If you work in medical device manufacturing in the United States, February 2, 2026 was a date you had circled on your calendar — or should have. That’s the day FDA’s Quality Management System Regulation, known as the QMSR, officially replaced the Quality System Regulation (QSR) that many of us have been living and breathing for the past three decades.
I want to start with some reassurance: if you’ve been running a solid QMS under the old QSR, you’re not starting over. But you do need to understand what changed, what it means practically, and — most importantly — whether your existing system already gets you there or whether there are genuine gaps to address. That’s exactly what this series is for.
Let’s begin at the beginning.
What Is the QMSR, and Where Did It Come From?
The QMSR is FDA’s revised 21 CFR Part 820, finalized in February 2024 and effective as of February 2, 2026. The headline change is this: the QMSR incorporates ISO 13485:2016 by reference as its foundational quality management framework. This is a significant shift from the old QSR, which was a standalone FDA-specific regulation that happened to overlap substantially with ISO 13485 — but not perfectly.
The rationale was straightforward. The vast majority of FDA-regulated device manufacturers are also seeking or maintaining ISO 13485 certification for access to international markets. Running two parallel but slightly different quality systems — one for FDA, one for the rest of the world — created unnecessary duplication, confusion, and cost. The QMSR largely harmonizes these two frameworks, reducing that burden while maintaining (and in some areas strengthening) FDA’s specific requirements.
What Actually Changed?
The honest answer is: the structure changed more than the substance — but the substance does have meaningful additions.
Here are the most important changes to understand:
ISO 13485:2016 is now incorporated by reference. This means that complying with ISO 13485:2016 is, for most requirements, complying with the QMSR. If your company already holds ISO 13485 certification, you have a strong foundation — but FDA adds requirements on top, which we’ll cover section by section in this series.
Design controls are expanded. The old QSR’s design controls (§820.30) were already substantive. The QMSR aligns these more closely with ISO 13485’s design and development requirements, including stronger emphasis on design transfer and design files. If design controls have been a weak point in your QMS, this is an area to review carefully.
Software and SaMD get more attention. The QMSR’s broader alignment with ISO 13485 brings with it clearer expectations around software as a medical device and software used in manufacturing. FDA’s broader digital health framework applies here too.
Post-market and feedback requirements are more explicit. Customer feedback, complaint handling, and the link between post-market data and continual improvement are more clearly articulated than in the old QSR.
Some old QSR section numbers changed. If your SOPs reference specific 21 CFR Part 820 section numbers, those may need updating. This is often more of an administrative task than a substantive one — but it’s worth a systematic review.
What Does This Mean If You’re Already ISO 13485 Certified?
Good news: you’re well positioned. ISO 13485 certification doesn’t automatically mean QMSR compliance, but it means you’ve built to a standard that the QMSR uses as its baseline. Your gap analysis should focus on FDA’s additional requirements — the provisions that go beyond ISO 13485 — rather than starting from scratch.
In this series, I’ll flag those FDA-specific additions clearly as we go through each section. Think of it as reading a map where most of the territory is familiar, but there are some new roads that matter.
What Does This Mean If You Were QSR-Compliant But Not ISO 13485 Certified?
This is where more work may be needed. The QMSR’s ISO 13485 foundation brings some requirements that weren’t explicit in the old QSR — particularly around risk management integration throughout the QMS, a more structured approach to design and development, and clearer documentation requirements. None of it is unmanageable, but it does warrant a structured gap assessment.
What’s Coming in This Series
Over the coming weeks, I’m going to walk through the QMSR section by section — what each one requires, what changed from the old QSR, what it means practically, and where to focus your attention. We’ll go from §820.1 (Scope) all the way through to post-implementation strategy.
My goal is to make this series feel less like a regulatory briefing and more like a conversation with someone who has been through this before and genuinely wants to help you land on the right side of it. Because that’s exactly what it is.
Next up: §820.1 — Scope. We’ll look at who the QMSR applies to, what kinds of devices are covered, and a few things about the scope that might surprise you.
See you then.
This series is a plain-English walkthrough of the QMSR — written for the people who actually have to implement it.