21 CFR Part 820 vs FDA QMSR: What Medtech Startups Need to Know

The FDA QMSR became effective February 2, 2026. If you are building a medical device and have not updated your quality management system to reflect the new regulation, you are already behind. The Quality Management System Regulation — the QMSR — is not a minor amendment. It replaces the legacy 21 CFR Part 820 framework that has governed device quality systems since 1996, and it changes the structural expectations FDA brings to every QMS review, including 510(k) submissions.

For medtech startups in particular, where the QMS is often being built from scratch alongside the device itself, the shift to QMSR represents both a risk and an opportunity. Get it right from the start, and you build a QMS that FDA reviewers recognize. Get it wrong, and you spend months restructuring documentation before your first submission.

What Is the QMSR?

The Quality Management System Regulation — codified at 21 CFR Part 820 but substantially rewritten — is FDA's final rule harmonizing domestic device quality system requirements with ISO 13485:2016. The rule was finalized in early 2024 and became mandatory on February 2, 2026.

The core strategic shift: instead of prescribing specific procedures, the QMSR adopts a performance-based approach that incorporates ISO 13485:2016 by reference. FDA did not simply rewrite Part 820 — it restructured the entire regulatory expectation around the ISO framework that the global medical device industry already uses. This means if your QMS is already ISO 13485-compliant, you are substantially QMSR-compliant. But the details matter, and several areas received specific FDA emphasis that goes beyond the ISO standard.

See our full regulatory reference on FDA QMSR compliance requirements for the complete clause mapping.

What Actually Changed from Part 820 to QMSR

Understanding the delta between Part 820 and QMSR is the starting point for your gap assessment. Here are the five most operationally significant changes:

1. Performance-Based Requirements Replace Prescriptive Procedures

Under the old Part 820, FDA specified the procedures you needed to have. Under QMSR, FDA specifies the outcomes your QMS must achieve, and your documented processes must demonstrate how you achieve them. This gives organizations more flexibility — but it also requires more sophisticated documentation. You cannot just check a procedure box; you must demonstrate that the procedure actually works.

2. Risk Management Is Now Explicit

The QMSR explicitly integrates ISO 14971:2019 risk management throughout the quality system. Risk management is no longer a standalone activity that feeds into design verification — it must be threaded through your entire QMS, from design inputs through post-market surveillance. If your risk management process does not reference ISO 14971, your QMS does not meet QMSR.

3. Design Transfer Is Formalized

Under legacy Part 820, design transfer was addressed but not deeply formalized. Under QMSR, design transfer — the process of ensuring that your device design can be consistently manufactured — requires explicit documentation and controlled procedures. This is directly relevant to your DHF and DMR structure.

4. Post-Market Feedback and Surveillance Strengthened

QMSR strengthens the requirement for post-market data to feed back into the design and risk management process. Complaint handling alone is no longer sufficient — you must have a structured surveillance mechanism that captures field data and evaluates it against your design inputs and risk management outputs.

5. Electronic Records Requirements Updated

QMSR updates the electronic records expectations to reflect how modern device companies actually operate. This affects how you structure your QMS platform, your audit trails, and your electronic signature workflows.

What Stayed the Same

Before you panic about a complete rebuild, note what has not changed. The foundational structure of the device QMS remains intact:

• The Design History File (DHF) and Device Master Record (DMR) are still required
• CAPA — Corrective and Preventive Action — is still required and still central
• Management review is still required with defined inputs and outputs
• Supplier controls, internal audits, and training records are still required
• Device labeling controls, production controls, and inspection/testing records remain

If you had a well-structured Part 820 QMS, the skeleton is intact. The QMSR work is in updating the framing, adding the ISO 14971 integration, and formalizing design transfer.

What It Means for 510(k) Submissions

This is where QMSR has immediate, practical impact for startups. FDA reviewers evaluating 510(k) submissions now expect QMS documentation aligned to QMSR — not legacy Part 820. This affects two specific areas:

DHF structure. The Design History File is one of the most scrutinized elements of a 510(k). Under QMSR, the DHF must clearly demonstrate not just that design controls were followed, but that risk management was integrated throughout, that design transfer is documented, and that design inputs and outputs are traceable to verification and validation records. Reviewers are looking for the ISO 13485 clause logic, not just the old 820.30 checklist.

Risk management documentation. If your 510(k) does not include ISO 14971-structured risk management records, expect questions from your reviewer. The risk management file — including the risk management plan, hazard analysis, risk evaluation, and residual risk assessment — needs to be coherent and complete.

Practical Action Plan for Startups

If you are building your QMS now, here is the sequence that gets you QMSR-ready without wasting effort on legacy structures:

For medical device startups building their first QMS, the QMSR transition is actually a gift: you can build to the right standard from day one, without inheriting the legacy Part 820 artifacts that existing companies now have to update.