On February 2, 2026, FDA's Quality Management System Regulation took effect — 21 CFR Part 820 rebuilt around ISO 13485:2016, retiring the QSR after nearly three decades. Five months in, the most dangerous assumption on device quality teams is also the most common one: we hold an ISO 13485 certificate, so we are done. You are not. The certificate was never the regulation, and FDA does not inspect against your certificate.

What the QMSR actually did

The final rule did one structural thing: it incorporated ISO 13485:2016 by reference into Part 820, replacing the QSR's standalone requirements with the standard's clauses plus a set of FDA-specific provisions. That was a harmonization decision, not a delegation. The requirements moved closer to the standard most global manufacturers already run their ISO 13485 quality system under — the enforcement model did not move at all. FDA still writes the rules, still inspects, and still issues Form 483 observations.

Feb 2, 2026
The QMSR effective date — the QSR and its two-year transition ended the same day.
ISO 13485
Incorporated by reference into 21 CFR Part 820 — FDA's device quality regulation now runs on a consensus standard's chassis.
§820.35/.45
The FDA-specific control points retained beyond the standard: records, and labeling & packaging.

Certification is not compliance

A registrar audits you against the standard, on a sampling plan, on a schedule you know about, with a commercial relationship in the background. FDA inspects you against the regulation — the standard plus everything the agency deliberately kept because it judged ISO 13485 insufficient on its own. Those additions are precisely where certified companies are exposed:

  • Control of records (§820.35). Complaint records, signature-and-date requirements, and the records FDA expects to see that the standard's documentation clauses do not spell out.
  • Labeling and packaging controls (§820.45). FDA kept dedicated labeling inspection requirements because labeling errors remain a stubborn source of recalls — and a certificate audit rarely dwells here.
  • Definitions that answer to the statute. Where ISO 13485's terms and the Federal Food, Drug, and Cosmetic Act diverge, the Act controls. Your procedures need to know which vocabulary they are speaking.
  • The vanished QSR scaffolding. DHF, DMR, and DHR give way to ISO 13485's medical device file — every SOP that still cites the old structure is citing a regulation that no longer exists.
An inspection is not an audit against your certificate. It is FDA testing whether your quality system meets FDA's regulation — including the parts no registrar ever looked at. Why the delta assessment matters

What inspections look like now

FDA has said it is retiring QSIT — the four-subsystem inspection model device companies spent twenty-five years preparing for — in favor of an approach aligned to the QMSR's structure. Treat the details as unsettled and verify the agency's current announcements before your next inspection; treat the direction as certain. Teams that rehearsed QSIT choreography instead of building genuine inspection readiness will find the new format unforgiving, because it follows the regulation's structure rather than a script you can memorize. MDSAP continues — FDA still accepts MDSAP audit reports in place of routine surveillance inspections — but MDSAP was never a substitute for for-cause or pre-approval inspections, and it is not one now.

A QMSR delta sequence you can run this quarter
  1. Map the deltas, not the overlap. Compare your QMS against the FDA-specific additions — §820.35 records, §820.45 labeling and packaging, FD&C Act definitions — not against the standard your registrar already audits.
  2. Fix records and labeling controls first. These carry the highest inspection exposure and the least certificate coverage.
  3. Rewire your QMS vocabulary. Retire QSR clause citations and DHF/DMR/DHR references; align procedures to the medical device file.
  4. Mock-inspect against the new framework. Rehearse the regulation's structure, not the retired QSIT script, and let findings drive remediation.

None of this is exotic. It is a bounded piece of work: a clause-by-clause delta assessment, a records and labeling remediation, a procedure-language sweep, and a mock inspection to prove the whole thing holds up under questioning. Companies that treat the QMSR as a documentation project will pass their registrar audit and still collect 483 observations. Companies that treat it as a quality-system operating-model question — who owns the FDA-specific requirements, and how would we know if they slipped — are the ones the effective date quietly rewarded. If you have not run the delta since the rule took effect, that is the place to start; our QMSR transition support exists for exactly this gap.

Frequently asked questions

Does ISO 13485 certification satisfy the QMSR?

No. FDA neither requires nor accepts third-party ISO 13485 certification as evidence of compliance. The QMSR incorporates the standard's requirements into 21 CFR Part 820, and FDA verifies compliance through its own inspections. A registrar's certificate covers the standard's scope — not the FDA-specific requirements the QMSR layers on top of it.

What did the QMSR keep from the old QSR?

FDA retained requirements it judged ISO 13485 did not fully cover: control of records under §820.35, including complaint records and signature-and-date requirements, and device labeling and packaging controls under §820.45. Where the standard's terms differ from the Federal Food, Drug, and Cosmetic Act, the Act's definitions control.

Did FDA inspections change under the QMSR?

FDA has said it is replacing the QSIT inspection model with an approach aligned to the QMSR's structure. Its statutory inspection authority, and the mix of routine, for-cause, and pre-approval inspections, have not changed. Confirm FDA's current inspection-program announcements before your next scheduled inspection rather than assuming the QSIT playbook still applies.

Sources & further reading

  1. FDA. Medical Devices; Quality System Regulation Amendments — Final Rule (89 FR 7496, Feb 2, 2024). federalregister.gov
  2. FDA. Quality Management System Regulation (QMSR) — overview and resources. fda.gov
  3. ISO 13485:2016. Medical devices — Quality management systems — Requirements for regulatory purposes. iso.org

This article is provided for general informational purposes and reflects the regulatory landscape as of July 2026. It is not legal or regulatory advice. Confirm current QMSR requirements and FDA inspection-program announcements with FDA or qualified counsel before acting.