Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

The Pendulum: AI, AVTs, and the Evolving Governance of Health Tech in the NHS

  • Published: August 13, 2025
  • Category: Artificial Intelligence

Share this post

Avatar photo
Adam Spinks

Share this post

Innovation in health technology promises a future of enhanced patient care and streamlined operations. Yet, the path to adoption is rarely linear. For the National Health Service (NHS), this journey of technological adoption often resembles a “swinging pendulum,” oscillating not only between centralised control and localised autonomy but also between caution and enthusiasm. The recent discourse around Artificial Intelligence (AI), particularly Ambient Voice Technologies (AVTs), perfectly illustrates this dynamic, revealing a rapidly changing and at times confusing landscape for health tech implementation.

The Pendulum of Progress: A Computing Analogy

To understand the NHS’s tech journey, it’s helpful to look at the broader history of computing. Early computing was highly centralised, with massive machines accessible to only a privileged few.

Control was exerted from and responsibility therefore fell to a single, central point, with limited scope for deviation or individual interpretation by end users. This evolved into the mainframe era, where multiple terminals accessed a shared, powerful central system, opening up access to a greater number of distributed users. Even then, the core rules and access points were centrally managed, and responsibility primarily fell to the ‘administrators’ but it opened up some opportunities for local autonomy.

Then came the age of the Personal Computer (PC), championing individual control and decentralisation – everyone had a PC on their desk (or a laptop on their dining table, or a smartphone in their pocket). This represented a shift towards local autonomy, allowing individuals and teams far greater scope to develop their own rules and approaches with minimal central oversight, but resulted in the responsibilities then falling to the organisations or end users that were acting as ‘administrators’.

Today, with cloud computing, we’ve returned to a hybrid model: centralised, scalable computing resources accessed seamlessly from diverse local devices.  There remains some degree of central control and responsibility at the platform level, but this approach offers far greater scope for local variations with the end-users or organisations retaining significant responsibility for their implementation, adaptation, and adherence. Each shift in what was technically possible (and cost-effective) brought immense benefits, but also new challenges in management, security, and integration, forcing a re-evaluation of the “right” approach.

The NHS's Own Tech Odyssey: From Centralisation to "Wild West" and Back

The NHS’s experience with technology adoption mirrors this pendulum swing. For years, the drive was often towards large-scale, centralised programmes. A prime example is the National Programme for IT (NPfIT) in the early 2000s. This ambitious, top-down initiative aimed to create a single, integrated IT system across the entire NHS. While its intentions were noble – to unify fragmented systems and improve data sharing – its sheer scale and centralised mandate proved challenging, ultimately leading to its dismantling.

Following the NPfIT, the pendulum swung back towards greater local autonomy. Publications from around 2014 championed the benefits of letting “a thousand flowers bloom” and adopting a “horses for courses” approach, empowering individual trusts and practices to choose solutions best suited to their specific needs. This fostered local innovation and responsiveness but also led to continued fragmentation and interoperability issues.

Now, we observe another swing towards a hybrid model. While local flexibility remains important, there’s a renewed push for centralised programmes like the Federated Data Platform (FDP) to enable integrated data sharing. Simultaneously, the centre is issuing specific mandates and guidance for critical emerging technologies, such as AI and AVTs, attempting to balance local innovation with necessary oversight.

AI and AVTs: Dynamic Responses

The recent narrative surrounding AI, particularly AVTs, vividly demonstrates this dynamic tension and the rapid shifts in central messaging, epitomising the pendulum swing between the local and centralised approach, as well as the swing from caution to enthusiasm and back again.

October – December 2023: Local Bodies Pave the Way with Early Cautious Enthusiasm

In the absence of comprehensive, system-wide central guidance, the enthusiasm surrounding the potential of AI led various NHS organisations and arms-length bodies to issue their own policies and advice on AI, often with a clear emphasis on governance and risk mitigation to enable local innovation.

  • October 2023: Humber and North Yorkshire Integrated Care Board (ICB) published its “Artificial Intelligence (AI) Governance Policy”. This comprehensive draft policy established guidelines for the development, implementation, and monitoring of AI systems to protect personal data, uphold ethical standards, and mitigate potential risks. It notably recommended caution with freely available AI tools like ChatGPT, stating that no personal or business-sensitive data should be used in such applications for non-clinical purposes, and required Data Protection Impact Assessments (DPIAs) for procured AI products.
  • November 2023: The NHS Confederation, an independent membership body for NHS leaders, published “AI in healthcare: what NHS leaders need to know”. This briefing aimed to equip leaders with an understanding of AI’s potential and challenges, encouraging its adoption but stressing the vital role of strong governance, ethical considerations, and addressing workforce impact.
  • December 2023: NHS Employers, a body representing NHS trusts and foundation trusts, updated its “Guidance on the use of artificial intelligence in candidate applications”. This specific guidance focused on the ethical, fair, and transparent use of AI in recruitment processes, emphasising the need to avoid bias and maintain human oversight and data protection.

September 2024 – January 2025: Ground-Level Skepticism and Warnings

Even before the major central push for AI across the NHS, early warnings and a degree of skepticism emerged from the frontline:

  • September 2024: GPs were cautioned against using AI for sensitive tasks like complaint responses, due to potential inaccuracies.
  • November 2024: Somerset NHS Foundation Trust published its own AI policy, focusing on the safe integration of AI, ethical and legal responsibilities, and the need for yearly reviews of AI systems within the trust.
  • January 2025: The message from information governance teams became clearer: GPs were warned against using AI without seeking prior approval from their Integrated Care Board (ICB) and undertaking essential Data Protection Impact Assessments (DPIAs). This period reflected a broader wave of caution and a recognition that the rapid adoption of AI required careful consideration of its implications.

April 2025: The Pendulum Swings Towards Enthusiasm and Endorsement from the Centre

Following this initial caution, the pendulum swung significantly towards central enthusiasm.

  • April 2025: NHS England published guidance on the use of AI-enabled ambient scribing products, actively encouraging their adoption. The government, too, amplified the message, hailing AI doctor assistants as a “gamechanger,” poised to “speed up appointments” and “bulldoze bureaucracy”. Health Secretary Wes Streeting publicly advocated for AI’s widespread use in the NHS, underlining a strong central push to embrace this technology to alleviate administrative burdens and free up clinician time. The sentiment was clear: AI was the future, and its widespread adoption was imminent.

May – June 2025: The Centre’s Pendulum Swings Back to Heightened Caution and Compliance Demands

However, this period of endorsement was quickly followed by a renewed and intensified focus on risks, compliance, and accountability. Indeed, even during the April enthusiasm, the Leicester, Leicestershire and Rutland Local Medical Committee (LMC) had already described the prevailing situation as a “Wild West” due to the perceived lack of consistent central advice or local support, illustrating the confusion and fragmented approach to AI adoption at the grassroots level. This sentiment proved prophetic, as before long, a more cautious approach re-emerged:

  • May 2025: The British Medical Association (BMA) issued its own interim guidance, warning GPs of AI risks and highlighting that regulation was in a “state of flux”. They stressed the critical need for “absolute clarity around the use of confidential patient data,” robust DPIAs, appropriate indemnity, and utilising the Yellow Card system for any adverse events.
  • Concurrent Warnings from NHS England:Warnings reiterated that GP practices “may still be liable” for clinical negligence claims arising from AI use, even as the Health Secretary continued to push for its adoption. This placed the onus firmly on deploying organisations and individual clinicians.
  • The June 9th NHSE Letter and Unapproved Use: A pivotal moment arrived with a letter from NHS England’s national chief clinical information officer on June 9, 2025. This communication explicitly warned that “a number of AVT solutions which, despite being non-compliant… are still being widely used in clinical practice”. It unequivocally stated that “proceeding with non-compliant solutions risks clinical safety, data protection breaches, financial exposure, and fragmentation of broader NHS digital strategy”. This central directive was underscored by a Sky News investigation, which revealed widespread use of unapproved AI software by doctors, leading to demands from NHS bosses to halt such practices immediately.

This rapid sequence of events – from early trepidation, through enthusiastic promotion, to stark warnings about non-compliance and liability – vividly demonstrates the challenges of integrating cutting-edge technology into a complex, safety-critical environment like the NHS. It underscores a critical truth: the pace of technological innovation often outstrips the development of robust governance frameworks.

The Correct Approach: A Hybrid Governance Model with Robust Foundations

What is the “correct” approach in this swinging pendulum? The evolving narrative around AI and AVTs suggests that neither extreme – unfettered local innovation nor rigid central command – is sufficient on its own. Instead, a nuanced hybrid model, underpinned by robust governance, is essential.

One of the primary reasons a purely centralised or locally autonomous approach faces inherent limitations lies in the fundamental legal structure of the NHS itself. Despite outward appearances, the NHS is not a single, monolithic organisation. It functions more like a vast, interconnected network, or even a “franchise” comprising hundreds of distinct NHS trusts and thousands of independent GP practices and other providers, each operating as separate legal entities, but under the branding of the NHS. Each of these organisations carries its own legal liability for the services it delivers. This decentralised legal structure means that a degree of local responsibility and liability is, to a large extent, inevitable (unless the entire foundational structure of the NHS were to be completely overhauled to become a single legal entity).

Given this reality, a hybrid approach becomes not just pragmatic, but necessary:

1. Clear Centralised Standards and Oversight:

The centre must define clear, non-negotiable standards for safety, data security, interoperability, and medical device classification. This provides a necessary baselines and a framework to protect patients and ensure consistent quality across the system, regardless of the local provider. NHSE’s recent, more stringent guidance on AVTs, despite the initial mixed messages, is a crucial step towards establishing these essential guardrails

2. Empowered Local Implementation with Accountability:

Within these central parameters, local organisations need the flexibility to select and implement solutions that best fit their specific needs and workflows. However, this flexibility must come with clear accountability for ensuring compliance, clinical safety, and data protection, in line with any central standards, as highlighted by the warnings about individual and organisational liability.

3. Continuous Learning and Adaptive Governance:

The pace of AI development demands a governance framework that is agile and adaptive. This requires ongoing dialogue, collaboration, and rapid iteration between technology developers, clinicians, policymakers, and patients. It means continuously assessing risks, updating guidance, and learning from real-world deployments.

At 8foldGovernance, we believe that the true potential of health tech, including transformative AI, can only be realised when safety, ethics, and robust governance are embedded from the outset. Effective governance extends beyond policy to practical implementation. Streamlined procurement, for instance, is fundamental to ensuring innovative technologies can actually be deployed within the NHS. For more on this vital aspect, you can read our insights on A Procurement Prescription: Streamlining Procurement for the New NHS. 

The journey of AVTs in the NHS is a powerful reminder that while innovation is vital, it must always be balanced with meticulous attention to compliance and patient trust. By fostering a collaborative ecosystem where central guidance empowers responsible local action, the NHS can navigate the pendulum’s swing and build a future of better, safer healthcare.

We’re the experts that have your back.

Let us help you find a route from from where you are, to where you need to go. We’re here to help.

Book a Call with our Expert Team

Other Articles​

Loading...

Even if AI never solves a problem, it’s solved one for me

Read More →

July 8, 2026

Making sense of AI in Healthcare: Why we built 8fold Training

Read More →

April 20, 2026
AI isn’t special

AI isn’t special

Read More →

February 19, 2026
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept