The Care Quality Commission published a formal statement in June 2026 setting out its role, expectations and plans regarding artificial intelligence in health and social care. It is the first time CQC has articulated a comprehensive position on AI, and for care home operators already navigating digital transformation, it is worth reading carefully.
The short version: CQC is not here to approve or accredit AI tools. But it is here to ensure that any AI used in care settings contributes to safe, effective and equitable outcomes. That distinction matters more than it might initially appear.
What CQC Has Actually Said
CQC's statement makes clear that existing regulations already have a role in governing how innovative technologies, including AI, are deployed in care settings. The absence of a specific AI regulatory framework does not create a regulatory gap. If AI affects the quality of care, CQC's assessment framework applies.
The statement sets out eleven principles that providers must follow when using AI. These are not aspirational guidelines. They represent CQC's interpretation of what compliance with existing regulations looks like in an AI-enabled environment.
The Eleven Principles
AI to support, not replace human decision-making. AI can augment the judgement of care professionals. It cannot substitute for it. Care decisions must remain with trained human staff.
Human oversight. AI outputs must be continuously monitored and evaluated. A system that produces a recommendation without anyone reviewing or questioning it does not meet this standard.
Transparency and choice. People who use care services must have access to clear information about how AI is being used in their care pathway. Non-digital routes to care must remain available where needed.
Safety and reliability. Providers are responsible for ensuring that introducing AI does not compromise the safety or equity of outcomes for any individual or population group.
Security. AI systems must be resilient to cyber-attack, and any data they process or store must comply with GDPR. This is not a separate IT responsibility. It is a CQC compliance matter.
Fairness and impartiality. AI must not perpetuate or introduce bias. Providers need to understand any known limitations of the systems they use and take steps to mitigate them.
AI readiness and training. Staff who use AI tools must be sufficiently trained and confident. Deploying a system without adequate training in place creates a compliance risk, not just an operational one.
Effective governance. There must be formal mechanisms for assessing, monitoring and responding to the risks AI introduces, including clear processes for recognising when something goes wrong and learning from it.
Data Protection Impact Assessment. A DPIA must be completed before AI tools that process personal data are introduced. This is already a GDPR requirement, but CQC is now explicitly linking it to care quality compliance.
Accountability. There must be clear, documented mechanisms for addressing harm caused by AI. Responsibility cannot be diffused or deferred to a technology supplier.
Procurement. AI tools must be procured in line with relevant regulatory standards. Due diligence at the point of purchase is a compliance obligation, not an optional best practice.
What This Means in Practice for Care Providers
The eleven principles are less a new set of requirements than a reframing of existing ones. Care providers have always been responsible for the quality and safety of care delivered on their premises, regardless of the tools used to deliver it. What CQC is clarifying is that this responsibility extends fully to AI-assisted care.
In practical terms, that means a provider cannot point to an AI vendor and say the technology made a decision. The provider made the decision. The AI was a tool it chose to use, procured, implemented and monitored. If the outcome was poor, the governance question falls to the provider.
CQC has signalled it will be considering the implications of AI for how it registers, assesses, rates and enforces. Whether AI is present or absent will not by itself predict a rating. But whether AI is governed appropriately will increasingly inform how inspectors assess the Well-Led domain.
How Advantage and EdgeCare™ Support CQC's AI Principles
EdgeCare™ is Advantage's AI accelerator for care homes, built on the Microsoft technology stack: Dynamics 365, Power Platform, Microsoft 365 and Microsoft Copilot. It was designed from the outset to support responsible, governed AI adoption rather than to introduce AI for its own sake. The principles CQC has now formalised map closely onto the architectural and governance decisions already embedded in the platform.
AI to support, not replace
EdgeCare™ uses AI to surface information, flag anomalies, generate draft documentation and reduce administrative load. Every output is presented to a human for review and decision. The system does not act autonomously on clinical or care matters.
Security and GDPR compliance
EdgeCare™ is built on Microsoft's enterprise-grade cloud infrastructure, which maintains ISO 27001, SOC 2, Cyber Essentials Plus and a broad range of data protection certifications. As a Microsoft Solutions Partner, Advantage can document the compliance posture of the underlying platform to support both DSPT submissions and any CQC scrutiny of data governance.
Transparency and training
Implementing EdgeCare™ includes structured user adoption and training delivered as part of the engagement. Staff are trained not just in how to use the system but in understanding what the AI components do and do not do, which directly supports the CQC principle around AI readiness.
Governance and accountability
EdgeCare™ operates within Dynamics 365's audit trail and role-based access control framework. Every action is logged, every access point is controlled, and the system provides the documentation backbone for a formal AI governance process. This includes support for completing DPIAs when AI-enabled features are introduced or extended.
Procurement assurance
As a Microsoft Solutions Partner working exclusively with enterprise-grade, certified technology, Advantage can provide the supplier compliance evidence care homes need to demonstrate that their AI tools meet relevant regulatory standards.
The CQC statement does not require care providers to deploy AI. But for those who do, or who are considering it, the expectations are now clearly articulated. EdgeCare™ was built to meet them.
The DSPT Connection
It is worth noting that several of CQC's AI principles overlap directly with DSPT obligations. The requirement to complete a DPIA before deploying AI that processes personal data is both a GDPR obligation and a DSPT evidence item. The requirements around cyber security resilience, access control, staff training and breach response governance feature in both frameworks.
For care homes working to maintain DSPT compliance and CQC readiness simultaneously, a technology platform that supports both is considerably more manageable than trying to satisfy each framework independently. If you have not already read our guidance on DSPT compliance for care homes, it covers the evidence requirements in detail and is worth reading alongside this article.
The DSPT and CQC's AI principles share common ground on data security, access governance, staff training and breach response. Providers who maintain robust DSPT evidence year-round will find they have already addressed much of what CQC expects from an AI governance perspective.
Next Steps
CQC has indicated it is actively considering what the use of AI means for its registration, assessment, rating and enforcement processes. Further guidance is expected as the new assessment frameworks develop. Care providers who establish robust AI governance now will be better placed to demonstrate compliance when that guidance arrives, rather than working back from an inspection finding.
To discuss how Advantage can help your home adopt AI in a way that meets CQC's expectations, contact us on 020 3004 4600, email hello@advantage.co.uk, or book a free care home technology workshop.
Related Resources
EdgeCare™ – The AI Accelerator for Care Homes
DSPT Compliance for Care Homes: Building the Evidence Trail
Advantage Secure365™ Cyber Security
Managed IT Services
Cyber Security Intelligence Hub
Free Workshop for Care Homes
