Multi-tenant onboarding: accept R project + renv.lock + data → build container → spin up subdomain automatically
3
Per-submission auth tokens via auth_svc — HMAC-signed, time-limited, auditable
4
Container image signing with cosign — chain-of-custody from sponsor build to FDA review
5
Compliance documentation path — 21 CFR Part 11 considerations, system validation approach, audit trail exports
next steps

Let's build the Pilot 2 demo together.

The fastest path to a working demo: send us the Pilot 2 Shiny app (or any minimal R submission app), and we'll have it running on a named subdomain within hours. Show the WG a URL, not a zip file.