What is the NHS Digital Technology Assessment Criteria (NHS DTAC)?

DTAC Compliance - graphic

Healthtechs – Building a solution for use in healthcare?

Then you may have already encountered the phrase: ‘NHS DTAC compliance’.

If you haven’t – it’s only a matter of time. 

For patient facing technologies to be deemed fit for procurement in the NHS, compliance with DTAC requirements is essential. But if you’ve just secured your first pilot in a clinical setting - or you’re working on securing your place on a coveted framework - you might feel apprehensive:

After all, isn’t DTAC just another hurdle a solution needs to overcome before it can have a real impact?

Not exactly - let’s take a look at what it means in more detail.


What is the NHS Digital Technology Assessment Criteria?

DTAC is the national baseline criteria for digital health technologies in health and social care.

It was introduced in 2021 by NHSX to replace the now defunct DAQ standards.

Whether your solution or app is designed for patients or clinicians, it will need to demonstrate DTAC compliance.


What are the different standards under the DTAC framework?

DTAC brings together the most important compliance requirements for healthtech under a single set of criteria, providing a clear framework against which compliance can be assessed.


Clinical Safety

Clinical safety and risk management ensures your solution is safe for use by patients and clinicians, and that you have the necessary risk management processes in place.

Compliance requires proof that your solution has met standards around clinical safety – e.g. through compliance with DCB0129, the appointment of a Clinical Safety Officer (CSO), and registration with the Medicines and Healthcare Regulatory Agency (MHRA) where applicable.

How it is assessed: Pass/Fail


Data protection

DTAC requires developers to demonstrate the steps that they have taken to ensure that patient data is handled safely and securely, and that companies have robust protection policies in place, including registration with the Information Commissioner's Office (ICO) and completion of the NHS Data, Security and Protection Toolkit.

How it is assessed: Pass/Fail


Technical security

With healthcare facing a significant threat of cyber attack, it’s important that suppliers take extra care to protect their solutions from exploitation. Companies must ensure solutions have been subject to penetration testing within the last 12 months and fixed priority security vulnerabilities, and have achieved Cyber Essentials certification.

How it is assessed: Pass/Fail



With large volumes of data moving through the health system, it’s vital that any new solution is compatible with both incumbent and new systems. By implementing interoperability, new solutions ensure that data can be accessed efficiently and safely by users across the entire health care eco-system.

How it is assessed: Pass/Fail


Usability and accessibility

The Usability and accessibility requirements that form part of NHS DTAC help to ensure that a solution is designed to meet the requirements of its end-user(s), and in a way that does not prevent those with additional accessibility needs benefiting.

How usability is assessed: percentage score


Is the NHS DTAC mandatory?

At a national level, DTAC is currently advisory only, but this doesn’t quite tell the full story.

In practice, it will be nearly impossible for health apps or digital health solutions to be procured within the NHS without demonstrating compliance.

A valid DTAC evidence file is a requirement for adoption by most NHS organisations and access to relevant procurement frameworks for health technology solutions.

In the future, it is likely that we will see even stricter requirements for healthtech solutions to demonstrate compliance.


How do I ensure a healthtech solution is DTAC compliant?

When it comes to ensuring compliance, every company will be different.

It’s possible that you may already have evidence that meets specific requirements around clinical safety, you’ve registered with the ICO, or you’ve had your solution audited for accessibility.

But don’t worry if this isn’t the case.

Regardless of what stage of your compliance journey you are at, we can work with you to demonstrate compliance against each criteria.

We’ll help you to build an evidence file that meets the requirements for the DTAC assessment, and crucially, we’ll help to build a compliance culture in your organisation so that you're always building with compliance front of mind. This is really important, as compliance never stops, once you achieve DTAC, you must ensure all new releases of your innovation remain DTAC aligned.

Do you have burning questions about DTAC, or want to discuss your compliance needs in more detail?

Book a discovery call with the Acorn Compliance team today.

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team.

We hate SPAM. We will never sell your information, for any reason.