Is the FDA Changing AI Compliance Rules?

The FDA has issued a Warning Letter for the pharmaceutical industry to enforce existing regulations against a company that treated AI as a compliance authority rather than a tool requiring oversight.

The April 2026 Warning Letter to Purolea Cosmetics Lab, analysed by ProPharma's QA and AI compliance team on April 22, 2026, may represent the first enforcement action specifically citing AI use in pharmaceutical manufacturing operations as non-compliant.

It is not a warning about AI in principle, it is a warning about what happens when AI is deployed without governance, validation, or human oversight in a regulated environment.

The FDA cited familiar CGMP violations under 21 CFR 211.22, including failures of the Quality Unit to establish and follow adequate procedures, failure to review batch records prior to release, lack of process validation, and inadequate production and process controls.

The differentiating factor was how those failures originated. Purolea used AI tools to generate product specifications, draft procedures, and create master production and control records.

None of those outputs were independently verified. The FDA highlighted one example that captures the core failure precisely: the firm was unaware that process validation was required because the AI system had never told them.

That statement is a governance critique. The firm had effectively delegated compliance responsibility to a system that was never designed, qualified, or validated to carry it.

ProPharma's analysis is clear on what the Warning Letter signals. The FDA is not discouraging AI adoption in pharmaceutical manufacturing. It is required that AI be treated as a GxP-relevant system, the same category as any software that impacts product quality, with risk assessment, qualification, validation, and ongoing monitoring built in from the start.

AI tools used in CGMP environments must have clearly defined intended uses, documented risk assessments, qualification activities, and Quality Unit oversight of all outputs.

The absence of those controls is not an AI problem. It is the same compliance failure that would arise from using any unvalidated software in a manufacturing process, according to the FDA.

The specific pitfalls ProPharma identifies are instructive: treating AI as a regulatory expert when it generates outputs based on predicted patterns rather than verified regulatory knowledge, failing to conduct risk-based evaluation of AI use cases, deploying AI in GxP-relevant processes without evidence of qualification, and allowing AI to erode foundational CGMP knowledge within the organisation.