The UK life sciences sector depends on regulatory systems that protect patients while enabling innovation. Device manufacturers are submitting higher volumes of increasingly complex products. Regulatory expectations continue to evolve as software and AI become embedded in clinical pathways. With this confluence of market forces, there is a growing pressure on regulatory bodies to protect patient safety while enabling new innovation to enter the health system at pace.
Many of the underlying regulatory systems were not built for this level of dynamism. Processes relied on manual interventions that delayed assessment. Data sat in formats that made review and audit difficult. Interfaces with external actors, including manufacturers and public services, were often fragmented. Together, these factors limited a key regulatory agency’s ability to respond quickly and adapt to changing requirements.
To address this, the Agency launched an effort to create a modern digital environment for device submissions, validation and case processing. Mastek was engaged to build a minimum viable product (MVP) that could support rule-driven workflows, structured data capture and more efficient regulatory review. The work centred on Microsoft Dynamics 365 implementation, supported by Azure AI Document Intelligence and structured design methods.
The MVP was completed over six months. It delivered functioning workflows, technical designs, service patterns, and automated validation capability. The outcome provides the Agency with an operational baseline and a clear pathway for phased expansion.
Why Mastek?
This Agency required a partner with deep Microsoft engineering capability, proven delivery methods, and prior experience working with national health and regulatory bodies. Mastek’s experience in public sector cloud implementation, its Microsoft solution capability, and its delivery record on national health services helped establish the conditions for rapid progress, in addition to its specialist skillsets in product, user-centred design, and automation.
The delivery approach centred on a close partnership with a clear shared understanding that policy interpretation and workflow design could not be treated as separate activities. Product analysts, designers, and engineers worked together to ensure that regulatory rules were reflected in service patterns and underlying configuration. This supported pragmatic decision-making and allowed the programme to maintain momentum.
The joint team worked as an integrated delivery unit. This ensured policy interpretation, workflow design, and technical implementation moved in lockstep.
Designing an achievable increment
The MVP focused on core registration and certification processes which reduced complexity and enabled the team to validate architectural and operational assumptions early.
The team first configured Dynamics 365 implementation to manage the end-to-end flow of device submissions and renewals, ensuring that policy rules could be applied consistently through guided workflows rather than manual interpretation. As this took shape, the conceptual and high-level solution designs evolved in parallel, translating regulatory requirements into system behaviour. The data models were developed with close reference to international device standards, including GMDN and UDI, so that the platform would be structurally capable of supporting future interoperability, post-market monitoring and product traceability.
User-centred design was embedded throughout delivery, helping to identify where manufacturers, internal reviewers and case managers interacted with the service, and how these points could be improved. Service blueprints, user journeys and wireframes captured this shared understanding, allowing product leads, policy teams and engineers to make decisions with a common view of context rather than operating in isolation. This also helped surface process ambiguity earlier, reducing the effort associated with later rework.
The programme explored how automated intelligence could contribute to validation and assurance. Using Azure AI Document Intelligence, the team developed a neural approach capable of distinguishing valid certificates from those that fell outside acceptance criteria. In parallel, more than twenty-five thousand historical GMDN records were examined to understand how far code validation could shift from manual judgement to a structured, automated model. Together, these activities provided early evidence on the balance between deterministic rules, machine-assisted support and human oversight.
Azure DevOps served as the operational backbone of delivery. Backlogs, testing activity and workflow execution were managed in a single environment, creating a continuous thread from requirement through to assurance. Regular discussions with operational and policy stakeholders helped maintain alignment, enabling questions about scope, logic and process interpretation to be addressed as they emerged, rather than once build had completed.
What the project delivered
1) Validated automation through Microsoft Dynamics 365
Bulk device submissions were processed under defined GMDN rules. Approximately 95 percent were automatically accepted. Manual review was required only for exceptions. Based on benchmarks from similar regulatory deployments, this level of automation can reduce review effort by 50 to 70 percent, allowing specialists to focus on higher-risk cases.
2) Integration of AI and data intelligence
Azure AI Document Intelligence was used to trial automated certificate checks. The ability of trained models to distinguish valid from invalid documents provides a path toward reduced manual classification. The GMDN dataset analysis indicated scope for automated validation. Comparable implementations show that early AI document intelligence validation can reduce remediation effort by 20 to 30 percent, improving confidence in regulatory records.
3) Comprehensive design and testing artefacts
The programme delivered high-level designs, conceptual data models, blueprints, wireframes, journeys, and a functional automation test framework. These artefacts were completed over a six-month phase. Traditional enterprise delivery cycles of similar breadth often require nine to twelve months to complete equivalent work. The acceleration represents a 30 to 50 percent schedule gain. It also reduces uncertainty for subsequent phases and supports clearer decision pathways.
4) Improved collaboration and delivery discipline
The team highlighted structured working between user-centred design, product teams, engineers, and regulatory analysts where regular showcases supported informed decision-making and a delivery model built around smaller, multi-disciplinary units avoided the overhead associated with fragmented supplier structures. Evidence from Microsoft-based public sector programmes shows throughput gains in the range of 25 to 60 percent and cost-per-unit reductions of 20 to 35 percent when this approach is applied.
5) Knowledge continuity and governance
The team prepared a complete closure package, including recordings, retrospectives, product catalogues, design artefacts, and testing material which reduced re-mobilisation cost and risk. Experience from multi-phase regulatory and health-system programmes indicates that structured knowledge management can reduce onboarding effort by 30 to 50 percent.
Implications for the health system
Regulatory services play a pivotal role in determining how quickly new technologies reach clinical settings, and the strength of the digital foundation beneath them influences the quality of that journey. When systems give manufacturers and regulators a clearer, more structured way to exchange information, the progression from submission to approval becomes less fragmented and more predictable.
Well-designed data structures are central to this shift. They make it easier to understand the origin and status of a device, enable clearer auditability, and give regulators greater confidence in the information they rely on for assessment. These improvements become especially important after a device has reached the market, when real-world monitoring, adverse event reporting and supply chain decisions depend on consistent and reliable records.
The MVP supports this direction of travel. By adopting standards such as UDI and EMDN, it contributes to the wider national effort to create a complete, device-level data view. These choices make future integration with national platforms and supply chain systems far more achievable, creating the conditions for stronger monitoring and earlier identification of safety concerns.
Modernisation also influences market behaviour. Processes that move more quickly and predictably reduce the uncertainty associated with bringing products to the UK, which can improve investment decisions and encourage participation from organisations that might otherwise struggle to navigate the system. Clearer regulatory pathways and more structured interactions lower compliance burden and help ensure a broader range of clinically valuable devices can reach healthcare settings in a timely manner.
Role of Microsoft technology
Dynamics 365 Implementation gave the programme a configurable backbone for regulatory workflows, allowing new rules and process changes to be introduced without the overhead of bespoke development. That flexibility lowered delivery risk and made it easier for the customer to adjust operational behaviour as policy evolved.
Alongside this, Azure AI Document Intelligence offered a practical way to explore automated validation. By training models within a controlled environment, the team could assess document quality and extract structured information in a way that complemented human review rather than replacing it outright.
Azure DevOps provided the supporting delivery framework. Requirements, testing activity and deployment steps sat in a single environment, creating a traceable line from user intent through to assurance. This helped maintain alignment across product, technical and regulatory teams as work progressed.
Together, these technologies made it possible to stand up new capability at pace while laying a foundation that can be expanded and maintained over time, rather than rebuilt with each phase of change.
Conclusion
The work with this major UK regulatory body shows that regulatory services can move forward through the use of modular cloud platforms and delivery approaches that place users and policy interpretation at the centre of design. The work demonstrated that automation can carry a large share of routine submissions, reducing the volume of manual handling and helping specialists focus on areas where judgement is essential.
It also confirmed that AI-supported checks have a meaningful role in certificate and data validation. The artefacts produced during the programme give future teams a structured starting point, lowering the risk often associated with multi-phase regulatory change. The delivery model, built around a unified Microsoft technology base and integrated teams, proved more responsive and efficient than approaches that rely on heavier, fragmented supplier structures.
With the platform in place, the Agency has a working foundation that can be extended to keep pace with new regulatory expectations. The experience offers a reference point for other organisations looking to strengthen safety oversight, improve operational capacity, and build confidence across health and life-sciences markets.
