Digital Technology Assessment Criteria (DTAC)

Independent, expert review

Processed by the ORCHA Review Engine so that any existing ORCHA or DAQ review data can be layered or replaced with additional requirements for DTAC compliance.

What you will get upon passing the DTAC

DTAC badge and certificate, DTAC badge guide, and published on ORCHA Digital Health Libraries.

Five assessment domains

Clinical Safety, Data Protection, Technical Security, Interoperability, and Usability & Accessibility.

DTAC improvement report

You will receive a detailed report highlighting your areas of compliance.

What is the DTAC?

Developed by NHSX, the Digital Technology Assessment Criteria (DTAC) is a new advisory assessment criteria for the commissioning of digital health technologies. The standard gives staff, patients and citizens confidence that the digital health technologies that they use meet the NHS minimum baseline standards.

The DTAC will ensure products meet NHS standards in: clinical safety, data protection, technical security, interoperability, and usability and accessibility. Whilst it is not currently mandatory, the DTAC brings together legislation and recognised good practice into one place, helping the system to assess products quickly and consistently. Digital health suppliers should consider the legislative requirements in any build.

For digital health suppliers, the DTAC sets out what is expected for entry into the NHS and social care. It is also used by healthcare organisations to assess suppliers at the point of procurement, or as part of a due diligence process.

The ORCHA DTAC Assessment

The DTAC brings into play various review criteria which require information supplied by the digital health supplier, or which can not be assessed via desktop. These components are assessed by ORCHA’s Senior Assessor Team and wider Subject Matter Experts (SMEs).

The DTAC consists of five components: Clinical Safety, Data Protection, Technical Security, Interoperability, and Usability & Accessibility. Each component of the DTAC is assessed under a pass/fail criteria, except for Usability and Accessibility, which is given a percentage score. The assessment criteria is completed by the organisation or digital health supplier, before an Assessor from ORCHA validates their responses in relation to the product.

The ORCHA Assessor will review each question for compliance. If applicable, any additional documentation which has been provided will also be reviewed by an ORCHA Assessor and/or Subject Matter Expert, before being deemed acceptable. This may include Clinical Safety documentation, a Data Protection Impact Assessment (DPIA) or any evidence of security testing. The DTAC will be passed once all sections have been approved.

Benefits for Digital Health Suppliers

The measure of what makes a good digital health and care solution is extremely important when embracing digital health across the health and social care systems. As the world of what looks good is evolving, the DTAC provides health bodies with an easy-to-access way of knowing which digital health technologies are good, and which are not.

As a digital health supplier, you will receive an ORCHA certified DTAC badge and certificate, which will appear in your developer account. You will also receive a detailed report which will highlight your areas of compliance and give practical recommendations for how you could meet the DTAC criteria.

Our Digital Health Assessors will also guide you through each step of the process. They will provide practical advice and support based on their extensive knowledge of digital health.

Get in touch

Discover how we are able to support digital health suppliers and health & care providers who want to have digital health technologies assessed against all of the DTAC criteria. This may be a digital health solution you have developed, or digital health solutions you use as part of practice.



What does DTAC stand for?

Digital Technology Assessment Criteria.


What is the DTAC?

The DTAC is a new advisory assessment criteria for commissioning digital health technologies.

The DTAC will ensure products meet NHS standards in: clinical safety, data protection, technical security, interoperability and usability/accessibility.


Why has the DTAC been introduced?

The DTAC was developed in response to developers and those making buying and commissioning decisions looking to NHSX for clear direction on how to build and buy good digital health technologies.

By setting a national baseline, the intention is now to smooth the path between development and procurement so that the NHS and social care may realise the benefits that digital technologies can bring.


Is the DTAC mandatory?

It is not currently mandatory; however, the DTAC brings together legislation and recognised good practice into one place.


How long does the DTAC process take?

This is dependable on your communication with us and how long it takes you to gather the correct documentation. Once we have received all of this it will take around 30 days, subject to any action required from you.


Is DTAC for patient facing AND clinician facing digital health solutions?



Is DTAC for web apps as well as mobile digital health solutions?



Where a company has two or more platforms/apps, is the company as a whole assessed? Or does each app get assessed separately?

Each app is assessed separately.


Can you upgrade from DAQ to DTAC?

Yes, where ORCHA has undertaken the original DAQ it may be possible to reuse that information if it’s still valid. As a result, the ORCHA DTAC certification process would be simpler and this would be reflected in the cost.


Is there an international equivalent of DTAC?

There is a new ISO standard which is expected to be formally ratified in June/July 2021 (ISO82304-2). We will be running future webinar events on this new standard in the coming months. This standard is likely to become the predominant standard in the EU and possibly worldwide.


Does NHSX recognise the ORCHA DTAC?

NHSX have not established any form of ‘approved’ assessor scheme so formally don’t recognise any organisation undertaking the assessment. The DTAC is positioned as something NHS organisations need to use if they are engaging with Digital Health and, therefore, it is not so much a question of whether NHSX recognise it, it is whether the end organisation recognises it. Given we already support directly c60% of the NHS in England, we are confident that they will recognise our certification.


What are the different parts of the DTAC?

Please see here for this information.


What about the NHS Apps Library?

The NHS are moving away from the branded NHS Apps Library and, instead, they will highlight apps on condition specific pages of that are available to all. This is so that they have the right apps and products visible in the right places for citizens.

Whilst the DTAC will play an important part in assuring the clinical and technical security of apps that are surfaced, NHSX will be supporting teams in NHS England and Improvement to develop policy and clinically led criteria for digital product selection. This will mean that the apps that are surfaced on their national product suite are the ones that are supported by the experts in the respective policy areas.


If you have any further questions, please get in touch by emailing

Oops! We could not locate your form.