Welcome to Publyon’s Digital Policy Update! Every month, we are happy to provide you with insights on the latest EU policy trends and developments. This month, we prepared a special interview for you with MEP Andrey Kovatchev and European Commission Spokesperson Stefan de Keersmaecker to discuss the European Health Data Space. Space? Did someone say space? That was enough of a hook for us to take you off on this month’s tour of the EU policy universe.
This time, we are not shining the spotlight onto a star, but an approaching star is shining its light onto us: the Spanish Presidency of the Council of the EU. Gravitating around our spotlight are some important satellites: the Data Act, the AI Act and the Cyber Resilience Act. In the monthly blogpost recommendation, you’ll find a link to Publyon’s latest article on the EU Competitiveness Strategy, which will help your business live long and prosper. Finally, we’ll end our space odyssey with this month’s recommended events and a new special insight from our colleagues.
Did we spark your interest?
If you have an appetite for interesting content, visit us online for more insightful reading and helpful tips on upcoming relevant events.
Written in the stars: Spain takes over presidency of the Council
In the EU, rotation is not around the sun, but around the chair for the presidency of the Council of the EU. On 1 July, the Spanish will succeed the Swedes in presiding the collegial work of the EU Member States for the next six months. The Spanish Presidency initiates a new Presidency Trio, composed of Spain, Belgium and Hungary.
While the Belgians and the Hungarian will be faced with the hard task of respectively managing pre- and post-elections of the European Parliament, held from 6 to 9 June 2024, the Spanish will attempt to close several important ongoing policy files. Digitalisation will be a key priority for Spain. Spain has made artificial intelligence one of its key ambitions for its presidency, together with cyber resilience. Further, the Spanish presidency aims to conclude the negotiations around the Interoperable Europe Act (IEA). Spain also stated it would be particularly considerate of the promotion of digital transformation, in an ethical and inclusive way, as well as push reflection on the need for a new regulatory policy for electronic communication.
As such, Spain ambitions to close files such as the Artificial Intelligence Act (more on that below!), and the European Digital Identity Regulation, which are in the final negotiation rounds. Other policy files which are expected to near completion during the presidency are the Gigabit Infrastructure Act and the Cyber Resilience Act. Regarding the Cyber Solidarity Act and the revision of the proposed amendment of the Cybersecurity Act, which would enable the adoption of the European Certification Schemes, the Spanish will strive to create the grounds for a common approach in the Council. As for the Data Act, well…it seems the Swedes might still try to close the file before the end of their presidency.
Spanish elections are coming up. Houston, do we have a problem?
In a parallel universe, everything would go according to plan. However, internal politics in Spain decided otherwise. Initially, Spain was holding general national elections at the end of 2023. However, regional and municipal elections in May saw the right-wing parties Partido Popular (EPP) and Vox (ECR) claim victory. Under pressure, Prime Minister Pedro Sánchez (PSOE/S&D) advanced the general elections to 23 July, not even one month into the Presidency. Fears are that the results of the elections will inevitably affect the composition of the Spanish government and ultimately reflect on the Spanish Presidency at the EU level.
What does that mean for your business?
Changes in government composition can affect policy priorities during the Presidency, influencing the overall direction of the Council’s work or at the very least Member States’ negotiating positions within the Council. This can influence the Member State’s ability to build consensus and advance its agenda during negotiations on various legislative proposals or policy initiatives. In the case of Spain, this could influence the outcomes of the presidency’s work on ongoing files. Ultimately, these changes in legislation might impact businesses differently than initially anticipated.
Two key dates are 1 July and 23 July, respectively marking the beginning of the Spanish Presidency and the Spanish general elections. Consequently, the main digital event of the Presidency will be the meeting of the Telecommunication Ministers on 23 and 24 October in León, also known as the cybersecurity hub of Spain.
One small step in the negotiations, one giant leap for the Data Act
Trilogues are proceeding well for the Data Act! It seems the European Parliament and the Council have landed an agreement on the Act’s main provisions, especially when it comes to the previously contentious topic of data access obligations. To address the trade-related data issue, the concept of trade secret holder was introduced, further distinguishing the different actors (data holders and data receivers) involved in the controlling and sharing of data. Good news for businesses who were worried about how data sharing might affect their commercial activities!
Furthermore, the two institutions are still discussing in what way adequate governance will be implemented to support the Data Act. While the European Parliament wants a single point of coordination and contact at the national level, the Council defends that this issue should be left to Member States, so that they are responsible for appointing one or several bodies for the enforcement of the Data Act.
Finally, the latest discussions closed the Business-to-Government (B2G) data-sharing debate. Regarding the question of whether governments can ask businesses to share personal data (not just industry-related), the answer is: only in case of a public emergency. It is important for businesses to know, however, that small and micro enterprises also fall under this rule, unlike initially determined.
The third round, and likely the last one of trilogues will take place on 27 June 2023. As the Parliament and Council have not settled a deadline for the regulation to enter into force, this will most assuredly be a topic of discussion. Should an agreement not be achieved on 27 June, the Data Act’s negotiations will be taken over by the Spanish, who have however not considered the Data Act as a priority.
Ground control to Major Tom: AI Act trilogues started
It happened! On 14 June, the European Parliament got out of the black hole of amendment discussions and overwhelmingly adopted its position on the Artificial Intelligence Act (AI Act). That same day, European Commissioner for Internal Market Thierry Breton and European Commissioner for Competition Margrethe Vestager joined government officials and MEPs in initiating the first round of trilogue negotiations. Rest assured; this isn’t a case of travelling at the speed of light. The first trilogue was mainly symbolic.
In its position, the European Parliament agreed to expand the list of banned AI-practises linked to biometric identification. Furthermore, AI systems which pose a threat to people’s safety, health, human rights or to the environment will be classified as high-risk applications. The Parliament also agreed on rules regarding the marketing of foundation models in the EU market, ensuring transparency requirements, safeguards, and copyright issues. Finally, the position of European lawmakers is to support innovation while at the same time protecting citizen’s rights through the implementation of regulatory sandboxes and the set-up of a complaints system for AI.
What impact does the AI Act have on your business?
Banning specific AI practices can create market opportunities for businesses that offer alternative solutions or technologies that comply with the regulations. Furthermore, subsequent AI innovation can unlock new business models and revenue streams. Businesses can leverage AI to develop innovative products, services, or platforms that cater to emerging market demands. For example, AI-powered recommendation systems, virtual assistants, or predictive maintenance solutions can create new opportunities and revenue streams for businesses across various industries.
Commencing countdown, engines on
The first operational trilogue is set to occur before the Spanish general elections. The Spanish aim to reach a deal by November after the three usual rounds of trilogues. However, they have planned two extra trilogue rounds as a backup, in case discussions prove to be more difficult than expected. Likely points of contention between the two institutions include fundamental rights, foundation models and high-risk categories… Stay tuned!
Lightyears away from an agreement? Cyber Resilience Act discussions continue
On 23 May, MEP Morten Løkkegaard (RE, Denmark), phoned home to ask his fellow members of the Parliamentary Committee on Internal Market and Consumer Protection (IMCO) their opinion on the proposed amendments for the file.
Løkkegaard, IMCO’s opinion rapporteur, declared there was a common understanding between the Committees on the direction the Act should take. However, debate can be expected on the scope and regulation of open-source software, obligations for manufacturers to provide cybersecurity updates and the timeframe for implementation. Particularly for businesses, the discussion was fruitful. MEPs voiced the need to take into account the increased financial and bureaucratic burdens the Act would put on SMEs. Next discussions will focus on consumer protection and cloud services.
Next, on 2 June, the Council came together to discuss its position. While the French and the Danish were satisfied, the Dutch showed some more hesitation. In a letter previous sent to the Council, they expressed their doubts concerning the scope of the Act, the provisions on product lifetime and the application of the legislation on artificial intelligence. They were seconded by the Belgians, who had some reservations regarding the measures relating to proportionality and transparency.
The IMCO Committee will debate and vote on its compromise amendments on 28 and 29 June. On 19 July, we can expect the vote of the responsible Parliamentary Committee on Industry, Research and Energy (ITRE). Commissioner for the Internal Market Thierry Breton still The ambition is to start trilogues as soon as possible. Although the Parliament will most likely not reach an agreement before September.
European Health Data Space
In this interview, we step travel to the unknown galaxy of data and healthcare, and its implications for businesses, citizens, healthcare providers, and policymakers. A little over a year ago, on 3 May 2022, the European Commission launched the European Health Data Space (EHDS). European Commissioner for Health and Food Safety, Stella Kyriakides, is in the lead for the proposal, as one of the building blocks of the strategy for a strong European Health Union.
In order to correctly grasp the impact of the EHDS on the EU business community, we sat down with two important institutional stakeholders. On the one hand, we interviewed European Commission Spokesperson Stefan de Keersmaecker, responsible for public health. On the other hand, we were lucky enough to talk to MEP Andrey Kovatchev (EPP, Bulgaria), Rapporteur of the Internal Market and Consumer Protection (IMCO) Committee of the European Parliament for the EHDS.
The IMCO Committee recently adopted the opinion by Mr. Kovatchev, which will now be taken into consideration when the responsible Civil Liberties, Justice and Home Affairs (LIBE) and Environment, Public Health and Food Safety (ENVI) Committees vote on the adoption of their draft report on 6 July.
So, step aboard this spaceship to discover how the convergence of data, technology, and an interoperable Europe will revolutionise the way we understand, treat, and safeguard our most precious possession – our health.
What specific benefits can EU businesses expect to gain from actively participating in the European Health Data Space, and how can they leverage these advantages to gain a competitive edge in the healthcare industry?
Mr Kovatchev: EU businesses participating in the EHDS can expect several benefits. Firstly, once the EHDS is set up and patient data fed in, companies operating in the healthcare sector will have the possibility to apply for and gain access on a case-by-case basis to a vast pool of health data, allowing for more comprehensive research, analysis, and development of innovative healthcare solutions. This can lead to improved patient outcomes, personalised treatments, and cost efficiencies. The EHDS would be especially vital for fields such as rare diseases, where access to patient data across the EU can help companies developing treatments gain access to a larger pool of patients.
Businesses operating in the digital sector, who could be interested in either creating electronic health record (EHR) systems or who already have such products on the market, will receive legal certainty: the EHDS will include a set of technical specifications for interoperability, which, when followed, will ensure that their products can be used anywhere in the EU without additional compliance costs for standardising them in the different markets or for ensuring proper communication between their products and others claiming EHR interoperability.
Mr de Keersmaecker: I think the EHDS will be a game changer for the EU’s digital health future. Thanks to the EHDS, the industry will benefit from an EU-wide market for electronic health record systems, with the same standards and specifications. This will create a level playing field. It could lead to the introduction of competing products catering for different needs or lower prices for device users.
The greater availability of electronic health data will also support the development of new and innovative medicinal products and devices. This can help provide better, more personalised care that will treat ailments and save lives.
To what extent will the European Health Data Space help avoid any potential risks or challenges that EU businesses might face in terms of data security, data breaches, or unauthorised access to sensitive information?
Mr de Keersmaecker: The EHDS will ensure cybersecurity when processing personal health data, using a strongly secured network when data is shared in the MyHealth@EU infrastructure. Strong authentication will be necessary to restrict access only to entitled individuals. All access will be transparently logged. In addition, the EHDS introduces strict interoperability requirements and security of electronic health record systems and requires manufacturers to certify compliance with them.
For the use of data for research and innovation, our HealthData@EU infrastructure ensures that data can only be processed in secure environments, complying with very high standards of privacy and security. It is crucial to underline that no personal data can be downloaded from such environments.
Data can only be accessed with a permit from a public Health Dara Access Body. The permit identifies the purposes of the data access – as it has to be relevant for a specific project – and the period of time during which access is granted. Health data will by default be anonymised or at the very least be pseudonymised if the research question cannot be answered otherwise.
Mr Kovatchev: The EHDS aims to address any such potential risks and challenges by setting high standards for data protection and privacy, in close consideration of and in compliance with the General Data Protection Regulation (GDPR), the Data Governance Act, Data Act and the NIS2 Directive.
In the IMCO opinion, we include the General Data Protection Board as one of the stakeholders to be consulted when setting the technical specifications for the EHR systems, which further underlines the need to ensure data security, and prevent breaches and unauthorised access. We also reference the need to ensure robust cybersecurity measures to protect sensitive health data of users to thwart any attempts to breach the systems and steal or damage the data.
What is more, the technical specifications of EHR systems need to include secure data sharing protocols, standardised security measures, and clear and secure anonymisation techniques to mitigate privacy risks.
By implementing these safeguards, EU businesses can be confident about the security of their data and the measures taken to minimise the potential risks associated with unauthorised access or breaches.
How will the European Health Data Space affect the intellectual property rights and data ownership of EU businesses involved in the development of healthcare technologies and solutions?
Mr de Keersmaecker: We are making sure that data subject to intellectual property or linked to trade secrets will be provided with the necessary safeguards. The exact design of these safeguards is also something we are looking into as part of the EHDS2 pilot. You can find more information here: https://ehds2pilot.eu/.
Mr Kovatchev: In the IMCO opinion, we strengthen the Commission’s proposal by underlining the need for intellectual property (IP) rights to be protected as per existing EU legislation on the topic of IP when it comes to data being shared for secondary use.
Should these suggestions be taken on board in the final position of the European Parliament, EU businesses involved in healthcare technology development can benefit from increased access to data for research and innovation while retaining control over their proprietary assets and protecting their IP.
What funding and support mechanisms are available through the European Health Data Space to assist EU businesses in navigating the complexities of data integration, analysis, and utilisation?
Mr de Keersmaecker: Overall, the Commission will provide over 810 million to support the EHDS, from the EU4Health programme the Digital Europe Programme, the Connecting Europe Facility and Horizon Europe. From this amount, over €330 million will be used for the EHDS activities and infrastructures.
Member States and organisations involved in the EHDS may use the rest, amounting to more than €480 million. To make the EHDS a reality, digitalisation at the local, regional and national level is needed.
Member States have already earmarked €12 billion under the Recovery and Resilience Facility for investments in digital health and secondary use of health data. Furthermore, the European Regional Development Fund and Invest EU offer other opportunities for investments in digital health based on national needs.
We are convinced that this investment will be pay off greatly in the long run: most of all, in improved population health. Our analysis has also shown that the EHDS will ultimately save billions of euros. Just to give one example, think of the fewer repeated and unnecessary medical procedures and tests when results can be easily shared.
Mr de Keersmaecker, what’s your view on how the text is evolving in both the Parliament and Council? Which core objectives set out in the Commission’s proposal are “non-negotiable” for Commissioner Kyriakides?
Mr de Keersmaecker: There is a good progress in the Council and in the European Parliament. We are now at a very important moment. Digital technologies and digital health are advancing fast. It is essential we remain ahead of the curve, putting patients at the centre of our approach. We will continue to be in close dialogue with Member States, to find the best possible outcomes.
And Mr Kovatchev, what could, in your view, be improved in the current proposal of the text? Are the core objectives set out at the start of the process still respected in the current text?
Mr Kovatchev: In the IMCO opinion, we focused primarily on Chapter III of the proposal, which sets out how electronic health record systems are put on the EU market, including the scope of what is considered and EHR system, the technical specifications, the obligations of all the economic operators involved in the process.
I believe the Commission’s EHDS proposal is a good starting point, so in the IMCO opinion we kept the fundamental principles proposed by the EC – a self-certification system and an inclusion of wellness apps in the scope of the EHDS on a voluntary basis.
There are parts where we have offered some changes, that I believe improve the initial text:
- We introduce the “once-only” principle to alleviate the burden on healthcare professionals and ensure that the data needs to be entered only once.
- We propose changes to create better alignment with existing legislation and prevent overlaps and duplication of requirements, especially as concerns the Medical Devices Regulation (MDR), the In-vitro Medical Devices Regulation (IVMDR), the upcoming AI Act and the Data Act.
- The obligations for economic operators in the IMCO opinion are more closely aligned with the new legislative framework and the General Product Safety Regulation (GPSR), and the penalties regime reflects the one used in the GDPR.
- We propose, where appropriate, to use open-source licensing for the central platform for digital health.
- Importantly, we insist on the EU standardisation process for the EHR systems to be coherent with, and, where these are available, based on existing international standards.
- Finally, we see regular monitoring and review as crucial to ensure that the EHDS keeps pace with the technological advances and needs of patients, Member States, researchers and companies, so we outline some critical elements that need to figure in the evaluation of the EHDS.
- These include the effectiveness of self-certification of EHR systems, the impact of their use for patient outcomes, on healthcare systems’ economic performance, as well as EHR systems’ resilience, security and flexibility.
The IMCO opinion, however, represents only a part of the decision-making process of the European Parliament – it remains to be seen what parts of my report the two leading committees, ENVI and LIBE, will take on board and whether the final position of Parliament will fully reflect the IMCO priorities.
EU’s competitiveness strategy: from crisis management to long-term vision
This month, our colleagues prepared a blogpost on the EU Competitiveness Strategy. No space race or colonisation of Mars on the agenda, but a deep dive into the EU’s ambitions to stimulate economic growth, through innovation and investment, with digitalisation as one of the nine key drivers. If you are interested in how this strategy might support your business, click the button down below.READ ARTICLE
Where can you run into our team? On LinkedIn!
With the summer in sight, we have decided to go digital with a monthly insight on our LinkedIn page, where you’ll find weekly posts on events, important news and our organisation. A great occasion to also get acquainted with the work in our Sustainability and Transport and Energy pillars. This week, our colleagues prepared an insightful post for you on the new European Economic Security Strategy, and how it aims to protect certain key sectors that will support the digital transition. You can find the post here.
Want to share your thoughts on the European Economic Security Strategy? We’ll be happy to read and answer your comments under the LinkedIn post!
Hi, my name is Emmanuelle and I am curating this monthly update to bring Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable content possible, and that starts with you. If you have any suggestions for topics you would like to see covered in our next edition, do not hesitate to reach out to me.Contact