February 4th 2026
Care Quality Commission will reject applications if they do not include key policies including consent and data governance.
The Care Quality Commission (CQC) has announced changes to how it handles new registration applications for care home providers, supported living services, and learning disability and autism care providers.
From 9 February 2026, CQC will routinely return and reject applications that are not complete or accurate at the point they are received, without progressing them to a full assessment of quality. The change follows a series of pilots which found that many applications were submitted with missing or incorrect supporting documents, contributing to delays and a growing backlog.
CQC says the new approach will make the registration process more efficient and consistent, while supporting applicants to submit complete and accurate applications first time.
For new providers, this puts renewed focus on getting policies, systems and governance arrangements in place before applying — particularly where data, consent and information governance are concerned.
Supporting documents: what CQC requires
CQC requires all new provider applications to include a defined set of supporting documents alongside the application form. These documents “help us assess your application” and must reflect how you intend to operate your service.
Among the documents that all providers must send are:
- Consent policy and procedures
- Governance and quality assurance policy and procedures
These are essential to demonstrating readiness to operate safely and lawfully.
Consent: setting out policy and procedures
CQC requires a consent policy and procedures as part of every registration application. For new services, this policy should clearly set out how consent will be obtained, recorded and reviewed once the service is operational. It should include:
- How people will be supported to give consent
- How consent will be recorded and reviewed
- How the service will respond where people may lack capacity, in line with relevant legislation
The key test for CQC at registration is whether the policy is clear, relevant and appropriate to the service being registered.
Governance and quality assurance: explaining how the service will be run
CQC also requires a governance and quality assurance policy and procedures document. This should explain how the organisation will be governed and managed, including how risks are identified, monitored and reviewed.
For data and information governance, this means setting out:
- Who is responsible for oversight of data protection and information security
- How information-related risks and incidents will be managed
- How policies will be kept under review
- How staff will be supported and trained
Again, for new providers this is about describing systems and processes.
Why this matters now
CQC’s decision to return incomplete applications means there is less room for vague, generic or copied policies. Supporting documents need to be tailored, accurate and aligned with how the service intends to operate from day one.
Getting consent, data protection and governance foundations in place early is now a critical step in a successful CQC registration.
Our support for new care services
Digital Care Hub provides free, expert support for new care services on data protection and cyber security including training, template policies and a checklist of issues to consider.
You can adapt our template policies on consent and data governance – but ensure you adapt it to your specific needs.
You can also use our Data Policy Builder to develop your Bring Your Own Device policies, if appropriate. And we will be adding new policies to the Builder over the coming weeks which will help you to tailor your policies even further.
Find out more about our support
Find out more about CQC changes
View all News