BETA This is a new service - your feedback (opens in a new tab) will help us to improve it.

Guidance for developers
Regulations and best practice for manufacturers of digital health technologies

Guidance for adopters
Regulations and best practices for users or buyers of digital health technologies
Support for developers
Find the most appropriate authority to contact for assistance with developing a digital technology for health and social care.

Support for adopters
Find the most appropriate authority to contact for assistance with adopting a digital technology for health and social care.
Case studies
Blogs
Using this service
Glossary
FAQs

Developers - Regulations for non-medical devices

Explore the regulations and best practice principles related to AI and digital technology in health and care.

Show all sections

Technology idea list
Steps to consider	Why is it important?	Guidance type
Creating a value proposition	If you want your digital technology to be placed on the UK health and social care market, you’ll need to create a value proposition.	Best practice
Planning for evidence generation	Plan for evidence generation that proves your digital technology is safe, and clinically and cost effective.	Best practice
Data quality considerations for training and testing	Successful digital technologies in health and social care are trained on high-quality machine learning datasets. To build healthcare technologies that adopters will buy, prioritise data quality.	Best practice
Researching user needs	If you do not understand user needs, your digital technology is not likely to meet them, and so adoption of your technology will be unlikely.	Best practice
Complying with NHS Digital clinical risk management standards	If you want to sell your digital technology to the NHS, or adopt a technology on behalf of the NHS, you need to meet certain safety standards. These are set by NHS Digital.	Required
Using the Digital Technology Assessment Criteria (DTAC)	Meeting the Digital Technology Assessment Criteria (DTAC) makes it more likely that adopters will buy your healthcare technology.	Best practice
Understanding technical standards for digital technology	To increase trust and confidence in your digital technology, you should show compliance with technical standards.	Best practice
Implementing a quality management system for your technology	Although not legally required for non-medical devices, implementing a quality management system (QMS) is best practice and essential to placing your technology on the market.	Best practice

Technology development list
Steps to consider	Why is it important?	Guidance type
Designing clinical studies and choosing evaluation methods	You need to regularly evaluate your digital technology to show adopters and assessors it’s effective and safe.	Best practice
Generating evidence for NHS adopters of digital technology	If you want the NHS to adopt your digital technology, you will need to generate evidence that supports your technology’s value proposition.	Best practice
Qualitative research: collecting data on your digital technology	Qualitative research will give you a much richer understanding of how a user interacts with your digital technology.	Best practice

Placing a technology on the UK market list
Steps to consider	Why is it important?	Guidance type
Check if you need to register with the Care Quality Commission (CQC)	If you are providing Care Quality Commission (CQC) regulated activities, you are legally required to register with them.	Required

Technology in use list
Steps to consider	Why is it important?	Guidance type
How Care Quality Commission regulates health and social care services	If you provide a health and social care activity in England, you may need to comply with regulations from the Care Quality Commission (CQC).	Required
Ongoing research and service evaluation of your digital technology	Plan for ongoing research and evaluation upfront to prevent the delay or further development of your digital technology.	Best practice

Updating your technology list
Steps to consider	Why is it important?	Guidance type
Improving or updating digital technologies after deployment	What you need to consider when you improve or update an already live technology.	Best practice

Regulations that govern the use of data list
Steps to consider	Why is it important?	Guidance type
Data regulations for digital health technologies: a guide	Throughout the course of your digital technology’s lifecycle, you will need to process health and social care data. Find out what legal requirements govern the use of this data and when to get research approval.	Required
Understanding types of health and care data	Two types of health and care data can be distinguished to help you determine when the relevant legal and regulatory frameworks apply.	Required
Understanding laws that regulate the use of health and care data	Get a summary of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).	Required
Using data during your digital technology lifecycle	At each stage of your technology’s lifecycle, you will need to use data. Find out which type is best for each stage of the development lifecycle.	Required
Proof-of-concept: using anonymous or artificial health data	What to consider when using anonymous or artificial health data.	Required
Using health data during technology development	You may need to use personal data during the development stage of the technology. You need to have a lawful basis for doing so under data protection legislation.	Required
How to comply with the UK GDPR as a developer	If you are using personal data, you are obliged to protect this data and comply with data protection law principles.	Required
Common law duty of confidentiality	You will need to get explicit consent from a patient before sharing confidential information collected about them when they were receiving care, unless there is another legal basis.	Required
Deploying your digital technology: using personal health data	The processing of personal data in the delivery of care (such as in the live deployment of a healthcare technology) is for direct care.	Required
Post-market: compatibility of technology with existing systems	When deciding whether to buy a digital technology, potential adopters will consider whether the technology is compatible with their existing systems and infrastructure.	Required
Extra reading on data regulations	Get extra resources on data processing here.	Best practice

Print regulations for non-medical devices

Regulations are regularly updated. For the latest information, check the website as printed documents may be outdated.

Other helpful links

Glossary

Demystify the complex world of digital health regulation terminology with our glossary.
Using this service

Learn how to use this service as a developer or adopter of AI or digital health technologies.
Medical device classification

Use our guidance to help you determine if your technology is a medical device.