Corti raises the bar for safe, compliant AI documentation across the NHS

As AI-enabled clinical documentation tools gain traction in the NHS, NHS England introduced a clear regulatory framework for Ambient Voice Technology (AVT) in June 2025. Corti welcomes this structure. Strong governance is vital for any technology operating in frontline healthcare environments, and we believe clinical-grade AI must be built on clinical-grade compliance.

With the introduction of this new framework, suppliers must demonstrate that their technology meets a higher and more transparent standard for safety, data protection and clinical governance. Corti is among the early applicants to the new AVT Supplier Registry, reflecting both our readiness and our long-standing focus on building AI infrastructure that can operate safely in regulated healthcare environments.

Corti provides a robust vertical AI infrastructure layer designed for regulated healthcare environments, along with the applications built on this infrastructure that are already in use across the UK and internationally.

Exceeding NHS standards for AVT

Corti meets and often surpasses the standards expected of suppliers participating in NHS England’s Ambient Voice Technology programme.

UK data protection readiness. Corti has met all major UK data protection requirements for operating within NHS environments. DSPT and Cyber Essentials were achieved in September 2024. Cyber Essentials Plus was completed in November 2025 following independent, hands-on validation of our security controls. These certifications collectively demonstrate the security posture of Corti’s platform across all deployments.

ISO 27001, ISO 27017 and ISO 27018. Corti is ISO 27001 certified for information security, and compliant with ISO 27017 for cloud security and ISO 27018 for personal data protection in cloud environments. These standards complement our global compliance portfolio, which includes SOC 2 Type 2, ISAE 3000 for GDPR, HIPAA, BSI C5, NIS2, and other international frameworks.

CREST-accredited penetration testing. For four consecutive years, Corti has undergone annual penetration testing by CREST-accredited auditors. This provides the NHS with independent assurance of system security and resilience.

GDPR and international privacy compliance. Our GDPR programme is audited in accordance with ISAE 3000 Type II. Corti also complies with HIPAA and the Swiss Federal Act on Data Protection, ensuring robust and consistent safeguards across all regions where clinicians rely on our technology.

UK MHRA Class I Medical Device Registration. In July 2025, Corti completed MHRA Class I Medical Device registration, confirming that the summarisation features used in clinical documentation workflows comply with UK medical device regulations.

Clinical Safety Governance (DCB0129 and DCB0160). Corti’s Clinical Safety Officer, Nick Pavard of 8Fold Governance, brings over 15 years of UK frontline and regulatory experience. Our clinical risk management aligns with DCB0129 and ISO 19471 and includes proactive and continuous system reviews.

DPIAs are embedded into every UK deployment. Data Protection Impact Assessments are treated as living operational tools. They are updated with each deployment or product change and integrated into onboarding with ICBs and NHS Trusts to ensure local alignment and ICO compliance.

Validated clinical and operational outcomes. Across NHS-aligned and NHS-affiliated environments, Corti’s applications built on our underlying AI infrastructure have delivered measurable benefits. These include improved documentation accuracy, reduced administrative time and increased patient-facing capacity, with improvements consistently observed across multiple care settings.

DTAC compliance. Corti fully complies with the NHS Digital Technology Assessment Criteria. All five pillars, clinical safety, data protection, technical security, interoperability and usability, are integrated into our product design and operational governance.

NHS England Ambient Voice Technology supplier registry. Corti has formally applied for inclusion in NHS England’s Ambient Voice Technology Supplier Registry, which serves as the assessment and onboarding gateway for suppliers participating in the NHS AI Scribe programme. Being among the early applicants reflects the maturity of Corti’s compliance stance and our readiness to meet the NHS’s new expectations for clinical-grade AI documentation tools. We look forward to the external review and anticipate joining the registry soon.

Additional compliance milestones

EU Class I Medical Device and Medical Device QMS. Corti Assistant MD is registered as a Class I medical device in the EU as of September 2025. Our Quality Management System complies with ISO 13485, ISO 14971, ISO 62304, and ISO 62366, as well as other medical device standards governing software development and clinical risk management.

ISO 42001 for AI management systems. Corti is compliant with the ISO 42001 standard. This emerging global standard for responsible and trustworthy AI aligns closely with our approach to developing transparent and well-governed models.

Our ongoing commitment

Corti continues to collaborate closely with clinicians, technologists and governance teams across the UK, EU, US and other regions. Whether supporting data protection reviews, EPR integrations, model validation, or clinical safety assessments, we view compliance not just as a checkbox, but as a clinical responsibility.

Corti is prepared to support ICBs, NHS Trusts, developers and partners evaluating AI-enabled documentation tools. Our applications are powered by the same infrastructure we provide globally, ensuring every deployment benefits from a secure, scalable and clinically governed platform with a consistent foundation for updates, monitoring and model oversight.

For more information or to explore how Corti can support your organisation, contact us.