Built for Trust. Designed for the NHS.

Security, privacy, and clinical safety are built into everything we create. Every QuantumLoopAI system meets NHS standards — by design, not by chance.

Trust Centre
Receptionists smiling at front desk

Tell your surgery you want EMMA.

nhs-compliant

Medical Device Registration

QuantumLoopAI is registered as a Class I medical device with the MHRA, advancing toward Class IIa certification to further strengthen clinical safety and assurance.

DTAC Compliant

Fully DTAC compliant, QuantumLoopAI meets NHS standards for clinical safety, data protection, cybersecurity, and interoperability — with full assurance for partners.

DSPT Toolkit Certified

QuantumLoopAI is fully DSPT compliant, confirming our data governance meets NHS England’s strict standards for secure, transparent, and responsible information handling.

Cyber Essentials Plus Certified

Independent CREST-accredited specialists conduct annual and post-release penetration tests, ensuring ongoing resilience and proactive defence against emerging risks.

CREST Penetration Testing

Our infrastructure is tested annually by CREST-accredited security specialists, ensuring continuous resilience and defence against evolving cyber risks.

End-to-End Encryption

All data is protected using AES-256-bit encryption in transit and at rest — the same level of security trusted by global financial institutions and defence systems.

GDPR & DPIA

QuantumLoopAI is fully UK GDPR compliant, supported by detailed Data Protection Impact Assessments and a rigorous internal governance framework.

Interoperability & NHS Integration

Built for seamless integration, QuantumLoopAI connects securely with NHS systems via IM1, GP Connect, and FHIR, ensuring consistent, safe data exchange.

Continuous Assurance

Every release is clinically reviewed under DCB0129 and DCB0160, ensuring continuous safety validation and compliance with NHS clinical governance standards.

Clinical Governance & Oversight

A dedicated Clinical Safety Officer oversees all deployments, supported by an Advisory Board chaired by Sir David Sloman, former NHS England COO.

Clinical Safety & Risk Management

QuantumLoopAI maintains a full Clinical Safety Hazard Log, formal clinical sign-off, and robust documentation aligned with NHS DCB0129 risk management protocols.

ISO & Quality Standards

Fully aligned with ISO 37001 (Anti-Bribery Management) and ISO 13485 (Medical Device Quality Systems), with active progression toward formal certification.

SOC 2 & Cloud Infrastructure

All services operate on SOC 2-compliant infrastructure hosted within Microsoft Azure’s NHS-approved cloud, ensuring resilience, uptime, and total data protection.

Data Sovereignty

All patient data is securely hosted within UK jurisdiction and never leaves England, ensuring full alignment with NHS, GDPR, and data protection requirements.

Zero-Trust Security Model

QuantumLoopAI employs a Zero-Trust architecture, verifying every interaction and maintaining immutable, tamper-proof audit logs for all access and data events.

Audit Trail & Transparency

Every patient call is logged, recorded, and auditable, with transcripts, summaries, and time stamps — ensuring full visibility for clinical audit and governance.

Failover & Reliability

Hosted on Microsoft Azure NHS Cloud, EMMA maintains Tier 1 telecom redundancy and instant failover routing — ensuring uninterrupted access and zero downtime.

AI Governance Leadership

Our Clinical Safety Officer contributes directly to NHS England’s AI governance frameworks, helping define national standards for safe, ethical AI in healthcare.

Policy & Regulatory Commitment

QuantumLoopAI maintains comprehensive internal policies, controls, and governance frameworks, proactively exceeding NHS regulatory expectations.

In-House Security Expertise

Our dedicated in-house engineering and clinical safety teams continuously monitor, test, and enhance system performance, ensuring consistent safety and compliance.

Trusted. Certified. Secure.

GDPR Compliant

Your data. Always protected.

QuantumLoopAI is fully compliant with UK GDPR standards, using encryption, governance controls, and transparent processes to keep every patient record secure.

AICPA SOC

Independent security assurance.

QuantumLoopAI operates on SOC 2–compliant infrastructure, ensuring strict privacy, integrity, and reliability controls verified by independent assessors.

DPIA

Privacy built in by design.

Every deployment includes a completed DPIA, ensuring compliance, transparency, and streamlined approval for NHS information governance and assurance.

Cyber Essentials Plus

Certified cybersecurity protection.

Independently verified under Cyber Essentials Plus, QuantumLoopAI safeguards against threats and ensures secure performance across every connection.

NHS Toolkit

Approved NHS data standards.

Fully compliant with the NHS DSP Toolkit, confirming that our data handling, security, and governance align with all NHS England requirements.

DTAC

Digitally assured for the NHS.

QuantumLoopAI meets the NHS DTAC standards for clinical safety, data protection, cybersecurity, and usability, ensuring total digital assurance.

Safe by design.

At QuantumLoopAI, patient data is protected from the moment a call begins. EMMA records, encrypts, and audits every conversation — creating complete visibility for surgeries and total confidence for patients.

Data is never shared, sold, or stored outside the NHS environment. Every byte stays within the UK, under NHS-approved infrastructure, and under full clinical safety oversight.

QuantumLoopAI Trust Logo

Procurement made simple.

Crown Commercial Services Supplier Logo

Approved under Crown Commercial Service

QuantumLoopAI is listed on the RM6200 AI & Automation Framework, enabling ICBs, federations, and NHS providers to procure directly and compliantly.

DB0129

Trusted to deliver safely at scale

Fully compliant with DTAC, DSPT, and DCB0129, QuantumLoopAI meets NHS England’s standards for safety, governance, and interoperability.

Cyber Essentials Plus

Government-certified cybersecurity

Independently verified under Cyber Essentials Plus, ensuring advanced protection, resilience, and compliance across every NHS deployment.

 

Questions about
compliance?

Contact Us
Smiling female doctor
quote-icon

“This is incredibly impactful and pioneering technology that can make a real difference to the lives of staff and patients across the NHS. It directly improves patient access, reduces pressure on staff, and delivers real efficiencies for the system.”

Sir David Sloman, QuantumLoopAI advisory board and former COO of NHS England.

Frequently Asked Questions

QuantumLoopAI is trusted by NHS teams to handle patient data safely, securely, and transparently.Below are answers to the most common questions practices and ICBs ask about EMMA.

How do I know EMMA is safe for my surgery to use?

EMMA is fully DTAC-approved, DSPT-compliant, and Cyber Essentials Plus certified.

All patient data is processed within NHS-approved Microsoft Azure data centres in England, encrypted at rest and in transit using AES-256-bit encryption.

Every release is reviewed under DCB0129 and DCB0160, ensuring continuous compliance and clinical safety.

Who controls the data EMMA processes?

Your surgery remains the data controller under UK GDPR.

QuantumLoopAI acts as the data processor, handling information only under your instruction and solely for the purpose of supporting patient care.

Our Data Processing Agreement clearly defines these roles and responsibilities.

How does EMMA keep patient data secure?

All data is encrypted end-to-end using TLS 1.2+ and AES-256, stored only within the UK.

We operate a Zero-Trust Security Model, maintain immutable audit logs, and conduct regular CREST-accredited penetration tests.

Independent cybersecurity reviews are completed annually and after every major update.

Is QuantumLoopAI Cyber Essentials Plus certified?

Yes.

QuantumLoopAI holds Cyber Essentials and Cyber Essentials Plus certification, verified by independent government-approved assessors to confirm our defences against cyber threats.

What data does EMMA process?

To manage calls and automate administrative workflows, EMMA processes:

  • Patient contact information and call details

  • Interaction transcripts and outcomes

  • Administrative and triage data logged during calls

    All data remains within NHS-approved cloud infrastructure, processed strictly under NHS information governance requirements.

 

Does EMMA record calls?

Yes — but securely.

Every patient call is recorded, transcribed, and auditable. Surgeries can review calls for training, governance, or complaint handling.

Access is strictly limited to authorised practice users and all call data is fully encrypted.

 

What happens if a call drops or fails?

If a call disconnects unexpectedly, SOPHIA, our intelligent SMS follow-up assistant, automatically reaches out to the patient to complete the interaction.

This ensures no patient is left behind and that all contacts remain traceable.

Does EMMA need patient consent to handle data?

No separate consent is required for EMMA’s operation.

Under UK GDPR, data is processed under Article 6(1)(e) and Article 9(2)(h) — supporting the provision and management of healthcare.

This is the same legal basis used for normal surgery communications and clinical systems.

Where is EMMA hosted?

EMMA runs entirely on Microsoft Azure’s NHS-approved UK cloud infrastructure, meeting all NHS Digital and NCSC security requirements.

No patient data is transferred or stored outside the UK.

Can we audit or review EMMA’s activity?

Yes.

Every call, transcript, and action is timestamped, logged, and fully auditable.

Surgeries can review these records for internal governance, CQC compliance, or clinical safety audits at any time.

What if there’s a system outage or power failure?

In the unlikely event of downtime, calls are automatically re-routed to your existing phone system within seconds.

This built-in failover ensures no disruption to patient access or continuity of care.

Does EMMA share or sell data?

Absolutely not.

QuantumLoopAI never shares, sells, or repurposes data for marketing, analytics, or any non-clinical use.

Your data remains yours — under your control, within the NHS environment.

How is EMMA governed clinically?

All deployments are overseen by a dedicated Clinical Safety Officer, supported by an Advisory Board chaired by Sir David Sloman, former NHS England COO.

Every new release undergoes formal hazard logging, testing, and clinical sign-off.

What assurance documentation is available?

We provide NHS partners with all required documentation, including:

  • DTAC and DSPT certificates

  • DPIA templates

  • DCB0129 Clinical Safety Case Report

  • Cyber Essentials Plus verification

    All available on request.

 

What makes QuantumLoopAI different from other suppliers?

QuantumLoopAI was built for the NHS — by clinicians, engineers, and patients.

Unlike generic AI systems, EMMA is designed around primary care workflows, meeting every NHS assurance standard while improving patient experience and staff wellbeing.

Stay in the loop with QuantumLoopAI

Discover

Support

Connect with us

2025 QuantumLoopAi. All rights reserved. | GDPR Compliant | NHS Approved