NHS Launches AI Triage in App as UK Cyber Security Bill Heads to Lords

NHS Launches AI Triage in App as UK Cyber Security Bill Heads to Lords

Two significant developments in the UK's digital infrastructure are unfolding simultaneously this week: NHS England has begun the rollout of AI-powered triage within the NHS App, marking a pivotal step in the health service's digital transformation, while the government's Cyber Security and Resilience Bill is preparing for its House of Lords passage — a piece of legislation that will fundamentally reshape how the UK protects its critical digital infrastructure.

Background

The NHS App has been one of the more successful digital initiatives of recent years, growing from a relatively basic appointment-booking tool into a platform used by tens of millions of patients for prescription management, GP access, and health records. The government's Medium Term Planning Framework for 2026/27 to 2028/29 sets out an ambitious vision for the app's evolution, with AI triage representing the most significant expansion of its capabilities to date.

The Cyber Security and Resilience Bill, introduced in late 2025, is the UK's response to a rapidly deteriorating global cybersecurity environment. The existing Network and Information Systems (NIS) Regulations, which date from 2018, were designed for a different threat landscape. The new bill will expand the regime to cover more essential services, grant regulators enhanced enforcement powers, and introduce mandatory incident reporting requirements that will give the government a clearer picture of the scale and nature of cyber threats facing UK infrastructure.

Both developments reflect a broader government ambition to position the UK as a global leader in digital governance — an ambition that sits in some tension with the concerns raised by the tech sector about regulatory complexity and compliance burdens.

Key Developments

The NHS planning guidance published this week confirms that the rollout of AI triage within the NHS App should begin from April 2026, with providers required to use the NHS App notification function by March 2027 across hospitals, general practice, and pharmacy. The AI triage system is designed to help patients assess their symptoms and be directed to the most appropriate level of care — reducing pressure on A&E departments and GP surgeries by ensuring that patients with minor conditions are directed to pharmacies or self-care pathways.

The planning framework also sets ambitious performance targets: reinstating the 92% elective care waiting time standard (no longer than 18 weeks) by 2028/29, with an interim target of 70% by 2026/27. Community health services are a new addition to the 18-week-wait target. The government has stated its goal is to make the NHS "the most AI-enabled health system in the world."

On the cybersecurity front, the Cyber Security and Resilience Bill is expected to begin its House of Lords passage this spring. The bill will expand the existing regime to cover more essential services and grant regulators enhanced enforcement powers. The MHRA has separately confirmed it has met or exceeded all statutory targets, with Health Innovation Minister Dr Zubir Ahmed stating this positions the UK as a global leader in life sciences.

Why It Matters

The NHS AI triage rollout is one of the most consequential digital health initiatives in the service's history. If it works as intended, it has the potential to significantly reduce the pressure on overstretched A&E departments and GP surgeries — a pressure that has been building for years and that the Covid pandemic dramatically accelerated. The King's Fund has noted that the planning framework's targets are ambitious but achievable if the digital infrastructure is in place. The risk is that the rollout is uneven — that patients in well-resourced urban areas benefit while those in rural or deprived communities are left behind.

The Cyber Security and Resilience Bill addresses a genuine and growing threat. The UK has experienced a series of high-profile cyberattacks on public sector infrastructure in recent years, and the existing regulatory framework has been widely criticised as inadequate. Unlike the EU's NIS2 Directive, which the bill broadly mirrors, the UK approach gives regulators more discretion — which could be a strength or a weakness depending on how that discretion is exercised.

Local Impact

For patients across the UK and Ireland, the NHS App's AI triage function will be the most visible manifestation of the government's digital health ambitions. In Northern Ireland, where the health service operates under a separate structure through the Health and Social Care system, the rollout will be adapted to local needs — but the underlying technology and approach will be consistent with the England model. In the Republic of Ireland, the HSE's own Digital for Care Capital Plan, backed by €263 million, is pursuing parallel ambitions, including electronic health records and virtual care hubs.

What's Next

The NHS App AI triage rollout will be monitored closely by NHS England, with a formal evaluation expected in the autumn. The Cyber Security and Resilience Bill will begin its Lords passage in the coming weeks, with Royal Assent expected before the end of 2026. The government's AI Opportunities Action Plan is due for its first progress review in the summer. Providers have until March 2027 to implement the NHS App notification function across all settings.

Sources: The King's Fund | techUK