In April 2021, the European Commission released its proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the “Regulation”), which would establish rules on the development, placing on the market, and use of artificial intelligence systems (“AI systems”) across the EU. The proposal, comprising 85 articles and nine annexes, is part of a wider package of Commission initiatives aimed at positioning the EU as a world leader in trustworthy and ethical AI and technological innovation.

The Commission’s objectives with the Regulation are twofold: to promote the development of AI technologies and harness their potential benefits, while also protecting individuals against potential threats to their health, safety, and fundamental rights posed by AI systems. To that end, the Commission proposal focuses primarily on AI systems identified as “high-risk,” but also prohibits three AI practices and imposes transparency obligations on providers of certain non-high-risk AI systems as well. Notably, it would impose significant administrative costs on high-risk AI systems of around 10 percent of the underlying value, based on compliance, oversight, and verification costs. This blog highlights several key aspects of the proposal.
Continue Reading European Commission Proposes New Artificial Intelligence Regulation

On 25 November 2020, the European Commission published a proposal for a Regulation on European Data Governance (“Data Governance Act”).  The proposed Act aims to facilitate data sharing across the EU and between sectors, and is one of the deliverables included in the European Strategy for Data, adopted in February 2020.  (See our previous blog here for a summary of the Commission’s European Strategy for Data.)  The press release accompanying the proposed Act states that more specific proposals on European data spaces are expected to follow in 2021, and will be complemented by a Data Act to foster business-to-business and business-to-government data sharing.

The proposed Data Governance Act sets out rules relating to the following:

  • Conditions for reuse of public sector data that is subject to existing protections, such as commercial confidentiality, intellectual property, or data protection;
  • Obligations on “providers of data sharing services,” defined as entities that provide various types of data intermediary services;
  • Introduction of the concept of “data altruism” and the possibility for organisations to register as a “Data Altruism Organisation recognised in the Union”; and
  • Establishment of a “European Data Innovation Board,” a new formal expert group chaired by the Commission.


Continue Reading The European Commission publishes a proposal for a Regulation on European Data Governance (the Data Governance Act)

On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers published this week do not set out a comprehensive EU legal framework for AI, they do give a clear indication of the Commission’s key priorities and anticipated next steps.

The Commission strategies are set out in four separate papers—two on AI, and one each on Europe’s digital future and the data economy.  Read together, it is clear that the Commission seeks to position the EU as a digital leader, both in terms of trustworthy AI and the wider data economy.


Continue Reading European Commission Presents Strategies for Data and AI (Part 1 of 4)

France’s medicines regulator, the Agence Nationale de Sécurité du Médicament et des Produits de Santé (ANSM), has released draft guidelines, currently subject to a public consultation, setting out recommendations for manufacturers designed to help prevent cybersecurity attacks to medical devices. Notably, the draft guidelines are the first instance of recommendations released by

On the April 25, 2018 the European Commission (the “Commission”) adopted a plan of action to enable the digital transformation of health and care in the Digital Single Market (the “Communication”), intended to put EU citizens at the centre of the healthcare system.  This is to be achieved in three ways:

1. Citizens’ secure access to and sharing of health data

The Commission wishes to ensure that EU citizens should have secure access, anywhere in the EU, to a comprehensive electronic record of their health data. Citizens should remain in control of their health data (wherever it is located) and be able to share it securely with others for purposes chosen by those citizens, for example, medical treatment or research.

The Commission recommends the:

  • development and adoption of a “European electronic health record exchange format”, which would expand the existing eHealth digital services infrastructure; and
  • establishment of interoperable standards that would minimise barriers to cross-border transfer of health information and data within the EU and identify incentives for adopting the common format, and tackle practices that impede interoperability.


Continue Reading Summary of the European Commission’s eHealth Strategy

Digital health solution providers, and users of digital health services, should take note of three recently launched EU public consultations in the digital health space, and may wish to make submissions to help shape the future of digital health initiatives in the EU.  The earliest deadline for submissions is 16 August 2017.

EU Commission

On May 11, 2017, the European Cloud in Health Advisory Council (ECHAC) – a group of healthcare organizations, technology companies and patient representatives  –  launched its second whitepaper focused on use of data to improve health outcomes and delivery of care.

ECHAC launched the whitepaper at an eHealth Week 2017 session attended by ECHAC participants

On 15 July 2016, the European Commission updated MEDDEV 2.1/6 (the “MEDDEV Guidance), its medical device guidance on the qualification and classification of stand alone software used in the healthcare setting. The updated version replaces an earlier version of MEDDEV 2.1/6 issued by the European Commission in January 2012.

MEDDEV 2.1/6 generally stands as a valuable resource to assist software developers in the assessment of whether software is a medical device. However, some have expressed disappointment that the updated guidance did not go further in clarifying the picture, particularly those operating within the mobile health (mHealth) space.

Indeed, the main changes consist of additions to the definitions section of the MEDDEV Guidance. There is now a definition to clarify that “software” is a “set of instructions that processes input data and creates output data“. There are also accompanying definitions of “input data” and “output data”.
Continue Reading EU Updates MEDDEV 2.1/6 Guidance on Standalone Software

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced a possible crackdown on mHealth app non-compliance with European data protection legislation.  This post briefly summarizes these developments.
Continue Reading May 2015 EU mHealth Round-Up