.jpg)
As of February 2, 2026, the transition period for the Quality Management System Regulation (QMSR) has officially ended.
The FDA now expects full compliance with this new framework, guaranteeing that FDA 21 CFR part 820 and ISO 13485 operate as one.
Which means that for any manufacturer selling in the United States, the relationship between ISO 13485 and 21 CFR 820 has changed. We are now looking at a unified global standard where ISO 13485 and 21 CFR 820 finally speak the same language.
This change impacts every quality, regulatory, and operations leader in the sector. In this post, we’ll explain why this alignment is so important and walk through exactly what has changed today.
We will also offer some practical suggestions for those still getting their bearings. I’ve spent a lot of time helping teams prepare for this day, and the biggest lesson I’ve learned is that this week is about moving from a mindset of parallel compliance to a single, connected operational mindset.
We will cover the new inspection realities, why FDA ISO 13485 harmonization changes your preparation strategy, and how to make sure that your system is actually ready for the FDA’s new approach.
What changed when FDA QMSR went into effect?
As of today, the biggest change is the FDA’s incorporation by reference of ISO 13485:2016. This means the international standard is now the heart of 21 CFR Part 820.
The FDA, however, has added specific bridge requirements for ISO 13485 and 21 CFR 820 to make sure that U.S.-specific protections remain.
Here is a breakdown of the most important changes your team will face:
-
The audit exception is gone: Over the last few decades, we could shield our internal audit reports and management review minutes from the FDA's eyes. I once spent an entire week during a pre-approval inspection carefully redacting sensitive management discussion from our records because we were terrified the inspector would see our internal struggles. Under the new ISO 13485 and 21 CFR 820 alignment, those days are over. Internal audits and leadership reviews are now open books for investigators.
-
A new Medical Device File (MDF): Traditional terms like Device Master Record (DMR) and Design History File (DHF) are being phased out. The FDA now uses the ISO term Medical Device File. While the underlying data requirements haven't vanished, you must now organize this information to align with the ISO product realization structure.
-
Risk-based everything: The FDA expects a risk-based approach to permeate the entire system, from how you validate software to how you qualify a new supplier.
-
Unified terminology: The old ISO 13485 vs 21 CFR 820 terminology gap is closing, for example, Management Responsibility is now Top Management Responsibility, and many definitions now point directly to ISO 9000:2015.
According to the FDA’s own economic impact study, this harmonization is projected to save the industry between $430 million and $533 million over the next decade, mostly by cutting out the duplicative procedures we used to keep.
What has not changed with FDA 21 CFR Part 820?
Despite the focus on FDA ISO 13485 harmonization, several key FDA-specific requirements remain untouched. The FDA has been very clear that they are keeping their teeth in several areas:
-
Reporting and tracking: The regulations for Medical Device Reporting (Part 803), the Unique Device Identifier (Part 830), and Reports of Corrections and Removals (Part 806) are still fully in effect and are not replaced by ISO clauses.
-
FDA-specific definitions: When a definition in the Food, Drug, and Cosmetic Act conflicts with ISO, the FDA definition wins. This is particularly true for terms like device and labeling.
-
Strict labelling controls: The FDA has kept section 820.45, which requires a designated person to examine a representative sample of labels for accuracy before release. This remains more prescriptive than the general language found in ISO 13485.
-
Inspection authority: Holding an ISO 13485 certificate does not exempt you from an FDA inspection. The FDA will still show up at your door, and they will still issue a Form 483 if they find your system is failing to meet the QMSR requirements.
While the framework has moved toward a global consensus, the FDA remains the ultimate authority on whether your system protects the American patient.
What will inspections under QMSR look like?
The era of the Quality System Inspection Technique (QSIT) is officially over. As of this week, the FDA is implementing a new inspection process that is aligned with the QMSR. You should expect investigators to evaluate how you’ve integrated ISO 13485 and 21 CFR 820 into your day-to-day system behavior.
Investigators will be less interested in whether you have a procedure for design controls and more interested in how you actually use it. They will follow signals in your data.
If they see a trend in complaints, they will follow that chain all the way back. Where did the signal start? How did it feed into risk management? Did it trigger a CAPA? And most importantly, did leadership know about it?
What FDA inspectors are likely to focus on now
Expect a heavy focus on leadership ownership. Under the new rules for ISO 13485 and 21 CFR 820, the FDA treats your CAPA system as a leadership scorecard. If your CAPAs are closing quickly on paper but the same quality issues keep appearing in your data, they will conclude that leadership isn't actually in control of the system.
I’ve heard many teams say, we’re ISO certified, so we’re fine. This is a dangerous trap. An ISO certificate proves you have a system on paper, and an FDA inspection proves that system actually works to protect patients.
Scilife Tip:
Inspectors will be looking at your decision logic. They want to see why you decided not to open a CAPA for a specific deviation, or how a supplier signal influenced your risk assessment. The days of debating ISO 13485 vs 21 CFR 820 differences are over. The QMSR will simply expose gaps where your system lacks control.
Why ISO 13485 and 21 CFR 820 harmonization changes how QMSs are evaluated
This harmonization forces us to move away from thinking about quality in modules (like Document Control or Training) and start thinking in loops. A modern quality system needs to behave like a connected organism.
In the old days, a document update was just a task to be finished. Now, an update in FDA 21 CFR part 820 and ISO 13485 needs to be the result of a quality signal, which then triggers a risk reassessment, which then automatically triggers a training task.
If your systems are spread across tools that don't talk to each other, you will struggle to prove the kind of connected control the FDA is now looking for. The ISO 13485 vs 21 CFR 820 debate is over; the goal is now a single, integrated source of truth.
One fact that stands out in the FDA’s official QMSR documentation is the massive scale of the impact this change is expected to have. According to the FDA’s Quality Management System Regulation Final Rule FAQ, the agency estimates that harmonization will result in a net social benefit of approximately $3.6 billion over the next 10 years.
This is a multi-billion-dollar change that removes the friction of redundant regulatory hurdles, allowing us to focus more on innovation and less on duplicative paperwork.
The advantages of a cloud-based eQMS over paper-based QMS systems.
What medical device manufacturers should prioritize now
If you’re feeling behind, the first thing to do is a real gap analysis. Don't just look for missing procedures, but look for broken links between your processes.
The biggest priority should be moving away from manual systems to handle the new intersection of FDA 21 CFR part 820 and ISO 13485. If you are still managing your ISO 13485 and 21 CFR 820 requirements via spreadsheets or paper, the new inspection reality will be incredibly painful.
You need a system that handles the heavy lifting of audit trails and electronic signatures automatically.
Scilife was built for this exact change, helping you manage the complexities of ISO 13485 and 21 CFR 820 through a single platform.
