DCB0129 and DCB0160 have been central to the UK’s approach to digital clinical safety for more than a decade, and with Version 2 of the standards now on the horizon, we thought it worthwhile to share our thoughts and hopes for the future of these essential clinical risk management standards.
DCB0129 and DCB0160 were created to provide assurance that health IT systems are safe for use in patient care, but the technology landscape has moved on. Artificial Intelligence, international standards and the evolving role of the Clinical Safety Officer (CSO) present challenges that were not anticipated when the standards were first written.
The review leading up to the release of version 2 of the standards is one of the most significant developments in digital clinical safety to date. We see daily how the standards are applied in practice, and where they create unnecessary complexity or duplication. We see this review as an opportunity to bring clarity, consistency and efficiency to a process that is essential but often misunderstood.
The NHS has highlighted AMLAS (Assurance of Machine Learning for use in Autonomous Systems) as a reference point for AI assurance, and members of our team have already taken part in the NHS-led training. AMLAS is a strong framework for structuring safety cases and mapping assurance claims to evidence. However, it extends far beyond risk management and can overlap with requirements traditionally included in a Medical Device technical file. If AMLAS is adopted in full, it could overwhelm CSOs with responsibilities beyond their remit.
We hope that the revised standards focus on the risk management strand of AMLAS, where it adds real value, without duplicating technical file requirements. International frameworks such as BS AAMI 34971, which extends ISO 14971 specifically for AI and machine learning risks, already provide a pragmatic and globally aligned way to assess data quality, model risks and bias. Together, these approaches could offer CSOs workable tools while allowing manufacturers to keep processes consistent across markets.
The Case for Alignment with ISO 14971
DCB0129 was originally derived from an earlier version of ISO 14971, the international standard for medical device risk management. Yet in practice, many CSOs treat the two as separate, even contradictory, processes. This creates confusion for manufacturers, many of whom already comply with ISO 14971 and then face duplicative UK requirements. We hope the revised standards explicitly align with ISO 14971.
A manufacturer’s Clinical Risk Management File should form the core of a DCB0129 submission, with only a light-touch Annex for UK-specific requirements. CSOs trained in both standards would be able to bridge any differences and avoid duplication.
Keeping DCB0129 distinct risks inconsistencies. When Notified Bodies in the case of Medical Devices, encounter duplicated but non-identical processes, confidence in the safety case is undermined.
Clearer alignment would smooth audits, reduce findings and make the UK a more attractive market for digital health products.
We see wide variation in how CSOs interpret their responsibilities. Some spend disproportionate effort on low-risk products while high-risk systems receive only a cursory check. Others take on an auditor-like stance and attempt to review the entire technical file. That level of review may be appropriate for a DCB0129 CSO working on the manufacturer side, but not for a DCB0160 CSO, whose focus should be deployment in the local context.
If both CSOs carry out the same assessment, the distinction between the roles becomes meaningless.
Clearer boundaries would prevent duplication and ensure each CSO adds value in their own domain. CSOs are most effective when they focus on clinical risk and deployment, not re-auditing manufacturer systems.
Documentation requirements are another source of friction. The current wording suggests that the Clinical Safety Case Report should be “made available”, but in practice, deploying CSOs often request much more, including sensitive material, with little clarity on contractual rights. For manufacturers, especially those operating internationally, this uncertainty is a barrier.
We hope to see definitive guidance on
- Low-risk legacy systems have a lighter requirement for assessment
- The DCB0129 CSO focusing on manufacturer assurance
- The DCB0160 CSO focusing on deployment and local use
- Exactly what documentation must be shared, with protection of intellectual property
- Defined qualifications and competencies for CSOs, so the role is consistent and credible
Governance and Leadership Accountability
Clinical safety should not sit in isolation. Too often, the burden falls heavily on CSOs without visible support from senior leaders. This creates risk by framing clinical safety as an operational task rather than a strategic responsibility.
We hope to see stronger requirements for leadership accountability. A named executive from top management should oversee the clinical safety process and co-sign key deliverables. This would give CSOs greater support and embed safety at the heart of organisational decision-making.
The Case for a More Efficient, Risk-Proportionate Process
Both standards already state that effort should be proportionate to risk, but in practice, this principle is not applied consistently. Processes often become resource-intensive and misaligned with actual risk.
Deploying CSOs have suggested that manufacturers should take on more of the burden, but most manufacturers, particularly global ones, do not have the capacity to support bespoke UK processes. If compliance becomes unpredictable or disproportionately heavy, some may deprioritise the UK, limiting access to innovation without improving safety.
A tiered model could help, where requirements scale with risk and changes are clearly defined. Drawing on IEC 62304’s approach to software safety classification may offer a useful starting point.
Inefficiency in clinical safety is itself a safety risk. If processes absorb too much resource, the adoption of safe tools is delayed and NHS teams are distracted from other priorities. We hope the revised standards enable risk-based processes that maintain rigour while supporting efficiency.
The Role of Procurement and Contracting
Clearer documentation rules will only work if they are reflected in contracts. NHS organisations often request wide-ranging safety documentation without defining what is in scope. This creates delays and exposes manufacturers to uncertainty over intellectual property.
We hope the revised standards prompt procurement teams to update their templates. Contracts should specify exactly what must be provided, when, and under what protections. For manufacturers, this will bring confidence that sensitive information is safeguarded. For NHS organisations, it will enable smoother and faster deployments.
Looking Ahead
Version 2 of DCB0129 and DCB0160 is a chance to modernise the UK’s approach to digital clinical safety. It can give CSOs clearer roles and better training, align with international best practice and build efficiency into every step.
For AI, there is an opportunity to combine the best of what already exists. AMLAS can structure safety cases and map assurance claims to evidence, but CSOs should focus only on its risk management strand. BS AAMI 34971 provides the natural extension of ISO 14971 for AI and machine learning risks. DCB0129 and DCB0160 remain the backbone, one for manufacturer assurance and the other for deployment and monitoring.
If the revised standards achieve this balance, they will reduce confusion for manufacturers, strengthen the CSO profession and support the NHS in safely embracing innovation. Done well, they could position the UK as a global benchmark for digital clinical safety.
We remain optimistic. With the right changes, these standards can underpin a safer, smarter and more sustainable digital health ecosystem for years to come, leaning into aspirations set out in the NHS 10-Year Plan to transition the health service from analogue to digital.
We’re the experts that have your back.
Let us help you find a route from from where you are, to where you need to go. We’re here to help.