How we regulate the duty of candour

Page last updated: 22 December 2022
Organisations we regulate

The duty of candour is one of the fundamental standards – below which care should never fall. As such it is an area of regulation we pay special attention to.

We do not investigate every notifiable safety incident – this responsibility lies with the provider. Our role is to regulate the provider and ensure it is fulfilling its responsibility to carry out all aspects of the duty of candour. But we will investigate specific notifiable safety incidents where we have concerns.

We do not make judgements about the performance of individual healthcare professionals. In the event of a breach, our judgement will be on the registered person. They are the representative of the care provider.

Every provider should be creating an environment that encourages candour, openness and transparency at all levels. Candour underpins a culture of safety; it is only when organisations are open and honest that they can effectively learn from incidents that cause harm and improve the care that people receive.

During our public consultation in 2018, people shared examples of both poor and good practice that they had experienced. They told us that cover ups (whether real or perceived) and a lack of apology compounded the level of harm they had experienced following the initial incident.

However, when the duty of candour had been carried out well, people talked about how they had received a “heartfelt apology”, that the care provider had been “honest from the outset”, that “it was not a tick-box exercise”, and that assurance was given that things were being put in place to prevent the incident happening to others – that the incidents had been acknowledged and learned from.


The duty of candour applies to every provider registered with us.

We expect to see evidence during the registration process that the registered person understands their obligations under Regulation 20.

They should understand when and how to carry out the Duty of Candour and have training, policies and systems in place to ensure their employees are able to implement it. Providers should also be able to explain how they will support their staff to be open and transparent when something goes wrong and how this sits within a broader culture of safety.

Monitoring, assessment and inspection

We approach the monitoring of the duty of candour through the lens of the service:

  • being well-led
  • having an open and safe culture
  • meeting the regulatory requirements of the duty of candour

When we hold monitoring calls, assess the data and information we receive, or visit the provider on inspection, we will be looking for evidence that all three factors are met.

It is important to realise that it is possible for the provider to be open and transparent (under Regulation 20(1)) but still not meeting some specific aspects of the duty of candour. This is because Regulation 20(2) is very specific about exactly how the duty must be carried out in relation to:

  • the definition of notifiable safety incidents
  • the various process steps, meetings and records that must take place
  • what those meetings and records should cover
  • that the process should be carried out in a timely manner
  • that appropriate support should be provided to the person harmed or their representative

There's a range of ways that we assess compliance with the duty. We may:

  • Follow up incidents reported through STEIS or CQC notifications that have been marked as triggering the duty of candour to ensure the process was followed through appropriately.
  • Follow up incidents reported through STEIS or CQC notifications that were not marked as triggering the duty of candour but appear from the descriptions and harm levels to have required it.
  • Ask providers to tell us about recent incidents.
  • Follow up on reports of incidents from the public or people using services that appear to have met the threshold of a notifiable safety incident to ensure the specific requirements in the duty of candour took place.
  • Ask people who have experienced a notifiable safety incident how the provider responded.
  • Question frontline staff about their understanding of the duty of candour and notifiable safety incidents.
  • Question the registered person about their policies and processes for recording and carrying out the duty, and for training staff.
  • Investigate senior staff and board members’ level of understanding of the duty and how they ensure staff feel supported to speak up and be open and honest about incidents.

Not all forms of monitoring and assessment undertaken by CQC will result in a published report, but whenever we do write such reports, we will reference our findings in relation to the duty of candour.


The ultimate responsibility for ensuring the duty of candour is carried out rests with the registered person (in the form of the registered manager or provider).

Where we believe this is not happening, we can use our powers of enforcement, and can prosecute breaches of the regulation.

Regulation 20 also allows us to move directly to criminal enforcement action.

Where an inspector considers a breach may have taken place, they will follow CQC’s Enforcement Policy and Decision Tree.

All options are open to us, including warning and requirement notices, imposition of conditions and criminal prosecution.

Regulation 20 in full