A new Policy Brief developed under the EATRIS-CONNECT project examines how current European regulatory frameworks are shaping the future of Personalised Medicine (PerMed). The brief is the result of collaboration across the EATRIS distributed network and partners active in PerMed, and marks significant progress for the EATRIS-CONNECT project.
Unprecedented amounts of health data are being generated – from electronic health records to genomic datasets and continuous streams of wearable-device data. This offers immense potential for Personalised Medicine (PerMed) but requires strong regulatory frameworks and aligned processes across Member States.
The Policy Brief provides detailed evidence and recommendations to support decision-makers, research institutions and innovators navigating Europe’s evolving digital health landscape. It was developed to inform policymakers and competent authorities about the regulatory challenges and opportunities emerging from digital transformation in health research. The Policy Brief also supports EATRIS’ broader advocacy efforts by providing evidence-based recommendations to strengthen framework conditions for innovation and the implementation of Personalised Medicine across Europe.
Why Policy Matters for the Future of PerMed
Personalised Medicine requires timely access to high-quality, interoperable and ethically governed health data. It is vital to create an environment that: grants secure, cross-border access to high-quality health data; facilitates meaningful reuse for research and innovation; and ensures public trust through strong privacy, consent and transparency frameworks.
Three Key European Frameworks Shaping the European Data Ecosystem
EOSC (European Open Science Data Cloud) is building a cross-disciplinary, federated network enabling researchers to access curated, interoperable, FAIR research data across Europe. Although still in its build-up phase until 2027, EOSC promises substantial benefits for PerMed by enabling integration of clinical, genomic, environmental and lifestyle data.
- EOSC nodes will eventually provide both domain-specific capabilities (e.g., disease-focused datasets) and general services (e.g., cloud infrastructure).
- Interoperability frameworks are still evolving and must be co-designed with the research community.
- EOSC must articulate a clear value proposition in relation to EHDS to avoid duplication.
EHDS (European Health Data Space) establishes the first major domain-specific European data space. It empowers citizens with rights over their health data and enables structured cross-border exchange for both primary use (care delivery) and secondary use (research, innovation, policy).
- The EHDS rollout continues through 2027, with full application expected in 2029.
- Providers currently lack incentives to collect research-ready data.
The AI Act regulates the development and deployment of AI systems based on risk classification. Most clinical AI systems are expected to fall under the high-risk category, with strict compliance requirements. The AI Act sits in a complex regulatory landscape with overlapping regulations.The Medical Devices Regulation (MDR) and In Vitro Medical
Devices Regulations (IVMDR), the Clinical Trials Regulation, the Health Technology Assessment Regulation, among others, are all significantly intertwined.
- The “research exemption” is vital for PerMed but remains poorly defined.
- One AI Act concept deserving special attention is “AI Regulatory Sandboxes”. These are controlled environments where regulators and stakeholders test and interact with novel technologies to gain insights into real-world applications.
- The Digital Omnibus proposal (Nov 2025) introduces timeline flexibility, reduces administrative burdens and strengthens sectoral coherence.
Challenges and Recommendations
Aligning EHDS and EOSC – Both initiatives will affect how health and research data are governed, accessed and reused. Without coordination, Europe risks duplicated investments, inconsistent metadata models and conflicting rules for data holders. Stakeholders should establish regular alignment mechanisms and develop a common set of guiding principles.
Aligning Primary and Secondary Uses of Data – Primary use is when health data is used to deliver care to an individual, while secondary use is when this data is used for research, innovation or policy or other societal benefits. Healthcare providers should understand the value of secondary uses and be given incentives to collect quality data that supports secondary uses.
Providing Guidance on the AI Research Exemption – The Artificial Intelligence Act’s research exemption requires clear guidelines. Researchers, including private-sector innovators, require clarity on what activities fall within the exemption, with reference to MDR/IVDR requirements.
Establishing Harmonised AI Regulatory Sandboxes – AI Sandboxes are key to facilitating innovation while ensuring compliance with the Medical Devices Regulation and In Vitro Medical Devices Regulation. Sandboxes can accelerate safe innovation, but require alignment with medical device rules, EU-wide consistency, sufficient resources and clear operational guidance.
Balancing Access, Security & Public Trust – Innovation relies on public confidence. Secure data access models, robust consent and opt-out processes, and transparent communication are essential. Stringent security measures make access to data harder. At the same time, lax controls may allow data leaks or misuse, potentially damaging public trust. Striking the right balance will allow researchers to access health data safely without compromising public support and trust.
Download the full Policy Brief and learn more about EATRIS-CONNECT below:
