Regulation - Digital healthcare technologies

Digital healthcare technologies (DHTs) are apps, software, artificial intelligence (AI) and digital platforms or services used for health or social care. Some DHTs are considered to be medical devices.

Software is likely to be a medical device if:

  • it results in a diagnosis or prognosis
  • influences treatment and decision making, including calculating risk
  • is linked to a medical device or medicine (potentially as an accessory)

Digital technology assessment criteria

The digital technology assessment criteria (DTAC) are the NHSE recommended criteria for NHS organisations to use when introducing new digital technologies. Companies demonstrating that they have met the requirements of DTAC are showing that they have met the minimum standards for:

  • clinical safety
  • data protection
  • technical assurance
  • interoperability
  • usability and accessibility

Technical security requirements:

  • cyber essentials certificate
  • penetration testing
  • custom code review
  • multi-factor authentication
  • logging and reporting

DTAC is available as a document which details the questions which developers must answer and guidance on how to do so. Further guidance on good practice in developing digital healthcare technologies is provided by the DHSC.

Artificial intelligence technology development standards

The international standard ISO/IEC 42001 was introduced as best practice for artificial intelligence management systems in December 2023 for organisations which are developing and using AI-based technologies, including in healthcare. ISO/IEC 42001 details the steps which companies should take as they establish, implement, maintain and improve these AI technologies, to provide confidence that their AI technologies are being developed in an open, ethical and transparent manner while managing any risks.

The key aims of ISO/IEC 42001 are:

  • determination of organisational objectives, involvement of interested parties and organisational policy
  • management of risks and opportunities
  • ensuring suitable processes for the management of concerns related to the trustworthiness of AI systems, such as security, safety, fairness, transparency, data quality and quality of AI systems throughout their life cycle
  • ensuring suitable processes for the management of suppliers, partners and third parties that provide or develop AI systems for the organisation

Adherence to ISO/IEC 42001 demonstrates to NHS organisations that your AI technology has been responsibly developed, implemented and maintained in compliance with legal and ethical regulatory standards, and that AI-specific risks are being managed effectively.

To understand what regulations apply to digital technologies and how to meet them, see the AI and Digital Regulations Service. This explains what regulations you need to follow, how to evaluate effectiveness, and how to generate evidence for the NHS organisations who will buy or use your technology.