Operating in global pharmaceutical markets means managing regulatory relationships with multiple agencies simultaneously. The US FDA, EMA (representing EU member state agencies), MHRA (UK, post-Brexit), PMDA (Japan), Health Canada, and other competent authorities all inspect manufacturing facilities, and they don’t all do it the same way.
Understanding the structural and philosophical differences between the two most influential inspection frameworks, FDA and EMA, is essential for any compliance director managing facilities across these jurisdictions. The differences affect how you prepare, what you prepare, and how you respond when things go wrong.
Structural Differences
FDA: The FDA is a single federal agency. Its field investigators work for FDA districts (field offices in major cities), and specialist investigators work from CDER’s Office of Pharmaceutical Manufacturing Assessment (OPMA) or CBER. An FDA inspection is conducted by FDA employees with statutory authority under the Food, Drug, and Cosmetic Act (FD&C Act).
The investigator (technically called “Investigator” not “Inspector”, a distinction FDA takes seriously) has the legal authority to inspect any facility involved in manufacturing, processing, packing, or holding drug products under 21 USC 374. They can request access to any area, any record, any system, and any personnel they deem relevant. Refusing access is a basis for enforcement action.
EMA/EU Member States: EMA is a coordinating body. Inspections within the EU are conducted by national competent authorities (NCA), the ANSM in France, the PEI in Germany, the MHRA in the UK, the AIFA in Italy. EMA coordinates multi-national inspections and mutual recognition of inspection findings, but the investigators are national agency employees.
For products seeking EU marketing authorization, EMA’s GMP inspection services coordinate inspections of third-country (non-EU) facilities. These inspections follow the same EU GMP standards but are coordinated centrally by EMA rather than by a national agency.
Practical implications: An FDA investigator has broad unilateral authority. A single investigator can access anything, interview anyone, and independently decide to take sampling actions. EU inspectors typically operate as a team with defined roles and a coordinated inspection plan. The team structure in EU inspections often means clearer communication during the inspection about what’s being reviewed.
Pre-Inspection Notification
FDA: For domestic manufacturers, FDA is not required to give advance notice of routine surveillance inspections, though in practice most occur during business hours and some informal notice may be given. For foreign manufacturer inspections (overseas facilities), FDA does give advance notice, typically 4-8 weeks, through diplomatic channels.
For pre-license inspections (associated with a pending application), FDA notifies the facility of an upcoming inspection, but the timing isn’t always predictable and can occur within weeks of the notification.
EMA/EU: EU inspections are typically scheduled in advance with at least a few weeks’ notice. The inspection plan, which areas will be covered, which documentation will be requested, is often discussed beforehand. This doesn’t mean the inspection is less rigorous; it means the approach is more structured and collaborative.
Strategic implication: The FDA’s potential for unannounced domestic inspection means domestic US facilities must maintain a state of constant inspection readiness. EU facilities have more lead time, but using that lead time to fix problems rather than to maintain ongoing readiness is a trap.
Investigator Authority and Scope
FDA: FDA investigators can compel access to records under 21 CFR 211.180 and can physically access all areas of the facility. They cannot compel production of attorney-client privileged communications. They can collect samples (including samples of products, raw materials, and swabs) and send them to FDA laboratories for testing. They can interview personnel without management present if the personnel consent.
An FDA investigator who suspects a data integrity problem can request to access computer systems directly, pulling up the CDS audit trail, reviewing the LIMS sequence log, examining the MES batch record history. They don’t need management to navigate the systems for them. This capability has significantly enhanced FDA’s ability to find DI problems compared to paper-record inspections.
EU: National competent authority inspectors have comparable access rights under EU law. The difference is that EU inspections often follow a more structured sample-based review rather than the forensic data-diving approach that FDA has developed for DI inspections.
EU inspectors are increasingly adopting data-focused inspection techniques, and EMA’s GMP inspectorates have been sharing DI inspection methodology with member state agencies. The gap between EU and US DI inspection sophistication has narrowed significantly since 2015.
FDA’s Data Integrity Inspection Approach
FDA developed its data integrity inspection methodology in earnest following the 2010-2015 surge in warning letters for DI violations, primarily in generic drug manufacturing in India and China. The techniques evolved:
Direct system access: FDA investigators now routinely ask to access chromatographic data systems directly. They navigate to the sequence log (the complete record of all injections run on the instrument, not just those in the reported sequence), compare it to the LIMS or batch record, and identify injections that appear in the instrument log but not in the official records. This “phantom injection” approach has discovered systematic data manipulation at multiple facilities.
Audit trail review: FDA investigators know how to navigate Empower, Chromeleon, and OpenLab CDS. They know where audit trails are stored and how to export them. They know what a disabled audit trail looks like vs. an enabled but incomplete one. They know which configuration settings in each platform control what’s captured.
User log comparison: Comparing the CDS user log (who logged in, when) against the batch records (who performed the test, when) against training records (was that person trained on the method) against instrument qualification records (was the instrument qualified on that date). A failure of any link is an investigative lead.
Sequence file metadata: The original sequence files in most CDS platforms contain metadata, creation date, modification dates, the user who created the sequence, the operating system user account. This metadata can reveal whether sequences were created or modified in ways that contradict the official record.
Result set comparison across databases: In a facility with separate LIMS and CDS systems, investigators compare the results in both. Any result in the CDS that doesn’t appear in the LIMS, or a result in the LIMS that differs numerically from what’s in the CDS, is a discrepancy that triggers deeper investigation.
EMA’s Approach: Risk-Based Inspections
EMA coordinates the EU GMP inspection framework through its GMP/GDP inspectors working group. EU inspections have increasingly adopted risk-based scheduling: higher-risk products (biologics, sterile products, high-potency compounds), facilities with prior findings, and products on approval track receive more frequent and more intensive inspections.
EU inspection types:
Routine surveillance: Scheduled based on product risk and time since last inspection. Typically every 3-5 years for standard GMP manufacturers.
Pre-authorisation inspection: For products seeking EU marketing authorisation, conducted before the marketing authorisation is granted. Equivalent to FDA’s pre-license inspection.
For-cause inspection: Triggered by a specific quality event, a complaint, or a regulatory concern. Can be unannounced.
Follow-up inspection: Conducted after a previous inspection found significant deficiencies, to verify remediation.
Deficiency Classification
FDA: FDA’s inspection outcome is a Form 483 (list of observations, issued at the end of the inspection) and potentially a Warning Letter (issued after review of the establishment inspection report). There are no regulatory “critical” or “major” classifications in FDA’s public framework, though investigators use severity language internally. The 483 is issued for any observations the investigator believes constitute a deficiency.
Warning Letter issuance is a post-inspection determination. The Warning Letter is a public document, posted on FDA’s website, and has significant commercial implications (import alerts, public knowledge of the finding).
EU: EU inspection outcomes use a classification system: Critical, Major, and Minor deficiencies (following PIC/S conventions). A critical deficiency is a deficiency that has, or is likely to have, a significant risk to the patient. A major deficiency is a substantial departure from GMP that is not critical but may be significant. Minor deficiencies don’t individually present a risk but indicate departure from GMP.
EU inspection outcomes are documented in an inspection report. For sites manufacturing products marketed in the EU, inspection findings are entered into the EudraGMDP database and may be visible to other NCA and to companies evaluating supplier facilities.
Warning Letters vs. EU Non-Compliance Reports
FDA Warning Letter:
- Public document, posted on FDA.gov
- Requires written response within 15 business days
- Must address each 483 observation and subsequent follow-up requests
- Non-response or inadequate response can lead to import alert, injunction, or seizure
- Import alert may be issued in parallel with or shortly after the Warning Letter for foreign sites
EU Statement of Non-Compliance:
- The EU equivalent for the most serious findings
- EMA may recommend suspension of GMP certificate for the facility or product
- Other NCA may withdraw marketing authorisation for products manufactured at the site
- Less publicly prominent than FDA Warning Letters but carries equivalent regulatory consequence
Mutual Recognition and Reciprocity
FDA and EMA have mutual recognition agreements (MRAs) that, for eligible products and manufacturers, allow each agency to rely on the other’s inspection findings rather than conducting independent inspections. The FDA-EU MRA, which entered into force in 2019, covers most human medicines manufactured in the US and EU by recognized agencies.
In practice: if a facility has been recently inspected by FDA with no significant findings, EMA may rely on that inspection in lieu of sending EU inspectors. This reduces duplicate inspection burden on industry and allows agencies to focus inspection resources on higher-risk facilities.
The MRA doesn’t apply to all situations: novel biologics, CGT products, and certain categories of facilities are often still inspected independently by both FDA and EMA.
Managing a Multi-Agency Inspection Program
For companies with facilities subject to both FDA and EU oversight:
Harmonize the quality system. FDA and EU GMP share foundational principles but have specific differences. Designing your quality system to meet both simultaneously is more efficient than running parallel systems. Use the more stringent requirement where they differ.
One quality standard. The most effective compliance posture is to operate every facility at the standard expected by the most rigorous agency likely to inspect it. Maintaining different standards for FDA-only vs. EU-only facilities creates inconsistency and confusion.
Data integrity infrastructure for both. 21 CFR Part 11 (FDA) and EU Annex 11 (EMA) are functionally similar for most requirements. Build computerized systems that meet both.
Inspection intelligence. Track inspection trends and warning letter patterns from both agencies. FDA’s FOIA-obtainable inspection reports, published warning letters, and enforcement actions tell you what investigators are focusing on. EMA publishes inspection findings summaries. Read both.
Post-inspection response consistency. If FDA issues a 483 observation, your CAPA may affect EU compliance as well. Apply the remediation globally, not just at the US-facing level.
The era when a company could maintain different quality standards for different regulatory regions is effectively over. FDA has inspection authority over foreign facilities. EMA inspects non-EU facilities for EU-approved products. PMDA conducts foreign inspections for Japanese approvals. Building to the highest standard is now the only durable strategy.