You have no items in your shopping basket.
Mon - Fri 9AM - 5PM
024 7610 0090
Start typing to see products you are looking for.
Start typing to see products you are looking for.
Start typing to see products you are looking for.
Start typing to see products you are looking for.
Start typing to see products you are looking for.
Start typing to see products you are looking for.
15
May
What are the Care Quality Commission Regulations?
Image by Mehaniq41 via Envato Elements
Ensure your service meets legal standards, strengthens governance, and provides safe, effective, evidence-backed care across all regulated activities in England
When providers talk about "CQC compliance", they often mean inspections, ratings, evidence folders, action plans or quality statements. But underneath that language sits a more specific legal framework: the regulations that set out what registered providers and managers must do when carrying on regulated activities in England.
The central question is practical: which Care Quality Commission (CQC) regulations apply, what they require, and how providers can demonstrate that compliance is happening in day-to-day care rather than only in policies or meeting minutes. Understanding the regulations individually matters because each one creates a different duty, from person-centred care and consent to safeguarding, staffing, governance, complaints and duty of candour.
In this blog, Dr Richard Dune explains the key CQC regulations, how Regulations 4 to 20A fit together, what providers should focus on in practice, and how leaders can strengthen evidence, training, governance and inspection readiness without duplicating topics covered in neighbouring MTG guidance. The existing article rightly frames this as a regulation-by-regulation evidence issue, not simply a broad inspection topic.
What are the Care Quality Commission regulations?
In everyday provider language, the "CQC regulations" usually refer to the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, especially Part 3, which sets out requirements for regulated activities.
The CQC’s provider guidance describes these regulations as including the fundamental standards, the standards below which care must never fall. The guidance explains how providers and managers can comply with the regulations and is structured around the duties applicable to service providers and managers.
The regulations are not just inspection language. They are legal duties that shape how care must be planned, delivered, monitored, governed and improved. They also provide a practical framework for policies, audits, staff training, risk management, records, complaints, safeguarding and leadership assurance.
This article focuses on the regulations themselves. For the wider role, remit and powers of the regulator, readers can explore MTG’s guide to the role of the Care Quality Commission.
Why should providers understand the regulations individually?
Many providers understand broad phrases such as "safe care", "good governance", "staffing" or "duty of candour". The problem is that broad language can become vague. CQC compliance strengthens when leaders can connect each expectation to the specific regulation, the risk it addresses, and the evidence that the service is meeting it.
Understanding the regulations individually helps providers:
-
Run more focused audits
-
Assign clearer leadership responsibilities
-
Improve policies and procedures
-
Strengthen staff training and supervision
-
Identify gaps before inspection
-
Connect incidents, complaints and risks to improvement
-
Demonstrate governance and accountability with evidence.
A provider that can show how each relevant regulation is being met is in a stronger position than one that simply says it is "inspection ready".
How do the regulations fit with the CQC assessment?
The regulations and the assessment framework are connected, but they are not the same thing. The regulations set out legal requirements. CQC assessment frameworks describe how CQC looks at quality, safety and performance when assessing services.
As of March 2026, CQC confirmed that its draft sector-specific assessment frameworks retain the five key questions, safe, effective, caring, responsive and well-led and propose replacing current quality statements with structured key lines of enquiry, supported by rating characteristics for each sector.
That means providers need both legal and operational clarity. The regulations explain what must be achieved. The assessment framework helps providers understand how evidence, practice and outcomes may be assessed. For a broader inspection-focused explanation, see MTG’s guide to the CQC assessment framework.
Regulations 4 to 8: Provider, director and registered manager duties
Regulations 4 to 8 focus on who is responsible for carrying on, directing and managing regulated activities. They are about suitability, accountability and appropriate governance structures.
Regulation 4: Requirements where the provider is an individual or a partnership
Regulation 4 applies where the service provider is an individual or a partnership. It is concerned with whether the person or partnership carrying on the regulated activity is suitable and appropriately registered.
CQC guidance says the intention of Regulation 4 is to ensure that people who use services have their needs met because the service is provided by an appropriate person.
In practice, providers should be able to evidence registration arrangements, suitability, governance responsibilities and the ability to carry on the regulated activity safely.
Regulation 5: Fit and proper persons: directors
Regulation 5 applies to directors or people in equivalent senior roles who are responsible for quality and safety. Its purpose is to ensure that people in director-level roles are suitable, honest, competent and able to carry out their responsibilities.
Evidence may include fit-and-proper person checks, board records, recruitment files, declarations, references, role descriptions, and ongoing review arrangements.
Regulation 6: Requirement where the provider is a body other than a partnership
Regulation 6 applies to corporate providers or other bodies that are not partnerships. It supports an appropriate organisational structure, accountability and governance.
For companies, charities, or larger provider groups, this regulation reinforces the need for formal oversight, accountable leadership, and clarity about who is responsible for regulated activities.
Regulation 7: Requirements relating to registered managers
Regulation 7 is highly significant in practice. It covers the suitability of registered managers, including good character, competence, qualifications, skills, experience, and the ability to provide the required information.
Registered managers are central to operational governance. Providers should be able to provide evidence of appropriate recruitment, registration, supervision, role clarity, continuing professional development, and management competence.
Regulation 8: General
Regulation 8 explains how duties apply where there is more than one registered person, such as both a registered provider and registered manager. It avoids unnecessary duplication, but it does not reduce the duty to comply.
The key message is simple: providers and managers may share responsibilities, but the service must still meet the applicable regulations.
Regulations 9 to 11: Person-centred care, visiting, dignity and consent
Regulations 9 to 11 focus on the experience, rights and involvement of people using services.
Regulation 9: Person-centred care
Regulation 9 requires care and treatment to be appropriate, meet people’s needs and reflect their preferences. Providers must involve people, or lawful representatives where relevant, in planning, managing and reviewing their care.
Evidence may include assessments, care plans, reviews, records of involvement, communication support, reasonable adjustments and evidence that preferences are respected in practice.
Regulation 9A: Visiting and accompanying
Regulation 9A covers visiting and accompanying in care homes, hospitals and hospices. It requires providers to respect each person’s right to receive visits and be accompanied, following an assessment of their needs and preferences.
This regulation is important because blanket restrictions can undermine dignity, wellbeing, relationships and rights. Providers need clear, proportionate, risk-based arrangements that support visiting and accompanying wherever appropriate.
Regulation 10: Dignity and respect
Regulation 10 requires providers to treat people with dignity and respect. This includes privacy, autonomy, communication, cultural needs and care that does not humiliate, degrade or disempower people.
Evidence may include observations, care records, complaints, learning, feedback, dignity audits, staff supervision and training linked to person-centred practice.
Regulation 11: Need for consent
Regulation 11 requires care and treatment to be provided only with the consent of the relevant person, unless the law allows otherwise. It links closely to the Mental Capacity Act 2005.
Providers should move beyond a signature culture. Staff need to understand valid consent, capacity, best interests, refusal of care, communication support and documentation. Training, supervision and policy alignment are especially important here.
Regulations 12 to 16: Safety, safeguarding, nutrition, premises and complaints
Regulations 12 to 16 focus on safe delivery, protection from harm, basic needs, safe environments and complaints handling.
Regulation 12: Safe care and treatment
Regulation 12 is one of the most important operational regulations. It requires care and treatment to be provided safely. It covers risk assessment, medicines, infection prevention and control, equipment safety, care planning, emergency response and preventing avoidable harm.
Evidence may include risk assessments, incident reviews, medicines audits, equipment checks, infection control audits, staff training, clinical records and action plans.
Regulation 13: Safeguarding service users from abuse and improper treatment
Regulation 13 protects people from abuse, neglect, degrading treatment, unnecessary restraint and improper treatment.
Providers should be able to evidence safeguarding policies, training, reporting routes, supervision, whistleblowing arrangements, incident investigations, lessons learned and leadership action.
Regulation 14: Meeting nutritional and hydration needs
Regulation 14 applies where the regulated activity includes responsibility for meeting nutritional and hydration needs. This is especially relevant in care homes, hospitals, community services and settings supporting people at risk of malnutrition or dehydration.
Evidence may include nutritional assessments, weight monitoring, fluid charts, care plans, referrals, mealtime observations and staff competence records.
Regulation 15: Premises and equipment
Regulation 15 requires premises and equipment to be suitable, safe, clean, secure and properly maintained.
This may involve maintenance records, cleaning schedules, infection control checks, equipment servicing, environmental audits, accessibility reviews and actions taken when risks are identified.
Regulation 16: Receiving and acting on complaints
Regulation 16 requires providers to have effective systems for receiving, investigating and acting on complaints.
A complaints policy is not enough. Providers need evidence that people know how to complain, concerns are taken seriously, investigations are fair, responses are timely, and learning leads to improvement.
Regulations 17 to 20A: Governance, staffing, recruitment, candour and display
Regulations 17 to 20A are often central to inspection outcomes because they show whether the service is led, staffed, monitored and accountable.
Regulation 17: Good governance
Regulation 17 requires systems and processes to assess, monitor and improve quality and safety, assess and mitigate risk, maintain accurate records and support compliance.
It is often the regulation that exposes wider weaknesses. If medicines, safeguarding, staffing, complaints or care planning are poorly managed, the problem may also indicate weak governance.
For a broader operational view, see MTG’s guide to good governance in health and social care.
Regulation 18: Staffing
Regulation 18 requires providers to deploy enough suitably qualified, competent, skilled and experienced staff to meet regulatory requirements.
This includes numbers, skills, training, supervision, induction, deployment, agency staff controls and ongoing workforce development. For the training evidence angle, see MTG’s guide to training required for CQC compliance.
Regulation 19: Fit and proper persons employed
Regulation 19 covers recruitment and staff suitability. Providers need appropriate checks before and during employment.
Evidence may include application forms, references, identity checks, right-to-work checks, Disclosure and Barring Service checks where required, qualifications, employment history, interview notes and ongoing suitability concerns.
Regulation 20: Duty of candour
Regulation 20 requires openness and transparency with people receiving care and treatment, especially after notifiable safety incidents. CQC guidance explains that this regulation is one of the Health and Social Care Act 2008 (Regulated Activities) Regulations requirements.
Duty of candour is not simply saying sorry. It involves timely communication, truthful explanation, support, records and follow-up.
Regulation 20A: Display of performance assessments
Regulation 20A requires providers that have received a CQC performance assessment to display their rating or assessment conspicuously and legibly at each location delivering regulated services and on their website, if they have one.
Providers should ensure displayed information is current, visible, accessible and consistent across locations and digital platforms.
What should providers do in practice?
The best response is to build a regulation-by-regulation compliance map. This does not need to be complicated, but it should be disciplined.
Providers should:
-
List each applicable regulation
-
Identify the policies and procedures linked to it
-
Map staff training and competence expectations
-
Identify key evidence sources
-
Review audits, incidents and complaints against the regulation
-
Assign responsible leads
-
Track actions and improvement
-
Review evidence regularly through governance meetings.
This approach helps providers move from broad reassurance to defensible assurance. It also supports better internal challenge: not "Are we compliant" but "How do we know, and what evidence proves it?"
For organisations reviewing wider digital evidence and assurance systems, ComplyPlus™ CQC compliance system and ComplyPlus™ regulatory compliance management software may help connect training, policies, evidence, actions and governance.
FAQs about Care Quality Commission Regulations
Below are some of the most frequently asked questions and answers regarding Care Quality Commission regulations.
Are CQC regulations the same as CQC ratings?
No. CQC regulations are legal requirements. Ratings are judgments about service quality and performance. A rating may reflect whether regulations are being met, but the regulations themselves are the legal duties providers must comply with.
Do all health and social care providers have to follow the same CQC regulations?
Only providers carrying on regulated activities in England and registered with CQC must comply with the relevant CQC regulations. The same regulatory framework applies, but the practical evidence will differ by service type, setting and risk.
Which CQC regulation is most important?
There is no single most important regulation. Regulation 12 on safe care and treatment, Regulation 17 on good governance and Regulation 18 on staffing are often central in practice, but all applicable regulations matter.
Can CQC take enforcement action for breaches?
Yes. CQC can take regulatory or enforcement action where providers fail to meet requirements. The available action depends on the regulation, severity, risk, evidence and circumstances.
What is the difference between Regulation 12 and Regulation 17?
Regulation 12 focuses on safe care and treatment. Regulation 17 focuses on governance systems that assess, monitor and improve quality and safety. Poor safety often reveals weak governance as well.
How should providers evidence Regulation 18 on staffing?
Providers should provide evidence of staffing levels, skills mix, recruitment, induction, training, supervision, competence, deployment decisions, rota planning, agency controls, and actions taken when staffing risks arise.
Does Regulation 9A apply to every care provider?
Regulation 9A applies to relevant regulated activities carried on in care homes, hospitals and hospices. Providers should check whether it applies to their service type and ensure visiting and accompanying arrangements are lawful and person-centred.
Is the duty of candour only relevant after serious incidents?
The duty of candour is especially important after notifiable safety incidents, but the wider principle of openness and transparency should shape provider culture, communication, and records more generally.
What documents should providers review against the CQC regulations?
Providers should review policies, procedures, care plans, risk assessments, training records, incident reports, complaints, audits, governance minutes, action logs, recruitment files and evidence of improvement.
How often should providers review compliance with CQC regulations?
Providers should review compliance regularly and proportionately. High-risk areas should be reviewed more frequently, and reviews should also follow up on incidents, complaints, audit findings, service changes, or regulatory updates.
Key CQC regulations, evidence and provider outcomes
|
CQC regulation area |
What providers must focus on |
Evidence providers should hold |
Outcome for compliance and assurance |
|
Provider and leadership suitability |
Ensure providers, directors and registered managers are suitable, accountable and properly structured. |
Fit and proper person checks, registration records, role descriptions, board minutes, and evidence of manager competence. |
Clear accountability and stronger leadership assurance. |
|
Person-centred care and dignity |
Deliver care that reflects assessed needs, preferences, rights, dignity and involvement. |
Care plans, reviews, communication records, feedback, dignity audits, and evidence of involvement. |
Care is personalised, respectful and defensible. |
|
Consent and mental capacity |
Ensure care is lawful, consent-based and aligned with the Mental Capacity Act 2005 where relevant. |
Capacity assessments, best-interest records, consent documentation, staff training and supervision notes. |
Better protection of autonomy, rights and lawful decision-making. |
|
Safe care and safeguarding |
Identify risks, prevent avoidable harm and protect people from abuse or improper treatment. |
Risk assessments, safeguarding referrals, incident reviews, medicines audits, infection control records and action plans. |
Reduced harm, better escalation and stronger public protection. |
|
Nutrition, premises and equipment |
Maintain safe environments, provide suitable equipment, and support nutrition and hydration where required. |
Maintenance records, cleaning schedules, equipment checks, nutrition care plans and environmental audits. |
Safer services and more reliable operational controls. |
|
Complaints and learning |
Receive, investigate and act on concerns fairly and transparently. |
Complaints logs, investigation records, response letters, learning summaries and completed improvements. |
Better responsiveness and visible learning from concerns. |
|
Good governance |
Use systems to monitor quality, manage risk, maintain records and improve care. |
Governance reports, audits, dashboards, action logs, risk registers and improvement records. |
Stronger oversight, accountability and inspection readiness. |
|
Staffing and recruitment |
Deploy enough suitably qualified, competent and safe staff. |
Rotas, training matrices, supervision records, recruitment checks, competence assessments and staffing risk reviews. |
Safer staffing decisions and defensible workforce assurance. |
|
Duty of candour |
Act openly and transparently when things go wrong. |
Incident records, duty of candour letters, apologies, communication notes and follow-up evidence. |
Improved trust, transparency and regulatory compliance. |
|
Display of performance assessments |
Display CQC ratings or performance assessments clearly where required. |
Website checks, location display evidence, communications records and review logs. |
Clear public information and compliance with display duties. |
Conclusion
The Care Quality Commission regulations are not just technical legal wording. They define what registered providers and managers must do to deliver safe, effective, caring, responsive and well-led services in England.
Providers that understand the regulations individually are better placed to organise evidence, strengthen governance, support staff competence and reduce avoidable regulatory risk. The real test is not whether a service uses the language of compliance, but whether it can show, regulation by regulation, how compliance is being achieved in practice.
Strengthen your CQC compliance evidence
The Mandatory Training Group supports health and social care providers with accredited training, compliance resources and digital assurance tools. If you are reviewing your evidence against the CQC regulations, explore our CQC compliance system, browse CPD-accredited online courses, and view our CPD Certification Service provider profile.
To discuss your organisation’s CQC compliance, training, governance or evidence requirements, contact our team through the enquiry form.
Related Blogs
Related Blogs
About the author
Dr Richard Dune
Contact us
Complete the form below to start your ComplyPlusTM trial and
transform your regulatory compliance solutions.
← Older Post Newer Post →
0 comments