| Steps to consider | Why is it important? | Guidance type |
|---|---|---|
| Is your technology a medical device? | It’s your responsibility as a developer to determine whether your digital healthcare technology is a medical device. | Required |
| Creating a value proposition | If you want your digital technology to be placed on the UK health and social care market, you’ll need to create a value proposition. | Best practice |
| Determining the intended purpose of your software medical device | You need an intended purpose statement to place your medical device on the UK health and social care market. | Required |
| Aligning the intended purpose and value proposition | Aligning the intended purpose and value proposition of your digital technology is vital to placing your technology on the health and social care market. | Best practice |
| Understanding UK MDR 2002 regulations for medical devices | Read guidance from the MHRA to understand the requirements you need to meet to place your medical device on the market. | Required |
| Planning for management systems, including a quality management system (QMS) | If you're building a medical device, you need to implement a quality management system (QMS). | Required |
| Planning for evidence generation | Plan for evidence generation that proves your digital technology is safe, and clinically and cost effective. | Best practice |
| Understanding routes to NICE health technology assessment | Understand how NICE does health technology assessments. | Best practice |
| Data quality considerations for training and testing | Successful digital technologies in health and social care are trained on high-quality machine learning datasets. To build healthcare technologies that adopters will buy, prioritise data quality. | Best practice |
| Researching user needs | If you do not understand user needs, your digital technology is not likely to meet them, and so adoption of your technology will be unlikely. | Best practice |
| Complying with NHS Digital clinical risk management standards | If you want to sell your digital technology to the NHS, or adopt a technology on behalf of the NHS, you need to meet certain safety standards. These are set by NHS Digital. | Required |
| Using the Digital Technology Assessment Criteria (DTAC) | Meeting the Digital Technology Assessment Criteria (DTAC) makes it more likely that adopters will buy your healthcare technology. | Best practice |
| Understanding technical standards for digital technology | To increase trust and confidence in your digital technology, you should show compliance with technical standards. | Best practice |
| Generating evidence for screening tests used by the NHS | If you’re developing screening tests for the NHS, you will need to generate specific evidence which meets a higher bar. | Best practice |
| Complying with Ionising Radiation (Medical Exposure) Regulations (IR(ME)R) | IR(ME)R governs the safe use of medical devices that use ionising radiation. | Required |
| Implementing a quality management system for your technology | Although not legally required for non-medical devices, implementing a quality management system (QMS) is best practice and essential to placing your technology on the market. | Best practice |
Developers - All developers' guidance
Explore the regulations and best practice principles related to AI and digital technology in health and care.
Loading sections...
| Steps to consider | Why is it important? | Guidance type |
|---|---|---|
| Getting a UKCA mark | Before you place medical devices on the market in England, Wales and Scotland you need to get a UK Conformity Assessed (UKCA) mark or a relevant CE mark. | Required |
| Meeting quality management system requirements | To meet the requirements of the law you need to create and maintain quality management systems (QMS) for medical devices. | Required |
| Meeting risk-management requirements for medical devices | To deploy a compliant healthcare technology safely, you need to implement a risk management system. ISO 14971:2019 sets the requirements for risk management systems for medical devices. | Required |
| Meeting design requirements of the UK Medical Device Regulations | To meet UK regulations, you need to show you’ve designed medical devices to the appropriate safety standards. | Required |
| Designing clinical studies and choosing evaluation methods | You need to regularly evaluate your digital technology to show adopters and assessors it’s effective and safe. | Best practice |
| Does your medical device need a clinical investigation? | To get a UKCA mark for your medical device, you may need to prove its safety through a clinical investigation. | Required |
| Demonstrating clinical performance with a Clinical Evaluation Report (CER) | To get a UKCA mark for medical devices, you need to include a Clinical Evaluation Report (CER) in your application documentation. | Required |
| Generating evidence for NICE health technology assessment | If you want NHS England to adopt your digital technology, undergoing a NICE health technology assessment can help. Here is what you need to consider. | Best practice |
| Generating evidence for NHS adopters of digital technology | If you want the NHS to adopt your digital technology, you will need to generate evidence that supports your technology’s value proposition. | Best practice |
| Qualitative research: collecting data on your digital technology | Qualitative research will give you a much richer understanding of how a user interacts with your digital technology. | Best practice |
| Steps to consider | Why is it important? | Guidance type |
|---|---|---|
| What it means to place medical devices on the UK market | Here's what placing a product on the market means in relation to medical devices. | Required |
| Registering your medical device | Before you place medical devices on the market, you should register each device with the MHRA. Here’s how. | Required |
| Check if you need to register with the Care Quality Commission (CQC) | If you are providing Care Quality Commission (CQC) regulated activities, you are legally required to register with them. | Required |
| Steps to consider | Why is it important? | Guidance type |
|---|---|---|
| How Care Quality Commission regulates health and social care services | If you provide a health and social care activity in England, you may need to comply with regulations from the Care Quality Commission (CQC). | Required |
| Post-market surveillance of medical devices | After your medical device is placed on the UK market, you should monitor the device and report any safety incidents to the MHRA. This is known as post-market surveillance. | Required |
| Ongoing research and service evaluation of your digital technology | Plan for ongoing research and evaluation upfront to prevent the delay or further development of your digital technology. | Best practice |
| Steps to consider | Why is it important? | Guidance type |
|---|---|---|
| Changing your technology after deployment | When updating digital technologies or medical devices that are already on the UK health and social care market, you will need to follow certain requirements. | Required |
| Improving or updating digital technologies after deployment | What you need to consider when you improve or update an already live technology. | Best practice |
| Steps to consider | Why is it important? | Guidance type |
|---|---|---|
| Data regulations for digital health technologies: a guide | Throughout the course of your digital technology’s lifecycle, you will need to process health and social care data. Find out what legal requirements govern the use of this data and when to get research approval. | Required |
| Understanding types of health and care data | Two types of health and care data can be distinguished to help you determine when the relevant legal and regulatory frameworks apply. | Required |
| Understanding laws that regulate the use of health and care data | Get a summary of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). | Required |
| Using data during your digital technology lifecycle | At each stage of your technology’s lifecycle, you will need to use data. Find out which type is best for each stage of the development lifecycle. | Required |
| Proof-of-concept: using anonymous or artificial health data | What to consider when using anonymous or artificial health data. | Required |
| Using health data during technology development | You may need to use personal data during the development stage of the technology. You need to have a lawful basis for doing so under data protection legislation. | Required |
| How to comply with the UK GDPR as a developer | If you are using personal data, you are obliged to protect this data and comply with data protection law principles. | Required |
| Common law duty of confidentiality | You will need to get explicit consent from a patient before sharing confidential information collected about them when they were receiving care, unless there is another legal basis. | Required |
| Deploying your digital technology: using personal health data | The processing of personal data in the delivery of care (such as in the live deployment of a healthcare technology) is for direct care. | Required |
| Post-market: compatibility of technology with existing systems | When deciding whether to buy a digital technology, potential adopters will consider whether the technology is compatible with their existing systems and infrastructure. | Required |
| Extra reading on data regulations | Get extra resources on data processing here. | Best practice |
| Steps to consider | Why is it important? | Guidance type |
|---|---|---|
| Cyber security and resilience for digital healthcare technologies | Cyber security regulations are essential for providing effective care, protecting patient and service user safety and maintaining trust in your digital health technologies. | Required |
Other helpful links
-
Glossary
Demystify the complex world of digital health regulation terminology with our glossary.
-
Using this service
Learn how to use this service as a developer or adopter of AI or digital health technologies.
-
Medical device classification
Use our guidance to help you determine if your technology is a medical device.