Published On: 19. February 2026

QMSR as of February 2, 2026: What the new FDA quality management regulation means for medical device manufacturers

On February 2, 2026, a regulatory change came into force in the USA that will affect medical device manufacturers worldwide: the previous Quality System Regulation (QSR) will be replaced by the Quality Management System Regulation (QMSR). With this step, the US FDA is making a long overdue paradigm shift and adopting ISO 13485:2016 as a binding reference standard for the first time. For manufacturers operating in both Europe and the USA, this initially sounds like a welcome simplification. However, while harmonization does indeed bring benefits, it also creates new requirements for documentation, risk management and QMS structure.

Find out everything you need to know now in our blog post.

What is the QMSR and why is it coming now?

The Quality Management System Regulation is the revised version of 21 CFR Part 820 and was published in the Federal Register on February 2, 2024. The core of the QMSR is the adoption of ISO 13485:2016 “by reference”. This means that the international standard is now a legally binding part of the US requirements.

The FDA justifies the change with three central objectives: firstly, harmonization with other regulatory authorities such as the EU, Canada and MDSAP countries, secondly, the reduction of duplication of work for globally active manufacturers and thirdly, the modernization of quality requirements. The previous QSR from 1996 had hardly changed for almost three decades and was increasingly at odds with internationally established standards.

The most important changes at a glance

  • ISO 13485:2016 as a central reference: In future, the majority of 21 CFR Part 820 will refer directly to the corresponding sections of the ISO standard. Many sections are marked as “Reserved” and refer to ISO 13485. However, the FDA has specifically added areas in which it imposes requirements that go beyond ISO 13485, such as record-keeping obligations, labeling and supplier management. Traditional FDA terms such as Device Master Record (DMR), Device History Record (DHR) and Design History File (DHF) are replaced by the internationally used Medical Device File (MDF).
  • Risk management permeates the entire QMS: Under the previous QSR, risk management was primarily located in the design and development process. The QMSR now explicitly requires a risk-based approach across all QMS processes, from supplier selection and change management to post-market surveillance. In terms of content, the FDA refers to ISO 14971 and requires risk assessments to be documented and incorporated into decision-making processes. Inspection strategies should be based on the risk profile, suppliers must be classified based on risk and CAPAs must be prioritized according to risk.
  • Greater management responsibility: The QMSR significantly tightens the requirements for top management. Management responsibility, resource allocation and management assessments must be documented more clearly. There is also an increased focus on competence and training: manufacturers must prove that their personnel are qualified and understand the relevance of their own activities for product quality and patient safety. One important point: internal audits, supplier audits and management reviews are no longer exempt from FDA inspections.
  • Process-oriented inspections instead of QSIT: The FDA is moving away from the classic Quality System Inspection Technique (QSIT) approach and will in future focus on ISO-typical, process-oriented audits. The focus will be on system effectiveness, process interactions and continuous improvement. “Check-the-box” compliance is no longer enough; inspectors want to understand the thinking behind the system.

International harmonization as an opportunity

One of the biggest advantages is the convergence with international standards. Manufacturers who already operate an ISO 13485-compliant QMS no longer have to maintain two parallel documentation structures. This harmonization also facilitates participation in the Medical Device Single Audit Program (MDSAP), in which a single audit is recognized by several authorities.

However, caution is advised: ISO 13485 certification alone does not guarantee QMSR compliance. The FDA has made it explicitly clear that it does not accept ISO certificates as a substitute for its own compliance assessments. Manufacturers must also fulfill FDA-specific requirements that go beyond ISO 13485.

What manufacturers should do now

When the QMSR comes into force, manufacturers should prioritize the following steps:

  • Carry out a gap analysis and systematically compare your current QMS with the QMSR requirements.
  • Expand your risk management processes across all QMS areas and document how risk assessments are incorporated into decisions.
  • Update your documentation to reflect the new terminology and ensure that all references to 21 CFR Part 820 are correct.
  • Prepare internal audits and management reviews for FDA inspections and train your staff on the changes.

The new requirements place increased demands on documentation. Manufacturers must be able to provide consistent evidence of risk assessments, supplier controls, CAPA processes and post-market data. This documentation must not only be complete, but also auditable and traceable at all times.

Conclusion: QMSR as an opportunity for more efficient quality processes

The Quality Management System Regulation presents medical device manufacturers with new challenges, but at the same time offers the opportunity to modernize and internationally harmonize quality processes. Those who see the QMSR not as a bureaucratic hurdle but as an opportunity to optimize processes can benefit from it in the long term.

Digital documentation systems such as BAYOOSOFT Themis support you in efficiently implementing the complex requirements. With process-guided document creation, end-to-end traceability and audit-proof versioning, you create the basis for a future-proof QMS that not only meets regulatory requirements, but also makes your daily work easier.

This is how we support you

With BAYOOSOFT Themis, you can digitize linked processes and sustainably reduce documentation costs while minimizing redundant data. This allows you to keep track of your required evidence and documents when it comes to performance evaluation and thus comply with the regulations.

BAYOOSOFT Themis

FAQ on the QMSR

The Quality Management System Regulation (QMSR) has been in force since February 2, 2026. From this date, the FDA will enforce the new requirements and carry out inspections in accordance with QMSR standards. The final regulation was published on February 2, 2024, giving manufacturers a two-year transition period.

No. ISO 13485 certification alone does not automatically fulfill all QMSR requirements. The FDA has made it explicitly clear that it does not accept ISO certificates as a substitute for its own compliance assessments. In addition to ISO 13485:2016, manufacturers must meet the specific FDA requirements of the QMSR, particularly in areas such as record-keeping requirements, labeling, packaging, UDI (Unique Device Identification), MDR notifications and corrections & removals.

The QMSR adopts ISO 13485:2016 as the central reference standard, replacing the previous QSR structure. Key differences include: the integration of risk-based thinking across all QMS processes, the replacement of traditional terms such as DMR, DHR and DHF with Medical Device File (MDF), stricter requirements for management responsibility and competence, and the elimination of the exception for internal audits and management reviews during FDA inspections. In addition, the FDA is switching from the QSIT methodology to process-oriented inspection approaches.

Manufacturers should adapt their documentation in good time in order to be QMSR-compliant. FDA inspections are conducted according to QMSR standards. However, the FDA has clarified that records created before the deadline will remain part of the inspection scope. A gap analysis and gradual changeover is recommended, especially for manufacturers who have previously only worked according to QSR.

The FDA has replaced the Quality System Inspection Technique (QSIT) with a new, QMSR-oriented inspection approach. The revised Compliance Program Manual focuses on risk-based assessments of the entire system instead of subsystem audits. Inspectors will increasingly check whether risk management is implemented consistently, whether processes are linked in a meaningful way and whether management reviews and internal audits demonstrate system effectiveness. The FDA expects manufacturers not only to document processes, but also to be able to demonstrate the underlying thinking and risk-based decision-making.

No, the QMSR only applies to medical device manufacturers who market or wish to market their products in the USA. European manufacturers without US market activities remain subject to the EU requirements (MDR/IVDR) and ISO 13485. However, harmonization with ISO 13485 also offers European manufacturers advantages if they wish to enter the US market in the future, as they can already build on a comparable basis.

The QMSR also explicitly applies to contractors, repackaging service providers and foreign first distributors. Suppliers must be assessed, selected and monitored on a risk basis. The scope and depth of inspections, audits and incoming goods inspections must be derived directly from the supplier’s risk and performance assessment. Important: Supplier audit reports can now be viewed by the FDA during inspections. Manufacturers should therefore ensure that their supplier management processes are professionally documented.

Most manufacturers can adapt their existing QMS instead of setting up a completely new system. A thorough gap analysis is crucial to identify where gaps exist between the current system and QMSR requirements. Manufacturers who already work according to ISO 13485 have a good starting point and primarily need to add FDA-specific requirements. Manufacturers who have only worked according to QSR so far should check whether their system needs to be expanded in areas such as risk management, external document control and data analysis.

Is your company looking for a strong partner for management software solutions?

Contact us now and we will introduce you to our products without obligation.

Klingt spannend? Teilen Sie diesen Beitrag doch mit Ihrem Netzwerk.

Is your company looking for a strong partner for management software solutions?

Contact us now and we will introduce you to our products without obligation.