What regulatory approvals do digital or AI software innovations require?

This page will help you understand questions such as:

  • What is a digital or AI technology?
  • What classification is my digital health technology?
  • What regulatory approvals do digital or AI softwares require?

What is a digital or AI technology?

Digital healthcare technologies (DHTs) are used for healthcare purposes and can consist of:

  • Apps
  • Software
  • Platforms
  • Online tools
  • Wearable devices and sensors
  • Artificial intelligence (AI) and decision-support tools

What classification is my digital health technology?

The National Institute for Health and Care Excellence (NICE) classifies digital health technologies into three tiers:

DHTs intended to save costs or release staff time, no direct patient, health or care outcomes. For example system services.

DHTs for helping citizens and patients to manage their own health and wellness. For example, technologies that communicate about health and care, health and care diaries, or promote good health.

DHTs for treating and diagnosing medical conditions or guiding care choices. This includes DHTs with direct health outcomes, and those that are likely to be regulated medical devices. For example, technologies that inform clinical management, drive clinical management, treat specific conditions, or diagnose a specific condition.

What regulatory approvals do digital or AI software require?

Digital or AI software typically require the following in order to be implemented into the NHS:

An assessment framework that compiles the standards and policies that digital health technologies must meet to be implemented into the NHS. Here, five key areas are covered: clinical safety, data protection, technical security, interoperability, and usability and accessibility. Five technical security requirements are also needed: cyber essentials certificate, penetration testing, custom code review, multi-factor authentication, and logging and reporting.

Evidence that a digital health technology is clinically effective and provides value to the NHS must be sought. The NICE evidence standards framework outlines the standard of evidence required for each classification of digital health technology.

The NHS requires DCB0129 (clinical risk management for manufacturers) and DCB0160 (clinical risk management for health organisations) to identify and control risks of harm. DCB0129 requires a clinical safety officer, a clinical risk management file, a hazard log, a clinical safety case report, and post-market clinical safety processes. DCB0160 requires the adopter to review the manufacturer’s DCB0129 documentation, conduct a local clinical risk assessment, a local hazard log, a local clinical safety case report, and ongoing governance once live. This assesses whether the digital health technology is safe in the local environment that it is going to be adopted within.

Digital health technologies must comply with data protection laws in the UK. For more information on data protection compliance, check out the guidance here.

AI technologies must comply with ISO/IEC 42001, which details the steps required to establish, implement, maintain, and improve the AI technology to ensure they are being developed ethnically and transparently.

Innovations must align with delivering a net zero NHS by 2040. As well as this, innovations must adhere to carbon reporting expectations. A full Carbon Reduction Plan is required for procurements of over £5 million per annum including VAT, or a Net Zero Commitment for procurements lower than £5 million per annum including VAT.

If the software is a medical device, the innovation is considered a ‘Software as a Medical Device (SaMD)’ and must be regulated by the UK Medicines and Healthcare products Regulatory Agency (MHRA). Check out the requirements for medical devices here.

Want to understand what approvals are required for your digital health technology?

Contact us