Regulus
Install See the diff
UK

NHS DSPT

NHS Data Security and Protection Toolkit

Mandatory annual self-assessment for any organisation accessing NHS patient data. Covers the 10 National Data Guardian standards for data security.

Who does it apply to?

  • Any organisation accessing, processing, or storing NHS patient data — including non-NHS commercial providers running AI agents on NHS workflows.
  • AI tooling deployed in NHS Trusts, Integrated Care Boards, GP practices, and any setting handling NHS-derived data.
  • Software vendors whose products are used in NHS settings — the DSPT submission needs to align across the supplier ecosystem.

Two-minute explainer

The NHS Data Security and Protection Toolkit (DSPT) is the mandatory annual self-assessment for any organisation that accesses NHS patient data. It covers the 10 National Data Guardian (NDG) standards for data security, plus additional assertion areas covering specific high-risk operations.

For AI agents in healthcare, three things matter:

Scope expansion. Any AI agent touching NHS data — and in 2026, many do, ranging from administrative chatbots in GP practices to diagnostic copilots in Trust radiology departments — inherits the deploying organisation’s DSPT obligations. The vendor doesn’t get to opt out by saying “we just provide the agent.” The NHS organisation deploying the agent is on the hook for DSPT submission; the vendor’s obligation is to provide evidence that supports the submission.

The 10 NDG standards.

  1. Personal confidential data — agents must not leak NHS patient data to unauthorised recipients. The privacy plugin enforces.
  2. Staff responsibilities — Principal claims must include accountability assertions; audit chain captures who did what.
  3. Training — out of scope for the agent itself; the vendor’s training is the vendor’s submission.
  4. IT systems — the agent’s IT-security posture; covered by identity expiry guard, kill switch, and overall control framework.
  5. Process reviews — annual review of the data-handling processes the agent participates in; audit chain is the evidence.
  6. Responses to data breaches — Standard 7 is the runtime response; Standard 6 is the human-process side.
  7. Continuous improvement — kill-switch engagement events feed the post-incident-review process.
  8. Assured systems — the agent runs on assured cloud (GCP UK regions); the Cyber Essentials / NHS DSPT third-party assurance covers the runtime substrate.
  9. IT protection — operational cybersecurity; cross-references NIS2 + DORA where applicable.
  10. Third-party assurance — LLM provider, GCP, GRC tools — each is a third party in the DSPT submission. Same shape as SS2/21.

Special considerations for AI in healthcare. The NHS’s expectations around AI tooling are stricter than general DSPT — model-risk considerations are explicit (cross-references PRA SS1/23 for NHS-finance hybrid systems), bias monitoring is expected (the audit chain’s fairness-delta alerts are the substrate), and clinical safety overlaps with DSPT (the DCB0129 standard for vendors and DCB0160 for deploying organisations apply separately).

The Regulus nhs-dspt profile encodes the runtime side. The DSPT submission itself is a documentary process — the DPO at the NHS organisation produces the submission, referencing the evidence Regulus emits. The Regulus DSPT evidence export (regulus dspt export) produces an evidence pack mapped to each of the 10 standards.

For NHS-finance hybrid scenarios (e.g. independent healthcare providers regulated by both FCA and DSPT), the profile composes naturally with fca-sysc and uk-gdpr.

What it actually requires of an engineer

  1. The 10 NDG standards translate to specific runtime obligations. Standards 1–4 (personal confidentiality, staff responsibilities, training, IT systems), 5–7 (process reviews, response plans, leadership engagement), 8–10 (assured systems, IT security, third parties).
  2. Standard 7 (incident management) needs a real runtime response. The kill switch + audit chain provide it.
  3. Standard 10 (third-party assurance) catches the LLM provider. Same shape as SS2/21 — the AI provider is a third party that needs DSPT alignment.
  4. Annual self-assessment. The DSPT submission is mostly documentary, but the evidence behind the answers needs to come from runtime artefacts.

What Regulus does for you

Regulus control Delivers
RegulusPrivacyPlugin Standards 1, 6, 7 — personal confidentiality + PII redaction patterns including NHS Number, NHS clinical-data markers, and SCR patterns.
RegulusAuditPlugin Standards 2, 3 — staff responsibilities + training evidence via Principal claim audit trail. Every clinical-data access logged.
RegulusDataResidencyPlugin Standards 4, 5 — IT systems integrity. NHS data residency requirements (UK-only typically; tighter than EU GDPR) enforced fail-closed.
RegulusKillSwitchPlugin Standard 7 — incident response. Dual-control kill switch with the NHS-DSPT incident classification.
RegulusGovernanceEvidencePlugin DSPT submission evidence export — the runtime answers to each of the 10 standards formatted for the DSPT submission portal.

Saves you ~10 engineer-weeks

Estimate based on the following honest assumptions:

  • NHS-specific PII patterns + clinical-data markers (3 weeks).
  • NHS Number generation + handling logic (1 week).
  • DSPT submission evidence format export (3 weeks).
  • Incident-response mapping to NHS DSPT Standard 7 expectations (2 weeks).
  • Third-party assurance (Standard 10) data export (1 week).

What an auditor will ask

The questions you'll see in a real walkthrough — and where to point them.

  1. How are you evidencing Standard 1 (personal confidentiality)?

    Filter the audit chain by tags contains 'nhs-dspt:1'. Each PII redaction event for NHS Numbers + clinical markers is captured. The DSPT submission references the redaction policy + audit count.

  2. Walk me through your Standard 7 incident response.

    Audit chain filter event_type = KILL_SWITCH_ENGAGED shows engagement events. Each has the engaging Principals, the reason, the affected patient cohort (if any), and the timeline to resolution.

  3. What's your Standard 10 evidence on third parties?

    Model Registry export with the DSPT third-party overlay. Each LLM provider listed with assurance status, last DPIA, contract reference.

  4. How do you handle a SCR access request?

    The privacy plugin tags SCR-handling events with tags contains 'scr-access'. Filter to produce the access log for any patient identifier.

What this doesn't cover

  • Clinical workflows — Regulus is a compliance plane for AI agents; clinical decision support quality is the responsibility of the clinical safety officer (DCB0129/DCB0160).
  • DCB0129/DCB0160 clinical safety standards — overlapping but separate; Regulus emits evidence relevant to safety, but the clinical safety case is your CSO's deliverable.
  • GMC/NMC/HCPC clinician-side obligations — Regulus enforces system-side controls; clinician registration is out of scope.
  • DSPT submission itself — Regulus exports the evidence; the submission to the toolkit portal is your DPO's task.

Citations

  1. NHS Data Security and Protection Toolkit ↗
  2. National Data Guardian — 10 data security standards ↗
  3. NHS Digital — DSPT submission guidance ↗

Activate this profile in your agent

regulus init my-agent --profiles=nhs-dspt
Install the CLI All 10 regulations