Compliance & Clinical Safety

How We Build

ASTI is designed to work with some of the most sensitive aspects of human life — attention, emotion, cognition, health, and behaviour. That is not something we take lightly.

From the beginning, ASTI has been built with compliance and clinical safety as first principles — not afterthoughts.

We believe that technology touching neurodivergent health and wellbeing must be held to the highest standards, whether or not the law currently requires it.

We are committed to working towards full compliance with the frameworks that govern this space.

Regulatory Frameworks

MHRA Software as a Medical Device (SaMD)

The UK regulatory standard for software that supports clinical decision-making or health outcomes.

We are building ASTI's architecture to meet these requirements as our clinical features develop.

UK GDPR and Article 9

The legal framework governing personal data — and specifically special category data, which includes health and mental wellbeing information.

Your data is protected to the highest legal standard.

NICE Evidence Standards Framework (ESF)

The NHS framework for evaluating digital health technologies. Tier B means evidence of real-world clinical benefit.

We intend ASTI to meet Tier B standards.

NHS Digital Technology Assessment Criteria (DTAC)

The NHS procurement standard covering clinical safety, data protection, technical security, and usability. A requirement for any technology working with NHS pathways.

We are building toward full DTAC compliance.

DCB0129

The UK clinical risk management standard for health IT systems — ensuring risks are identified, managed, and documented throughout development.

Clinical risk management is built into ASTI's development process from the start.

ISO 42001

The international standard for responsible AI management systems — covering transparency, accountability, and ethical governance of AI.

We are building ASTI's AI governance toward ISO 42001 standards.

We are not yet certified against all of these frameworks. That work is staged and ongoing.

What we can say clearly: every feature of ASTI is classified before it is built.

Features that touch clinical inference, health data, or adaptive responses to user state are developed under a separate compliance track — and will not be released until the appropriate standards are met.

The pace of ASTI's development is governed by what is right — not what is fast.

This is what it means to build responsibly.

We think you deserve to know that.

Our Values

Compliance is not a legal disclaimer for us. It is a values position. Read the full ASTI Manifesto to understand why we build the way we build.

Read the ASTI Manifesto →