Skip to main content
CannaBias logo

Regulatory AlignmentStatement

Last reviewed: March 2026 — Published under CannaBias internal governance framework

Regulator accessible

This statement is publicly available for review by UK regulators at any time.

Patient-first approach

All platform decisions are measured against patient safety and welfare outcomes.

Partner governance

Clinics and partners must meet our compliance criteria before listing on CannaBias.

How this statement applies to CannaBias

CannaBias operates across three distinct layers of activity, each with different governance and data-handling implications. This statement applies to all three.

Public information

General content about medical cannabis, clinic listings, and platform information. Available to all visitors. No patient-level data. No CBPM product claims.

Verified patient community

Structured patient experience data, batch-level detail, and community content. Restricted to patients who have verified an active UK medical cannabis prescription. Content is moderated and consent is explicit.

Structured outcome and safety monitoring

Configured patient-reported outcome measures and safety-signal workflows. Operated under specific data-sharing and governance documentation with clinic partners.

Overview

CannaBias is a UK-based platform providing verified patient-reported experience data, structured outcomes, and safety-signal monitoring for prescribed cannabis-based medicinal products (CBPMs). This statement sets out how CannaBias operates in accordance with applicable UK law, regulatory guidance, and best practice for health-related digital services.

This document is maintained pursuant to Section 9 of our internal governance framework and is made publicly available to ensure full transparency with regulators, healthcare partners, and patients.

Regulatory Framework

CannaBias operates within the following regulatory and legislative framework:

  • Medicines and Healthcare products Regulatory Agency (MHRA) — We do not make medicinal claims. All content referencing medical cannabis products is presented as patient-reported experience only.
  • UK GDPR & Data Protection Act 2018 — Patient and user data is processed lawfully, fairly, and transparently. Special category health data is subject to additional safeguards.
  • Misuse of Drugs Regulations 2001 — CannaBias does not facilitate the purchase, supply, or distribution of controlled drugs. We connect patients with licensed clinics only.
  • Advertising Standards Authority (ASA) CAP Code — All communications and platform content comply with applicable advertising standards. We do not promote recreational cannabis use.
  • Cyber Essentials — Our platform is aligned with UK government-backed cybersecurity standards to protect patient data.

Our Commitments

We will not publish content that constitutes a medicinal claim or promotes unlicensed use of cannabis.

We will verify that any clinic or healthcare provider listed on our platform holds appropriate UK regulatory authorisation.

We will promptly respond to any regulatory enquiry or request for information from MHRA, ICO, or other competent authority.

We will review and update this statement at least annually, or whenever material changes occur to our operations or applicable regulation.

We will maintain an internal compliance log and designate a named compliance contact.

Data Governance

Patient health data is classified as special category data under UK GDPR. We apply the following controls:

  • Explicit consent is obtained before collecting health-related information.
  • Data minimisation principles apply — we collect only what is necessary.
  • Health data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Data is retained only for as long as necessary to fulfil the stated purpose.
  • Patients may request deletion of their data at any time via our privacy portal.

Our full Privacy Policy is available at cannabias.co.uk/privacy.

Patients may also contact our compliance team at compliance@cannabias.co.uk to submit a Subject Access Request or to raise a data concern.

Patient Safety

Patient safety is central to everything we do. CannaBias:

  • Signposts patients to the MHRA Yellow Card scheme for reporting adverse effects of medical cannabis treatments.
  • Does not provide medical advice and clearly indicates this throughout the platform.
  • Requires all clinic partners to hold appropriate prescribing authorisation and insurance.
  • Monitors user-generated content and removes anything that could endanger patient safety or breach regulatory requirements.

Partner & Clinic Obligations

Any clinic or commercial partner listed on CannaBias must:

  • Hold a current Care Quality Commission (CQC) registration or equivalent.
  • Employ appropriately qualified prescribers with relevant specialist registration.
  • Comply with MHRA guidance on the prescribing and supply of unlicensed cannabis-based products for medicinal use (CBPMs).
  • Agree to our Partner Code of Conduct, which is reviewed annually and incorporates applicable regulatory changes.

Reporting & Transparency

CannaBias publishes this statement openly and commits to the following transparency measures:

  • Annual review of this Regulatory Alignment Statement.
  • Notification to relevant authorities of any material change to platform operations that may affect regulatory compliance.
  • Co-operation with any audit, inspection, or investigation conducted by a competent regulatory authority.

Contact

Regulators, partners, or patients with questions about this statement should contact our compliance team:

Email: compliance@cannabias.co.uk

Mail: CannaBias Compliance Team

27 Old Gloucester St, London, WC1N 3AX, United Kingdom

Back to top