What is the QMSR?
The Quality Management System Regulation (QMSR) is the FDA's replacement for 21 CFR Part 820, the Quality System Regulation that has governed medical device manufacturing since 1996. Instead of maintaining its own set of requirements, the FDA now incorporates ISO 13485:2016 by reference — meaning the international standard becomes the primary compliance framework for US-marketed devices.
The final rule was published in February 2024 and became effective on February 2, 2026.
Already have a QMS in Google Drive? Scan it for QMSR gaps — free →
What actually changed
The QMSR doesn't add new requirements on top of ISO 13485. It replaces Part 820's structure with ISO 13485's structure, plus a small number of FDA-specific additions:
- Complaint handling — FDA retains specific requirements for complaint files (§820.198 equivalent)
- Servicing — Service reports must still meet FDA expectations
- Traceability — Critical devices require unit-level traceability
- Records retention — Some records must be retained longer than ISO 13485 requires
Everything else maps to ISO 13485 clauses directly.
What stayed the same
More than most companies expect. If your QMS was built around ISO 13485 — even loosely — the structural changes are modest. The core quality system elements (management responsibility, design controls, purchasing, production, CAPA) all have direct equivalents.
The biggest change is often organizational, not substantive: rewriting document references from "§820.30" to "ISO 13485 clause 7.3" and ensuring your internal procedures reference the correct standard.
The timeline
| Date | Event |
|---|---|
| Feb 2024 | Final rule published |
| Feb 2, 2026 | QMSR effective — all manufacturers must comply |
| Ongoing | FDA inspections now reference ISO 13485 |
There is no grace period. As of February 2, 2026, FDA inspectors assess compliance against ISO 13485:2016 with QMSR additions.
Who is affected
Every company that manufactures, designs, or distributes a medical device marketed in the United States. This includes:
- US-based device manufacturers
- Foreign manufacturers exporting to the US
- Contract manufacturers
- Specification developers (companies that design but don't manufacture)
Companies already certified to ISO 13485 by a notified body have a head start but should not assume full compliance — the QMSR additions and FDA-specific expectations still need verification.
Common misconceptions
"We're ISO 13485 certified, so we're done."
Certification helps, but doesn't guarantee QMSR compliance. The FDA-specific additions (complaint handling, traceability, servicing) may not be covered by your existing certificate scope. And your internal documents may still reference Part 820 language.
"This is just a paperwork exercise."
For some companies, yes — it's primarily updating references and cross-walks. For companies that built their QMS specifically around Part 820's structure (especially the DHF/DMR/DHR framework), the changes may be more substantive.
"Legacy Part 820 terminology is a compliance violation."
Not automatically. Using "Device Master Record" instead of "medical device file" won't trigger a citation on its own. But it signals to an inspector that your system may not have been updated, which invites closer scrutiny.
Is legacy Part 820 terminology a compliance violation? →
What to do now
- Assess your current state. Understand which parts of your QMS align with ISO 13485 and where the gaps are. A gap analysis is the starting point.
- Map your documents. Create a crosswalk between your existing procedures and ISO 13485 clauses. Identify documents that need updating.
- Address FDA-specific additions. Review your complaint handling, servicing, and traceability procedures against QMSR requirements.
- Update references. Systematically replace Part 820 references with ISO 13485 clause references throughout your document system.
- Verify and document. Don't just make changes — document that you've assessed and updated your QMS for QMSR compliance.
Further reading
- QMSR Gap Analysis: A Practical Guide → — Step-by-step guide to running your own gap analysis
- QMSR Compliance for Google Drive → — How to maintain compliance when your QMS lives in cloud documents
- Part 820 → ISO 13485 Crosswalk → — Requirement-by-requirement mapping between the old and new standards
- FAQ → — Common questions about the QMSR transition