Artificial intelligence is becoming increasingly common within the UK healthcare sector as organisations rush to embrace the efficiency savings the technology can bring to their clinical and administrative operations.
However, simultaneously, there is increased public and political awareness of the potential negative associations with AI, and an expectation for the regulators to better safeguard the public’s interests.
This guide discusses how AI is regulated in UK healthcare currently, the application of DCB0129 and DCB0160 to AI systems and the action organisations need to take to stay ahead of the changing regulatory landscape.
Understanding DCB0129 and DCB0160
DCB0129 and DCB0160 are mandatory NHS clinical safety standards for digital health systems used in patient care, both traditional software and AI-enabled systems.
-
- DCB0129 applies to manufacturers and suppliers of health IT systems
-
- DCB0160 applies to NHS organisations deploying and using the systems
The purpose of both standards is to reduce the risk of patient harm by enforcing structured clinical risk management, defined accountability, and documented safety assurance.
How These Standards Apply to AI Software
The safe use of AI within a patient’s healthcare journey is supported by the DCB Standards.
Machine learning, adaptive logic and predictive analytical software require more stringent validation, monitoring and governance. Organisations must show awareness of the risks associated with AI and demonstrate their successful mitigation strategies.
How AI Regulation Differs from Traditional Software Oversight
Traditional clinical software tends to behave consistently once deployed, whereas AI systems can evolve with time as a result of:
-
- Retraining on new data
-
- Changes in patient populations
-
- Updates to models or algorithms
As a result, regulation increasingly focuses on:
-
- Lifecycle governance rather than point-in-time approval
-
- Ongoing performance monitoring
-
- Management of updates and version control
This represents a shift from static assurance to continuous clinical safety oversight.
The Role of NHS England, MHRA, and Digital Governance
AI regulation in UK healthcare operates across several bodies.
-
- NHS England sets mandatory clinical safety standards and digital governance expectations.
-
- The MHRA regulates AI software that meets the definition of a medical device, including certain diagnostic and decision-support tools.
-
- Local digital governance structures ensure AI is implemented safely within individual organisations.
Together, these bodies expect coordinated governance that aligns clinical safety, regulatory compliance, and operational oversight.
Anticipated Developments in AI Regulation
While DCB0129 and DCB0160 remain central, regulatory expectations are continuing to evolve.
Organisations should expect:
-
- Increased focus on transparency and explainability
-
- Stronger expectations for post-deployment monitoring
-
- Greater alignment with national and international AI governance frameworks
-
- Continuous safety assurance cycles.
What Healthcare Organisations Should Do Now
To prepare for the future of AI regulation, organisations should:
-
- Treat AI as clinical technology by default
-
- Embed AI literacy within clinical safety leadership
-
- Strengthen safety case processes to address AI lifecycle risks
-
- Invest in AI governance and regulatory education
Proactive preparation is more effective than reactive compliance.
How BMS Digital Safety Supports Ongoing Compliance
BMS Digital Safety supports NHS organisations and digital health suppliers by bridging current standards with emerging regulatory expectations.
Their services include:
-
- Interpretation of DCB0129 and DCB0160 for AI systems
-
- Support with AI governance and regulatory education
-
- Development of sustainable compliance frameworks
-
- Ongoing clinical safety and assurance support
Their approach is grounded in NHS digital governance and practical implementation. Further information is available through their Artificial Intelligence Education and Regulatory Support services.
At BMS Digital Safety we are excited to support the safe, responsible, and sustainable use of AI within the healthcare sector.
To fulfil current and future regulatory expectations, organisations that appreciate the patient impact from their clinical and administrative AI software and invest in appropriate governance and safety structures will be best placed to comply with changes in regulatory demands.
To ensure your AI systems remain compliant today and prepared for future regulation, connect with the experts at BMS Digital Safety: https://bmsdigitalsafety.co.uk/services/artificial-intelligence-education-and-regulatory-support/