FDA Enforcement Intensified in 2025

Persistent Supplier Compliance Failures in Focus

The year 2025 will be remembered as a pivotal turning point in the landscape of pharmaceutical and medical device inspections. The U.S. Food and Drug Administration (FDA) has orchestrated a drastic enforcement surge, with the Center for Drug Evaluation and Research (CDER) issuing a staggering 50% more warning letters than the previous fiscal year. This is not merely a statistical anomaly; it is a deliberate and data-driven shift in regulatory strategy. This aggressive enforcement surge, partially fuelled by the launch of the AI-driven “Elsa” targeting system, has pulled back the curtain on systemic vulnerabilities in the global pharmaceutical supply chain.

Historically, warning letter counts have fluctuated, but 2025 has shattered recent trends. According to an analysis, warning letters issued by CDER rose by a whopping 50% in fiscal year 2025. Broader data from a Reed Smith analysis confirms this acceleration, noting that between July 1 and December 3, 2025, the agency issued 327 warning letters a 73% increase over the same period in 2024. Furthermore, the issuance of “untitled letters,” a precursor to more serious action, skyrocketed from just five in 2024 to 58 in 2025.

This surge is a clear message from the agency: the era of relaxed oversight is over. Driven by new AI technology, internal reorganization, and external pressure to secure the pharmaceutical supply chain, the FDA is demanding demonstrable, systemic compliance.

Anatomy of the Surge: Data, Drivers, and AI Technology

To navigate the surge, one must first understand its architecture. The increase is not random; it is targeted and strategic.

The statistical Brekdown:
The headline 50% increase is composed of several key enforcement priorities. The Director of CDER’s Office of Compliance, provided a breakdown of the principal factors behind the rise:

• Drug Manufacturing GMP Failures (35%): The largest single driver, indicating a persistent and widespread inability to maintain basic manufacturing standards.
• Compounded Drug Products / Telehealth (22%): A crackdown on platforms marketing products, particularly GLP-1 analogs, with false or misleading claims and poor quality controls.
• Unapproved Drugs / Misbranding (18%): A continued effort to remove products from the market that lack the required FDA approval.
• Clinical Research Non-Compliance (5%): Increased scrutiny on Institutional Review Boards (IRBs) and clinical trial data integrity. 

The ‘Elsa’ Effect: AI-Driven Targeting:

Perhaps the most significant development in 2025 was the launch of the FDA’s internal AI system, nicknamed “Elsa.” This predictive analytics tool analyzes vast amounts of internal data including adverse event reports, Form 483 observations, historical inspection outcomes, and CAPA resolution rates—to prioritize high-risk facilities for inspection .

• What this means: Inspections are no longer random. Facilities with data anomalies, unresolved inconsistencies, or a history of poor compliance are being flagged earlier and inspected more frequently. This “data-driven targeting” means companies can no longer rely on a low probability of being inspected; if your data profile is high-risk, you will be found.

Common Themes in 2025 Warning Letters

Although the specifics of violations differ, several recurring themes have been identified in warning letters issued in 2025, notably deficiencies in supplier qualification and weaknesses in quality agreements.

• Supplier Audit and Qualification Failures: Many firms were cited for inadequate supplier qualification, treating questionnaires as a substitute for thorough assessments, and failing to verify supplier controls in line with 21 CFR requirements.
• Quality Agreement Weaknesses: Quality agreements that do not clearly define responsibilities for supplies, change control, or communication protocols have surfaced as notable compliance gaps.
• CAPA and Corrective Action Issues: Firms often lack robust CAPA programs that extend to suppliers, leading to recurring problems and insufficient investigation depth.
• cGMP Violations in Manufacturing and Storage: Traditional cGMP violations, such as problems with batch record review, equipment qualifications, and contamination controls, still persist and contribute to warning actions.

These issues underscore that the FDA’s expectations are not only about procedural compliance but about effective implementation of quality systems and demonstrable control of risk across operations.

The Supply Chain Nexus: Why Supplier Controls are Failing

The recurring supplier-related issues driving these citations include:

• Over-Reliance on Supplier COAs: Firms accepting supplier COAs without independent identity testing are unacceptable, as highlighted by a US OTC manufacturer’s failure to test glycerin and sorbitol.

• Failure to Qualify Suppliers: Companies lack documentation proving that their suppliers are qualified. This includes not just the manufacturer of the finished drug, but the source of raw materials, components, and critical consumables. The FDA now expects a “global audit of supplier qualification and incoming material controls”.

• High-Risk Component Blindness: The agency has zero tolerance for failures related to ingredients at high risk of contamination with diethylene glycol (DEG) or ethylene glycol (EG), such as glycerin and propylene glycol. Lethal poisoning incidents have been linked to these contaminants, and the FDA is rigorously enforcing identity testing against USP standards.

• Unconventional Supply Chains: In one alarming 2025 case, a manufacturer was cited for purchasing the water used in its production process from a grocery store and testing it only for color, smell, and appearance. This extreme example illustrates a fundamental misunderstanding of pharmaceutical-grade raw material requirements. 

Quality Agreement Weaknesses: A Critical Gap in Pharmaceutical Compliance

Quality agreements have emerged as one of the most critical and frequently deficient elements in pharmaceutical supplier management, as evidenced by the analysis of FDA warning letters during 2025. One recurring issue highlighted in recent regulatory enforcement actions is the presence of weak or incomplete quality agreements between pharmaceutical manufacturers and their suppliers. In several FDA warning letters analyzed in 2025, regulators observed that companies either lacked formal written quality agreements with critical suppliers or maintained agreements that failed to clearly define responsibilities for quality oversight, change control, deviation reporting, and CAPA communication.

In many cases, suppliers made process or material changes without formally notifying the manufacturer, indicating that the agreement did not adequately define change-notification requirements or communication pathways. Such gaps undermine effective supplier oversight and can lead to delayed investigations, unresolved quality issues, and potential risks to product quality. Regulators therefore expect quality agreements to clearly outline specifications, acceptance criteria, communication mechanisms, audit rights, and procedures for managing changes and quality events across the supply chain. Strengthening these agreements is essential to demonstrate proper control over outsourced activities and supplier performance.

The FDA explicitly reminded firms that responsibility for drug quality cannot be outsourced regardless of agreements in place with contract manufacturers, pointing companies to guidance document. Most critically, quality agreements often lack specific, measurable performance metrics, defined audit frequencies, data integrity requirements, change notification protocols, and CAPA timelines leaving them as ineffective “paper shields” that provide no real protection during FDA inspections. Companies must transform quality agreements from passive contracts into active quality control tools by embedding specific testing requirements, mandatory deviation reporting, regular performance reviews, and enforceable consequences for non-compliance, coupled with robust supplier oversight programs that independently verify adherence to every contractual quality commitment. 

Best Practices: A Framework for Proactive Compliance

The 2025 enforcement surge makes one thing clear: reactive compliance is a failing strategy. Companies must adopt a proactive, risk-based approach.

1. Elevate and Empower the Quality Unit

A strong and independent Quality Unit (QU) is essential to ensure effective GMP oversight across manufacturing and supply chain operations. Organizations should ensure the Quality Unit has adequate authority, resources, and independence to oversee supplier qualification, deviation management, change control, and batch release decisions. Empowering the Quality Unit strengthens compliance, improves risk management, and reinforces a culture of quality and patient safety.

2. Implement a Global Supplier Oversight Program

Do not just “manage” suppliers; own their compliance.

• Map Your Footprint:Document every supplier for every raw material, component, and critical consumable.
• Conduct Risk-Based Audits:Don’t rely on paper audits. Perform on-site or remote audits of high-risk suppliers, especially overseas manufacturers.
• Verify, Don’t Just Accept:Implement a robust incoming testing program. If you rely on a supplier’s COA, have a documented scientific justification and a periodic verification program.
• Enforce Identity Testing:Always perform at least one specific identity test for each incoming component lot, particularly for high-risk materials.

3. Fortify Data Integrity and Governance

Ensure data is not just present, but is accurate, complete, and maintained according to ALCOA+ principles.

4. Conduct Realistic Mock Inspections

Don’t wait for the FDA to find your gaps. Simulate the intensity of a real inspection. Use mock inspections to test your systems, not just your knowledge. Have external auditors challenge your change control, deviation handling, and supplier qualification files.

5. Prepare for Unannounced Foreign Inspections

With the FDA expanding unannounced inspections at foreign sites. overseas facilities must be in a constant state of readiness. Establish a sustainable inspection readiness program that reinforces ownership of quality systems at the site level. 

Conclusion

The 50% increase in FDA warning letters in 2025 signals a major shift in regulatory enforcement, with a clear focus on supplier oversight and supply chain accountability. The recurring findings such as inadequate supplier qualification, lack of independent material testing, weak quality agreements, and insufficient supplier performance monitoring highlight systemic weaknesses in how companies manage their extended supply chains.

With the FDA increasingly using advanced analytics and remote regulatory assessments to detect compliance gaps, geographic distance and traditional supplier trust models no longer provide protection from regulatory scrutiny. As a result, pharmaceutical companies must move beyond reactive supplier management and adopt robust, risk-based supplier qualification programs, strengthened quality agreements, and continuous performance monitoring.

Ultimately, the surge in warning letters underscores that supplier quality is now a critical component of overall GMP compliance and business sustainability. Organizations that proactively strengthen supplier governance and verification practices will not only reduce regulatory risk but also build more resilient and reliable pharmaceutical supply chains.

At PHARMALANE UK, we assist pharmaceutical companies worldwide by ensuring their suppliers maintain full compliance and are always prepared for inspections. Our services include supplier quality audits, mock inspections, gap assessments, and specialized subject-based training. For more information on how we can help improve compliance and mitigate the risk of warning letters, please contact us at info@pharmalaneuk.com.