The dietary supplement industry generates over $50 billion in annual U.S. retail sales — and it operates under a compliance framework that trips up even experienced manufacturers. Unlike pharmaceuticals, supplements don't require pre-market approval. But that doesn't mean the FDA is hands-off. The agency's authority over labeling, manufacturing, safety, and marketing is extensive, and enforcement actions — including warning letters, import alerts, and mandatory recalls — are accelerating.
This guide covers every major compliance requirement dietary supplement companies need to understand: from current Good Manufacturing Practices (cGMPs) and labeling regulations to New Dietary Ingredient (NDI) notifications and mandatory adverse event reporting. Whether you're launching your first product or auditing an established operation, this is the framework you need.
The Regulatory Foundation: What Laws Govern Dietary Supplements?
The Dietary Supplement Health and Education Act of 1994 (DSHEA) is the primary law governing dietary supplements in the United States. DSHEA established the legal definition of a dietary supplement, defined permissible claims, and placed the burden on the FDA to prove a product is unsafe — rather than requiring manufacturers to prove safety before marketing.
However, DSHEA doesn't stand alone. Several additional laws and regulations layer onto it:
- 21 CFR Part 111 — Current Good Manufacturing Practice (cGMP) regulations for dietary supplements
- 21 CFR Part 101 — Food labeling regulations, including supplement facts panels
- 21 CFR Part 190 — New Dietary Ingredient (NDI) notification requirements
- The Dietary Supplement and Nonprescription Drug Consumer Protection Act (2006) — Established mandatory serious adverse event reporting (SAER)
- FTC Act — Governs advertising claims (FTC has primary jurisdiction over supplement advertising)
Citation hook: Under DSHEA, dietary supplement manufacturers bear responsibility for ensuring their products are safe and properly labeled before marketing — the FDA does not approve supplements before they reach consumers.
cGMP Compliance: The Core Manufacturing Requirement
The single largest area of FDA enforcement against supplement companies is current Good Manufacturing Practice (cGMP) violations under 21 CFR Part 111. These regulations, which became fully effective for all manufacturers in 2010, establish detailed requirements for every stage of production.
What 21 CFR Part 111 Requires
Physical Plant & Equipment - Facilities must be designed to prevent contamination and permit adequate cleaning - Equipment must be of appropriate design, size, and construction - Calibration and maintenance records are required
Personnel - Qualified supervisory personnel must oversee manufacturing - Training records must be maintained - Personnel with illness or conditions that could contaminate product must be excluded
Production & Process Controls - Written master manufacturing records (MMRs) for each batch - Batch production records (BPRs) completed for every production run - In-process testing and controls
Laboratory Operations - Identity testing of every component used in manufacturing (not just finished product) - Finished product testing against established specifications - Reserve sample retention
Quality Control Unit - An independent QC function is required - QC must review and approve/reject all production batches - QC must review all complaint records
Complaint Handling & Returns - Written procedures for handling consumer complaints - Records of complaints reviewed by QC - Mandatory investigation of any complaint alleging serious adverse event
The Identity Testing Requirement: Where Most Companies Fail
One of the most commonly cited cGMP violations is failure to conduct identity testing on 100% of incoming components. Under 21 CFR §111.75, you must conduct at least one appropriate test or examination to verify the identity of each dietary ingredient. A Certificate of Analysis (COA) from your supplier alone is not sufficient to satisfy this requirement — you must conduct your own testing or have a validated supplier qualification program with periodic verification.
Citation hook: FDA Warning Letters citing 21 CFR Part 111 violations consistently rank identity testing failures and the absence of qualified laboratory controls among the top cited deficiencies in dietary supplement manufacturing inspections.
Labeling Compliance: What Must Appear on Your Supplement Label
Dietary supplement labeling is governed primarily by 21 CFR Part 101, with specific supplement requirements in 21 CFR §101.36. A non-compliant label can trigger FDA action even if your product is safe and your manufacturing is impeccable.
Required Label Elements
| Label Element | Requirement | Common Violations |
|---|---|---|
| Statement of Identity | Must include "dietary supplement" or the name of the dietary ingredient | Missing or vague identity statement |
| Supplement Facts Panel | Required format per 21 CFR §101.36 | Incorrect serving size, missing ingredients, wrong units |
| Ingredient List | All non-dietary ingredients listed by common name | Proprietary blends must list ingredients in descending weight order |
| Name & Address | Manufacturer, packer, or distributor name and address | Missing domestic address or contact information |
| Net Quantity of Contents | Stated in both metric and U.S. customary units | Incorrect or missing quantity |
| Directions for Use | If consumption differs from typical food use | Missing directions for unusual dosing forms |
| Warnings | "Keep out of reach of children" and any applicable warnings | Missing iron warning for products with ≥30 mg iron per serving |
Permitted Claims and Strict Limitations
This is where many supplement companies walk into serious legal exposure. FDA and FTC jointly regulate supplement claims, and the rules are specific:
Structure/Function Claims (Permitted under DSHEA) - Must be truthful and not misleading - Must have substantiation on file before making the claim - Must notify FDA within 30 days of first marketing - Must include the mandatory disclaimer: "This statement has not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease." - Disclaimer must appear prominently and conspicuously
Disease Claims (Prohibited) Any claim that a product diagnoses, treats, cures, mitigates, or prevents a specific disease converts the supplement into an unapproved drug. Examples of prohibited disease claims include: "lowers blood pressure," "treats depression," "prevents cancer," or "reduces symptoms of COVID-19."
Nutrient Content Claims Permitted under specific FDA definitions (e.g., "high in," "good source of") but must meet the regulatory criteria.
New Dietary Ingredient (NDI) Notifications
If your product contains a dietary ingredient that was not marketed in the U.S. before October 15, 1994, it is a New Dietary Ingredient (NDI), and you are generally required to submit a premarket safety notification to FDA at least 75 days before marketing.
The NDI notification must include: - The name and complete address of the manufacturer or distributor - The name of the dietary ingredient - A description of the conditions of use recommended or suggested in the labeling - The history of use or other evidence of safety
As of 2024, FDA's NDI notification database contains fewer than 1,300 submissions — a number widely considered far too low given the pace of new ingredient introductions. This gap represents significant compliance risk for companies that have marketed NDI-containing products without submitting the required notification.
FDA's 2016 Draft Guidance on NDIs clarified the agency's interpretation of what constitutes an NDI and when notifications are required. This guidance created controversy in the industry, but following it remains the prudent compliance approach.
Mandatory Serious Adverse Event Reporting (SAER)
Under the Dietary Supplement and Nonprescription Drug Consumer Protection Act, manufacturers, packers, and distributors whose name appears on the supplement label must:
- Submit serious adverse event reports (SAERs) to FDA within 15 business days of receiving the report
- Maintain records of all adverse events (serious and non-serious) for at least 6 years
- Submit follow-up reports if new medical information becomes available within one year
A serious adverse event is one that results in: death, a life-threatening experience, inpatient hospitalization, a persistent or significant disability or incapacity, a congenital anomaly or birth defect, or that requires a medical or surgical intervention to prevent one of these outcomes.
SAER submissions are made using MedWatch Form 3500A and must be submitted to the FDA's Center for Food Safety and Applied Nutrition (CFSAN).
Facility Registration Requirements
Under the Bioterrorism Act of 2002 and subsequent amendments via the Food Safety Modernization Act (FSMA), domestic and foreign facilities that manufacture, process, pack, or hold food (including dietary supplements) for human consumption in the U.S. must register with FDA and renew registration biannually during the October–December window of even-numbered years.
Failure to register — or failure to renew — can result in products being deemed misbranded and subject to detention or refusal of import.
FDA Enforcement: What Triggers an Inspection or Action?
FDA enforces supplement regulations primarily through:
- Facility inspections (routine and for-cause)
- Warning letters (publicly posted on FDA's website)
- Import alerts (block products at the border)
- Mandatory and voluntary recalls
- Seizure and injunction (for serious violations)
- Criminal prosecution (for willful violations)
Between 2020 and 2024, FDA issued hundreds of warning letters to dietary supplement companies, with the most common violations including: - Unauthorized disease claims on websites and social media - cGMP violations (identity testing, batch records, QC oversight) - Undeclared drug ingredients (particularly in weight loss and sports performance products) - NDI notifications not submitted
Citation hook: FDA's enforcement posture toward dietary supplements has intensified significantly since 2019, with the agency's Dietary Supplement Working Group recommending expanded enforcement resources and a modernized legislative framework to address gaps in DSHEA.
Supplement Compliance Comparison: Small vs. Large Manufacturers
A common misconception is that small companies face reduced regulatory obligations. They don't — but the practical compliance burden and timelines differ:
| Compliance Area | Small Manufacturer (<20 employees) | Mid/Large Manufacturer |
|---|---|---|
| cGMP Applicability | Full 21 CFR Part 111 applies | Full 21 CFR Part 111 applies |
| Inspection Frequency | Less frequent (resource-limited FDA) | More frequent; FDA prioritizes volume |
| NDI Notification | Same requirement | Same requirement |
| SAER Reporting | Same 15-day window | Same 15-day window; often has dedicated system |
| Laboratory Resources | May contract to third-party labs | Often in-house lab capability |
| SOPs & Documentation | Same requirements; often underdeveloped | More mature QMS typically in place |
| Third-Party Certification (NSF, USP) | Optional but increasingly required by retailers | Often required by major retail channels |
| FTC Advertising Scrutiny | Lower volume = less attention | High-spend advertisers face more scrutiny |
Third-Party Certification: NSF, USP, and Informed Sport
While not legally required by FDA, third-party certification programs have become a de facto marketplace requirement for supplement companies selling through major retail channels. Programs to know:
- NSF International (NSF/ANSI 173) — Tests for label accuracy, contaminants, and cGMP compliance; required by many major retailers
- USP Verified — Verifies identity, potency, purity, and dissolution; strong credibility in healthcare channels
- Informed Sport / Informed Choice — Focuses on banned substance testing; required for products marketed to athletes
- Banned Substances Control Group (BSCG) — Another banned substance certification recognized by sports organizations
These programs don't replace FDA compliance — they supplement it. A product can pass NSF certification and still receive an FDA Warning Letter for a labeling claim violation.
Building a Compliant Quality Management System (QMS)
A functional QMS for a dietary supplement company should include, at minimum:
- Standard Operating Procedures (SOPs) for all production and quality activities
- Master Manufacturing Records (MMRs) for every product
- Supplier Qualification Program including vendor audits and incoming testing
- Change Control Process for ingredient, process, or supplier changes
- Corrective and Preventive Action (CAPA) System
- Internal Audit Program (at least annual)
- Consumer Complaint Handling Procedure
- Adverse Event Reporting Procedure with clear triage criteria
- Label Review SOP including substantiation file management
- Employee Training Program with documented records
At Certify Consulting, I work with supplement clients to build these systems from the ground up or audit existing ones against 21 CFR Part 111 and current FDA expectations. With 200+ clients served and a 100% first-time audit pass rate, the pattern is clear: companies that build their QMS proactively — not reactively — are the ones that pass inspections and scale without disruption.
Common Mistakes That Trigger FDA Warning Letters
- Website and social media disease claims — The most common trigger. Even customer testimonials on your site can constitute implied disease claims.
- Inadequate substantiation — Making a structure/function claim without adequate scientific evidence on file before you market.
- Missing 30-day notification to FDA — Required within 30 days of first marketing any structure/function claim.
- Identity testing gaps — Relying solely on supplier COAs without independent verification.
- No QC unit or inadequate QC independence — QC cannot be supervised by the same person responsible for production.
- Incomplete batch records — Blanks, missing signatures, or records completed after the fact.
- Undisclosed drug ingredients — Particularly prevalent in weight loss, sexual enhancement, and sports products.
Frequently Asked Questions
Does FDA approve dietary supplements before they're sold?
No. Unlike drugs, dietary supplements do not require FDA pre-market approval. Under DSHEA, manufacturers are responsible for ensuring their products are safe and properly labeled before marketing. FDA can take action after a product is on the market if it is found to be unsafe or misbranded.
What is a New Dietary Ingredient (NDI) and do I need to notify FDA?
A New Dietary Ingredient is a dietary ingredient not marketed in the United States before October 15, 1994. If your product contains an NDI, you are generally required to submit a premarket safety notification to FDA at least 75 days before marketing. Failure to submit when required is a violation that can result in the product being considered adulterated.
What's the difference between a structure/function claim and a disease claim?
A structure/function claim describes how a nutrient or dietary ingredient affects normal structure or function in the human body (e.g., "supports healthy immune function"). A disease claim states or implies that the product diagnoses, treats, cures, mitigates, or prevents a specific disease. Disease claims are prohibited for supplements and convert the product into an unapproved drug in FDA's view.
How long do I have to report a serious adverse event to FDA?
You must submit a serious adverse event report (SAER) to FDA within 15 business days of receiving the report. Records of all adverse events — serious and non-serious — must be maintained for at least 6 years.
What are the biggest FDA compliance risks for supplement companies in 2025?
The highest-risk areas currently include: unauthorized disease claims on digital platforms (websites, social media, Amazon listings), cGMP deficiencies (especially identity testing and batch record integrity), undeclared pharmaceutical ingredients in certain product categories, and failure to submit NDI notifications for newer ingredients.
Getting Expert Help with FDA Supplement Compliance
Dietary supplement compliance is not a one-time project — it's an ongoing operational discipline. Regulatory requirements evolve, FDA enforcement priorities shift, and one Warning Letter can cost far more than a robust compliance program.
If you're building a new supplement line, preparing for an FDA inspection, or conducting a gap assessment of your existing QMS, working with an experienced regulatory consultant is the most cost-effective path to sustainable compliance.
Learn more about how Certify Consulting supports dietary supplement manufacturers through cGMP audits, QMS development, label reviews, and regulatory strategy.
For more on related compliance frameworks, explore our resources on FDA food facility registration requirements and FDA Warning Letter response strategies.
Last updated: 2026-03-11
Jared Clark
Certification Consultant
Jared Clark is the founder of Certify Consulting and helps organizations achieve and maintain compliance with international standards and regulatory requirements.