What is DTAC?
Last updated
DTAC — the Digital Technology Assessment Criteria — is the NHS's baseline assessment for digital health technologies. It checks five areas: clinical safety, data protection, technical security, interoperability, and usability/accessibility. NHS organisations use it when procuring digital tools; private clinics increasingly borrow it as a ready-made due-diligence checklist.
DTAC was published by NHSX (now part of NHS England) to give health and care organisations one consistent way to assess digital suppliers. It isn't a certification a vendor "holds" in the way of an ISO standard — it's a set of criteria a buyer assesses a product against, with evidence supplied by the vendor: DCB0129 clinical risk management, GDPR compliance, security testing, and standards-based interoperability.
For private UK clinics, DTAC matters two ways. If you take NHS contracts or work alongside NHS services, your tools may be assessed against it. And even if you never touch the NHS, the five domains are an excellent free framework for judging any clinic AI vendor — they're essentially the questions you'd want to ask anyway, written down by people who assess suppliers for a living.
When a vendor says they are "DTAC compliant", the precise question is: can they supply the completed DTAC evidence pack for a buyer's assessment? Our UK clinic AI compliance guide walks through DTAC alongside the other frameworks (UK GDPR, DSPT, Cyber Essentials) in plain English.