---
title: QMSR and ISO 13485: How the FDA Aligns with EU Standards
description: FDA QMSR ISO 13485 alignment explained: what changed, what stays FDA-specific, and how one QMS can serve both US and EU MDR markets.
authors: Tibor Zechmeister, Felix Lenhard
category: FDA & International Market Access
primary_keyword: FDA QMSR ISO 13485 alignment
canonical_url: https://zechmeister-solutions.com/en/blog/fda-qmsr-iso-13485-alignment
source: zechmeister-solutions.com
license: All rights reserved. Content may be cited with attribution and a link to the canonical URL.
---

# QMSR and ISO 13485: How the FDA Aligns with EU Standards

*By Tibor Zechmeister (EU MDR Expert, Notified Body Lead Auditor) and Felix Lenhard.*

> **The FDA's Quality Management System Regulation (QMSR) replaces the legacy 21 CFR Part 820 by incorporating ISO 13485:2016 by reference, with additional FDA-specific requirements layered on top. For EU manufacturers already certified to EN ISO 13485:2016+A11:2021 under MDR Article 10(9), this means a single well-built QMS can now satisfy the core of both regimes. But not automatically. Records access, complaint handling, labelling records, and the device master record still carry FDA-specific obligations.**

**By Tibor Zechmeister and Felix Lenhard.**

## TL;DR
- QMSR is the FDA's harmonised replacement for 21 CFR Part 820 and incorporates ISO 13485:2016 by reference.
- The FDA finalised the QMSR rule in early 2024 with a transition period through early 2026. 
- For MDR manufacturers already certified to EN ISO 13485:2016+A11:2021, the QMSR dramatically reduces dual-system duplication.
- Key FDA-specific additions remain: definitions alignment, records and signature requirements, complaint handling specifics, and device master record expectations.
- A single QMS can satisfy MDR Article 10(9) and QMSR simultaneously if designed to reference both regimes explicitly.
- MDSAP becomes an even more attractive option because its audit model already anticipates this convergence.

## Why this matters

For years, EU MedTech startups targeting the US have run two parallel quality systems: one built around EN ISO 13485 for MDR compliance, and one built around 21 CFR Part 820 for FDA compliance. The two were mostly similar, but similar is not the same. Teams maintained two sets of procedures, two internal audit schedules, and two risk of inconsistency every time a process changed.

The QMSR is the FDA's formal recognition that running parallel systems makes no sense when the international standard already covers most of what the agency wants. By incorporating ISO 13485:2016 by reference and layering specific FDA additions on top, the FDA has given dual-market manufacturers a cleaner path. For a startup that has not yet built a US-facing QMS, the path is now: build one QMS, document it against EN ISO 13485:2016+A11:2021, and add a short FDA delta annex.

This is a significant subtraction. Tibor has coached several startups through the transition, and the teams that treat it as a true harmonisation. Not a rebrand. Save months of duplicated work.

## What the regulation actually says

**MDR side.** Article 10(9) of Regulation (EU) 2017/745 requires manufacturers to establish, document, implement, maintain, keep up to date and continually improve a quality management system. Article 10(9) then lists elements the QMS shall address. Strategy for regulatory compliance, risk management, clinical evaluation, product realisation, management of production, verification of UDI, PMS, communication with authorities, and more. Annex IX sets out the conformity assessment based on a QMS for most classes. EN ISO 13485:2016+A11:2021 is the harmonised standard that gives presumption of conformity with the QMS requirements.

**FDA side.** The final QMSR rule was published in the Federal Register in early 2024 and amends 21 CFR Part 820 by incorporating ISO 13485:2016 by reference. The QMSR preserves certain FDA-specific requirements that the international standard does not fully address or that the agency considers necessary for US statutory compliance. These include:

- Definitions alignment. The QMSR cross-walks ISO 13485 terms with FD&C Act definitions so that words like "component", "manufacturer", and "labeling" retain their FDA meaning.
- Records and signatures. FDA-specific access and electronic records expectations, including 21 CFR Part 11 where applicable.
- Complaint handling. The FDA has historically had specific expectations under §820.198 about complaint files, MDR reportable event screening, and trending. The QMSR retains specific complaint-handling obligations beyond what ISO 13485 §8.2.2 requires on its own.
- Device master record and device history record. These concepts are preserved in QMSR because they map directly to FDA inspection practice and MDR (Medical Device Reporting, 21 CFR Part 803) connections.
- Labeling and packaging controls. FDA expectations around labelling inspection and reconciliation remain explicit.



**What the convergence means.** If your QMS already complies with EN ISO 13485:2016+A11:2021 and you have sound processes for complaint handling, design controls, management review, CAPA, and supplier controls, you are roughly 85% of the way to QMSR compliance. The remaining 15% is the FDA-specific delta: definitions mapping, records and signature expectations under 21 CFR Part 11 where applicable, DMR/DHR terminology, MDR reporting linkage, and inspection readiness for FDA investigators specifically.

## A worked example

A Vienna-based Class IIb software manufacturer already has EN ISO 13485:2016+A11:2021 certification issued by their Notified Body. Their QMS includes 23 procedures covering design controls, risk management, software lifecycle (EN 62304), clinical evaluation, PMS, vigilance, CAPA, supplier controls, and internal audits. They now want to enter the US market via 510(k) clearance.

Pre-QMSR, they would have:
1. Drafted a parallel "US QMS" mapped to 21 CFR Part 820 clauses.
2. Rewritten their design controls SOP using FDA terminology.
3. Created a separate Device Master Record concept.
4. Maintained two internal audit programmes.
5. Scheduled two management reviews per year with two agendas.

Under QMSR, they:
1. Kept their existing ISO 13485 QMS as the single source of truth.
2. Added a short "QMSR delta annex". A ten-page document that maps each QMSR-specific expectation to the relevant procedure in their existing QMS and notes any FDA-specific addition.
3. Updated their complaint-handling procedure to include explicit MDR reporting decision criteria under 21 CFR Part 803.
4. Added 21 CFR Part 11 controls to their electronic record systems where relevant to US product.
5. Cross-walked their terminology. "Design History File" was already part of their QMS alongside the ISO 13485 records; they formalised the term in the QMSR delta annex.

One QMS. One audit schedule. One management review. One training programme. The startup estimated the work at six weeks instead of four months, and their first FDA inspection readiness check showed no structural gaps.

## The Subtract to Ship playbook

**Step 1. Start with EN ISO 13485:2016+A11:2021 as your backbone.** If you are pre-certification, build your QMS against the harmonised standard. Do not try to build a Part 820-style system and retrofit ISO 13485 onto it. The direction of travel is one-way now.

**Step 2. Add a QMSR delta annex, not a parallel QMS.** The delta annex is a short document that:
- Maps each FDA-specific QMSR requirement to the clause or procedure in your ISO 13485 QMS that handles it.
- Calls out any FDA-specific terminology (DMR, DHR, MDR reporting) and explains how your existing records satisfy it.
- Identifies any process gap where your ISO 13485 implementation is lighter than QMSR expects, and closes the gap with a targeted procedure update.

**Step 3. Align complaint handling early.** The complaint handling process is where the biggest delta usually sits. Your procedure needs to screen every complaint for MDR reportability under 21 CFR Part 803 and for EU vigilance reportability under MDR Articles 87–92. Build one screening workflow that flags both jurisdictions.

**Step 4. Formalise your DMR and DHR language.** If your ISO 13485 records are already complete. Design outputs, bills of materials, specifications, test records, production records. You already have the content. Add the DMR and DHR terminology to your technical file index so an FDA investigator can find what they expect by the name they expect.

**Step 5. Assess 21 CFR Part 11 applicability.** If you use electronic records and electronic signatures for records that the FDA requires, Part 11 compliance applies. Most modern eQMS platforms are Part 11 capable; your job is to document which records and signatures are in scope and how your controls satisfy Part 11.

**Step 6. Consider MDSAP.** The Medical Device Single Audit Program already anticipated this convergence. MDSAP audits combine ISO 13485, Part 820/QMSR, Health Canada, ANVISA, and PMDA expectations into a single audit against a unified model. If you are targeting multiple markets, an MDSAP audit is often more efficient than separate audits, and it is accepted by the FDA in lieu of routine surveillance inspections.

**Step 7. Update your internal audit programme once.** Your internal audits should verify compliance with MDR Annex IX QMS requirements and QMSR in one pass. Add QMSR-specific checklist items to the relevant process audits rather than running a separate FDA audit cycle.

The subtraction move: one QMS, one delta annex, one audit plan. Do not build twins. Do not maintain parallel SOP libraries. Do not schedule two management reviews. The whole point of the QMSR is that the agency stopped asking you to.

## Reality Check

1. Is your QMS built on EN ISO 13485:2016+A11:2021 as its primary reference standard, or on a legacy Part 820 structure?
2. Do you have a single delta annex that maps QMSR-specific expectations to your existing procedures, or do you still maintain a parallel US QMS?
3. Does your complaint-handling procedure screen every complaint for both MDR vigilance reportability and FDA MDR (21 CFR Part 803) reportability in one workflow?
4. If an FDA investigator asked to see your Device Master Record for a specific product, could you produce it quickly, with FDA-recognisable terminology?
5. Are your electronic records and signatures 21 CFR Part 11 compliant where applicable to US product?
6. Is your internal audit programme structured to verify QMSR and MDR compliance in combined audits, or are you running duplicate audit cycles?
7. Have you assessed whether MDSAP makes sense given your current and planned target markets?
8. Does your management review agenda include both MDR and QMSR-specific metrics, or only one jurisdiction?

## Frequently Asked Questions

**Does the QMSR replace 21 CFR Part 820 entirely?**
The QMSR amends and replaces the substantive requirements of 21 CFR Part 820 by incorporating ISO 13485:2016 by reference and adding FDA-specific provisions. The effect is that Part 820 as the standalone rulebook is superseded by a harmonised framework. 

**When does QMSR take effect?**
The FDA finalised the rule in early 2024 with a transition period of approximately two years before enforcement. 

**If I already have MDR Notified Body certification to EN ISO 13485, am I QMSR compliant?**
You are most of the way there, but not automatically. The FDA-specific additions. Definitions, records, complaint handling, DMR/DHR terminology, Part 11 where applicable. Still need to be addressed explicitly in your QMS documentation. Think of it as the final 15%.

**Does an ISO 13485 certificate prove QMSR compliance to the FDA?**
No. The FDA does not accept an ISO 13485 certificate as a substitute for its own inspection authority. However, if your QMS genuinely complies with ISO 13485:2016 and your QMSR delta is documented, FDA inspections under the new regime will be more predictable and should produce fewer findings.

**Is MDSAP worth it for a startup?**
If you are targeting only the EU, no. If you are targeting the US, Canada, Australia, Brazil, or Japan alongside the EU, yes. MDSAP consolidates multiple audits into one and aligns with the QMSR's direction of travel. A small startup in pre-commercial stage usually waits until their first US or Canadian commercial activity is imminent.

**What is the single biggest delta from ISO 13485 to QMSR?**
Complaint handling. The FDA has historically had specific expectations about complaint file content, MDR reportability screening, and trending that go beyond the bare ISO 13485 §8.2.2 requirements. Get this process right first.

## Related reading
- [MDR QMS requirements and ISO 13485 conformity](/blog/mdr-qms-requirements-iso-13485-conformity) – how the harmonised standard maps to MDR Article 10(9).
- [FDA 510(k) vs MDR CE marking](/blog/fda-510k-vs-mdr-ce-marking) – the pathway comparison that frames QMS scope decisions.
- [MDSAP single audit, multiple markets](/blog/mdsap-single-audit-multiple-markets) – why this matters more under QMSR.
- [Build a lean QMS for MDR startups](/blog/build-lean-qms-mdr-startup) – the minimum-viable QMS that scales to dual-market.
- [FDA QSR to QMSR transition 2026](/blog/fda-qsr-qmsr-transition-2026) – the transition timeline and enforcement posture.

## Sources
1. Regulation (EU) 2017/745 on medical devices, consolidated text. Article 10(9), Annex IX.
2. EN ISO 13485:2016+A11:2021. Medical devices. Quality management systems. Requirements for regulatory purposes.
3. US FDA, Quality Management System Regulation (QMSR) final rule amending 21 CFR Part 820 (2024).
4. 21 CFR Part 803. Medical Device Reporting.
5. 21 CFR Part 11. Electronic Records; Electronic Signatures.

---

*This post is part of the [FDA & International Market Access](https://zechmeister-solutions.com/en/blog/category/fda-international) cluster in the [Subtract to Ship: MDR Blog](https://zechmeister-solutions.com/en/blog). For EU MDR certification consulting, see [zechmeister-solutions.com](https://zechmeister-solutions.com).*