DE: Beratung Zulassung und Zertifizierung von Medizinprodukten EN: Consulting and Certification Medical Device

FDA QMSR 2026: The most important things to know right now

  • Reading Time: approx. 4 Minutes

Update: The FDA QMSR is official

The new FDA Quality Management System Regulation (QMSR) has been in effect since February 2026.

Back in November, in our article on the FDA QMSR for medical devices, we explained why the new regulation is crucial for medtech companies with US business and how it differs from the previous 21 CFR Part 820.

Since the beginning of February 2026, medical device manufacturers who distribute products in the US or seek FDA approval must fully comply with the requirements of the QMSR.

Parallel to the entry into force of the regulation, the FDA has updated several guidances and regulatory processes that are relevant for manufacturers in the US market.

What is the FDA QMSR?

The FDA’s Quality Management System Regulation (QMSR) replaces significant parts of 21 CFR Part 820, the previous Good Manufacturing Practice (GMP) for medical devices in the US. The QMSR is now closely aligned with ISO 13485:2016 and integrates its requirements directly into US regulations.

This has significant implications, especially for European manufacturers who are already certified to ISO 13485. Their existing QMS structures are closer to the target than ever before. At the same time, the regulation creates new requirements in areas such as documentation, risk monitoring, and cybersecurity.

Detailed background information on the QMSR can be found in our article from November 2025. This article focuses on developments since the regulation came into force.

What are the three most important FDA updates in the wake of the QMSR?

With the QMSR taking effect, the FDA has amended several important guidances. These relate in particular to cybersecurity, software validation, and submission processes.

Cybersecurity in medical devices

The FDA published the revised guidance document “Cybersecurity in Medical Devices: Quality Management System Considerations and Content of Premarket Submissions.” The adjustments are mainly formal in nature and serve to harmonize with QMSR terminology. In terms of content, the requirements for cybersecurity evidence in premarket submissions remain largely unchanged.

Computer Software Assurance (CSA)

The guidance on “Computer Software Assurance for Production and Quality Management System Software” has been revised again. This affects all companies that use or validate software in production or quality management systems.

eStar program

The FDA eStar (Exempt from Substantial Equivalence) program has been administratively adapted to the QMSR requirements. For manufacturers who use this simplified approval route, this means that existing submission documents and process flows must be reviewed for compliance with the updated requirements.

Why European manufacturers now have an advantage

The QMSR brings FDA requirements closer to ISO 13485:2016. For European medical device manufacturers who are already ISO 13485 certified, the QMSR can represent a strategic opportunity to enter the US market, as the structural basis for QMSR compliance is often already in place.

Frequently asked questions about the FDA QMSR

The QMSR is mandatory as of February 2, 2026, for all medical device manufacturers who sell products in the US or want to enter the US market.

The QMSR replaces significant parts of 21 CFR Part 820 and is strongly based on ISO 13485:2016. New additions include more explicit requirements for cybersecurity, risk monitoring, and documentation structure.

No. ISO 13485 certification remains valid and provides a good basis for QMSR compliance. However, specific QMSR requirements must be addressed separately.

The duration depends on the scope of your existing QMS and the number of products you have. WQS offers customized gap analyses with a clear action plan.

How WQS supports you in QMSR implementation

WQS Management Consultants has been assisting medical device manufacturers with approval and certification in Europe and the US for many years. Our consultants are familiar with the European MDR/ISO 13485 as well as the US FDA requirements.

For QMSR implementation, we offer:

  • Gap analyses for QMSR compliance
  • Compliance strategy & action plan
  • Documentation update
  • Cybersecurity review
  • Preparation and optimization of FDA submissions
  • Audit preparation

Further information can be found in this information brochure.
Do you have questions about QMSR compliance or FDA market entry? Contact us.
We support you from gap analysis to successful submission.

FDA QMSR 2026: The most important things to know right now

Sources:

  1. Computer Software Assurance Guidance: https://www.fda.gov/media/188844/download
  2. FDA eStar-Programm: https://www.fda.gov/medical-devices/how-study-and-market-your-device/estar-program

Support for US companies to enter the European market. EU Rep, Certification, QM System, Technical Documentation, support of the Procedure, selection of a Notified Body, support of the Certification Procedure, preparation of a Clinical Evaluation, support of Clinical Studies, including the Logistical Concepts.

HOTLINKS

Contact

WQS Management Consultants Inc
136 4th Street north, Suite 201
St Petersburg, Florida 33701

Telefon: (925) 212-7683
Email: werner@us.wqs.de
Web: us.wqs.de

Instagram Linkedin

Did you know?

Copyright 2024 WQS Management Consultants GmbH – All rights reserved