Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

NHS DTAC FAQ

All your DTAC questions answered

Nhs dtac, dtac, dtac nhs

Your Guide to DTAC Compliance – FAQs

At 8foldGovernance, our UK-based team of specialists has a proven track record in guiding digital health and medtech business through every step of the NHS Digital Technology Assessment Criteria (DTAC) – from Clinical Safety and Data Protection to Technical Security, Interoperability and Usability & Accessibility.
Book a Free Discovery Call

Table of Contents

Why is the NHS DTAC important for NHS organisations?

NHS organisations use the DTAC as a minimum baseline of compliance requirements. The DTAC helps the NHS to assess the compliance and maturity of solutions during or before a formal procurement exercise.

Who does the NHS DTAC apply to?

The NHS DTAC applies to all new digital technologies, even where new technologies are being piloted in an NHS organisation. If a developer has multiple products, each one needs to be compliant with the DTAC. Some examples of products in the scope of DTAC include: AI tools designed for clinical decision support, patient-facing digital health technologies, health apps, medtech and devices with an associated app, health IT systems, web-based portals and more.

How does the NHS use the DTAC as part of decision-making?

DTAC provides a consistent, national baseline for compliance for all digital technologies. The NHS often use it as a minimum set of requirements to evaluate a new technology, but may sometimes ask for more information if the product includes Generative AI capabilities or is considered a Medical Device.

What are the key components of DTAC?

The DTAC has five essential criteria against which digital technology proposed for use within the NHS must be assessed: Data Protection, Clinical Safety, Technical Security, Interoperability, and Usability and Accessibility. It’s designed to help innovators maintain focus on high standards and, as such, requires an ongoing commitment to quality and safety throughout the lifetime of the product(s) in question.

Do Medical Device manufacturers have to comply with the DTAC?

Medical Device manufacturers need to comply with the DTAC if they have a software solution which is classed as a Medical Device or there is a software component which enables a piece of Medical Device hardware to connect with third-party systems. They will also need to complete the Pre-Acquisition Questionnaire (PAQ) as part of the procurement process.

How often should DTAC be reviewed and updated?

DTAC should be reviewed and updated regularly, at least on an annual basis. Different aspects of your DTAC submission will need to be reviewed at different times during the year, so it is expected to be an ongoing commitment to retain compliance with the DTAC framework.

How does DTAC relate to data protection regulations?

DTAC incorporates considerations for data protection regulations by assessing how digital technologies comply with legal requirements and safeguard user data. There is the expectation with the DTAC for a supplier to be registered with the Information Commissioner's Office (ICO), appoint a Data Protection Officer (DPO), complete the NHS Data Security Protection Toolkit (DSPT) and produce an outline Data Protection Impact Assessment (DPIA) for use with potential NHS customers.

How does DTAC relate to the Clinical Safety standards DCB0129/DCB0160?

Clinical Safety is one of the 5 sections of the DTAC criteria. As part of a complete DTAC submission, suppliers must evidence that they have completed the necessary documentation to be deemed compliant with DCB0129. Manufacturers of solutions assessed against the DTAC are not required to complete DCB0160 - this is the responsibility of the NHS organisation deploying the technology.

How can organisations effectively adopt DTAC?

Organisations can effectively adopt DTAC by building a robust process for quality assurance, with dedicated resources appointed to manage each component of the DTAC submission. A high-quality DTAC submission is dependent on a multi-disciplinary approach and a commitment to maintaining documentation to reflect the latest version of the product.

Can 8foldGovernance help me get DTAC compliant?

Absolutely. The 8foldGovernance team have significant experience in supporting organisations through the DTAC questionnaire, with experience across each of the 5 domains. They have worked with hundreds of businesses to comply with the DTAC and secure contracts in the NHS.

See how we can help you with DTAC

Want to Learn More?

On this page you’ll find answers to the most common question about the NHS DTAC and what it involves for your organisation.

Blog post: NHS DTAC V2 - what has changed, and how will this affect you

DTAC V2: What has changed, and how will this affect you

Read More →

March 30, 2026
DTAC for enterprise

The NHS DTAC – Compliance for Enterprise Health-tech Companies Made Simple

Read More →

November 17, 2025
Guide to the NHS DTAC

The Experts Guide to the NHS DTAC (Digital Technology Assessment Criteria)

Read More →

September 22, 2025
Blog post: NHS DTAC V2 - what has changed, and how will this affect you

DTAC V2: What has changed, and how will this affect you

Read More →

March 30, 2026
DTAC for enterprise

The NHS DTAC – Compliance for Enterprise Health-tech Companies Made Simple

Read More →

November 17, 2025
Guide to the NHS DTAC

The Experts Guide to the NHS DTAC (Digital Technology Assessment Criteria)

Read More →

September 22, 2025
Read more

Get Started on Your Compliance Journey.

Let’s see how we can help you navigate DTAC or any other aspect of information governance, data protection or clinical safety.

Book Your Call Now →
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept