Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

Cutting Through the Noise on DCB0129/0160 Compliance

A Pragmatic Look at Risk, Resources and What Really Matters in Clinical Safety

  • Published: January 21, 2026
  • Category: Clinical Safety

Share this post

Headshot of a bald man wearing a tropical print shirt
Nick Pavard

Share this post

Context

Recent weeks have seen renewed attention on digital clinical safety, following a study by Oskrochi et al. and a wave of LinkedIn commentary that followed. Much of the conversation has focused on the identification and reduction of clinical safety non-compliance within digital technologies. But while those conclusions have prompted strong reactions, they risk narrowing the discussion at precisely the moment when a broader, more constructive conversation is needed.

There is much in the study’s conclusions that we agree with. The vision of an NHS transformed by digital technology does hinge on the foundational principle of patient safety, and the study is right to highlight that the interpretation and application of digital clinical safety standards –DCB0129 and DCB0160– are inconsistent across the NHS.

Where the conversation needs reframing is in how the findings are now being interpreted. Rather than centring on the apparent scale of non-compliance, the more meaningful questions are:

What is the real-world impact of non-compliance?

And, more importantly:

What does the system actually need to deliver safe, scalable digital transformation within the realities of NHS capacity?

With forthcoming revisions to safety standards and the introduction of the NHS Innovator Passport, this is an opportunity to ask the right questions: ones that focus on outcomes, capacity, and proportionality rather than on headline numbers alone.

This article offers a pragmatic view grounded in our day-to-day experience working between NHS expectations, national regulations, supplier obligations and the operational realities facing both.

DCB0160 compliance Cutting Through the Noise on DCB0129/0160 Compliance DCB0160 compliance,DCB0129 compliance,digital clinical safety standards,NHS digital clinical safety,clinical safety case report,Clinical Safety Officer CSO,DCB0129 and DCB0160 guidance,DCB0129 DCB0160 interpretation

What the Study Gets Right

We want to be clear: the study’s concluding observations are valuable. 

The clinical safety standards are applied unevenly across the NHS, and such variation undermines the goal of consistent, safe digital transformation. Digital clinical safety must be embedded in organisational culture if the NHS is to benefit fully from increasingly complex technologies.

We are aligned with the call for stronger governance, greater accountability, and a system that prioritises patient safety at every stage of digital adoption.

Where the Conversation Has Gone Off-Track

Some of the commentary that followed the study has leapt from the observation of non-compliance to conclusions about systemic danger, risk of harm and the need to significantly increase the number of Clinical Safety Officers (CSOs). This risks sending the discussion down an unproductive and ultimately impractical route.

Step 1

Non-compliance is a data point, not a diagnosis

Understanding the scale of non-compliance is the beginning of a question, not the end of one. Without further research to understand the actual consequences, we cannot know whether non-compliance represents a genuine safety risk or whether the current deployment standard is helping safety or simply acting as an administrative burden on stretched providers.

Many long-standing legacy systems, for example, while technically non-compliant with DCB0160, benefit from established usage patterns where risks are largely known and managed operationally, making a retrospective safety case a bureaucratic exercise rather than a safety improvement. Furthermore, given the attention to digital transformation, many non-compliant legacy systems may be decommissioned in the near future. 

It is also possible that many systems are compliant with DCB0129 (the manufacturer’s obligation), but deploying organisations do not know this because the documents were never requested or were not retained to be provided.

Circular icon with the number 2

More CSOs are not automatically the answer

There is currently no published evidence that increasing the number of CSOs directly improves patient outcomes. What we do know is that clinical capacity across the NHS is under extreme pressure. Pulling more clinicians out of patient-facing care to complete assessments – often duplicating work undertaken elsewhere – risks worsening the very situation the standards aim to protect.

The conversation should focus on where safety work delivers the greatest value, not on scaling an already stretched resource.

The Real Issue: Interpretation, Variation, and Duplication

The core challenges lie not in the presence of unsafe technology but in how the standards are interpreted and applied across the system.

Step 1

Over-interpretation and blanket application

We regularly see organisations applying DCB standards to all digital health technologies, regardless of risk. This is not mandated and creates unnecessary cost, delay, and administrative burden. The applicability guidance leaves room for interpretation, and this inconsistency is a major driver of variation.

For instance, “real-time or near-real-time direct care” looks very different in an Ambulance Trust compared with services managing long-term conditions. Without clearer definitions, organisations make different assessments about identical systems. We’re hopeful that in the upcoming revision of the standards, this definition will be refined to help suppliers and the NHS make more proportionate decisions on their applicability.

Circular icon with the number 2

Procurement inconsistency

Central frameworks and individual organisations sometimes impose requirements that extend beyond what the standards prescribe. When every organisation demands a different format, depth or set of documents, manufacturers must repeatedly rework material. These are costs ultimately borne by the NHS.

Step 3

Duplication of assessments

Manufacturers complete a DCB0129 for their products. Every deploying organisation then completes its own DCB0160. Across the country, CSOs re-document the same local controls (training needs, integration requirements, infrastructure considerations) that have already been identified. This duplication is one of the most significant drains on capacity in the current system.

These issues, not headline numbers, represent the true bottlenecks in the governance of digital health, and put pressure on NHS resources to effectively ensure compliance.

A More Pragmatic Path: Proportionate, Contextual, and Capacity-Aware

We are not advocating for the removal of the clinical safety standards. We are advocating for their proportionate application, ensuring that safety activity focuses where it is most needed and that the system uses its scarce clinical capacity wisely.

A more effective approach rests on five principles:

1. Focus on risk, not routine

They will be required to submit a heavily CAF-aligned version of the DSPT. This version is structured around the CAF objectives, each with specific compliance thresholds.

2. Protect clinical capacity

Every hour clinicians spend on duplicative assessment is an hour not spent in patient-facing care. Proportionate safety is part of patient safety.

3. Reduce variability with clearer national guidance

The next iteration of DCB0129 and DCB0160 should minimise ambiguity and ensure a clear definition is given concerning what is in and out of scope, with routes to market clearly defined and agreed to minimise duplication or friction in the adoption of technologies requiring compliance.

4. Enable mutual recognition and shared assurance

The Innovator Passport and emerging CSO networks offer opportunities to reduce duplication and support shared approaches, provided they avoid generating additional requirements.

5. Understand where digital clinical safety sits among wider safety risks

Digital risks must be contextualised alongside other causes of patient harm. Proportional investment requires understanding where safety activity will have the greatest impact.

Proportionality is not a dilution of safety; it is a way to ensure safety work strengthens, rather than strains, the system.

Recommendations for Moving Forward

Any attempt to address the current situation should focus on:

  • Standardising clinical safety expectations across all parties by clarifying the ambiguities in the standards.
  • Reducing unnecessary local variation that slows deployment, increases cost and creates further clinical risk by limiting access to innovation. 
  • Understanding the real indicators of harm associated with digital systems and how regulation can reduce – rather than inadvertently escalate – risk.
  • Placing digital clinical safety within the broader landscape of patient safety priorities and investing proportionately with a grounded understanding of the risk of inaction or maintaining the status quo.

Conclusion: A Clearer, More Grounded Conversation

The NHS cannot deliver its digital ambitions without strong governance and a culture that prioritises patient safety. But the pathway to safer, scalable digital health will not be achieved through expanding bureaucracy or diverting more clinicians away from patient care. It requires clarity, proportionality and pragmatic decision-making that recognises both risk and resource.

This is the work we do every single day, helping organisations navigate complexity, interpret standards in context and make well-justified, proportionate decisions that keep patients safe while enabling the NHS to adopt the technology it needs.

Safe technology is possible without unnecessary burden. Pragmatism is not the enemy of safety; done well, it is its strongest ally.

If you’d like to dive deeper into what we hope to see from the upcoming Version 2 of DCB0129 and DCB0160, we’ve shared those thoughts in more detail on our blog.

You can read the full piece

Learn More

If you’d like to dive deeper into what we hope to see from the upcoming Version 2 of DCB0129 and DCB0160, we’ve shared those thoughts in more detail on our blog.

You can read the full piece

Version 2 of DCB0129 and DCB0160

We’re the experts that have your back.

Let us help you find a route from from where you are, to where you need to go. We’re here to help.

Book a Call with our Expert Team

Other Articles​

Loading...
Clinical Safety Fundamentals: The Safety Incident Log

Clinical Safety Fundamentals: The Safety Incident Log

Read More →

November 25, 2025
Title graphic reading 'Version 2 of DCB0129 and DCB0160: What We Hope to See' with NHS DCB0160 and DCB0129 badges

Version 2 of DCB0129 and DCB0160: What We Hope to See

Read More →

October 23, 2025
DCB0129 - 5 Common Mistakes

Expert Insights: DCB0129 – 5 Common Mistakes

Read More →

December 3, 2024
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept