Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
This Regulation complements the essential cybersecurity requirements laid down in Regulation (EU) 2024/2847. EHR systems which are products with digital elements within the meaning of Regulation (EU) 2024/2847 should therefore also comply with the essential cybersecurity requirements set out in that Regulation. The manufacturers of those EHR systems should demonstrate conformity as required by this Regulation. To facilitate that conformity, manufacturers should be allowed to draw up a single set of technical documents containing the elements required by both legal acts. It should be possible to demonstrate conformity of EHR systems with essential cybersecurity requirements laid down in Regulation (EU) 2024/2847 through the assessment framework under this Regulation. However, the parts of the conformity assessment procedure under this Regulation which relate to the use of testing environments should not be applied, since those testing environments do not allow for an assessment of conformity with the essential cybersecurity requirements. As Regulation (EU) 2024/2847 does not cover Software as a Service (SaaS) directly as such, EHR systems offered through the SaaS licensing and delivery model do not fall within the scope of that Regulation. Similarly, EHR systems that are developed and used in-house do not fall within the scope of that Regulation, as they are not placed on the market.