The FDA just rewrote the rules for medical device quality. Here’s how an open-source tool is helping companies catch up — for free.
The quality management software market is worth $12.5 billion today and headed toward $31.5 billion by 2034. Most of that money flows to a handful of vendors — Veeva, MasterControl, Greenlight Guru — charging $25,000 to $100,000+ per year for tools that device companies can’t live without but increasingly can’t afford.
Meanwhile, the FDA just dropped the most significant regulatory change for medical devices in over two decades: the Quality Management System Regulation, or QMSR, effective February 2, 2026. It replaces the legacy Quality System Regulation (21 CFR Part 820) by incorporating ISO 13485:2016 by reference. Every FDA-regulated device company — roughly 6,500 of them — now has to prove their quality system aligns with ISO 13485. Add the 30,000+ manufacturers affected by Europe’s Medical Device Regulation, and you’ve got a compliance crisis at scale.
Into this gap steps QAtrial, an open-source quality management platform that just shipped its v3.0 release with a feature set that reads like a direct response to the industry’s biggest pain points.
What QAtrial Actually Is
QAtrial is a browser-based quality workspace for regulated industries. Think IBM DOORS meets AI co-pilot, built with React and TypeScript, running entirely in the browser with no server required. Your data stays in localStorage — or you self-host it on your own infrastructure.
The core model is a four-dimensional template system: Country × Industry Vertical × Project Type × Quality Modules. Select “United States + Medical Devices + Software + Audit Trail, E-Signatures, CAPA” and you get a pre-built set of requirements and test cases referencing FDA 21 CFR Part 11, QMSR, IEC 62304, ISO 14971 — linked, traceable, and ready to customize.
It supports 37 countries, 10 industry verticals (pharma, biotech, devices, CROs, clinical labs, logistics, software/GAMP, cosmetics, aerospace, chemical), 15 composable quality modules, 12 languages, and 6 AI-powered features. All under AGPL-3.0.
Medical Device Software Quality Management A Complete Guide – 2020 Edition
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
The v3.0 Release: What’s New
ISO 13485 Gap Assessment — With or Without AI
This is the headline feature. QAtrial now maps your project’s requirements against all 27 clauses of ISO 13485:2016 (sections 4 through 8) — exactly what QMSR requires.
The clever part: it works in two modes.
Keyword Match runs entirely in the browser. No AI, no API calls, no data leaving your machine. Each ISO 13485 clause has a curated set of keywords. QAtrial scans your requirement titles and descriptions, matches them against the clause keywords, and scores each clause as covered (2+ matches), partial (1 match), or gap (no match). It takes less than a second. The result is a section-by-section breakdown with readiness percentage, criticality ratings, and one-click requirement generation for any gaps found.
AI Analysis uses your configured LLM provider for deeper assessment. The AI reads your actual requirements against the intent of each clause — not just keywords — and returns evidence of compliance, specific recommendations for gaps, and nuanced “partial” classifications that keyword matching would miss.
For a 50-person medical device company that would normally pay a consultant $15,000-$50,000 for an ISO 13485 gap assessment, this is available immediately, for free, in a browser tab.
Design Control Kanban
Design control is the number one source of FDA 483 observations and Warning Letters. QAtrial v3.0 adds a Kanban-style board mapping directly to ISO 13485 section 7.3 with seven phases: User Needs, Design Input, Design Output, Verification, Validation, Transfer, and Released.
Phase advancement is gated — an item must be approved before it can move to the next phase. This enforces the kind of disciplined design process that the FDA expects but that many companies implement poorly in spreadsheets.
Supporting this is DHF/DMR/DHR management: structured containers for Design History Files, Device Master Records, and Device History Records with version control, sections, and linked artifacts.
Workflow Engine
GxP approval requirements vary wildly by vertical. Pharma needs two approvers with signatures on every change. Software validation needs one reviewer. Medical device design gates need multi-disciplinary sign-off.
The new Workflow Engine handles all of these with configurable multi-step approval workflows. Each step can require a specific role, a minimum number of approvers, SLA timers, and escalation paths. Two default workflows ship out of the box: Requirement Approval (review → approve → sign) and Design Gate Review (review → 2 approvals → sign).
LLM Provider Presets
The AI features now ship with five one-click presets: Anthropic (Claude), OpenAI (GPT-4.1), OpenRouter (200+ models), Ollama (local), and LM Studio (local). Each preset auto-fills the base URL, model name, and a sensible temperature setting — 0.2 for cloud providers (precision matters for regulatory content) and 0.3 for local models.
The Ollama and LM Studio presets are particularly significant for regulated companies: you can run the entire AI pipeline on air-gapped infrastructure. No API keys, no cloud, no data leaving your network. For pharma and defense, that’s not a nice-to-have — it’s a requirement.
ISO 13485 Compliance Coordinator: Journal, Notes, Ideas, Actions, Priorities, Checklists, Log | Tool for Daily Goal Setting Tracker | Time Management … | Project Office Book Gifts for Meetings
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
The Competitive Picture
Here’s what makes QAtrial interesting as a market play:
| QAtrial | Greenlight Guru | MasterControl | Veeva Vault | |
|---|---|---|---|---|
| ISO 13485 Gap Assessment | ✅ Static + AI | ❌ | Partial | Partial |
| AI Test Generation | ✅ BYOL | ❌ | ❌ | ❌ |
| QMSR Transition Tool | ✅ 27-clause | ❌ | ❌ | ❌ |
| Self-hosted / Air-gapped | ✅ | ❌ | ❌ | ❌ |
| Source Code Auditable | ✅ | ❌ | ❌ | ❌ |
| Annual Cost | $0 | ~$25K | ~$50K | ~$100K+ |
No commercial QMS tool offers AI-powered gap analysis against ISO 13485 with the option to run it locally. None of them let auditors inspect the source code. And none of them are free.
FDA regulatory compliance software
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
The Timing Argument
Device recalls are up 115% since 2018, costing the industry $5 billion per year. The EU AI Act deadline for high-risk medical devices is August 2027. The FDA’s QMSR transition is happening right now. ICH E6(R3) is reshaping clinical trial quality management.
Companies are facing more regulatory pressure with the same headcount. The traditional answer — buy a $50K/year SaaS tool — doesn’t scale to the thousands of small and mid-size device companies that make up the bulk of the industry.
An open-source alternative that ships with ISO 13485 gap assessment, design controls, AI-assisted test generation, and configurable approval workflows addresses the core need at the core price point: zero.
open-source quality management platform
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
The QAtrial roadmap is public. Release 3.1 targets enterprise collaboration (real-time editing, supplier portals, REST API). Release 3.2 adds clinical trial features (eTMF, eConsent) and deeper AI (audit preparation assistant, predictive quality analytics). Release 3.3 expands to new markets (Brazil ANVISA, Australia TGA, Saudi SFDA) and new verticals (IVD, SaMD, ATMP, automotive safety).
The total addressable market across those releases: roughly $8 billion in annual QMS software spend.
Whether QAtrial captures meaningful share of that depends on whether open-source quality management can earn the trust of auditors and quality leaders who’ve been buying commercial tools for decades. The source code transparency helps. The AI flexibility helps. The QMSR timing helps.
But the real test is whether regulated companies will bet their audit outcomes on a tool they can inspect, modify, and run on their own terms — rather than one they pay six figures a year to access behind a login screen.
QAtrial is available now at github.com/MeyerThorsten/QAtrial.
QAtrial is open-source software licensed under AGPL-3.0. It is not affiliated with or endorsed by the FDA, EMA, ISO, or any regulatory authority. Regulatory compliance is the responsibility of the organization using the tool.
