Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

Navigating the NHS DTAC: 6 Recommendations for Success

  • Published: March 31, 2025
  • Category: DTAC

Share this post

Headshot of a man with reddish-blonde hair and a beard, wearing a checkered shirt
Ryan Palmer

Share this post

Introduction

Addressing the NHS Digital Technology Assessment Criteria can feel overwhelming, but it doesn’t have to be. As an enabling framework for digital technology suppliers to the NHS, it helps businesses of all sizes understand the minimum standards of compliance and governance required to work effectively with healthcare services.

Based on our experience working with businesses of all sizes to develop ‘NHS Ready’ documentation, our Commercial Director, Ryan Palmer, has pulled together 6 recommendations for businesses looking to address or maintain compliance with the NHS DTAC.

What is the NHS DTAC?

First deployed in 2021 by NHSX, and later revised in March 2026 following extensive industry and supplier engagement, the DTAC is the national baseline criteria for Health IT Systems which will be used to support the UK’s health and social care system. Encompassing many statutory, regulatory and policy requirements which apply to the UK’s health and social care system, its main focus is on safety and security. It is broken down into 5 key domains; Clinical Safety, Data Protection, Technical Security, Interoperability and Usability & Accessibility.

Some elements of the DTAC apply to the specific product (Health IT System) being assessed whilst others apply to the organisation (developer) which is responsible for the product’s development and maintenance. All requirements need to be maintained over time, particularly as organisations grow and develop and new versions or features are developed and released. It is therefore important to understand which of the compliance activities required by DTAC need to be completed for each product (and each version of a product) and which need to be completed at an organisational level in a way that applies to all products which are being developed, maintained and sold.

Technical file creation

Clinical
Safety

Learn more
dspt toolkit icon, data security and protection icon

Data
Protection

Learn more
DSPT Services dspt toolkit , data security and protection, DSPT, ,nhs data security and protection toolkit

Technical Security

Learn more
the NHS DTAC Navigating the NHS DTAC: 6 Recommendations for Success the NHS DTAC

Interoperability

Learn more
Icon: connected network representing stakeholder collaboration

Usability & Accessibility

Learn more

Who does it apply to?

There has been some confusion in the supplier community about how DTAC compliance applies to certain products or industries with the criteria only initially being applied to digital health apps. As per the Transformation Directorates website, however:

“All new digital technology should be assessed using the DTAC, even if you are piloting or trialling it. If a developer has multiple products, each one would need to be assessed against the DTAC. Examples of products include: staff-facing and patient-facing digital health tech, health apps, medtech and devices with an associated app, systems, web-based portals and more.”

NHS Transformation Directorate, ‘Products that should be assessed using DTAC’.

How to address the NHS DTAC.

DTAC is not a simple framework to address but is the culmination of several standards and certifications covering a vast array of subject matter. We often see businesses considering the DTAC as a single requirement and not accounting for the many dependencies of each domain. 

Based on working with hundreds of companies to become DTAC compliant, we would recommend the following:

1

Treat DTAC as an enabler for your business and product

DTAC has been designed to ensure developers and their products are safe and effective and draws on key legislative and regulatory requirements which support these outcomes. Treating DTAC as a set of criteria your organisation wants to adopt and adhere to, enables you to build and cement value, rather than simply ‘tick a box’ to satisfy the UK’s Health and Social Care sector, which will ensure the process brings maximum value to your business.

2

Perform an Internal or External Gap Analysis

Understanding where there are gaps in your compliance portfolio will help quickly identify the areas requiring the most focus for you to address the DTAC requirements.

3

Address the Mandatory first

There are several mandatory requirements set out in UK law which will need to be in place to do business with the NHS. By ensuring these are priority requirements, manufacturers can provide at a minimum, assurance to prospective customers that they fulfil their statutory obligations.

4

Be proactive

Rushing through a DTAC is a stressful process given its impacts and therefore requires resources from many different areas of a business. By taking proactive steps to identify gaps in your submission and plan activities to meet the requirements, businesses can prevent a hasty submission which is more likely to solicit questions from NHS stakeholders and delay commercial activity.

5

Invest in Expertise

Working with a trusted partner, invest in their expertise to expedite the process of DTAC compliance. This may save you valuable time and resources to be NHS-ready. The DTAC process does not end once the submission is completed.

6

Plan for continuity

DTAC is an ongoing process that requires maintenance throughout the product lifecycle. Ensuring there is a schedule aligned to review and internally audit your DTAC will ensure you’re in a ‘market ready’ position when the request is made from potential customers. Developing a compliance timeline or roadmap to meet the annual expectations can be a simple but highly effective means of ensuring all stakeholders know when investments need to be made in re-certification or resources to complete the necessary activities.

Need help?

Our team of experts have a wealth of experience covering each element of the DTAC and we’ve supported businesses from all over the world at every stage, to address the requirements. Check out our Case Studies page to learn more.

DCB0129 Compliance for Fall Detection Software

Clinical Safety Compliance for Fall Detection Software

Read More →

June 1, 2026
8fold case study: registering Perci Health with the CQC

Case Study: Registering Perci Health with the CQC

Read More →

February 16, 2026
Case study: Brain+ and 8fold - bringing NICE-recommended treatments to UK dementia patients through SaMD

Bringing NICE-recommended treatments to UK Dementia patients through SaMD

Read More →

October 15, 2025
DCB0129 Compliance for Fall Detection Software

Clinical Safety Compliance for Fall Detection Software

Read More →

June 1, 2026
8fold case study: registering Perci Health with the CQC

Case Study: Registering Perci Health with the CQC

Read More →

February 16, 2026
Case study: Brain+ and 8fold - bringing NICE-recommended treatments to UK dementia patients through SaMD

Bringing NICE-recommended treatments to UK Dementia patients through SaMD

Read More →

October 15, 2025
Read more

We’re the experts that have your back.

Let us help you find a route from from where you are, to where you need to go. We’re here to help.

Book a Call with our Expert Team

Other Articles​

Loading...
Blog post: NHS DTAC V2 - what has changed, and how will this affect you

DTAC V2: What has changed, and how will this affect you

Read More →

March 30, 2026
DTAC for enterprise

The NHS DTAC – Compliance for Enterprise Health-tech Companies Made Simple

Read More →

November 17, 2025
Guide to the NHS DTAC

The Experts Guide to the NHS DTAC (Digital Technology Assessment Criteria)

Read More →

September 22, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept