First FDA PAI PLI for EU Cell and Gene Therapy Sites: How to Prepare

If you run a cell and gene therapy (CGT) manufacturing site in Europe and you are facing FDA for the first time, the questions are rarely technical.

They are practical.

Why is FDA coming now?
Is this a PAI, a PLI, or a routine surveillance inspection?
What actually changes compared with EMA or national EU inspectors?
And if time and resources are limited, where do we start without creating inspection theatre?

This article is for CGT and ATMP teams preparing for their first FDA inspection, especially around BLA-linked readiness.

For CGT, FDA involvement is often triggered by a simple reality: your facility becomes part of an approval decision.

When your site is named in an application and you are moving toward licensure, the inspection is not a nice-to-have. It is a gate.

That changes the preparation mindset. The goal is not to look busy. The goal is to show that the site can operate predictably and defend its decisions with records.

You do not need to memorise inspection terminology, but you do need to understand how the inspection behaves.

PAI, pre-approval inspection

PAIs are application-linked. Expect more challenge around whether site reality matches what is described in the filing, and whether the underlying data and decisions are credible.

PLI, pre-license inspection

PLIs sit in the licensure path for biologics. The evidence bar is high because the inspection is directly tied to readiness to commercialise.

Surveillance

Surveillance inspections still follow threads but are usually broader. If early signals are weak, they can become just as deep.

The key point is this: for PAI and PLI, the inspection quickly becomes a test of decision logic, record quality, and system maturity under pressure.

Some EU teams assume the EU–US Mutual Recognition Agreement reduces the likelihood or depth of FDA inspection activity.

For ATMPs, that is not a safe assumption. If you are in CGT, plan as if FDA will inspect you directly and thoroughly.

Practical implication: do not build your readiness strategy around regulatory reliance. Build it around evidence, consistency, and thread closure.

EU CGT sites are often well intentioned and technically capable. The friction is usually how scrutiny is applied.

FDA is record-led
If it is not in the record, it is harder to defend later.

FDA is thread-led
They will move across systems quickly. One weak record becomes an entry point to multiple processes.

FDA pressure-tests rationale
Not just do you have a process, but why did you decide that, and how do you know it works.

This is where EU organisations sometimes over-invest in approvals and under-invest in decision-making consistency and evidence quality.

A common readiness pattern is to assign owners by silo. QA for deviations, QC for data integrity, manufacturing for batch records, validation for protocols, engineering for maintenance.

FDA does not experience your site in silos.

They choose a signal and follow the chain:
an event in operations
deviation classification and impact assessment
investigation depth and root cause logic
CAPA design and effectiveness proof
trend signals and recurrence control
data integrity around the records used to justify decisions

If you can close threads cleanly, inspections feel contained.
If you cannot, one weak record becomes a gateway into many systems.

A site asked me recently: FDA is coming. We are tight on time and people. Where do we start?

There is no universal answer. Risk profiles differ.

But in many CGT sites, the highest return starting point is your Deviation to Investigation to CAPA system.

Because this system shows FDA how you think:
how you classify and escalate
how you assess impact and risk
how deep you investigate and what evidence you rely on
whether CAPAs reduce recurrence or only close paperwork

It also tends to be where inspection threads hook early, because deviations are concrete and record-based.

A pragmatic start is simple:
Pull 8 to 12 recent deviations, including a few that look minor.
Walk the chain: facts, risk rationale, investigation, root cause, CAPA, effectiveness.
Look for inconsistency, shallow logic, and weak effectiveness evidence.

If that chain holds, everything else becomes easier.

Cell and gene therapy manufacturing makes thread-based inspections more intense because:
manual steps and handoffs are common
interfaces between teams are frequent
variability is higher than in many traditional processes
identity and traceability controls matter operationally, not just procedurally
aseptic controls often depend on behaviour and discipline as much as equipment

None of this is bad. It simply means the system must be designed to produce reliable evidence under pressure.

Most sites do not fail because they lack documents.
They fail because their evidence is not consistent, not connected, or not decisive.

In CGT, credible evidence usually has four qualities.

The record stands on its own
A reviewer should be able to follow the logic without a long verbal defense.

Risk thinking is explicit
Not generic hazards. A clear scenario, an impact rationale, and the basis for the decision.

Investigations are proportional and evidence-based
Neither superficial nor endless. Clear conclusions supported by facts.

CAPA effectiveness is demonstrated
Not CAPA closed, but CAPA verified, with sensible success criteria and timing.

A useful rule of thumb: if the record needs the author in the room to make sense, it is fragile.

In first-time inspections, two extremes are common.

The first is superficial investigations that stop at the first convenient cause. Operator error, training, did not follow SOP.

The second is long investigations that are busy but not decisive. Lots of writing, little clarity, weak linkage to risk and recurrence.

What strong sites do differently is simple:
They match investigation depth to risk, recurrence, and uncertainty. They make the logic explicit. They document what was ruled out and why. They separate immediate containment from root cause work. They make decisions traceable.

Practical depth triggers that deserve more than a light-touch investigation:
repeat events in the same step or area
events linked to sterility assurance, identity, or traceability risk
events where data integrity signals exist
events where impact rationale relies on assumptions rather than evidence
events that required informal workarounds to complete the batch.

Most organisations can write CAPAs.

FDA pressure-tests one thing: how will you prove this worked?

Strong CAPA packages have:
a clear failure mechanism
actions that address that mechanism
success criteria that can be measured
an effectiveness check with timing aligned to risk
a recurrence monitoring plan with defined triggers

Weak CAPA packages look like:
training by default
SOP update without proof of behavioural change
no success criteria beyond closure
effectiveness defined as the date the CAPA was signed

A simple reframing helps: a CAPA is not a task list. It is a risk reduction claim. Your evidence must support that claim.

In CGT, data integrity is not an IT topic. It is the credibility layer under every release decision, every trend conclusion, and every investigation.

First-time sites often make one mistake: they treat DI as a compliance program rather than as part of the operating system.

In an inspection, DI rarely appears as a standalone interview. It appears through threads:
Show me the raw data.
Who has access.
What changed and when.
How do you review audit trails where it matters.
How do you detect abnormal patterns.

The high-impact basics are usually:
access control discipline and role clarity
review discipline that is consistent, not occasional
audit trail review where the risk requires it
clear ownership for DI decisions and escalation
records that show what was reviewed, by whom, and what actions followed

The goal is not perfection. The goal is that FDA trusts the records you use to make quality decisions.

Many CGT operations sit at the intersection of aseptic risk, manual handling, and tight timelines. That is exactly why your Contamination Control Strategy, your CCS, cannot be a document. It must function like an operating system.

In CGT, ballrooms and open operations are common. That is not automatically a problem, but it raises the bar on how you control air flow, people, material flows, cleaning, and how you respond when signals move. Be careful with the statement “we only have closed systems.” Inspectors will challenge it fast. Most processes have open steps, connections, interventions, sampling points, or transfers that still rely on people and environment.

Also remember that the investigator who shows up may have a strong biologics background but not deep CGT experience. They will still evaluate you through a familiar lens: sterility assurance as a chain of controls and evidence.

What they tend to test in practice is simple:
Do you detect signals early.
Do you react consistently.
Do you investigate to the right depth.
Do you trend and learn.
Do you prevent recurrence.

Sterility assurance becomes another inspection thread. It connects behaviours, EM response, deviations, investigations, CAPA effectiveness, training, and equipment control.

There are four recurring surprises.

The inspection becomes a test of consistency
If QA, QC, and manufacturing answer the same question differently, the site looks fragmented.

The record must stand alone
If the story depends on explaining it in the room, you are exposed.

The inspector’s path is not your agenda
You can prepare a structure, but FDA follows signals.

We have an SOP is not persuasive
They will ask how you know it is used, how you know it works, and what you do when it does not.

For CGT sites, a serious FDA readiness program is rarely a four-week sprint. It is typically a 12-to-18-month journey, depending on baseline maturity, scale-up pressure, and how close you are to BLA timelines.

The key is to avoid two traps.
A cosmetic readiness rush that polishes documents but does not strengthen evidence.
An endless transformation that never gets to inspection defensibility.

A good program is staged, risk-based, and thread-driven.

Phase 0, kickoff mock to identify where threads break
This is a short, realistic mock built around the way FDA actually inspects. The output is not a score. It is a thread map and a prioritised roadmap.

Phase 1, stabilise the core decision systems
This is where you harden deviations, investigations, CAPA effectiveness, data review discipline, and escalation logic. The aim is decision consistency and records that stand alone.

Phase 2, deepen the CGT-specific risk areas
This is where you focus on sterility assurance response logic, interfaces and handoffs, identity and traceability controls, and the parts of the process where manual steps and variability create risk.

Phase 3, prove sustainability
This is where you show that the system runs without heroics. Trending is meaningful. Reviews create decisions. CAPA effectiveness is demonstrated. Recurrence is controlled.

Phase 4, inspection simulation and coaching
You stress-test how the organisation behaves under pressure. You run thread-based role plays. You verify that QA, QC, and manufacturing tell the same story, backed by the same evidence.

A simple program rule: readiness is not a documentation project. It is an operating model upgrade.

A useful way to launch readiness is with a kickoff mock. It gives you fast clarity on where FDA will go first and what to fix before you invest months of effort.

Our related services:
FDA Inspection Readiness and Mock Audits
https://gmpbridge.com/biopharma-consulting-services/fda-inspection-readiness-consulting/

GMP Inspection Readiness Consulting
https://gmpbridge.com/biopharma-consulting-services/gmp-inspection-readiness-consulting/

Relevant case study:
Pre-Approval (PAI) FDA Mock Audits in CAR-T and Viral Vector Manufacturing Sites
https://gmpbridge.com/success-stories/fda-inspection-readiness-mock-audit-cgt-case-study/

First-time FDA inspections feel intense because they are. For CGT sites, the complexity of manual operations, interfaces, and aseptic risk makes thread-based scrutiny unavoidable.

The sites that do well are not the ones with the most approvals.
They are the ones that can show consistent decisions and credible evidence across the threads FDA will follow.

If you can make your deviation, investigation, and CAPA chain defensible, you have already done a big part of the work.

Q1: What is the difference between an FDA PAI and a PLI?
A: A PAI is typically tied to an application and tests whether the site can manufacture as described and whether records and data are credible. A PLI is linked to biologics licensure readiness and is often treated as a gate to approval.

Q2: Does the EU–US MRA reduce FDA inspections for CGT/ATMP sites?
A: Not reliably. For CGT/ATMP, you should plan for a direct FDA inspection and build readiness around evidence, consistency, and thread closure.

Q3: Where should EU CGT sites prioritise first if time is limited?
A: In many cases, start with the Deviation → Investigation → CAPA chain. It is where decision logic, evidence discipline, and follow-through become visible fast.

Q4: What does FDA usually test first in a CGT site?
A: FDA often starts from a signal in operations or records and follows it across systems: impact assessment, investigations, CAPA effectiveness, data credibility, and execution discipline.

Q5: How long does a serious CGT readiness program take?
A: Often 12–18 months depending on baseline maturity, scale-up pressure, and proximity to submission/approval timelines.