There’s a folder on every Registered Manager’s drive called “Policies and Procedures.” It probably has fifty documents in it. Most were drafted by someone else, customised once when the service registered, and reviewed in passing every year since. The dates on the front pages are kept current. The content underneath them often is not.

That gap will matter more in 2026 than it has in years. The Employment Rights Act 2025 began coming into force in April. CQC registration rules tightened on 9 February. The Single Assessment Framework is being replaced by four sector-specific frameworks before the end of the year. Each of these changes reaches into your policy library and asks for an update.

This guide covers what has changed, which care policies and procedures need rewriting now, and how your policy library shapes both your CQC inspection prospects and the tenders you submit to local authorities.

Why 2026 is the year your care policies need a reset

Three things are happening at once that have not happened together before.

First, the Employment Rights Act 2025 received Royal Assent on 18 December 2025 and began phasing in from 6 April 2026. The first wave introduced day-one rights for paternity and parental leave, changes to statutory sick pay, expanded whistleblowing protections that now cover sexual harassment disclosures, and new gender pay gap action plan expectations for employers with 250 or more staff. The Fair Work Agency launched in April 2026 to enforce a wider range of employment rights, including holiday pay for the first time. Larger reforms, including the reduction of the unfair dismissal qualifying period from two years to six months and removal of the compensatory cap, follow in 2027. The ACAS Employment Rights Act 2025 page tracks each commencement date.

Second, the Care Quality Commission tightened its registration process on 9 February 2026. Following Dr Penny Dash’s 2024 independent review, CQC will no longer chase missing documents from registration applicants. Applications must be complete and inspection-ready on submission. New mandatory documents apply to supported living, domiciliary care, and learning disability and autism services. Documents that were previously considered best practice are now explicit registration requirements.

Third, the Single Assessment Framework is being replaced. The 34 Quality Statements introduced in November 2023 are being replaced by 24 Key Lines of Enquiry. The single framework that covered all sectors is splitting into four: adult social care, mental health, primary care and community services, and hospitals. Implementation is expected by the end of 2026, with consultation closing on 12 June 2026.

Adult social care sits at the centre of all three changes. The sector employs 1.71 million people, around 21 per cent of whom are on zero-hours contracts. Employment costs make up 70 to 80 per cent of total operating costs. Every regulatory and employment-law change hits care providers harder and faster than almost any other sector.

The mandatory care policies every CQC-registered provider must have

The baseline has not changed. Every provider registered for a regulated activity under the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 must hold and operate a defined set of policies. The CQC fundamental standards describe the level below which care must never fall. These policies are the documented systems that prove you meet them.

Core policies that every CQC-registered provider needs:

• Safeguarding adults from abuse and improper treatment (Regulation 13)
• Safe care and treatment, covering risk assessment, environmental safety, and medicines management (Regulation 12)
• Receiving and acting on complaints (Regulation 16)
• Good governance, including audit cycles, quality assurance, and continuous improvement (Regulation 17)
• Duty of candour, covering openness, honesty, and notification of notifiable safety incidents
• Person-centred care, including assessment, planning, choice, and consent
• Dignity and respect
• Staffing, covering safe recruitment, induction, supervision, and competence
• Fit and proper persons employed, covering DBS, references, qualification verification, and the fit and proper person requirements for directors
• Infection prevention and control
• Medicines management (where the provider administers or assists with medicines)
• Equality, diversity, and human rights
• Whistleblowing
• Information governance, covering UK GDPR, the Data Protection Act 2018, and the Caldicott principles
• Health and safety, including lone working where applicable
• Statement of Purpose, lodged with CQC and updated when the service changes

Most providers also hold operational policies that do not map directly to a single regulation but support several. Care planning, end-of-life care, mental capacity and Deprivation of Liberty Safeguards, missing person procedures, and behaviour that challenges fall into this group.

The 2026 updates that need to be made now

Three policy areas need rewriting in 2026 rather than next review cycle.

Employment-related policies

The 6 April 2026 changes have made several existing policies factually out of date. Update:

• Family leave policies to reflect day-one rights for paternity leave and unpaid parental leave. Length-of-service requirements (previously 26 weeks for paternity, one year for parental leave) need to come out
• Statutory sick pay policies to reflect the new SSP rules, including removal of the lower earnings limit and the three-day waiting period
• Whistleblowing policies to make clear that disclosures relating to sexual harassment now qualify for whistleblowing protection
• Sexual harassment and dignity at work policies to reflect the strengthened duty to take “all reasonable steps” to prevent harassment, including from third parties such as people drawing on support and their families
• Bereavement leave policies to reflect the new statutory entitlement for bereaved partners following the death of the mother or primary adopter within the first year after birth or adoption
• Equality and pay transparency policies if you employ 250 or more staff, to reflect the gender pay gap action plan expectations

Larger reforms, including unfair dismissal becoming a six-month right and the new zero-hours guaranteed hours regime, take effect in 2027. Policies should be drafted now so they are ready to commence rather than redrafted under deadline.

CQC registration documents

If you are registering a new service, expanding into a new regulated activity, or adding a location after 9 February 2026, your application must be complete on submission. CQC will return incomplete applications rather than chase missing documents. Documents that need to meet the new bar:

• Statement of Purpose specific to the actual service model, not a generic template
• Business plan demonstrating financial viability and operational readiness, with a 12-month financial forecast
• Training plan covering mandatory and role-specific training, with named compliance owners
• Governance policies that map to Regulation 17, with audit cycles and review frequencies named
• Fit and proper person evidence for the Registered Manager and Nominated Individual
• Service-specific policies matched to the regulated activity (lone working and community access for supported living; complex needs protocols for LD and autism services; medicines policies for any service administering medicines)

Sector-specific policies for learning disability and autism services

The 9 February 2026 changes raised the documentation bar significantly for any service supporting autistic people or people with a learning disability. Required documents now include:

• Positive Behaviour Support (PBS) policy, demonstrating a proactive and preventative approach rather than a reactive one
• Restraint and restrictive practice policy, aligned with the Restraint Reduction Network standards
• Accessible information and communication policy
• Evidence of staff training in learning disability and autism, including compliance with Oliver McGowan Mandatory Training
• A clear, named relationship to the Right Support, Right Care, Right Culture statutory guidance

A generic care policy library that does not specifically address LD and autism services will fail registration and will not pass the SQ stage in most local authority frameworks for these services.

How your care policies translate into tender evidence

Policies are the documents you live by inside the service. They are also among the most heavily scrutinised pieces of evidence in bid writing for UK health and social care contracts.

At Selection Questionnaire stage, most local authority frameworks require a list of named policies, often with submission of two or three for review. Common requests include safeguarding, complaints, equality and diversity, health and safety, and information governance. Submitting an out-of-date policy at SQ stage is a common cause of pre-evaluation failure.

In quality questions and method statements, policies are the underlying evidence behind almost every operational claim. A response to a “Describe how you safeguard service users” question is read against your safeguarding policy. A response to a “Describe your governance arrangements” question is read against your governance and audit policies. Where the response references the wrong framework, an old regulation, or a policy you cannot produce on request, the score drops.

In mobilisation plans, policies are the foundation of how the service will operate from day one. Commissioners look for the policy library to be in place, owned by named individuals, with a defined review cycle and audit schedule.

In contract monitoring, the Procurement Act 2023 gives commissioners stronger tools to act on underperformance through the Procurement Review Unit. Policy quality is one of the visible signals of provider governance maturity. Providers whose policies are demonstrably current and locally owned are read as lower-risk.

Common care policy mistakes that cost CQC ratings and tender scores

Patterns we see repeatedly in policy libraries that score poorly:

• Generic templates with no local customisation. A policy that names the wrong service type, references the wrong regulator, or includes placeholder text fails on inspection and on tender submission
• Out-of-date dates and version numbers. A policy front sheet showing “Reviewed 14 March 2026” with content that still references 2014 KLOEs is the clearest signal of paper compliance
• Policies that contradict each other. A safeguarding policy that names one referral threshold and a behaviour-that-challenges policy that names another shows the library has not been read as a whole
• Policies that contradict practice. A medicines policy that requires double-signing for controlled drugs and an MAR chart system that does not capture the second signature is the kind of inconsistency CQC inspectors and bid evaluators both spot quickly
• Missing accountability. Policies without a named owner, version number, review date, and approval signature read as drafts. They are also unenforceable
• No link to training. Policies that no member of staff has been trained on do not survive a competence interview during inspection
• Wrong regulatory framework references. Policies still citing Key Lines of Enquiry from the pre-2023 framework, or only the Single Assessment Framework’s 34 Quality Statements without acknowledging the 2026 transition, signal that the policy library is not actively maintained
• No connection to the Statement of Purpose. Policies that describe a service different from the one in the Statement of Purpose lodged with CQC create a registration discrepancy that cannot be ignored

Building a policy maintenance discipline that lasts

Policy quality is sustained by routine, not by sprints before inspections or tender deadlines. Providers whose policies hold up across CQC assessments and bid evaluations consistently share the same habits:

1. A single owner for the policy library, usually the Registered Manager or a named compliance lead, accountable for currency and consistency
2. A defined review cycle for every policy, typically annual minimum, with earlier triggers for incidents, regulatory changes, and contract awards
3. Version control on every document, with version number, review date, owner, approver, and approval date on the front sheet
4. A live policy register mapping each policy to the relevant regulation, fundamental standard, Quality Statement (or Key Line of Enquiry as the new framework rolls in), and any contract-specific commissioner requirement
5. Trigger-based reviews, not only date-based. When the Employment Rights Act 2025 changed, the affected policies should have been opened immediately, not at the next scheduled review
6. A staff acknowledgement system so each employee has read and signed the policies relevant to their role, with refresh prompts at change points
7. Cross-checks against practice, including audit results, supervision notes, and incident reviews. Where practice has drifted, either the policy or the practice is wrong; one needs to move
8. A policy-to-evidence library that captures the audit results, satisfaction data, training records, and governance outputs that prove each policy is operating, not just present

This discipline is what distinguishes a provider that performs well in tender submissions from one whose written claims are stronger than the underlying evidence. Real-world examples of how this discipline shows up in winning submissions are documented in AssuredBID’s case studies.

FAQ

How often should care policies and procedures be reviewed?

The minimum is annually, but date-based reviews on their own are not enough in 2026. Every policy should also have trigger-based reviews following regulatory changes (such as the Employment Rights Act 2025), CQC framework changes (the Single Assessment Framework transition), incidents that expose a gap, and the award of new contracts with specific commissioner requirements. A policy reviewed in March 2026 with no Employment Rights Act updates is technically reviewed and substantively out of date.

Are generic care policy templates acceptable to CQC?

Templates are a starting point, not a finished policy. CQC will not accept policies that name the wrong service type, contain placeholder text, reference incorrect regulators, or describe a service that does not match the Statement of Purpose. From 9 February 2026, registration applications with generic, uncustomised policies are returned. Templates need to be customised to the actual service model, signed off by the Registered Manager, and supported by training and audit evidence.

Which policies are mandatory for CQC registration in 2026?

The core policies map to the fundamental standards: safeguarding, safe care and treatment, complaints, governance, duty of candour, person-centred care, dignity and respect, staffing, fit and proper persons, infection prevention and control, medicines management, equality and diversity, whistleblowing, information governance, and health and safety, plus the Statement of Purpose. Service-specific additions apply for supported living (lone working, community access, tenancy arrangements) and learning disability and autism services (Positive Behaviour Support, restraint and restrictive practice, accessible information, Oliver McGowan Mandatory Training compliance).

Do I need to update my care policies for the Employment Rights Act 2025?

Yes, and several need updating now. The 6 April 2026 changes brought in day-one rights for paternity and parental leave, statutory sick pay changes, expanded whistleblowing protections covering sexual harassment, and a strengthened duty to prevent harassment from third parties. Family leave, sick pay, whistleblowing, harassment, and equality policies all need rewriting to reflect the law as it stands in 2026. Larger 2027 changes (unfair dismissal, zero-hours guaranteed hours) should be drafted into policies during 2026 so they are ready to commence rather than redrafted under deadline.

How are care policies and procedures used in tender submissions?

Local authority commissioners use policies in four ways. At Selection Questionnaire stage, they request a list and sometimes copies of named policies. In quality questions, the response is read against the underlying policy. In mobilisation plans, the policy library is the foundation of how the service starts up. During contract monitoring, the Procurement Act 2023 gives commissioners stronger tools to act on underperformance, and policy currency is a visible signal of governance maturity. Out-of-date or generic policies cost points at every one of these stages.

Need support with tenders or compliance? AssuredBID helps UK social care providers prepare stronger bids and win the right opportunities.

You can book a consultation with our tender experts, explore our services, and follow AssuredBID on social media for practical updates, insights, and guidance you can actually use.