Blog
Compliance
NHS DTAC
March 4, 2026
Approx min read

What You Need to Know About DTAC Version 2

NHS England introduced an updated Digital Technology Assessment Criteria form on 24 February 2026. Manufacturers and NHS organisations must transition to DTAC version 2 before 6 April 2026, when the previous version will no longer be accepted.

The update marks a deliberate shift towards simpler, less burdensome assurance for digital health suppliers and NHS buyers. After engaging with industry throughout 2024, NHS England reduced the question set by a quarter and removed overlapping requirements that duplicated other processes.

25% Fewer Questions in the New DTAC Form

The most visible change in DTAC version 2 is the reduction in questions. NHS England removed items that duplicated the Data Security and Protection Toolkit and the Pre-Acquisition Questionnaire, cutting assessment time for suppliers without compromising the rigour of the process.

Elements overlapping with the Medical Device Regulations have also been stripped out. The requirement for clinical safety officers to complete NHS Digital training no longer stands.

These changes address a consistent complaint from digital health suppliers: that demonstrating compliance across multiple NHS assurance processes meant answering the same question in different formats.

Clearer Guidance on Scope and Purpose

DTAC version 2 includes revised guidance explaining what the framework is for, which technologies it covers, and how to complete the assessment. NHS England has aligned the scope with NICE, focusing DTAC on software-based digital health technologies.

This clarification matters for suppliers developing hardware, diagnostic devices, or products that sit on the boundary between digital and medical device regulation. The updated guidance makes it clearer when DTAC applies and when other regulatory routes take precedence.

Buying organisations should no longer create their own amended versions of the DTAC form. NHS England publishes a standard form that all NHS and social care bodies should accept, reducing variation across procurement processes.

What DTAC Still Covers

DTAC remains an assessment framework covering five core areas: clinical safety, data protection, technical security, interoperability, and usability and accessibility.

Suppliers must still demonstrate compliance with clinical risk management standards DCB0129 and DCB0160, though these standards themselves are under review. NHS England has committed to updating DTAC further when changes to DCB0129 and DCB0160 are finalised.

Data protection requirements remain unchanged. Suppliers must complete a Data Protection Impact Assessment identifying risks to individuals’ privacy, with sign-off from their Data Protection Officer. Records of Processing Activities must be documented, showing how data flows through the product.

Technical security, interoperability, and accessibility standards carry over from the previous version. DTAC version 2 streamlines the assessment process but does not lower the bar for these requirements.

How the Transition Works

The previous DTAC form should not be used from 6 April 2026. Suppliers with assessments in progress should complete them using the new form before this date.

NHS organisations conducting assessments must adopt the updated form and guidance. Suppliers who completed DTAC assessments under the previous version do not need to redo the entire process, but should review the new form to identify any gaps in their documentation.

For questions about the transition, NHS England has directed suppliers and buyers to contact england.dtac@nhs.net.

What Comes Next for DTAC

DTAC version 2 is not the final iteration. NHS England has flagged further changes as reviews of DCB0129 and DCB0160 continue. Work is also progressing to set standards for technology used in social care and to simplify the overall approach to NHS digital standards.

The direction is clear: reduce duplication, align assurance processes, and create a more consistent experience for suppliers entering the NHS market. DTAC version 2 is a step in that direction, but NHS England expects to update the framework again when clinical safety standards are revised.

Suppliers should treat DTAC compliance as an ongoing process rather than a one-time hurdle. As the framework evolves, maintaining alignment with NHS requirements means staying informed about upcoming changes and updating documentation accordingly.

Preparing for DTAC Version 2

If you supply digital health technology to the NHS, review the updated DTAC form now. Identify which questions have changed, where guidance has been clarified, and whether your existing evidence still meets the requirements.

For NHS organisations, the shift to version 2 simplifies procurement but does not remove the responsibility to conduct proper due diligence. The streamlined form still covers the same core areas, and buying decisions should be based on thorough assessment of supplier responses.

DTAC exists to protect patients and ensure digital health technology meets baseline standards for safety, security, and usability. Version 2 makes that process more efficient without compromising the standards themselves.

Need support navigating DTAC version 2 or preparing your digital health technology for NHS procurement? Naq specialises in helping organisations meet NHS compliance requirements efficiently and effectively.

Written by
The Naq Team
Share
Share
Compliance
NHS DTAC
NHS Innovation Accelerator uses Naq to automate NHS DTAC readiness evaluation for its  2024 Cohort
March 27, 2024
Compliance
NHS DTAC
NHS DSPT
DCB 0129
The Comprehensive Guide to Key Compliance Standards for Digital Health
October 31, 2024
Compliance
DCB 0129
NHS DTAC
NHS DSPT
5 Minutes With Dr Julian
May 1, 2024
Compliance
How Can Digital Health Companies Build Compliance That Scales Across Multiple Markets?
January 7, 2026
Newsletter

The latest in compliance and cybersecurity direct to your inbox

Sign up now
Connect with us

Streamline compliance & accelerate your growth

Book a 15-minute demo and discover how Naq can take the complexity out of your compliance.
Book a demo
arrow_forward
Product
Platform OverviewAutomated ComplianceRisk ManagementClinical Risk ManagementTrainingMulti-framework ManagementComprehensive SupportFrameworks
Solutions
BuildGrowScaleHealthDefenceFinanceBusiness to EnterpriseBusiness to Government
Resources
All ResourcesBlogCase StudiesGuidesNaq in the News
Company
ContactAboutVacanciesPartnershipsMedia
Taking complexity out of compliance.
Connect with us
© Copyright 2024 - Naq Cyber UK Ltd.   © Copyright 2024 - Naq Cyber B.V.
Responsible Disclosure
Cookie Policy
Terms of Service
Privacy Policy