COMPLIANCEJuly 2026

FDA QMSR: The Complete Transition Guide for Medical Device Manufacturers

The Quality Management System Regulation replaced the old Quality System Regulation on February 2, 2026. If your quality system still reads like 21 CFR 820 circa 2020, here's what changed and what to do about it.

QE
Senior Quality Engineer
9 min read

What Is the FDA QMSR?

The Quality Management System Regulation (QMSR) is FDA's replacement for the Quality System Regulation, finalized on February 2, 2024, and mandatory for every device manufacturer as of its February 2, 2026 compliance date — a date that has now passed. Instead of a standalone, FDA-authored quality system regulation, the QMSR incorporates ISO 13485:2016 by reference as the core quality management system standard for devices marketed in the United States, supplemented by a short list of FDA-specific provisions the standard doesn't fully cover. If your quality system documentation still cites the old subpart structure of 21 CFR Part 820 — 820.20 management responsibility, 820.30 design controls, 820.198 complaint files — it needs updating to reflect the current framework, even where the underlying process barely changes.

This guide covers what changed, what stayed in place, and how to verify your quality system is actually compliant rather than just relabeled.

When Did the QMSR Take Effect?

FDA published the final rule, "Medical Devices; Quality System Regulation Amendments," in the Federal Register on February 2, 2024 (89 FR 7496). The rule set a two-year transition period with a single hard compliance date — no phased rollout by device class or company size. Every manufacturer subject to Part 820 was required to be operating under the QMSR framework by February 2, 2026.

There was no grace period built into the rule. Manufacturers inspected after that date are assessed against the QMSR, not the legacy Quality System Regulation, regardless of where they were in their own internal transition project.

What Actually Changed From the Old Quality System Regulation?

The most consequential change is structural: FDA replaced most of the detailed, FDA-authored requirements in Part 820 with a single incorporation-by-reference to ISO 13485:2016, then kept a narrow set of provisions the standard doesn't address. A full section-by-section comparison covers the detail — the short version:

  • Old 21 CFR 820 was a standalone regulation, written entirely by FDA, with subparts covering management responsibility, design controls, document controls, purchasing controls, production controls, and records.
  • The QMSR points to ISO 13485:2016 as the primary quality system requirement, and Part 820 itself now consists mainly of scope, definitions, and a limited set of supplemental U.S. requirements layered on top of the standard.
  • For a manufacturer already certified to ISO 13485:2016, the operational gap is often smaller than the documentation gap: your processes may already reflect the standard, but your quality manual, procedures, and forms may still reference subpart numbers and terminology that no longer exist in the current regulation.

    How Does ISO 13485:2016 Fit Into the QMSR?

    ISO 13485:2016 is incorporated by reference in its entirety — the actual text of the standard, not an FDA summary or adaptation. Your quality management system must satisfy every clause, including several that had no direct equivalent in the old Part 820:

  • Clause 4 — QMS general and documentation requirements, including a documented quality manual scope and rationale for any exclusions.
  • Clause 5 — Management responsibility, including a documented quality policy and quality objectives reviewed by top management at defined intervals.
  • Clause 6 — Resource management, including infrastructure and work environment controls.
  • Clause 7 — Product realization, covering planning, design and development, purchasing, production, and control of monitoring and measuring equipment.
  • Clause 8 — Measurement, analysis, and improvement, including internal audits, complaint handling, CAPA, and data analysis.
  • Manufacturers who treat the transition as "swap the cover page, keep the old procedures" typically miss clauses ISO 13485 requires but the old Part 820 never explicitly called out — most notably the risk management tie-in running through product realization (Clause 7.1, referencing ISO 14971) and the more prescriptive regulatory-reporting feedback loop in Clause 8.2.3.

    What Parts of 21 CFR 820 Still Apply on Their Own?

    The QMSR didn't eliminate FDA's independent authority — it narrowed what lives inside Part 820 specifically. Provisions ISO 13485:2016 doesn't fully address remain as standalone requirements in the amended regulation, including:

  • Definitions specific to FDA's regulatory framework without a one-to-one ISO 13485 equivalent.
  • Records requirements — records must be in English, retained for the required period, and available to FDA within a reasonable time during an inspection.
  • Complaint handling specificity that goes beyond ISO 13485 Clause 8.2.2, consistent with what manufacturers previously implemented under former Section 820.198.
  • FDA's inspectional authority under the Federal Food, Drug, and Cosmetic Act, unaffected by the QMSR and independent of any ISO certification status.
  • Separately — and this is the part transition projects most often miss — Parts 801, 803, 806, 807, 809, and 821, covering labeling, medical device reporting, corrections and removals, establishment registration, in vitro diagnostic labeling, and device tracking, were not touched by the QMSR rulemaking. They remain fully in force as their own regulations. A transition project that only revises the quality manual and leaves MDR procedures untouched has covered a fraction of the actual scope.

    Does an ISO 13485 Certificate Mean You're Already Compliant?

    Not automatically. A current ISO 13485:2016 certificate from a notified body or MDSAP auditing organization is strong evidence toward QMSR compliance, since the standard is now the core requirement — but certification bodies audit against the standard, not against the FDA-specific supplemental provisions layered on top of it. A manufacturer can be validly ISO 13485 certified and still have gaps in the record-retention, English-language, or complaint-file specificity requirements that exist only in the FDA additions.

    FDA also doesn't treat third-party ISO 13485 certification as a substitute for its own inspection authority outside the limited context of the Medical Device Single Audit Program (MDSAP), where FDA accepts MDSAP audit reports in lieu of routine surveillance inspections for participating manufacturers. Outside MDSAP participation, FDA investigators conduct their own QMSR inspections regardless of certification status.

    How Will FDA Inspect Under the QMSR?

    FDA has signaled it is moving its inspectional approach closer to the process-based audit model ISO 13485 auditors use, rather than relying solely on the legacy Quality System Inspection Technique (QSIT) subsystem structure built around the old Part 820 subparts. In practice, investigators are expected to trace your quality system through the ISO 13485 process model — management responsibility, resource management, product realization, measurement and improvement — rather than working a checklist of the old numbered subparts.

    Internal audit reports retain the protection FDA described in the QMSR rulemaking preamble, consistent with FDA's historical practice of not routinely reviewing internal audit schedules and reports during inspections. That protection concerns inspection practice, not a reason to under-invest in the internal audit program — ISO 13485 Clause 8.2.4 requires a defined, risk-based internal audit program, and gaps there surface quickly once an external audit or FDA inspection begins.

    What Should You Do to Get Ready?

    If your organization hasn't completed a documented gap assessment against ISO 13485:2016 and the retained QMSR provisions, that's the starting point — not a rewrite of every procedure. The QMSR readiness checklist walks through the specific areas — documentation structure, design controls, records, complaints, CAPA, internal audits, and the FDA-specific provisions ISO 13485 doesn't cover — in the order most manufacturers find gaps.

    Three starting moves:

    Update your quality manual's regulatory basis statement. If it still cites "21 CFR Part 820" as a standalone FDA regulation without referencing ISO 13485:2016 as the incorporated standard, that's a visible, easy-to-catch gap for any auditor or investigator.

    Run the design controls crosswalk if you have active design or development projects. The 820.30 to ISO 13485 Clause 7.3 mapping is close to one-to-one, but the design and development file requirements in Clause 7.3.10 are worth verifying explicitly against your current DHF structure.

    Confirm your [FDA-facing SOP documentation](/templates/fda-21-cfr-820-sop) references the current regulatory framework. Procedures written and approved before February 2024 that still cite the old subpart numbering should be revised and re-approved through document control, not just reprinted with a new date.

    Coplain helps device manufacturers convert existing quality system documentation into current, audit-ready procedures — mapped to the standard your QMS actually has to satisfy. Free trial at coplain.com.

    Frequently Asked Questions

    Q: What does QMSR stand for?

    A: QMSR stands for Quality Management System Regulation — FDA's replacement for the Quality System Regulation (QSR), finalized February 2, 2024, with a compliance date of February 2, 2026.

    Q: Is 21 CFR 820 still in effect?

    A: The numbering "21 CFR Part 820" still exists, but its content changed substantially. The regulation now incorporates ISO 13485:2016 by reference as the core quality system standard, supplemented by a narrow set of FDA-specific provisions the standard doesn't cover.

    Q: Do I need a new ISO 13485 certificate to comply with the QMSR?

    A: Not necessarily. If you're already ISO 13485:2016 certified, your existing certificate supports QMSR compliance for the clauses it covers, but you still need to verify the FDA-specific supplemental requirements — records, complaint file specifics, and definitions — that certification bodies don't audit against.

    Q: What happens if my quality system still references the old 21 CFR 820 subparts?

    A: It's a documentation gap, not necessarily an operational one. FDA investigators are trained to assess against the current framework; procedures that cite obsolete subpart numbers or terminology signal a documentation system that hasn't been kept current, which is itself a finding under both the old and new regulation.

    Q: Where can I find FDA's official QMSR guidance?

    A: FDA published a final guidance document and small entity compliance guide alongside the QMSR final rule. Check FDA's medical devices quality system webpage for the current version, since guidance is updated periodically.

    Stop reading about better documentation. Start creating it.

    Coplain turns any work instruction into a print-ready, audit-proof job aid in minutes.

    Try Coplain free →

    Related articles

    Related Tools & Templates

    COPLAIN PLATFORM

    See every tool that turns complex work instructions into floor-ready documents.

    Explore the platform →
    ← Back to Blog