If your practice has started using an AI scribe, or is thinking about it, this is the compliance question you need to answer before anything else.
AI scribes are becoming one of the most popular tools in general practice and it's easy to see why. The AI listens to the consultation, generates a structured note, and saves the GP time per appointment as well as enabling them to be present and engaged with the patient. Across a full day, that can add up to real time back.
But in the rush to adopt AI scribes, one question often gets skipped: does this tool need a DCB0160 clinical safety assessment before your practice deploys it?
The short answer is: almost certainly yes. Take our free five-minute assessment to find out how ready you are and find out everything you need to know below.
What is DCB0160?
DCB0160 is the NHS standard that governs how healthcare organisations, including GP practices, deploy and oversee digital health technologies. It requires that before a clinical digital tool goes live in your setting, someone has formally assessed the risks it introduces and documented how those risks are managed.
It is legally mandated in England, and recognised as best practice in Scotland, Wales, Northern Ireland. Despite this, we have seen that it is not always done and as CQC inspections increasingly include questions about digital governance, it's becoming harder to ignore.
NHS England has now put this in writing
In June 2025, NHS England's National Chief Clinical Information Officer wrote to all NHS organisations, including GP practices, with a formal warning about AI scribe tools. The letter identified that a large number of these products are being used across primary and secondary care without meeting basic NHS standards, and that this creates real risk: to patient safety, to data security, and to the practice itself.
The key points from that letter that every practice manager needs to know:
- All AI scribes that generate clinical summaries must have at least MHRA Class 1 medical device status. Many currently in use do not.
- Practices must complete a clinical safety risk assessment and a data protection impact assessment (DPIA) before using these tools. This is a legal requirement under DCB0160.
- If something goes wrong, liability sits with your practice, not the supplier.
NHS England has instructed organisations to pause or stop use of any AI scribe that cannot demonstrate compliance. This isn't guidance. It's a formal requirement.
NHS Scotland has issued the same message. In July 2025, a joint letter from NHS Scotland, the BMA and the Royal College of General Practitioners set out an identical position: clinical safety risk assessments, DPIAs, and MHRA device classification are all required before using any AI scribe tool. The direction of travel is consistent across the UK.
So why does DCB0160 apply to AI scribes specifically?
An AI scribe isn't just a dictation tool. It is listening to clinical conversations, interpreting what is said, and generating documentation that goes into a patient record. If it mishears a medication name, misses a key symptom, or formats a note in a way that obscures clinical information, the consequences are clinical, not just administrative.
That's exactly the category of risk DCB0160 was designed to address.
The fact that a scribe feels like a background tool - passive, assistive - doesn't change its risk profile. In clinical safety terms, what matters is whether the technology is involved in a process that could affect patient care, which AI scribes clearly are.
But isn't this the supplier's responsibility?
Partly. Your AI scribe supplier should hold a DCB0129 Clinical Safety Case, which is the standard that applies to health technology manufacturers. If they can't show you one, that's worth knowing.
But DCB0129 and DCB0160 are separate obligations. DCB0129 covers the product. DCB0160 covers your deployment of it: in your practice, with your patients, your workflows, your team, and your existing systems.
No supplier can complete your DCB0160 assessment for you, because they don't know your setting. And as NHS England has now made explicit, if something goes wrong the liability rests with your practice, not the vendor.
What does a DCB0160 assessment actually involve?
At its core, it involves:
- Identifying the specific risks the technology introduces in your setting
- Documenting what controls are already in place
- Ensuring there is a named Clinical Safety Officer (CSO) responsible for overseeing the process
- Producing a Clinical Safety Case Report
For a single, well-understood technology in a typical practice setting, this doesn't have to be a lengthy process. But it does have to be done, documented and maintained. Monitoring, training, audits, updates and decommissioning if you change tools are all ongoing pieces of work that need to be done.
What if we're already using the tool?
This is the situation most practices are in. The tool was trialled, it worked well, it got rolled out and nobody asked the DCB0160 question at the time.
Starting the assessment now is still far better than not starting it at all. A retrospective assessment is possible and considerably better than having no documentation when a CQC inspector asks how you assured the clinical safety of your AI scribe.
Given the NHS England letter, practices that cannot demonstrate compliance are now formally on notice. Getting this in place is no longer something that can wait.
The question to ask yourself today
Does your practice have a completed DCB0160 assessment for your AI scribe?
If the answer is no, or you're not sure, there's no better time to start than today. Use our free five-minute assessment to find out how ready you are. Many practices we speak to don't have this in place yet. You're not alone but it is worth addressing before it becomes urgent.
Curistica helps GP practices complete DCB0160 assessments efficiently and without unnecessary complexity. If you'd like to understand what's involved for your practice, get in touch with our team.
