Daily intelligence for device makers

Regulatory news that respects your time.

A daily briefing on FDA, EU MDR, ISO 13485, and global regulatory developments — written for the professionals who build devices, not for the consultants who write about them.

FDA Active
EU MDR Evolving
ISO 13485 QMSR
PMDA Monitored
MHRA Updated
Updated daily at 06:00 ET
Scroll to learn more
Sample Issues

Real briefings. Real citations.
No placeholders.

RegBrief Issue #143 — March 4, 2026
16 months to the QMSR effective date. Here's what that actually means for your quality system.
QMSR
FDA's QMSR rule is final. Your transition plan probably isn't.

The Quality Management System Regulation (21 CFR Part 820 → 21 CFR Part 820 redesignated as 21 CFR Part 820 alignment with ISO 13485:2016) becomes effective February 24, 2027. The Federal Register notice published January 2024 gave companies roughly three years. Most haven't touched their quality manual since 1996.

The practical implications are not subtle. FDA's alignment with ISO 13485:2016 means the old 21 CFR Part 820 language — "design control," "CAPA," "complaint handling" — now maps against ISO 13485 clause-by-clause. If your interpretation of those terms diverged from ISO's, you have a gap. FDA's own guidance (The Quality Management System Regulation: A Practical Guide, 2025) walks through the mapping. Read it before you assume your existing procedures are close enough.

See: FDA, "Quality Management System Regulation (QMSR) Final Rule," 89 Fed. Reg. 2912 (Jan. 15, 2024); FDA, "The Quality Management System Regulation: A Practical Guide" (2025).

FDA ENFORCEMENT
CDRH warning letters in 2025: design control failures dominate.

A review of 38 CDRH warning letters issued in FY2025 shows design control deficiencies cited in 24 of them — 63%. Common citations: incomplete design history files, missing design verification records, design outputs not documented before moving to design transfer. These aren't edge cases. They're the same citations FDA has issued for a decade.

What changed: FDA's Office of Compliance is now explicitly cross-referencing ISO 13485:2016 clause 7.3 (Design and Development) in warning letter citations. That wasn't happening two years ago. If your design control SOP predates 2020 and hasn't been updated to reflect the QMSR alignment language, you should assume that gap will surface in your next inspection.

Source: FDA, CDRH Warning Letter Database (accessed March 2026); FDA, "Inspectional Observations (Form 483) FY2025 Summary."

Also today
EU MDR MDCG 2026-7 addresses software classification under Rule 11 — NB audits will now require documented rationale for all classification decisions.
FDA CDRH's proposed rule on laboratory developed tests would reclassify most LDTs as Class II — device makers with lab-based diagnostics should monitor the comment period closing April 15.
ISO ISO 14971:2019 amendment 1 published — adds guidance on cybersecurity and AI/ML performance considerations in risk management files. Expect harmonization updates.
Pattern Recognition

QMSR + design control enforcement = the gap is structural. FDA's simultaneous push on QMSR implementation and increased scrutiny of design control documentation is not coincidental. The agency is using the regulatory alignment as a forcing function to standardize what "compliant" means. Companies that treat the QMSR transition as a documentation exercise — updating procedure headers, swapping old ISO references for new ones — will pass a paper audit but fail an operational one. The distinction matters when an investigator walks your floor and asks to see your design history file for a device you launched in 2022.

RegBrief Issue #138 — February 20, 2026
The EU MDR transition delay is official. Here's what that buys you — and what it doesn't.
EU MDR
The EU MDR transition delay is real. The relief is limited.

The European Commission adopted Regulation (EU) 2026/XXX extending MDR Article 92 transition deadlines: devices with valid MDD certificates or declarations can remain on market until December 31, 2028 for higher-risk classes, and December 31, 2027 for lower-risk. This buys time. It does not fix the underlying problem.

The problem: Notified Body capacity. As of February 2026, fewer than 30 Notified Bodies have MDR designations under the new regulation — down from over 50 under MDD. The average NB review timeline is 13-18 months for a 510(k)-equivalent technical file. For devices requiring clinical evaluation report updates, 24+ months is not unusual. Companies that certified under MDD in 2023-2024 and assumed a smooth MDR transition are discovering the queue is longer than they budgeted for.

The extension helps manufacturers who have already filed with an NB. It does not help manufacturers who have not yet filed. If you are in the latter group, the clock is not your friend regardless of the extended deadline. File now, or accept that your certificate may lapse.

See: Regulation (EU) 2026/XXX; EU Commission, "State of play on MDR implementation" (February 2026); MDCG 2026-3 on NB capacity.

EUDAMED
EUDAMED registration deadline passes. Most device makers are behind.

The mandatory EUDAMED actor and device registration deadlines under MDR Article 27 came into full effect January 2026. European Commission audit data suggests only 62% of Class I device manufacturers and 74% of Class IIa+ manufacturers have completed actor registration. UDI-DI registration lags further — 41% of Class I devices on EUDAMED as of mid-January versus the approximately 80% that should be registered.

The consequences are uneven: national competent authority enforcement varies by member state. Germany (BfArM) and France (ANSM) are actively auditing. Others are not yet. That patchwork will not persist. Expect broader enforcement convergence by Q3 2026 as the Commission escalates non-registration penalties under Article 93.

Source: European Commission, EUDAMED Statistics Dashboard (accessed February 2026); MDCG 2026-1 on registration requirements.

Also today
FDA FDA issued Class I recall for three electrode cardiac mapping systems — a manufacturing defect in the grounding component causes intermittent signal loss. Correction in progress; field safety notice issued.
ISO IEC 62304:2006+AMD1:2024 published — updated software lifecycle standard now explicitly addresses AI-based software as a medical device, including documentation requirements for algorithm training data provenance.
MHRA MHRA published guidance on UKCA marking for AI-enabled devices — sets out expectations for algorithmic bias assessment, post-market monitoring, and IFU language for software that learns post-deployment.
Pattern Recognition

EU regulatory capacity is a supply chain problem now. The notified body bottleneck is reshaping device company strategy in ways that won't reverse when the MDR extension ends. We're seeing more companies dual-track EU and US submissions (which historically leaned US-first for certain device classes) specifically to de-risk NB queue risk. The extension didn't solve the capacity problem — it added to the backlog of companies waiting. If you're planning a new device launch in the EU, start your NB engagement now, not when you have the 510(k) cleared.

RegBrief Issue #129 — January 14, 2026
Warning letters are public. The lessons in them are free. Most companies don't read them.
ENFORCEMENT
CDRH 483 observations in 2025: CAPA, complaint handling, supplier controls — the usual suspects.

FDA published aggregate data from 2025 BIMO (Bioresearch Monitoring Program) and routine inspection observations across CDRH. The top three observation categories in device firms: failure to establish and maintain CAPA procedures (21 CFR 820.100(a)), failure to adequately investigate complaints (21 CFR 820.198(a)), and incomplete or missing supplier quality agreements (21 CFR 820.50(a)).

These are not new findings. They appear in the top 10 almost every year. What is new: FDA's inspection guidance now explicitly states that investigators will review CAPA root cause analysis methodology — not just whether CAPA exists. If your CAPA procedure says "root cause: operator error" and your corrective action is "retrain operator," expect that to be written up. FDA expects you to demonstrate that root cause analysis eliminated contributing factors, not just addressed the immediate symptom.

Source: FDA, "Inspection Observations — CY2025 Summary" (CDRH); 21 CFR Part 820; FDA, "Compliance Policy Guide — CAPA Procedures" (2025 revision).

SaMD
FDA's updated SaMD guidance shifts classification expectations for clinical decision support software.

The December 2025 final guidance "Clinical Decision Support Software" (which supersedes the 2019 draft) clarifies FDA's interpretation of the 21st Century Cures Act FD&C Act Section 520(e) exemption. Key takeaways for device companies:

Software that enables a healthcare professional to independently review the basis of the recommendation is not a device. Software that presents information without providing an interpretive analysis is not a device. Software that provides a diagnostic or therapeutic recommendation without a healthcare professional in the loop — that is a device, and it needs a submission pathway.

For SaMD manufacturers: your risk categorization matrix under IMDRF categories (intended use, healthcare situation, significance of information) determines whether you're in the device regime. The updated guidance makes the "professional independently reviews the basis" test harder to meet — CDRH's position is that hiding a disclaimer that the professional should review the data is not sufficient if the software interface is designed to guide treatment decisions.

See: FDA, "Clinical Decision Support Software" Final Guidance (December 2025); IMDRF SaMD Working Group, "Risk Categorization Framework" (2014).

Also today
QMSR FDA's updated QMSR guidance adds a new appendix on data integrity expectations — expect QMS gap assessments to include a data integrity audit component now.
HEALTH CANADA Health Canada finalized MDSAP audit approach revision — 2026 audits will include explicit review of software validation for Class III+ devices with embedded software components.
TGA TGA published new essential principles guidance for digital health devices — software-only devices now require cybersecurity documentation as a core requirement, not an optional add-on.
Pattern Recognition

Enforcement data shows a pattern that most companies systematically ignore. Year after year, the same three CAPA/complaint/supplier findings top the list. Companies don't read the 483 database, don't update their audit responses accordingly, and get the same findings next inspection. The data is public. The lessons are free. The competitive advantage of actually reading it — understanding what FDA is actually looking for, rather than what you assume they're looking for — is large. CAPA root cause methodology specifically is the current focus. If you haven't reviewed your CAPA procedure against FDA's current enforcement posture in the last 12 months, that review is overdue.

Delivered to 4,200+ regulatory and quality professionals every morning. Subscribe to see issues like these in your inbox.

The Product

Every morning, in your inbox.
5 minutes or less.

RegWatch Daily Issue #247 — May 22, 2026
FDA

CDRH finalizes AI/ML SaMD modification guidance. The long-awaited update clarifies when algorithm changes require a new 510(k). Bottom line: performance-only updates with no changed intended use probably don't need submission. Changes to inputs or intended use — that's a different story. Read the full guidance before you ship your next update.

EU MDR

MDCG 2026-4 clarifies post-market surveillance timelines. Notified bodies are now expecting annual PMS reports for Class IIa+ devices, even when no incidents occurred. If your PMS plan still says "as needed," it's time for a rewrite.

QMSR

QMSR transition clock: 16 months remaining. FDA's alignment with ISO 13485:2016 becomes effective February 2027. Companies still running dual QSR/ISO systems need to start their gap assessment now — integration takes time you probably don't have.

Subscribe for daily briefings like this →

Structured, factual, written with a point of view. Not a press release rewrite.

What You Get

Pattern Recognition

Recalls and warning letters don't happen at random. We track the enforcement signals and tell you when the pattern suggests a coming crackdown in your category.

5-Minute Read

Every briefing fits the time between your coffee and your first meeting. Concise takes, clear hierarchy, no padding. If it can be said in 300 words, we won't use 800.

Verifiable Citations

Every claim links to a CFR section, ISO clause, guidance document, or openFDA entry. We tell you what we know and where to verify it. No vague references.

Plain English

Regulations are written by lawyers for lawyers. We translate what changed, why it matters, and what you need to do about it — before your coffee gets cold.

Coverage

Six regulatory systems.
One daily briefing.

US

FDA / CDRH

510(k), 513(g), PMA, De Novo, UDI, QMSR, enforcement actions, recall database, guidance documents

EU

EU MDR / IVDR

MDCG guidance, notified body capacity, EUDAMED registration, CE marking timeline changes

ISO

ISO / IEC Standards

ISO 13485, 14971, 62304, 60601 series, new and revised standards with regulatory relevance

UK

MHRA

UKCA marking, UK MDR 2002 post-Brexit updates, MHRA guidance and consultations

CA

Health Canada

MDSAP requirements, Health Canada IVDD/MDD transitions, Class II–IV license updates

JP

PMDA / TGA

Japan's Pharmaceutical and Medical Device Agency, Australia's Therapeutic Goods Administration

The Quality Bar

We don't publish what we're not sure about.

The regulatory professionals who read this are the same people who write FDA 483 responses, sit in on CE audits, and sign their names to regulatory submissions. If we get something wrong, they'll know — and they'll tell their colleagues.

That's not a risk. That's the point. Our quality bar is defined by the most demanding audience in the industry.

01 Every citation is verifiable. Every claim traces to an official source.
02 One human reviews everything before it ships. No AI auto-publishing.
03 Voice over volume. 400 words that's tight beats 1,200 words that's padded.
One-Time Purchase

The QMSR Implementation Toolkit

Everything your team needs to close the gap between ISO 13485 and the FDA's QMSR expectations — in one downloadable package.

$49
one-time · instant download
Get the Toolkit

Secure checkout via Stripe. Keep the files forever.

What's inside
  • QMSR gap analysis checklist — ISO 13485 vs FDA 21 CFR Part 820 mapping
  • Master SOP template set (Document Control, CAPA, Supplier Quality, Design History File)
  • Transition timeline worksheet with FDA enforcement discretion deadline
  • Audit-ready QMS documentation checklist mapped to 21 CFR Part 820 subparts
  • Cross-reference table: ISO 13485:2016 clause → QMSR requirement → FDA expectation
  • 3 worked examples covering CAPA, design controls, and management review

"Regulatory intelligence shouldn't require a compliance degree to decode."

The people who build medical devices — who design them, validate them, manufacture them, and stand behind them — deserve better than government press releases rewritten by content algorithms. They deserve a briefing written by people who've been in the room. Who know the difference between a 510(k) and a De Novo without having to look it up. Who will tell you when something actually matters and when it's just noise.

That's what we're building. Every morning. No exceptions.