This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Welcome to Reed Smith's viewpoints — timely commentary from our lawyers on topics relevant to your business and wider industry. Browse to see the latest news and subscribe to receive updates on topics that matter to you, directly to your mailbox.
| 2 minutes read

Leaked draft Regulation on the European Health Data Space sets out ambitious goals and … requirements for health data sharing

The creation of a European Data Space is one of the priorities of the European Commission, including for the health sector ( The COVID-19 pandemic revealed how decentralised and disconnected the EU member states are from one another when it comes to healthcare data. One reason for this is that only about half of the EU member states have a national electronic health record (“EHR”), and robust data infrastructure and interoperability is also frequently missing.

One objective of the European Health Data Space (“EHDS”) is thus to advance such exchange of health data across Europe. This exchange of course directly supports healthcare delivery. Aside from this primary use of health data, large data sets are also important for research, innovation, policy-making, regulatory purposes and personalised medicine purposes (so-called secondary use of data or re-use of data).

Whilst the European Commission is yet to formally propose its Regulation on the EHDS in April, a leaked draft version is already circulating. Having scanned through the 140 page document, here are some of the highlights:

  • The proposed EHDS Regulation defines health data in the broadest sense and it includes: electronic health records; claims and reimbursement data; genetic and genomic data; disease registries; data from clinical studies and from safety reporting; biomedical data, including from biobanks; data related to insurance, lifestyle and behaviour.
  • Such data can be collected by the public (including through medical devices and wellbeing/lifestyle apps), not-for profit bodies or private providers of health.
  • In order to facilitate the cross-border exchange of data, EHR systems will need to meet certain minimum requirements as to interoperability and security and will need to be reviewed by notified bodies by way of a QMS conformity assessment in order to obtain a CE mark.
  • The focus is not only on access to and the sharing of health data to support primary care, but also to support scientific research and the development of new treatments, medicines, medical devices and services. The use of data for training, testing and evaluating of algorithms in medical devices (including digital health applications) is also allowed. However, data cannot be accessed or re-used for commercial advertising, including marketing activities towards healthcare professionals and patient organisations.
  • A pilot EHDS infrastructure for the re-use of health data should be operational by 2025 (see the candidacy of a consortium here:
  • In terms of governance, national competent authorities will be designated to review requests for access and (re)use of data and will issue ‘data permits’ to that end. Datasets made available through competent bodies may have a data quality and utility label. At the EU level, the Regulation proposes to establish a ‘European Digital and Health Data Board’.
  • Expect a complex interplay between the EHDS Regulation and existing rules (e.g. GDPR; EU MDR/IVDR; NIS) as well as rules currently still in the making (e.g. Data Governance Act; Draft Act; AI Act).


health care & life sciences, eu, digital, health data, medical devices, pharmaceuticals