What is FDA QMSR final rule and how to stay compliant

As of February 2, 2026, the FDA’s Quality Management System Regulation (QMSR) is officially in force.

The FDA’s new Quality Management System Regulation (QMSR) represents the most significant overhaul of U.S. medical device quality requirements in more than 25 years.

The long-standing Quality System Regulation (QSR / 21 CFR Part 820) has now been superseded, and FDA inspections are conducted under a framework that incorporates ISO 13485:2016 by reference, with additional FDA-specific requirements layered on top.

For medical device manufacturers, this is no longer about preparation or transition. QMSR compliance is now the baseline expectation.

This guide walks you through what is FDA QMSR, what has changed,  the difference between  ISO 13485 vs 21 CFR 820 (QSR) and everything manufacturers need to achieve FDA QMSR compliance.

Key takeaways

What is the FDA Quality Management System Regulation (QMSR)? A quick refresher

The FDA Quality Management System Regulation (QMSR) is the current quality framework governing medical device manufacturers in the United States.

Rather than introducing an entirely new system, QMSR modernized and replaced the former Quality System Regulation (QSR) by incorporating ISO 13485:2016 into Part 820 and aligning U.S. requirements with internationally recognized quality practices.

After being released in 2024, the QMSR final came into enforcement on February 2, 2026.

In simple terms, the FDA QMSR:

1. Replaces the previous Quality System Regulation (QSR)
2. Incorporates ISO 13485:2016 into Part 820, making it part of U.S. regulatory requirements.
3. Adds FDA-specific expectations where ISO is less detailed, creating an extra layer of obligations.
4. Updates inspections and documentation rules, replacing QSIT and expanding FDA access to internal records like audits and management reviews.

The FDA’s goal was  harmonization: reducing duplication between U.S. and international requirements while raising expectations around risk management, documentation depth, and system maturity.

For manufacturers, this means your QMS must now operate as a single, defensible system that satisfies both ISO structure and FDA enforcement realities.

Recommended learning:

Differences between DHF, DMR, DHR, and QMSR for medical devices.

What FDA QMSR compliance means for medical device companies 

Achieving FDA QMSR compliance today means your Quality Management System must fully align with the structure, terminology, and expectations of ISO 13485:2016, while still meeting FDA-specific obligations — and must be demonstrably effective during inspection. 

 In practice, manufacturers must ensure that their QMS:

• Aligns with ISO 13485 processes and framework, including documentation hierarchy, lifecycle focus, and quality planning.
• Demonstrates risk-based decision making across all processes, from design and development to production and post-market surveillance.
• Maintains complete, traceable documentation and objective evidence to show that quality processes are defined, implemented, and effective.
• Implements supplier controls proportionate to supplier risk, including qualification, monitoring, and re-evaluation activities.
• Ensures all quality processes (from design controls to complaint handling) reflect QMSR’s updated harmonized expectations.
• Validates all software used within the QMS, including eQMS platforms, spreadsheets, automated workflows, and production-support tools.
• Provides role-based training and competency evidence, ensuring personnel are qualified for their responsibilities under the new rule.
• Maintains inspection-ready records, aligned with ISO 13485’s structure and FDA’s requirements for traceability, documentation, and evidence.

Key changes introduced by QMSR

At a high level, here’s a QMSR vs QSR overview of what changed (and what stayed) in the new regime:

• Full incorporation of ISO 13485 principles

• Stronger emphasis on risk management across all quality processes

• Updated requirements for document control and validation

• Closer alignment with global regulatory expectations

• A shift from prescriptive procedures to process- and evidence-based quality management

But let's take a more in-depth look.

The FDA QMSR final rule introduced several changes that every manufacturer should understand.

One of the biggest shifts is inspection authority: FDA can now review internal audit reports, management reviews, and supplier audits - areas previously exempt under QSR 820.180(c).

While the rule leans on ISO 13485, FDA-specific requirements remain, especially for device labeling, packaging, and other areas ISO doesn’t cover.

The rule also clarifies hierarchy: if ISO and FDA requirements conflict, the FD&C Act or FDA regulations take priority.

Records created before February 2, 2026, may still be scrutinized if they can be mapped to the new requirements. At the same time, the FDA estimates that consolidating overlapping requirements could reduce administrative burden, particularly for foreign companies.

Other updates include revised obligations for combination products, a stronger emphasis on lifecycle processes - like post-market surveillance, risk trending, and feedback loops - and a reminder that ISO 13485 certification does not replace FDA compliance.

In short, the FDA QMSR means your QMS can’t just look compliant on paper; it must be inspection-ready in practice.

QMSR vs QSR: key differences

Here’s a QMSR vs QSR visual overview:

*QSIT: Quality system inspection technique

A common misconception is that the FDA QMSR makes life easier for manufacturers.

In reality, if your QMS is already aligned with ISO 13485, the changes may feel more like a shift than an added burden. But for U.S.-only manufacturers with little ISO experience, the transition could be a heavy lift.

In short, QMSR and QSR have a lot in common, but not everything lines up, and the details matter. That’s why it’s so important to know how QMSR vs QSR differ.

ISO 13485 vs 21 CFR 820 (QSR): what's different?

Because Quality Management System Regulation (QMSR) leans on ISO 13485, it’s important to understand the key differences between ISO 13485 vs 21 CFR 820.

Many manufacturers maintain QMSs mapped to both, but the update highlights gaps you might not have noticed. Some common ones include:

Risk management

Under ISO 13485 vs 21 CFR 820, the main distinction lies in how risk is approached. ISO expects a risk-based approach across the whole QMS - design, production, post-market - while QSR addresses risk mainly in design control.

Documentation and control

ISO calls for comprehensive documentation, including procedures for all processes, document versioning, and change control. QSR focuses on key records like Device History Records and complaint files. Some QMSs built on QSR may lack the structure ISO expects.

Audit and corrective actions

In the ISO 13485 vs 21 CFR 820 framework, ISO requires regular internal audits and management review with clear inputs and outputs. QSR previously exempted some of these from inspection, but the FDA QMSR removes those exemptions, so audits and reviews must now be fully defensible.

Traceability

One key difference between ISO 13485 vs 21 CFR 820 is ISO’s emphasis on traceability between user needs, design inputs, and validation. QSR implies this linkage, but it’s sometimes underdeveloped.

Supplier control

ISO requires ongoing oversight, qualification, verification, and monitoring of external providers. QSR addresses supplier controls but is less prescriptive, leaving gaps in performance tracking and change management.

Change control and configuration management

ISO requires documenting, assessing, testing, and approving changes to products, processes, and software. QSR requires change control, too, but some procedures may be lighter than ISO expects.

Continuing improvement

In ISO 13485 vs 21 CFR 820, ISO promotes a proactive, continual improvement mindset, while QSR focuses more on reactive corrective actions.

A note for the future: if ISO 13485 is revised, the FDA may update QMSR accordingly, but for now, the current ISO version is the baseline.

The reasons behind the FDA's QMSR and ISO 13485 harmonization

You might wonder why the FDA bothered to merge these two regimes. From my experience, the benefits of this harmonization are significant. 

Running parallel QMSs for ISO audits and FDA inspections often led to duplication, inconsistencies, and extra work. Harmonizing brings everything together, which reduces administrative burden for teams. It also makes cross-border compliance much smoother, since many markets, like the EU, Canada, and Australia, require ISO 13485.

Furthermore, embedding risk management and traceability more deeply helps prevent surprises in design or post-market activities, reducing nonconformities, recalls, and 483 observations. And with FDA QMSR inspections aligned to the ISO structure, harmonization makes audits far less stressful.

Beyond that, having an ISO-aligned QMS positions your company to adapt more easily as global regulations continue to converge.

That said, FDA QSR and ISO 13485 harmonization isn’t a silver bullet - you’ll still need to navigate the unique aspects of the FDA regulation carefully.

Fun fact: The FDA estimates that aligning the U.S. medical device regulations with ISO 13485:2016 through the Quality Management System Regulation (QMSR) will result in annual cost savings ranging from approximately $532 million to $554 million.

Likewise, foreign establishments are projected to save about $176,000 annually by eliminating the need to comply with both ISO 13485 and the QSR.

ISO 13485 audit checklist

Implementation timeline (historical context)

• February 2, 2024: QMSR final rule published.
• Transition period (2024–2026): Manufacturers had to continue meeting QSR requirements while preparing for QMSR. 
• February 2, 2026: Effective date. From this day, the FDA expects full compliance with QMSR, and QSR is superseded (though some legacy references remain).
• Future ISO updates: If ISO revises 13485, the FDA may consider integrating the new version through rulemaking.

How can your team ensure and sustain QMSR compliance

Now that the FDA’s Quality Management System Regulation (QMSR) is in effect, compliance is no longer about getting ready for a future requirement. It’s about how your organization operates day to day, how defensible your quality system is under inspection, and how well it aligns with ISO 13485:2016 in practice.

One helpful way to think about QMSR compliance is as a maturity journey. Organizations that succeed tend to move through clear steps, combining planning with hard-won lessons from real audits and inspections.

Awareness and training

Ensure leadership, QA, regulatory, R&D, and manufacturing teams understand the FDA QMSR, ISO 13485:2016, and the expectations that now apply in practice.

Run internal workshops or bring in external expertise to clarify:

• How QMSR differs from the former QSR

• How ISO 13485 principles are applied under FDA oversight

• What FDA inspections look like under QMSR

Continue aligning terminology and mapping ISO clauses to your existing QMS structure. Training should be ongoing and embedded into onboarding and role-specific education.

FDA QMSR gap analysis and risk assessment

A QMSR gap analysis now focuses less on theoretical compliance and more on where your current system may be vulnerable during inspection.

Assess where your existing QMS (often still QSR-based in structure) falls short of QMSR expectations. Pay close attention to areas that commonly challenge organizations operating dual or transitioning systems, including:

• Risk management and traceability

• Supplier controls and oversight

• Audit defensibility and management review

• Documentation depth and consistency

Use this assessment to prioritize gaps based on risk and inspection impact.

System and process redesign

Update and refine procedures, strengthen document control, and realign supplier agreements to reflect QMSR and ISO 13485 principles. Focus on:

• Improving traceability from user needs through design, verification, and validation

• Ensuring internal audits and management reviews are robust and defensible

• Running mock audits using a QMSR lens

• Reviewing IT systems and eQMS tools to confirm they support the updated structure and records

The goal is not just alignment on paper, but demonstrable control in daily operations.

Pilots, validation, and monitoring

Test your updated system with pilot audits and reviews. Track metrics, gather feedback, and make improvements. Monitor readiness across teams and suppliers.

Supplier and stakeholder coordination

Communicate QMSR-related expectations to critical suppliers and subcontractors. Integrate QMSR requirements into quality agreements and assess supplier readiness where needed. Clear ownership and oversight of outsourced processes is essential under QMSR.

Ongoing readiness and continuous improvement

QMSR compliance does not have a finish line.

Conduct periodic mock FDA audits using QMSR expectations, ensure documentation remains current, and confirm all teams stay trained. Monitor FDA guidance, inspection trends, and enforcement patterns, and adjust your quality system as needed.

Need help ensuring QMSR compliance? Discover how Scilife can help you with FDA QMSR gap analysis, compliance, and more! 

How Scilife helps you with QSMR compliance

 At Scilife, we support organizations that are actively operating under QMSR, building on our experience guiding global FDA QSR and ISO 13485 harmonization and risk-reduction initiatives. We help teams strengthen compliance while reducing inspection risk and operational friction.

We can support you with:

• FDA QMSR gap analysis and roadmap planning
• Procedure development and document alignment
• Mock audits and inspection readiness
• Supplier coordination and team training
• e-QMS and software support, including trace matrices and audit modules

With the right operating model, your QMS can meet QMSR expectations while becoming more resilient, scalable, and inspection-ready, not just compliant on paper.

Discover how our QMS software for medical devices can help you make QMSR compliance easy and stress-free!