TalkFDA

Think You’re Ready for QMSR 2026? Think Again.

QMSR looks simple until inspections replace QSIT. Miss a nuance and records, risk, or labeling sink audits. This guide maps ISO 13485 into Part 820, explains the new playbook, and includes gap and internal-audit checklists.

If you’ve been in medical devices long enough, you’ve seen regulations evolve. But this time, it’s different. After nearly three decades, the FDA is retiring the Quality System Regulation (QSR) and ushering in the Quality Management System Regulation (QMSR), a complete modernization of 21 CFR Part 820.


Effective February 2, 2026, this change will reshape how manufacturers think about compliance, documentation, and risk itself.


And because preparation can’t wait, TalkFDA has also released two free tools to guide your team through the transition:

 FDA QMSR & ISO 13485:2016 Internal Audit Checklist and
QMSR Gap Assessment Checklist.
(You’ll find both links at the end of this article.)
Write your awesome label here.

A Regulation Rewritten, Not Recycled

The FDA’s QMSR isn’t a surface-level alignment with ISO 13485:2016! It’s a strategic rebuild.
It keeps the familiar foundation of Part 820 but “incorporates by reference” ISO 13485, effectively weaving global best practices into U.S. law.

The rewrite compresses what was once sprawling into just a few focused provisions:

§ 820.1

Scope

§ 820.3

Definitions

§ 820.7

Incorporation by Reference

§ 820.10

Requirements for a Quality Management System

§ 820.35

Control of
Records

§ 820.45

Device Labeling and
Packaging Controls

Gone are the older subparts that defined management, design, document, and purchasing controls in separate silos. The QMSR assumes you’ll find those requirements inside ISO 13485, and expects you to prove your integration.

But the change goes beyond structure.

Key terminology has shifted:

  • DMR, DHR, and DHF → MDF (Medical Device File). One integrated file, not three, holding design, manufacturing, and traceability records.
  • Management Reviews → Inspection-eligible. FDA can now examine management-level quality records once considered internal.
  • Internal Audits → Mandatory evidence. Documentation of audit planning, execution, and corrective actions will be reviewable.
  • Risk Management → Lifecycle-wide. ISO 14971:2019 risk thinking must now extend through production, post-market, and feedback loops, not just design.

This isn’t a vocabulary update. It’s a cultural one.

From QSIT to CPG: The New Inspection Mindset

Since 1999, the FDA’s Quality System Inspection Technique (QSIT) has been the standard audit model built around four pillars: Management Controls, Design Controls, CAPA, and Production Controls.


That model is being retired.

Under QMSR, the FDA will operate through an updated Compliance Program Guide (CPG) — a new inspection philosophy that blends ISO 13485 principles with the agency’s enforcement expectations.

Expect to see:
  • Risk Management Files front-and-center during inspections.
  • Labeling and Packaging Controls (§ 820.45) elevated after years of recall data tied to labeling errors.
  • Record Controls (§ 820.35) tightening — management reviews, supplier audits, CAPA logs, all now subject to direct FDA scrutiny.
Write your awesome label here.
Even if your organization already holds ISO 13485 certification, remember:

ISO certification ≠ FDA compliance.
QMSR inspections will not issue ISO certificates, nor will existing ISO certificates exempt you from FDA audits.

Your upcoming seminar will demystify how investigators are being trained, what they’ll look for, and how you can anticipate those focus areas long before 2026

Critical Gaps You Can’t Ignore

In QSR → QMSR Gap Analysis, the Three key gaps that were identified, demand immediate attention
High-priority areas include redesigning supplier qualification, moving from training logs to competency-based evaluation, and integrating customer-feedback loops — now an explicit expectation, not a nice-to-have.

These aren’t optional adjustments. They determine how “ready” your QMS actually is when the countdown ends.

Risk Management

Implement ISO 14971:2019 across all lifecycle stages, not just design.

Management Review

Records must now be complete, documented, and ready for FDA inspection.

Internal Audits

Audit outcomes must be formally recorded and retained for regulatory review.

Why 2026 Isn’t Just a Date

  • The FDA’s message is simple: two years is enough.
  • For companies, that means mapping every QSR process to ISO 13485, redefining documentation flow, retraining staff, and embedding risk thinking before enforcement starts.
  • Waiting until end of 2025 means competing for scarce auditors, consultants, and attention, while regulators finalize their inspection updates.
  • Early movers, on the other hand, will enter 2026 with confidence and predictability.
  • Think of this less as a compliance project and more as a strategic advantage.
  • The organizations that adapt early won’t just “pass audits”, they’ll run smarter, faster, and more globally aligned quality systems.

Free Resources for Your Transition

  • A structured framework for verifying readiness across documentation, processes, and management systems.
  • A guided worksheet mapping critical, high-priority, and medium-priority gaps in your existing QSR against QMSR expectations.
  • Get your unlimited access to expert-led Lifesciences courses, articles, tools & more. Trusted by 30,000+ professionals, worldwide.

Final Word (If You’re Still Reading)

In 1996, QSR defined how the industry worked.

In 2026, QMSR will define how it thinks.


Compliance has evolved from paperwork to proof. From reactive correction to proactive prevention.

The real question now isn’t whether you’ll be compliant. It’s how mature your system will be when the FDA knocks.


The countdown is on.

And readiness starts here → The FDA QMSR and the Key Elements of QSIT cGMP Inspection and Audits for Medical Device Manufacturers