Blog

January 15, 2026

What FDA’s 2025 Warning Letters Reveal About Current GMP Compliance Risks

FDA’s 2025 warning letters are out — and they send a very clear message: the agency is back in force on GMP enforcement, and the fundamentals are where firms continue to stumble.

Whether your operations are sterile or non-sterile, API or finished dose, the issues that keep showing up are not random — they point to systemic quality weaknesses that increasingly trigger regulatory escalation rather than simple corrective action requests.

---

1️⃣ Quality Unit (QU) Authority & Effectiveness

Issue: FDA warns that QU responsibilities are not being executed in a way that protects product quality.

“Your firm’s quality systems are inadequate.”
— from the FDA Warning Letter to Wisconsin Pharmacal Company, LLC (August 22, 2025) (U.S. Food and Drug Administration)

That language signals a familiar pattern: systems exist, but they do not work. A strong QU must be able to prevent release of out-of-spec product, manage systemic risk, and govern investigations and CAPA.

Key regulations cited in warning letters

• 21 CFR 211.22 – Quality Control Unit responsibilities
• 21 CFR 211.192 – Production record review and investigation of discrepancies

---

2️⃣ Weak or Incomplete Investigations (OOS/OOT Handling)

FDA continues to reflect that many investigations do not meet the level of scientific rigor expected:

A real example

Although recent warning letters often summarize high-level CGMP violations, industry reporting also shows that some letters specifically cite failure to investigate out-of-specification results adequately, prematurely closed investigations, and lack of escalation.

Key regulations cited in warning letters

• 21 CFR 211.192 – Inadequate failure investigations
• 21 CFR 211.160(b) – Laboratory controls (OOS/OOT handling)

---

3️⃣ Data Integrity and Electronic Records Gaps

Trend: Data integrity issues continue to be a recurring theme — especially in QC labs and analytical systems.

While most FDA warning letters open with standard CGMP citation language (see example below), regulatory analyses confirm that 15%+ of letters include explicit data integrity findings such as uncontrolled edits, missing audit trails, or shared accounts.

From multiple 2025 warning letters:
“… do not conform to CGMP.”
— e.g., LiquidCapsule Manufacturing, LLC (Dec 19, 2025) (U.S. Food and Drug Administration)

Key regulations cited

• 21 CFR 211.68(b) – Controls for computerized systems
• 21 CFR Part 11 – Electronic records and signatures
• 21 CFR 211.194 – Laboratory records

---

4️⃣ Sterility Assurance and Aseptic Processing Failures

Sterile manufacturing remains a high-risk inspection area. Even when general language is used, underlying violations often include environmental monitoring failures, aseptic breach controls that are ineffective, and inadequate cleaning/maintenance — all of which are cited in requests for remediation plans.

Key regulations cited

• 21 CFR 211.113(b) – Prevention of microbiological contamination
• 21 CFR 211.42(c)(10) – Aseptic processing design and controls
• 21 CFR 211.67 – Equipment cleaning and maintenance

---

5️⃣ Supplier Controls, APIs, and Incoming Materials

Several 2025 warning letters focus on Active Pharmaceutical Ingredient (API) controls and related supplier oversight failures:

“… deviations from Current Good Manufacturing Practice (CGMP) for active pharmaceutical ingredients (APIs) …”
— Darmerica, LLC warning letter (Dec 8, 2025) (U.S. Food and Drug Administration)

This reflects a strong FDA emphasis on qualified suppliers, identity testing, and risk-based supplier programs.

Key regulations cited

• 21 CFR 211.84 – Testing and approval/rejection of components/APIs
• 21 CFR 211.80 – General requirements for components

---

6️⃣ Stability Programs & Shelf-Life Control

FDA continues to hold firms accountable when stability studies fail to support labeled expiry or are poorly designed, yet this often shows up not as headline language but as part of broader CGMP failures linked to laboratory controls and specification systems.

Key regulations cited

• 21 CFR 211.166(a) – Stability testing requirements
• 21 CFR 211.160(b) – Laboratory controls

---

7️⃣ Utilities / Validation / Life-Cycle Controls

Warning letters frequently reaffirm that poorly controlled utilities or weak lifecycle validation undermines process control, even when not the first citation in the letter:

Key regulations cited

• 21 CFR 211.63 – Equipment design and control
• 21 CFR 211.100(a) – Written procedures (validation lifecycle)

---

⚖️ What the Excerpts Tell Us

When the FDA writes “do not conform to CGMP,” they are tying the firm’s operations back to 21 CFR Parts 210 and 211, which form the backbone of U.S. drug GMP law. Most warning letters begin this way, for example:

“This Warning Letter summarizes significant violations of Current Good Manufacturing Practice (CGMP) regulations … See Title 21 CFR parts 210 and 211.”
— Multiple 2025 warning letters including LiquidCapsule, Tower Laboratories, Seaway Pharma, and others (U.S. Food and Drug Administration)

These generic “boilerplate” openings are required by FDA for all CGMP enforcement — but the specific findings beneath them (which FDA also cites in the letters and in inspectional history) tell the more actionable story about where compliance is breaking down.

---

📌 Key Takeaways for Quality Leaders

Today’s CGMP enforcement is not about obscure clauses — it’s about execution on fundamentals with scientific rigor:

✅ Quality units with meaningful authority
✅ Investigations rooted in science and scope
✅ Data governance that ensures ALCOA+ integrity
✅ Supplier qualification and incoming test verification
✅ Sterility and environment control where applicable
✅ Stability that supports labeling

Use the real citation language from warning letters not only to inform your CAPA and risk priorities — but to drive real system change.