The NHS Data Security and Protection Toolkit (DSPT) is a mandatory annual self-assessment for any organisation accessing NHS patient data. For AI agent vendors and the NHS organisations deploying them, the DSPT is the gating compliance asset — without a DSPT submission that includes the AI tool, the deployment doesn’t happen.
This article maps the 10 National Data Guardian (NDG) standards to specific runtime controls a compliance plane like Regulus needs to emit, plus the evidence shape for the DSPT submission portal.
The 10 standards #
The 10 NDG standards organise into three groups:
Group A: Personal confidential data (Standards 1–4) #
- Personal confidential data. All staff ensure that personal confidential data is handled appropriately. For agents: PII redaction at runtime is the operational evidence.
- Staff responsibilities. All staff understand their responsibilities. For agents: every action carries the Principal claim of the staff member who invoked it.
- Training. All staff complete annual data security training. Out of scope for the runtime; training-completion data lives in your LMS.
- IT systems. Information systems must be tested for compliance. For agents: residency, identity, cryptography are the runtime tests.
Group B: Process (Standards 5–7) #
- Process reviews. Audit and review of data handling processes. The audit chain is the substrate.
- Responses to data breaches. Incident-management procedure exists and is followed. Standard 7 is the runtime side; 6 is the process documentation.
- Continuous improvement. Each cyber incident triggers process improvement. Audit chain provides input.
Group C: Technical assurance (Standards 8–10) #
- Assured systems. Software has Cyber Essentials or equivalent. Substrate-level assurance (Vertex AI, GCP) covers this for the AI agent’s hosting environment.
- IT protection. Operational cybersecurity. Cross-references NIS2 + DORA for dual-regulated organisations.
- Third parties. Suppliers’ data security is assured. LLM provider, GCP, GRC tools — each is a third party.
Which Regulus plugin delivers each #
A pragmatic mapping:
| NDG Standard | Plugin / mechanism | Evidence shape |
|---|---|---|
| 1 — Personal confidential data | RegulusPrivacyPlugin | PII redaction events; NHS Number / clinical-marker patterns |
| 2 — Staff responsibilities | Principal claim chain | Each audit event captures the staff Principal who invoked the agent |
| 3 — Training | Out of scope | LMS-side, not runtime |
| 4 — IT systems | Residency + identity + crypto plugins | Residency enforcement, expired-credential denials, hash-chain integrity |
| 5 — Process reviews | RegulusAuditPlugin | Audit chain itself; aggregated weekly/quarterly views |
| 6 — Data breach responses | Process docs + audit | Documentation side is governance; audit captures incidents |
| 7 — Continuous improvement | Kill-switch + audit | Each engagement event triggers post-incident review |
| 8 — Assured systems | GCP substrate | Vertex AI / Assured Workloads; vendor’s Cyber Essentials certificate |
| 9 — IT protection | Combined plugins | Identity expiry, residency, kill switch, audit chain |
| 10 — Third parties | RegulusModelRiskPlugin + GRC | Model Registry as third-party register; assurance status per provider |
The split between “Regulus delivers” and “governance delivers” is the important distinction. Six of the ten standards have runtime evidence the audit chain produces; the other four are documentation or substrate-level.
NHS-specific PII patterns #
The Regulus privacy plugin’s NHS pattern catalogue covers:
- NHS Number — 10-digit format with the Modulus 11 check digit.
- NHS Spine identifiers — patient demographic service refs, scheduling refs.
- Clinical-data markers — diagnoses (ICD-10, SNOMED CT terms), medications (dm+d codes), procedures (OPCS-4).
- NHS staff identifiers — SDS roleProfile codes, GMC numbers, NMC numbers.
- Free-text clinical — locale-aware patterns for surnames and forenames, combined with NHS-specific tokens.
Configurable per deployment — a hospital admin agent uses a different pattern set than a clinical decision support agent.
The DSPT submission shape #
The DSPT submission portal asks one question per assertion area, with evidence references. For AI tool assertions, the Regulus DSPT export produces:
$ regulus dspt export --org "Acme NHS Foundation Trust" --period 2026-2027
✓ Standard 1: 4,128 redaction events; 0 leaks detected
✓ Standard 2: 41 staff Principals identified; chain coverage 100%
○ Standard 3: External — LMS submission
✓ Standard 4: Residency enforced (UK-only); 0 cross-border denials
✓ Standard 5: 4,128 audit events; chain verified
○ Standard 6: External — Information governance team
✓ Standard 7: 0 kill-switch engagements; 0 incidents
○ Standard 8: External — Vendor Cyber Essentials cert
✓ Standard 9: Identity expiry 0 violations; residency 100%
✓ Standard 10: 4 third parties registered; all with assurance refsThe “External” items are the ones the DPO submits manually, referencing their own evidence. The ”✓” items have Regulus runtime evidence supporting the answer.
What clinical safety adds #
For AI agents in NHS settings, DCB0129 (vendor) and DCB0160 (deploying organisation) clinical safety standards apply in addition to DSPT. The standards require:
- A Clinical Safety Officer (CSO) appointed at both vendor and deploying organisation.
- A clinical safety case for the AI tool.
- Hazard identification, risk assessment, risk control measures.
- Ongoing clinical safety monitoring.
Regulus emits evidence relevant to clinical safety — adverse event detection, outcome distribution, performance drift — but the clinical safety case itself is the CSO’s deliverable, not a runtime artefact. The clinical safety monitoring uses the audit chain as input, similarly to how Consumer Duty outcomes monitoring uses it in financial services.
What to do this quarter #
If you’re a vendor of an AI agent for NHS deployment:
- Map your runtime evidence to the 10 standards. Regulus does this by default; if you’re hand-rolled, document the mapping.
- Produce a DSPT-ready evidence pack. The deploying NHS organisation needs evidence references in DSPT-portal format.
- Coordinate with your CSO and the deploying organisation’s CSO on the clinical safety case.
- Pre-empt the typical due-diligence questions. Most NHS Trusts ask about pseudonymisation, residency, retention, and incident response. Have the audit-chain evidence ready.
For the full operational view, see the NHS DSPT profile page and the privacy plugin page.