Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
Contact
About UsNewsRecitalsTrackersNewsletterTerms of UsePrivacy NoticeLinkedIn
EHDS
  • Data & Privacy

    • Data Act
    • Data Governance Act
    • EHDS
    • ePrivacy Directive
    • GDPR
  • AI & Trust

    • Artificial Intelligence Act
    • Product Liability Directive
  • Cybersecurity

    • Cyber Resilience Act
    • Cybersecurity Act
    • DORA
    • NIS2
  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
EHDS

EHDS Article 89. International governmental access to non-personal electronic health data

  • 1.
    Digital health authorities, health data access bodies, authorised participants in the cross-border infrastructures provided for in Articles 23 and 75 and health data users shall take all reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent the transfer of non-personal electronic health data held in the Union to a third country or an international organisation, including for governmental access in a third country, where such transfer would create a conflict with Union law or the national law of the relevant Member State.
  • 2.
    Any judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring a digital health authority, health data access body or health data users to transfer or give access to non-personal electronic health data within the scope of this Regulation held in the Union shall be recognised or enforceable in any manner only if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union, or any such agreement between the requesting third country and a Member State.
  • 3.
    In the absence of an international agreement as referred to in paragraph 2, where a digital health authority, a health data access body or a health data user is the addressee of a decision or judgment of a third-country court or tribunal or of a decision of a third-country administrative authority requiring them to transfer or to give access to non-personal data within the scope of this Regulation held in the Union, and compliance with such a decision or judgment would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, the transfer to, or accessing of such data by, that third-country court, tribunal or administrative authority shall only take place or be provided where:
    • (a)
      the third-country legal system requires the reasons and proportionality of such a decision or judgment to be set out and requires such a decision or judgment to be specific in character, for instance by establishing a sufficient link to certain suspected persons or infringements;
    • (b)
      the reasoned objection of the addressee is subject to a review by a competent third-country court or tribunal; and
    • (c)
      the competent third-country court or tribunal issuing the decision or judgment or reviewing the decision of an administrative authority is empowered by the national law of the third country to take duly into account the relevant legal interests of the provider of the data protected under Union law or the national law of the relevant Member State.
  • 4.
    If the conditions laid down in paragraph 2 or 3 are met, a digital health authority, a health data access body or a data altruism organisation shall provide the minimum amount of data permissible in response to a request, based on a reasonable interpretation of the request.
  • 5.
    The digital health authorities, health data access bodies and health data users shall inform the health data holder about the existence of a request of a third-country administrative authority to access its data before complying with that request, except where the request serves law enforcement purposes and for as long as compliance is necessary to preserve the effectiveness of the law enforcement activity.

© 2025 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage cookies

© 2025 StreamLex