$name

Warning letters are more frequent—and more strategic

After a quiet January marked by administrative transition and internal upheaval at FDA, enforcement activity has accelerated sharply in 2025. No warning letters were issued in the first month of the year—a rare pause that coincided with leadership changes and strategic recalibration within the agency. But that silence quickly gave way to a notable uptick in regulatory action.

As of early September, FDA has issued 19 warning letters citing violations of the Quality System Regulation (QSR) for medical devices—already surpassing the total for the same period in 2024. Letters related to investigational device exemptions and bioresearch monitoring (IDEs/BIMO) and to good laboratory practices (GLPs) have remained steady, suggesting continued attention to clinical and preclinical oversight. This shift may reflect both internal FDA realignment and external pressure to demonstrate regulatory vigilance amid growing public and congressional scrutiny of device safety and trial integrity.

As of September 4, 2025, FDA has issued the following numbers of warning letters based on publicly available data from the FDA warning letters database, and compared to the same point in the year in 2024:

The data paint a picture of an agency reasserting its enforcement posture after a period of relative quiet. Whether this trend continues into Q4 may depend on how FDA balances its dual mandate: fostering innovation while ensuring compliance in an increasingly complex MedTech landscape.

FDA continues to issue warning letters at a rate consistent with the elevated pace set in 2024. This marks a significant increase over prior years even with an overall decrease in the number of inspections over the past decade. These letters are not just reactive—they’re part of a broader strategy to enforce year-round compliance. Notably, many recent letters include explicit commitments to follow-up inspections, signaling a shift toward ongoing oversight.

Moreover, FDA is providing feedback to Form 483 responses in untitled letters. We have observed several untitled letters being issued even when the agency has not identified any Form 483 responses that were deemed to be inadequate. Although not as significant as warning letters, FDA uses untitled letters as enforcement vehicles in which it deems the subject products to be adulterated or misbranded. In addition, the untitled letters that we have seen order the recipient to respond within 30 workdays.

AI is driving inspection targeting

FDA’s use of AI tools like ELSA has enabled more precise targeting of high-risk facilities. These tools analyze complaint data, adverse event reports, and historical inspection outcomes to prioritize inspections and remote regulatory assessments (RRAs). Manufacturers with unresolved corrective and preventive actions (CAPAs) or inconsistent documentation are being flagged earlier and more often.

Field investigators are being less forgiving and connecting dots

Many of the Form 483 inspectional observations being issued are drilling down to significant detail and in areas that were previously believed to be less of an enforcement priority. Issues such as the form or hierarchy in which complaint files are maintained, as well as formatting of controlled documents, have been cited.  We are aware of other instances where issues were resolved or addressed during or even before the inspection and still wound up on the Form 483 with direction from the investigator to address the issue in the response. 

Another trend is the use of postmarket signals—such as complaints and medical device reports—to show deficiencies in the design control process. For example, device performance issues resulting in a spike of complaints or patient-related events are being traced all the way back to design input ambiguity, or even a lack of a design input for the specific issue. This lack of an adequate design input is then being used to support inspectional observations for design inputs, outputs, and verification. These observations can then be tied to CAPAs that may not have been opened or to the underlying issue being missed in existing CAPAs and lapses in risk management. This then leads to perceived inadequacies in internal audits, personnel training, and even management review. 

510(k) drift is under scrutiny

Several device firms have been cited for marketing products that differ materially from their cleared 510(k) submissions. FDA is comparing promotional claims and inspection findings against original submissions, and issuing enforcement actions for unapproved modifications. This includes changes made by legacy owners of newly acquired products or businesses, as explained in the next section.

Inadequate integration of acquired products and companies is a recurring—and escalating—issue

While it’s not new that FDA expects acquiring companies to fully understand and remediate what they’ve acquired, the agency is now raising this expectation more forcefully. It is often found that the root cause of inadequate quality processes is the failure to detect issues during due diligence of newly acquired products or businesses, compounded by insufficient integration or oversight of newly acquired product lines or businesses. Increasingly, FDA is drilling down into legacy records and documentation that was prepared by a prior owner or entity and citing the new owners for inadequate processes and procedures. These issues are now finding their way onto Form 483s and even warning letters.  The message is clear: ownership transfers do not absolve responsibility, and inherited problems must be actively identified and corrected.

Contract manufacturer oversight is a recurring weakness

FDA enforcement in 2025 continues to spotlight a long-standing vulnerability in medical device operations: inadequate oversight of contract manufacturers (CMOs).  Sponsors are being held accountable for the actions of their CMOs. Recent warning letters reveal a pattern of citations stemming from shared equipment, poor segregation, and lack of oversight—even when the sponsor claims no direct involvement.

This isn’t a new expectation, but it is being enforced with greater intensity. The agency is clearly signaling that sponsors must maintain robust oversight mechanisms, including documented controls and audits and clear delineation of responsibilities. The absence of these safeguards is now leading to formal enforcement actions, not just observations. In some cases, FDA investigators have traced deficiencies back to the sponsor’s failure to monitor or intervene in CMO operations, particularly when quality issues arise in shared facilities or during scale-up.

The takeaway is clear: sponsors must treat CMOs as extensions of their own quality systems, with the same rigor and accountability. FDA is no longer accepting passive oversight—and the warning letters show it.

RRAs are supporting—but not replacing—inspections

RRAs continue to be used for follow-up reviews and pre-approval assessments. While they don’t result in Form 483s, they generate narrative reports that inform future inspections. Refusing a mandatory RRA under Section 704(a)(4) of the Food Drug and Cosmetic Act can still trigger enforcement. However, FDA’s primary focus has returned to on-site inspections, with RRAs serving as a strategic supplement.

What we expected from the new administration

The current administration entered with a clear mandate for modernization. And to its credit, FDA has delivered:

• Adoption of AI tools like ELSA for inspection targeting and data analysis
• Continued push for global harmonization, with the Quality Management System Regulation (QMSR) rule aligning 21 CFR Part 820 with ISO 13485:2016
• Emphasis on post-market surveillance, cybersecurity, and real-world evidence

However, these innovations have come with increased scrutiny. FDA is not just modernizing—it’s intensifying. Investigators are asking tougher questions, demanding deeper documentation, and expecting systems that demonstrate real-world effectiveness.

What’s striking is that this level of enforcement bucks historical trends. Traditionally, we see a decrease in regulatory enforcement under Republican administrations, particularly in the medical device space. But this administration is breaking the mold. The combination of advanced tools, global alignment, and a sharpened focus on accountability has led to a more assertive FDA—one that is not hesitating to issue warning letters, even in areas that previously saw more leniency.

Top inspection focus areas in 2025

Based on Form 483 data and recent enforcement actions, FDA is concentrating its efforts on the following areas:

1. CAPAs – 21 CFR 820.100

CAPA remains the most frequently cited issue. Common failures include:

• Inadequate root cause analysis
• Lack of effectiveness checks
• Poor documentation of corrective actions

CAPA deficiencies are often the tipping point for escalation to warning letters.

2. Design controls – 21 CFR 820.30

Design control violations are increasingly tied to 510(k) discrepancies. Key issues include:

• Unapproved design changes
• Missing or incomplete design history files
• Inadequate risk analysis and validation

FDA is scrutinizing whether the device on the market matches the one that was cleared.

3. Complaint handling – 21 CFR 820.198

Post-market surveillance is under a microscope. Frequent findings include:

• Delayed medical device reporting
• Lack of complaint trending
• Incomplete investigations
• Insufficient links to CAPA, design changes, and recall escalations from complaints

FDA expects manufacturers to treat complaint data as a strategic safety signal—not just a regulatory obligation.

4. Purchasing controls – 21 CFR 820.50

Supplier oversight is a growing concern. Common citations involve:

• Failure to qualify suppliers
• Lack of monitoring and re-evaluation
• Inadequate documentation of supplier performance
• Insufficient incoming inspections to detect product that does not meet specification

This is especially critical for firms relying on global supply chains.

5. Labeling and unique device identification (UDI) compliance – 21 CFR 801.20

Traceability and data integrity are key. Observations include:

• Missing or incorrect UDI data
• Labeling inconsistencies
• Inadequate reconciliation of labeling records
• Lack of consistency between UDI and the Global Unique Device Identification Database (GUDID)
• Failure of GUDID to identify all product brands or names

These issues are increasingly tied to post-market safety and recall effectiveness.

Looking ahead: Preparing for the QMSR transition

As part of its modernization efforts, FDA is preparing to implement the QMSR, which will formally align 21 CFR Part 820 with ISO 13485:2016. Although the final rule is expected to take effect in 2026, investigators are already informally benchmarking quality systems against ISO standards. This means manufacturers should begin transitioning now—reviewing documentation, updating procedures, and ensuring their QMS reflects both FDA and international expectations. Early alignment not only reduces inspection risk but also positions companies for smoother global market access.

Strategic readiness is essential

Inspection readiness in 2025 is not a checklist—it’s a strategic capability. We help clients:

• Audit and strengthen their QMS
• Assist with strengthening CAPA, complaint handling, and other critical QMS systems
• Conduct regulatory and quality due diligence and prepare integration and remediation plans
• Align QMS with ISO 13485:2016 and QMSR expectations
• Prepare for inspections and RRAs
• Respond to Form 483s, untitled letters, and warning letters
• Train teams to demonstrate compliance under scrutiny

Conclusion

FDA’s inspection strategy in 2025 reflects a smarter, faster, and more connected agency that is seemingly also more enforcement-minded. Manufacturers must be ready to demonstrate not just compliance—but competence.

If your organization is preparing for an inspection, responding to a Form 483, or facing a warning letter, we’re here to help. With over 50 years of combined experience, we offer the insight, strategy, and technical depth needed to navigate today’s regulatory landscape.

Authored by Jodi Scott and Mike Heyl. Jodi and Mike are FDA medical device attorneys and ISO 13485 certified auditors with over 50 years of combined experience in FDA regulatory matters.