Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

Version 2 of DCB0129 and DCB0160: What We Hope to See

  • Published: October 23, 2025
  • Category: Clinical Safety

Share this post

Avatar photo
Karen Whitton

Share this post

Version 2 of DCB0129 & DCB0160 : A Brief History

DCB0129 and DCB0160 have been central to the UK’s approach to digital clinical safety for more than a decade, and with Version 2 of the standards now on the horizon, we thought it worthwhile to share our thoughts and hopes for the future of these essential clinical risk management standards.

DCB0129 and DCB0160 were created to provide assurance that health IT systems are safe for use in patient care, but the technology landscape has moved on. Artificial Intelligence, international standards and the evolving role of the Clinical Safety Officer (CSO) present challenges that were not anticipated when the standards were first written.

The review leading up to the release of version 2 of the standards is one of the most significant developments in digital clinical safety to date. We see daily how the standards are applied in practice, and where they create unnecessary complexity or duplication. We see this review as an opportunity to bring clarity, consistency and efficiency to a process that is essential but often misunderstood.

Version 2 of DCB0129 Version 2 of DCB0129 and DCB0160: What We Hope to See Version 2 of DCB0129,DCB0160 V2
Version 2 of DCB0129 Version 2 of DCB0129 and DCB0160: What We Hope to See Version 2 of DCB0129,DCB0160 V2

Artificial Intelligence and Machine Learning in DCB0129 & DCB0160

The NHS has highlighted AMLAS (Assurance of Machine Learning for use in Autonomous Systems) as a reference point for AI assurance, and members of our team have already taken part in the NHS-led training. AMLAS is a strong framework for structuring safety cases and mapping assurance claims to evidence. However, it extends far beyond risk management and can overlap with requirements traditionally included in a Medical Device technical file. If AMLAS is adopted in full, it could overwhelm CSOs with responsibilities beyond their remit.

We hope that the revised standards focus on the risk management strand of AMLAS, where it adds real value, without duplicating technical file requirements. International frameworks such as BS AAMI 34971, which extends ISO 14971 specifically for AI and machine learning risks, already provide a pragmatic and globally aligned way to assess data quality, model risks and bias. Together, these approaches could offer CSOs workable tools while allowing manufacturers to keep processes consistent across markets.

ISO 1497

The Case for Alignment with ISO 14971

DCB0129 was originally derived from an earlier version of ISO 14971, the international standard for medical device risk management. Yet in practice, many CSOs treat the two as separate, even contradictory, processes. This creates confusion for manufacturers, many of whom already comply with ISO 14971 and then face duplicative UK requirements. We hope the revised standards explicitly align with ISO 14971. 

A manufacturer’s Clinical Risk Management File should form the core of a DCB0129 submission, with only a light-touch Annex for UK-specific requirements. CSOs trained in both standards would be able to bridge any differences and avoid duplication.

Keeping DCB0129 distinct risks inconsistencies. When Notified Bodies in the case of Medical Devices, encounter duplicated but non-identical processes, confidence in the safety case is undermined. 

Clearer alignment would smooth audits, reduce findings and make the UK a more attractive market for digital health products.

Clinical Safety Officer

The Role of the CSO

We see wide variation in how CSOs interpret their responsibilities. Some spend disproportionate effort on low-risk products while high-risk systems receive only a cursory check. Others take on an auditor-like stance and attempt to review the entire technical file. That level of review may be appropriate for a DCB0129 CSO working on the manufacturer side, but not for a DCB0160 CSO, whose focus should be deployment in the local context.

If both CSOs carry out the same assessment, the distinction between the roles becomes meaningless.

Clearer boundaries would prevent duplication and ensure each CSO adds value in their own domain. CSOs are most effective when they focus on clinical risk and deployment, not re-auditing manufacturer systems.

Documentation requirements are another source of friction. The current wording suggests that the Clinical Safety Case Report should be “made available”, but in practice, deploying CSOs often request much more, including sensitive material, with little clarity on contractual rights. For manufacturers, especially those operating internationally, this uncertainty is a barrier.

We hope to see definitive guidance on

  • Low-risk legacy systems have a lighter requirement for assessment
  • The DCB0129 CSO focusing on manufacturer assurance
  • The DCB0160 CSO focusing on deployment and local use
  • Exactly what documentation must be shared, with protection of intellectual property
  • Defined qualifications and competencies for CSOs, so the role is consistent and credible
Information Governance icon

Governance and Leadership Accountability

Clinical safety should not sit in isolation. Too often, the burden falls heavily on CSOs without visible support from senior leaders. This creates risk by framing clinical safety as an operational task rather than a strategic responsibility.

We hope to see stronger requirements for leadership accountability. A named executive from top management should oversee the clinical safety process and co-sign key deliverables. This would give CSOs greater support and embed safety at the heart of organisational decision-making.

Version 2 of DCB0129 Version 2 of DCB0129 and DCB0160: What We Hope to See Version 2 of DCB0129,DCB0160 V2

The Case for a More Efficient, Risk-Proportionate Process

Both standards already state that effort should be proportionate to risk, but in practice, this principle is not applied consistently. Processes often become resource-intensive and misaligned with actual risk.

Deploying CSOs have suggested that manufacturers should take on more of the burden, but most manufacturers, particularly global ones, do not have the capacity to support bespoke UK processes. If compliance becomes unpredictable or disproportionately heavy, some may deprioritise the UK, limiting access to innovation without improving safety.

A tiered model could help, where requirements scale with risk and changes are clearly defined. Drawing on IEC 62304’s approach to software safety classification may offer a useful starting point.

Inefficiency in clinical safety is itself a safety risk. If processes absorb too much resource, the adoption of safe tools is delayed and NHS teams are distracted from other priorities. We hope the revised standards enable risk-based processes that maintain rigour while supporting efficiency.

Version 2 of DCB0129 Version 2 of DCB0129 and DCB0160: What We Hope to See Version 2 of DCB0129,DCB0160 V2

The Role of Procurement and Contracting

Clearer documentation rules will only work if they are reflected in contracts. NHS organisations often request wide-ranging safety documentation without defining what is in scope. This creates delays and exposes manufacturers to uncertainty over intellectual property.

We hope the revised standards prompt procurement teams to update their templates. Contracts should specify exactly what must be provided, when, and under what protections. For manufacturers, this will bring confidence that sensitive information is safeguarded. For NHS organisations, it will enable smoother and faster deployments.

Looking Ahead

Version 2 of DCB0129 and DCB0160 is a chance to modernise the UK’s approach to digital clinical safety. It can give CSOs clearer roles and better training, align with international best practice and build efficiency into every step.

For AI, there is an opportunity to combine the best of what already exists. AMLAS can structure safety cases and map assurance claims to evidence, but CSOs should focus only on its risk management strand. BS AAMI 34971 provides the natural extension of ISO 14971 for AI and machine learning risks. DCB0129 and DCB0160 remain the backbone, one for manufacturer assurance and the other for deployment and monitoring.

If the revised standards achieve this balance, they will reduce confusion for manufacturers, strengthen the CSO profession and support the NHS in safely embracing innovation. Done well, they could position the UK as a global benchmark for digital clinical safety.

We remain optimistic. With the right changes, these standards can underpin a safer, smarter and more sustainable digital health ecosystem for years to come, leaning into aspirations set out in the NHS 10-Year Plan to transition the health service from analogue to digital.

We’re the experts that have your back.

Let us help you find a route from from where you are, to where you need to go. We’re here to help.

Book a Call with our Expert Team

Other Articles​

Loading...
DCB0129 compliance, DCB0160 compliance, digital clinical safety standards, NHS digital clinical safety, clinical safety case report, Clinical Safety Officer CSO, DCB0129 and DCB0160 guidance, DCB0129 DCB0160 interpretation,

Cutting Through the Noise on DCB0129/0160 Compliance

Read More →

January 21, 2026
Clinical Safety Fundamentals: The Safety Incident Log

Clinical Safety Fundamentals: The Safety Incident Log

Read More →

November 25, 2025
DCB0129 - 5 Common Mistakes

Expert Insights: DCB0129 – 5 Common Mistakes

Read More →

December 3, 2024
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept