That legal shift matters. But what matters more is how it changes inspection behaviour.
ISO 13485 Is Now Embedded in U.S. Law
Until now, ISO 13485 was primarily a certification framework. Companies adopted it to demonstrate alignment with global expectations.
Under the new regulation, ISO 13485 is no longer just a voluntary benchmark. Its structure has been incorporated directly into U.S. law. This means that the clauses governing design controls, supplier management, complaint handling, risk management and management responsibility are not merely best practice — they form part of the regulatory backbone against which inspections are conducted.
At the same time, certain definitions remain anchored in federal law. Terms such as “manufacturer,” “finished device,” and “component” are legally defined and may not always align with how organisations use them internally.
That difference becomes relevant in inspection. Especially when responsibilities across development, sterilisation, packaging, and outsourced activities are discussed.
The system must be structurally coherent not only internally, but legally.
The Structural Consequence: Risk Moves to the Centre
ISO 13485 requires that risk management is integrated into product realisation, not treated as a parallel document. With ISO now embedded in regulation, this expectation becomes structural.
Early inspection experience suggests that inspectors increasingly begin by assessing how risk is identified, escalated, and reviewed at system level. They examine how management reviews reflect systemic risks. They look at how post-market feedback feeds into oversight. From there, based on the risks identified in these three areas, they decide where to go deeper.
The inspection is no longer necessarily a linear review of every subsystem. It can become selective and intensive, focusing on one area such as nonconformities, complaints, or corrective actions. That shift changes the dynamic.
If the system demonstrates integration and visibility early, the inspection tends to remain focused, and if fragmentation is visible, the inspection broadens.
Risk is no longer peripheral documentation. It becomes the lens through which the entire system is evaluated.
Management Review Is Now a Strategic Control Point
Under the embedded ISO structure, management responsibility is central.
In practice, this means that management review is no longer a formal reporting exercise. It becomes the primary evidence that leadership understands systemic risk, trend data, and process weaknesses.
Inspection experience indicates that when management review clearly identifies critical topics, the inspector can anchor their review accordingly. As the inspection progresses, the inspector verifies that the most important risks have been identified in the management review.
When the review does not indicate the most important risks, the inspector must search for them. The difference is not procedural. It is structural, and it directly influences inspection depth.
Documentation Architecture Now Signals Maturity
The new regulation also updates certain internal cross-references, including those related to complaint handling and labelling and packaging documentation.
These changes are not dramatic from a technical perspective. However, they reveal something important.
If procedures still reference the previous regulatory structure, it suggests that the system has not been fully realigned to the new framework.
Inspection under QMSR is not only about whether processes exist. It also reflects whether the quality system architecture matches the current regulatory logic.
Why This Matters Across Development and Supply Chain
Because ISO 13485 is now embedded within regulation, processes that are often managed in silos become visibly interconnected during inspection:
Design controls
Risk management
Supplier and outsourced process oversight
Complaint handling
Improvement activities
If risk management is not clearly linked to design decisions, it becomes visible.
If supplier qualification is procedural but not integrated into overall risk evaluation, it becomes visible.
If complaint data does not meaningfully feed improvement, it becomes visible.
QMSR does not introduce new philosophical concepts. It formalises integration and makes fragmentation harder to defend.
What This Means for Sterile Packaging and External Partners
ISterile packaging, sterilisation, and outsourced manufacturing activities sit directly within this integrated regulatory structure.
When ISO 13485 is embedded in regulation, responsibilities across development, packaging validation, labelling, supplier control, and post-market feedback are no longer seen as parallel streams. They are assessed as part of one quality system architecture.
Under a risk-based inspection model, external partners are not peripheral. They become extensions of the manufacturer’s system.
If validation logic, risk assessments, change control, and complaint feedback are not aligned across organisations, that lack of integration becomes visible.
This is precisely where inspection posture is evolving.
At Elos, sterile packaging solutions are developed and validated within a quality management structure already built around ISO 13485 as it now stands embedded in U.S. regulation. Risk management is integrated into process validation, . Ppackaging design, material selection, supplier qualification, and complaint handling are not treated as isolated technical steps but as part of a continuous lifecycle framework.
This matters because inspection under QMSR increasingly evaluates coherence rather than isolated compliance.
When a packaging partner operates within the same structural logic, alignment becomes demonstrable rather than declarative.
And that reduces friction during inspection.
The Real Change
The regulatory amendment has already taken effect, what changes now is inspection posture.
It becomes less about confirming that procedures exist and more about assessing whether the entire system — including critical suppliers — operates coherently under a risk-based framework. Structural coherence cannot be assembled reactively, it must be embedded early, across development, validation, supplier oversight, and post-market feedback.
That is where forward-looking quality strategy sits today.
For Those Preparing for Inspection
We have summarised the structural implications of QMSR, the inspection dynamics emerging under the new model, and the key areas worth reviewing internally in a concise inspection-readiness guide.
If you are evaluating your development processes, supplier integration, or sterile packaging strategy under the new regulatory framework, the guide may help frame the right internal questions.
Get the QMSR Inspection Readiness Guide here: https://elosmedtech.com/sterile-packaging-solutions/qmsr-readiness-guide/
Strategic Support Under the New Inspection Model
If sterile packaging, validation strategy, or outsourced process integration are currently under review in your organisation, this is the right moment to examine how those elements fit within your overall quality architecture.
If you would like to discuss how your sterile packaging strategy aligns with the evolving QMSR inspection framework, our Sterile Solutions team is available for a structured exchange.
About the Author
Sofie Höchstetter
VP Sterile Solutions
Elos Medtech
sofie.hochstetter@elosmedtech.com
Sofie Höchstetter leads the Sterile Solutions division at Elos Medtech, overseeing the development and industrialisation of sterile packaging systems for medical devices. Her work focuses on integrating risk management, validation strategy, and supplier oversight within a cohesive quality management framework aligned with ISO 13485 and evolving U.S. regulatory requirements.
With extensive experience supporting device manufacturers through regulatory transitions and inspections, she works closely with development, quality, and supply chain teams to ensure that sterile packaging is not treated as a downstream activity, but as a structurally integrated element of product lifecycle control.