The Quality Management System Regulation replaced the old Quality System Regulation on February 2, 2026. If your quality system still reads like 21 CFR 820 circa 2020, here's what changed and what to do about it.
The Quality Management System Regulation (QMSR) is FDA's replacement for the Quality System Regulation, finalized on February 2, 2024, and mandatory for every device manufacturer as of its February 2, 2026 compliance date — a date that has now passed. Instead of a standalone, FDA-authored quality system regulation, the QMSR incorporates ISO 13485:2016 by reference as the core quality management system standard for devices marketed in the United States, supplemented by a short list of FDA-specific provisions the standard doesn't fully cover. If your quality system documentation still cites the old subpart structure of 21 CFR Part 820 — 820.20 management responsibility, 820.30 design controls, 820.198 complaint files — it needs updating to reflect the current framework, even where the underlying process barely changes.
This guide covers what changed, what stayed in place, and how to verify your quality system is actually compliant rather than just relabeled.
FDA published the final rule, "Medical Devices; Quality System Regulation Amendments," in the Federal Register on February 2, 2024 (89 FR 7496). The rule set a two-year transition period with a single hard compliance date — no phased rollout by device class or company size. Every manufacturer subject to Part 820 was required to be operating under the QMSR framework by February 2, 2026.
There was no grace period built into the rule. Manufacturers inspected after that date are assessed against the QMSR, not the legacy Quality System Regulation, regardless of where they were in their own internal transition project.
The most consequential change is structural: FDA replaced most of the detailed, FDA-authored requirements in Part 820 with a single incorporation-by-reference to ISO 13485:2016, then kept a narrow set of provisions the standard doesn't address. A full section-by-section comparison covers the detail — the short version:
For a manufacturer already certified to ISO 13485:2016, the operational gap is often smaller than the documentation gap: your processes may already reflect the standard, but your quality manual, procedures, and forms may still reference subpart numbers and terminology that no longer exist in the current regulation.
ISO 13485:2016 is incorporated by reference in its entirety — the actual text of the standard, not an FDA summary or adaptation. Your quality management system must satisfy every clause, including several that had no direct equivalent in the old Part 820:
Manufacturers who treat the transition as "swap the cover page, keep the old procedures" typically miss clauses ISO 13485 requires but the old Part 820 never explicitly called out — most notably the risk management tie-in running through product realization (Clause 7.1, referencing ISO 14971) and the more prescriptive regulatory-reporting feedback loop in Clause 8.2.3.
The QMSR didn't eliminate FDA's independent authority — it narrowed what lives inside Part 820 specifically. Provisions ISO 13485:2016 doesn't fully address remain as standalone requirements in the amended regulation, including:
Separately — and this is the part transition projects most often miss — Parts 801, 803, 806, 807, 809, and 821, covering labeling, medical device reporting, corrections and removals, establishment registration, in vitro diagnostic labeling, and device tracking, were not touched by the QMSR rulemaking. They remain fully in force as their own regulations. A transition project that only revises the quality manual and leaves MDR procedures untouched has covered a fraction of the actual scope.
Not automatically. A current ISO 13485:2016 certificate from a notified body or MDSAP auditing organization is strong evidence toward QMSR compliance, since the standard is now the core requirement — but certification bodies audit against the standard, not against the FDA-specific supplemental provisions layered on top of it. A manufacturer can be validly ISO 13485 certified and still have gaps in the record-retention, English-language, or complaint-file specificity requirements that exist only in the FDA additions.
FDA also doesn't treat third-party ISO 13485 certification as a substitute for its own inspection authority outside the limited context of the Medical Device Single Audit Program (MDSAP), where FDA accepts MDSAP audit reports in lieu of routine surveillance inspections for participating manufacturers. Outside MDSAP participation, FDA investigators conduct their own QMSR inspections regardless of certification status.
FDA has signaled it is moving its inspectional approach closer to the process-based audit model ISO 13485 auditors use, rather than relying solely on the legacy Quality System Inspection Technique (QSIT) subsystem structure built around the old Part 820 subparts. In practice, investigators are expected to trace your quality system through the ISO 13485 process model — management responsibility, resource management, product realization, measurement and improvement — rather than working a checklist of the old numbered subparts.
Internal audit reports retain the protection FDA described in the QMSR rulemaking preamble, consistent with FDA's historical practice of not routinely reviewing internal audit schedules and reports during inspections. That protection concerns inspection practice, not a reason to under-invest in the internal audit program — ISO 13485 Clause 8.2.4 requires a defined, risk-based internal audit program, and gaps there surface quickly once an external audit or FDA inspection begins.
If your organization hasn't completed a documented gap assessment against ISO 13485:2016 and the retained QMSR provisions, that's the starting point — not a rewrite of every procedure. The QMSR readiness checklist walks through the specific areas — documentation structure, design controls, records, complaints, CAPA, internal audits, and the FDA-specific provisions ISO 13485 doesn't cover — in the order most manufacturers find gaps.
Three starting moves:
Update your quality manual's regulatory basis statement. If it still cites "21 CFR Part 820" as a standalone FDA regulation without referencing ISO 13485:2016 as the incorporated standard, that's a visible, easy-to-catch gap for any auditor or investigator.
Run the design controls crosswalk if you have active design or development projects. The 820.30 to ISO 13485 Clause 7.3 mapping is close to one-to-one, but the design and development file requirements in Clause 7.3.10 are worth verifying explicitly against your current DHF structure.
Confirm your [FDA-facing SOP documentation](/templates/fda-21-cfr-820-sop) references the current regulatory framework. Procedures written and approved before February 2024 that still cite the old subpart numbering should be revised and re-approved through document control, not just reprinted with a new date.
Coplain helps device manufacturers convert existing quality system documentation into current, audit-ready procedures — mapped to the standard your QMS actually has to satisfy. Free trial at coplain.com.
Q: What does QMSR stand for?
A: QMSR stands for Quality Management System Regulation — FDA's replacement for the Quality System Regulation (QSR), finalized February 2, 2024, with a compliance date of February 2, 2026.
Q: Is 21 CFR 820 still in effect?
A: The numbering "21 CFR Part 820" still exists, but its content changed substantially. The regulation now incorporates ISO 13485:2016 by reference as the core quality system standard, supplemented by a narrow set of FDA-specific provisions the standard doesn't cover.
Q: Do I need a new ISO 13485 certificate to comply with the QMSR?
A: Not necessarily. If you're already ISO 13485:2016 certified, your existing certificate supports QMSR compliance for the clauses it covers, but you still need to verify the FDA-specific supplemental requirements — records, complaint file specifics, and definitions — that certification bodies don't audit against.
Q: What happens if my quality system still references the old 21 CFR 820 subparts?
A: It's a documentation gap, not necessarily an operational one. FDA investigators are trained to assess against the current framework; procedures that cite obsolete subpart numbers or terminology signal a documentation system that hasn't been kept current, which is itself a finding under both the old and new regulation.
Q: Where can I find FDA's official QMSR guidance?
A: FDA published a final guidance document and small entity compliance guide alongside the QMSR final rule. Check FDA's medical devices quality system webpage for the current version, since guidance is updated periodically.
Coplain turns any work instruction into a print-ready, audit-proof job aid in minutes.
Try Coplain free →AS9100 Rev D Documentation Checklist: 12 Items Auditors Check First
Most audit failures aren't about process gaps. They're about documentation that doesn't reflect reality. Here's the checklist we wish existed before our first Rev D audit.
6 min readCOMPLIANCEFDA 21 CFR Part 820 Documentation Requirements: What Trips Up Manufacturers
Warning letters. 483 observations. Consent decrees. Most FDA enforcement actions have one thing in common: inadequate documentation. Here's what the agency actually looks for.
10 min readCOMPLIANCEISO 9001:2015 Documentation Guide: What You Actually Need vs What You Think
The 2015 revision eliminated the quality manual requirement and six mandatory procedures. What it added is more demanding. Here's what actually changed — and what your registrar looks for during surveillance.
7 min readRelated Tools & Templates
COPLAIN PLATFORM
See every tool that turns complex work instructions into floor-ready documents.