DTAC Reform: Simplifying Digital Assurance in the NHS
DTAC Reform: Simplifying Digital Assurance in the NHS
The NHS’s Digital Technology Assessment Criteria (DTAC) framework has been updated following a multi-year review led by NHS England and the Department of Health and Social Care (DHSC). The revised framework introduces an updated assessment form and accompanying guidance designed to simplify digital assurance processes while maintaining strong standards for patient safety, data protection and interoperability.
While the latest changes focus on improving the usability of the current framework, they also signal the beginning of a broader reform programme aimed at modernising how digital health technologies are assessed and adopted across the NHS.
A Framework for Safe Digital Innovation. DTAC- the Digital Technology Assessment Criteria- provides the NHS’s national baseline for assessing whether digital health technologies meet the requirements necessary for deployment within health and care settings.
The framework brings together a range of mandatory standards covering areas such as clinical safety, cybersecurity, data protection, interoperability and usability. By consolidating these requirements, DTAC aims to create a clearer and more consistent process for evaluating digital health technologies.
As Sam Tallents from NHS England’s Transformation Directorate explained:
“DTAC is the Digital Technology Assessment Criteria. It's an assessment framework that brings together all of the mandatory standards and policy requirements that the NHS has for using digital health technologies in the NHS.”
While responsibility for adopting technologies and managing associated risks ultimately sits with local NHS organisations, DTAC provides a common structure that helps ensure those assessments are carried out consistently across the health system.
The framework also provides suppliers with greater clarity about what is required to bring digital products into NHS environments.
Responding to Industry and NHS Feedback. The latest DTAC update follows several years of engagement with industry and health system stakeholders. Feedback highlighted that although the framework played an important role in digital assurance, aspects of the process had become difficult to navigate.
Suppliers in particular pointed to overlapping requirements across multiple regulatory and assurance processes, which could create confusion and increase administrative burden.
Rebecca, who co-led the DTAC review alongside colleagues from NHS England and DHSC, explained that the latest update focuses on simplifying the framework while maintaining its core safeguards.
“We’ve produced an update on DTAC a couple of weeks ago. So that is both an updated form and updated guidance to accompany the form.”
The revised documentation introduces a streamlined assessment form and clearer guidance intended to make the process easier for both suppliers and NHS organisations.
Making the Framework Easier to Use The immediate reforms focus on improving the usability of DTAC within the existing assurance model.
Key changes include:
- Simplifying and updating the DTAC assessment form
- Removing duplicated or outdated requirements
- Clarifying how specific standards apply to different types of digital technologies
- Improving links to supporting guidance and relevant standards
Tallents described these changes as initial improvements designed to streamline the current process.
“These are some initial changes just to streamline the existing process, make things a little bit easier to navigate and remove and update some of the requirements.”
While these updates are relatively targeted, they address several practical challenges identified by suppliers and NHS organisations using the framework.
A Longer-Term Vision for Digital Assurance Alongside these interim improvements, policymakers are also considering more fundamental changes to how digital health technologies are assured in the NHS.
One option currently being explored is a move towards a certification-based approach to digital assurance. Such a model could provide suppliers with a clearer national route for demonstrating compliance with NHS requirements.
Tallents noted that this concept remains under development as part of the broader reform programme.
“Longer term, we’re looking at some more substantive reforms… we’ll be looking to move to more of a certification-based approach.”
A certification model could potentially reduce duplication across local procurement processes and create a more scalable approach as the volume of digital health technologies continues to grow.
Navigating Regulatory Complexity The discussion around DTAC reform also highlighted the complexity that can arise when multiple regulatory frameworks apply to the same technology.
Digital health products may be subject to medical device regulation while also needing to comply with clinical safety standards and NHS digital assurance requirements.
Participants noted that interpreting how these frameworks interact can sometimes be challenging, particularly where technologies fall into regulatory grey areas.
Tallents acknowledged that applying these rules in practice can quickly become complicated.
“The application rules get very complicated very quickly… which is probably not an ideal situation to be in.”
Where a product is fully covered by medical device regulation, the regulatory process is intended to provide assurance around patient safety. However, officials recognised that determining when this applies can require careful judgement.
Clarifying the Scope of DTAC One important clarification from the discussion concerned the relationship between DTAC and medical device regulation.
Technologies regulated as medical devices do not automatically fall outside the scope of DTAC. Instead, applicability depends on how the product is intended to be used and how it interacts with NHS systems.
Rebecca emphasised that DTAC continues to apply in many cases because it addresses broader requirements beyond clinical safety.
“It isn’t the case that if products have medical device regulation, then they automatically fall out of the scope of DTAC.”
This ensures that digital technologies used in the NHS meet system-wide expectations around cybersecurity, interoperability and data governance.
Improving Guidance and Transparency. To help suppliers navigate these complexities, the updated DTAC documentation includes clearer links to supporting guidance and related standards.
In particular, the guidance now provides more direct access to step-by-step information on applying clinical safety standards, which had previously been less visible.
Tallents noted that the documentation will continue to evolve alongside changes to relevant standards.
“There is also step-by-step guidance on the application of the DCB standards, and we've linked to that more clearly in the document that we hadn't done previously.”
By improving access to guidance and clarifying how standards apply, the updated framework aims to reduce uncertainty for suppliers entering the NHS market.
Supporting the Next Phase of NHS Digital Transformation. Digital technologies are playing an increasingly central role in healthcare delivery, from remote monitoring tools to AI-enabled diagnostics and digital therapeutics.
Ensuring that these technologies are safe, secure and interoperable is essential to building trust in digital health innovation.
The latest DTAC updates represent an effort to strike the right balance between maintaining robust assurance standards and enabling innovation to move more quickly through the health system.
While further reforms are expected as the programme develops, the current changes signal a clear intention to make digital assurance processes more transparent, consistent and easier to navigate for both suppliers and the NHS.
As digital transformation continues to accelerate, frameworks like DTAC will remain critical to ensuring that innovation is introduced safely and effectively across the health service.