FDA QMSR Is Now in Effect: What Medical Device Companies Should Do Next

If you are a medical device company and you are still preparing for FDA inspections using the old Quality System Inspection Technique guide — stop. That document was officially retired on February 2, 2026, the same day the FDA’s new Quality Management System Regulation took effect. If your inspection readiness plan is built around QSIT, it needs to be updated now.

This is the most immediate, concrete change QMSR brings, and most companies have not addressed it.

---

What Is QMSR and Why Does It Matter?

The FDA’s Quality Management System Regulation, known as the QMSR, became effective on February 2, 2026. It amends the FDA’s device current good manufacturing practice requirements in 21 CFR Part 820 and incorporates ISO 13485:2016 by reference. The goal is to harmonize U.S. medical device quality system requirements with the international standard used by most other major regulatory authorities worldwide.

That harmonization has real practical advantages. Companies already certified to ISO 13485 find their systems largely compatible with the new framework. But harmonization does not mean equivalence, and it does not mean FDA has reduced its oversight. In several specific ways, the QMSR gives the FDA more access than it had under the prior Quality System Regulation.

If your company is still operating from an old Quality System Regulation manual — or if anyone on your team refers to “QSR compliance” as though nothing has changed — now is the time for a focused review.

---

Three Changes You Need to Know About Right Now

Before the checklist, three developments that are often overlooked deserve direct attention.

1. The QSIT guide is gone. The Quality System Inspection Technique, the document FDA investigators used as their inspection roadmap for decades, was officially withdrawn on February 2, 2026. FDA has replaced it with a new Compliance Program: Inspection of Medical Device Manufacturers (CP 7382.850). If your pre-inspection preparation assumes FDA will follow the QSIT framework, that assumption is no longer valid. Your quality team and any outside counsel advising on inspection readiness need to be working from the updated program.

2. Management reviews, internal audits, and supplier audit reports are now inspectable. Under the prior Quality System Regulation, certain records — notably management review records, quality audit reports, and supplier audit reports — were shielded from FDA inspection under § 820.180(c). Those exemptions are gone in the QMSR. FDA investigators can now request and review these records during an inspection. If your management reviews have historically been informal, underdocumented, or frank in ways you would not want FDA to read, that needs to change before your next inspection.

3. ISO 13485 certification does not satisfy FDA compliance, and does not substitute for inspections. Having an ISO 13485 certificate is useful, and companies already aligned with the standard face less transition work. But FDA compliance depends on whether your company satisfies the FDA’s specific requirements under QMSR, which include obligations that go beyond ISO 13485. One important note in the other direction: if your company participates in the Medical Device Single Audit Program (MDSAP), you continue to be exempt from routine FDA inspections. That exemption has not changed.

---

QMSR Is Not Just a Name Change

Many companies still refer to “QSR compliance” because the prior regulation was known as the Quality System Regulation. The revised regulation is the Quality Management System Regulation — and while the underlying quality system requirements are substantially similar to what existed before, the framework, terminology, and inspection approach have all changed.

In practice, FDA investigators will be looking at whether your quality system is documented, implemented, and effective under the new QMSR framework. Procedures that still reference old QSR section numbers, old terminology, or old process structures can create confusion during an inspection — and confusion during an inspection rarely helps.

---

Who Needs to Pay Attention?

QMSR affects companies across the medical device supply chain, including:

• finished device manufacturers
• specification developers
• contract manufacturers
• private label distributors
• relabelers and repackagers
• importers
• component or service suppliers, depending on their role
• companies preparing for a 510(k), De Novo, PMA, or FDA inspection

The exact obligations depend on the company’s role and the device type. Some Class I devices are exempt from most quality system requirements, but even exempt devices may remain subject to complaint files, records, labeling rules, Medical Device Reporting, corrections and removals, registration and listing, and other general controls.

The right question is not simply “Are we, Class I?” The better question is: Which QMSR requirements apply to this device, this company, and this role in the supply chain?

---

What Should Medical Device Companies Review Now?

A QMSR review should be practical. The goal is to make sure the company can demonstrate to FDA that it has a functioning quality system. Here are the key areas.

1. Quality Manual and SOPs

Procedures that still cite old QSR terminology, old section numbers, or old internal responsibilities should be updated to reflect the revised 21 CFR Part 820 framework and the incorporated ISO 13485:2016 requirements. Outdated SOPs that do not match actual practice are a common finding during FDA inspections — and one FDA treats as evidence that the quality system is not properly implemented.

2. Management Responsibility and Review Records

FDA expects management to be accountable for the quality system, and management review records are now fully inspectable. That means review agendas, minutes, action items, and follow-up documentation need to be complete, accurate, and reflective of genuine quality system oversight. A small company cannot avoid these obligations by characterizing itself as lean or startup-stage. FDA will still expect documented management accountability.

3. Design and Development Controls

Design controls remain a critical area. Companies should confirm that design inputs, outputs, verification, validation, design changes, risk management, and design transfer are documented and connected. This is especially important for companies developing devices with software, sensors, AI-enabled features, connected apps, or novel performance claims.

4. Supplier Controls and Supplier Audit Records

Supplier qualification, monitoring, and audit records are now subject to FDA review. Companies should assess whether they have evaluated suppliers, defined purchasing requirements, and maintained appropriate controls over outsourced processes — and whether those records are documented well enough to withstand FDA inspection. A contract manufacturer does not eliminate the brand owner’s FDA responsibilities.

5. Complaint Handling and CAPA

Complaint files and CAPA remain central to FDA inspections. Companies should review whether they have a clear process for identifying complaints, evaluating whether a complaint triggers MDR obligations, investigating failures, documenting decisions not to investigate, escalating trends, opening CAPAs when appropriate, and verifying that corrective actions were effective. A common mistake is treating complaints as customer service issues only — FDA views complaints as quality system data.

6. Labeling and Claims

Quality system compliance does not cure unlawful labeling or unsupported claims. Device companies should separately review labels, instructions for use, websites, social media, Amazon listings, distributor materials, and sales scripts. Claims can affect classification, premarket requirements, and enforcement risk independently of the quality system.

---

What If FDA Schedules an Inspection?

If FDA contacts your company to schedule an inspection, do not wait until the investigator arrives to review your quality system.

Promptly assess whether registration and listing are current; whether quality procedures reflect the QMSR framework; whether complaint and MDR files are organized; whether CAPA records are complete; whether supplier and audit files are current; whether labeling matches cleared, exempt, or authorized claims; whether prior audit findings were corrected; and who will interact with FDA during the inspection and what authority they have to make commitments on the company’s behalf.

FDA inspections move quickly. A company that is organized before the inspection begins is in a substantially stronger position than a company trying to reconstruct records after the investigator requests them.

---

Practical Takeaway

The QMSR is now the governing framework for FDA medical device quality system compliance. The old QSR is gone. The QSIT inspection guide is retired. Management reviews, internal audits, and supplier audit records are now open to FDA review. If your quality system documentation, inspection preparation, and management review practices were built around the prior framework, a targeted QMSR gap assessment is the right next step.

For companies preparing to launch, import, manufacture, private label, or respond to an FDA inspection, that review may be the difference between a manageable compliance project and a Warning Letter or Form 483 observation that is difficult to explain.

Not sure whether your medical device quality system is ready for the QMSR? Contact FDA Atty to discuss a gap assessment before FDA schedules an inspection. You can also learn more about our medical device regulatory services.

---

Frequently Asked Questions

What is the difference between QMSR and QSR? The Quality System Regulation (QSR) was the prior version of 21 CFR Part 820. The Quality Management System Regulation (QMSR) is the updated version, effective February 2, 2026. The most significant structural change is that the QMSR incorporates ISO 13485:2016 by reference rather than restating each requirement in full. The underlying quality system obligations — design controls, CAPA, complaint handling, supplier controls, labeling controls — are substantially similar, but the framework, terminology, and inspection approach have all changed.

Does ISO 13485 certification satisfy FDA’s QMSR requirements? No. An ISO 13485 certificate may indicate that your quality system is largely aligned with the new framework, but FDA compliance depends on satisfying the specific requirements of the QMSR, including FDA-specific obligations that go beyond ISO 13485. ISO certification does not substitute for FDA inspections, and FDA inspectors will not accept a certificate in place of demonstrating QMSR compliance. The one meaningful exception is MDSAP: companies participating in the Medical Device Single Audit Program remain exempt from routine FDA inspections.

When did the QMSR take effect? February 2, 2026. On that date, the old Quality System Regulation was replaced by the QMSR, and FDA began using its new inspection compliance program (CP 7382.850) in place of the prior Quality System Inspection Technique (QSIT).

What changed with FDA device inspections under QMSR? FDA’s longstanding QSIT inspection guide was officially retired on February 2, 2026. FDA now follows the updated Inspection of Medical Device Manufacturers Compliance Program (CP 7382.850). Additionally, records that were previously shielded from FDA inspection — including management review records, internal quality audit reports, and supplier audit reports — are now accessible to FDA investigators. Companies whose internal audit and management review documentation was not prepared with FDA access in mind should review and update those records.

Which companies are subject to QMSR? The QMSR applies broadly across the medical device supply chain, including finished device manufacturers, specification developers, contract manufacturers, private label distributors, relabelers, repackagers, and importers. Some Class I devices are exempt from most quality system requirements, but exemptions are device-specific and do not eliminate all obligations. If you are unsure which requirements apply to your device and company role, a regulatory classification and compliance assessment is the right starting point.

---

This post is intended for general informational purposes and does not constitute legal advice. Regulatory compliance requirements are fact-specific. Contact an FDA regulatory attorney for advice specific to your situation.