Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
Contact
About UsNewsRecitalsTrackersNewsletterTerms of UsePrivacy NoticeLinkedIn
EHDS
  • Data & Privacy

    • Data Act
    • Data Governance Act
    • EHDS
    • ePrivacy Directive
    • GDPR
  • AI & Trust

    • Artificial Intelligence Act
    • Product Liability Directive
  • Cybersecurity

    • Cyber Resilience Act
    • Cybersecurity Act
    • DORA
    • NIS2
  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
EHDS

EHDS Article 75. HealthData@EU

  • 1.
    Each Member State shall designate one national contact point for secondary use. That national contact point for secondary use shall be an organisational and technical gateway, enabling and responsible for the making available of electronic health data for secondary use in a cross-border context. The national contact point for secondary use may be the coordinator health data access body referred to in Article 55(1). Each Member State shall inform the Commission of the name and contact details of the national contact point for secondary use by 26 March 2027. The Commission and the Member States shall make that information publicly available.
  • 2.
    The Union health data access service shall act as the contact point of the Union’s institutions, bodies, offices and agencies for secondary use and shall be responsible for making electronic health data available for secondary use.
  • 3.
    The national contact points for secondary use referred to in paragraph 1 and the Union health data access service referred to in paragraph 2 shall connect to the cross-border infrastructure for secondary use, namely HealthData@EU. The national contact points for secondary use and the Union health data access service shall facilitate the cross-border access to electronic health data for secondary use for different authorised participants in HealthData@EU. The national contact points for secondary use shall cooperate closely with each other and with the Commission.
  • 4.
    Health-related research infrastructures or similar infrastructures whose functioning is based on Union law and which provide support for the use of electronic health data for research, policymaking, statistical, patient safety or regulatory purposes may become authorised participants in HealthData@EU and connect to it.
  • 5.
    Third countries or international organisations may become authorised participants in HealthData@EU where they comply with the rules of this Chapter and provide access to health data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies, subject to compliance with Chapter V of Regulation (EU) 2016/679. The Commission may, by means of implementing acts, determine that a national contact point for secondary use of a third country or a system established at international level by an international organisation is compliant with the requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with this Chapter and provides access to health data users located in the Union to the electronic health data it has access to on terms and conditions equivalent to those of HealthData@EU. Compliance with those legal, organisational, technical and security requirements, including with the requirements for secure processing environments provided for in Article 73, shall be checked under the control of the Commission. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 98(2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available.
  • 6.
    Each national contact point for secondary use and each authorised participant in HealthData@EU shall acquire the required technical capability to connect to and participate in HealthData@EU. They shall comply with the requirements and technical specifications needed to operate HealthData@EU and to allow them to connect to it.
  • 7.
    The Member States and the Commission shall set up HealthData@EU to support and facilitate the cross-border access to electronic health data for secondary use, connecting the national contact points for secondary use and authorised participants in HealthData@EU and the central platform referred to in paragraph 8.
  • 8.
    The Commission shall develop, deploy and operate a central platform for HealthData@EU by providing information technology services needed to support and facilitate the exchange of information between health data access bodies as part of HealthData@EU. The Commission shall only process electronic health data on behalf of the controllers as a processor.
  • 9.
    Where requested by two or more national contact points for secondary use, the Commission may provide a secure processing environment which is compliant with the requirements of Article 73 for data from more than one Member State. Where two or more national contact points for secondary use or authorised participants in HealthData@EU put electronic health data in the secure processing environment managed by the Commission, they shall be joint controllers and the Commission shall be processor for the purpose of processing data in that environment.
  • 10.
    The national contact points for secondary use shall act as joint controllers of the processing operations carried out in HealthData@EU in which they are involved and the Commission shall act as processor on behalf of those national contact points for secondary use, without affecting the tasks of health data access bodies prior to and following those processing operations.
  • 11.
    Member States and the Commission shall seek to ensure that HealthData@EU is interoperable with other relevant common European data spaces as referred to in Regulations (EU) 2022/868 and (EU) 2023/2854.
  • 12.
    By 26 March 2027, the Commission shall, by means of implementing acts, set out:
    • (a)
      requirements, technical specifications and the IT architecture of HealthData@EU, which shall ensure state-of-the-art data security, confidentiality, and protection of electronic health data in HealthData@EU;
    • (b)
      conditions and compliance checks required to be able to join and remain connected to HealthData@EU and conditions for temporary disconnection or definitive exclusion from HealthData@EU, including specific provisions for cases of serious misconduct or repeated infringements;
    • (c)
      the minimum criteria that need to be met by the national contact points for secondary use and the authorised participants in HealthData@EU;
    • (d)
      the responsibilities of the controllers and processors participating in HealthData@EU;
    • (e)
      the responsibilities of the controllers and processors for the secure processing environment managed by the Commission;
    • (f)
      common specifications for the architecture of HealthData@EU and for its interoperability with other common European data spaces.

    The implementing acts referred to in the first subparagraph of this paragraph shall be adopted in accordance with the examination procedure referred to in Article 98(2).

  • 13.
    Where there is a positive outcome of the compliance check referred to in paragraph 5 of this Article, the Commission may, by means of implementing acts, take decisions to connect individual authorised participants to HealthData@EU. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 98(2).

Relevant Recitals for this Article

Resources for this Article

© 2025 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage cookies

© 2025 StreamLex