EU directives/Regulations

Current status on EU legislation on clinical trials

A new regulation on clinical trial Regulation EU No 536/2014 is in the pipeline.

The main characteristics of the new Regulation will be:

  • “A streamlined application procedure via a single entry point, the EU portal.
  • A single set of documents to be prepared and submitted for the application defined in Annex I of the Regulation.
  • A harmonised procedure for the assessment of applications for clinical trials, which is divided in two parts. Part I is jointly assessed by all Member States concerned. Part II is assessed by each Member State concerned separately.
  • Strictly defined deadlines for the assessment of clinical trial application.
  • The involvement of the ethics committees in the assessment procedure in accordance with the national law of the Member state concerned but within the overall timelines defined by the Regulation.
  • Extension of the tacit agreement principle to the whole authorisation process which, without compromising safety, will give sponsors, in particular SMEs and academics, increased legal certainty.
  • Simplified reporting procedures which will spare sponsors from submitting broadly identical information separately to various bodies and different Member States.
  • Increased transparency as regards clinical trials and their outcomes.
  • Union controls in Member states and third countries to ensure that clinical trials rules are being properly supervised and enforced.
  • Clinical trials conducted outside the EU, but referred to in a clinical trial application within the EU, will have to comply with regulatory requirements that are at least equivalent to those applicable in the EU.”

Currently, Directive 2001/20/EC is in place until Regulation 2014/536/EU is implemented.

The implementation of the regulation is postponed until 31 January 2022.   

Medicinal Products for Human use legislation

Directives and regulations regarding clinical trials fall into EU pharmaceutical legislation. Information about legislation on medicinal products for human use can be found here.

Important legislation to keep in mind:

– Directive 2001/20/EC on the implementation of good clinical practice in the conduct of clinical trials on medicinal products for human use
>Read more

-Regulation EC No 1394/2007 on advanced therapies.
> Read more

– Regulation EU No 520/2012 on pharmacovigilance activities.
> Read more

-Regulation EU No 536/2014
> Read more

-EMA news on GCP in clinical trials
> Read more


Information on Directives and Regulations regarding Technology Assessment and Health Informatics:

-On eHealth
> Read more

-On Health Technology Assessment
> Read more

-On data collection
> Read more

-On cross-border healthcare
> Read more

More information on Health at EU level here

EU directives/Regulations

Technology Assessment and Health Informatics

-On data collection:
Data protection is ensured by Regulation 2016/679/EU  and Article 8 from Charter of Fundamental Rights of the European Union.

Directive 2002/58/EC, directive on Privacy and Electronic Communications increase its relevancy in medical sector through the emergence of eHealth.

-On eHealth:
Despite increase in interest and use of eHealth nad in particular Telemedecine, no legal framework exists. Directive 2011/24/EU on cross-border healthcare provides regulation on reimbursement, international cooperation between healthcare entities and cross border enforcement of patients’ rights.

-On Health Technology Assessment:
Aim to provide policy-makers with evidence based information and can influence decision on reimbursement at national level. In 2016, the EU through the HTA network launched: EUnetHTA Joint Action 3.

EU directives/Regulations


The European commission defines telemedicine as ” the provision of healthcare services, through the use of ICT, in situations where the health professional and the patient (or two health professionals) are not in the same location. It involves secure transmission of medical data and information, through text, sound, images or other forms needed for the prevention, diagnosis, treatment and follow-up of patients”.

There is no regulation at EU level, nevertheless some pre-existing directives influence it and give it a framework and guide Member States: Regulation 2016/679/EU, Directive 2011/24/EU, Directive 2000/31/EC and Directive 2002/58/EC.

More information on eHealth in general here.


-Regulation 2016/679/EU General Data Protection Regulation
> Read more

-Directive 2011/24/EU on the application of patients’ rights in cross-border healthcare
> Read more

-Directive 2000/31/EC on ‘electronic commerce’
> Read more

-Directive 2002/58/EC on privacy and electronic communications
> Read more



-Data subject: “who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier”, owner of the personal data.

-Processor: any entity/person who processes personal data. In Europe, the processor has to be compliant with GDPR. If the processor is in the USA; it has to be ensured that it is compliant with EU-US privacy shield decision. A Cloud can be a processor as well as a subcontractor, a “Natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller” (art.4 GDPR).

-Controller: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” (art.4 GDPR).

More information on GDPR here.

More information on processing of sensitive data here.

EU directives/Regulations

GDPR General Data Protection Regulation

The General Data Protection Regulation (Regulation 2016/679/EU) comes into force on May, 25th 2018. The GDPR focuses on accountability, transparency, protection and reliability. The Regulation aims to reduce the collection of personal data from consumers without their knowledge and without transparency.

The data controller is required to answer to the following questions: what (which data), who (who access/process it), why (purpose of the usage and storage), where (where are the data stored?), when (how long the data are kept?)

The Regulation gives access to various rights: Right to portability, Ownership, Right to be forgotten/to erasure, Right to accessibility.

Health data are considered as sensitive personal data and can be processed for health-related and scientific purposes. Their use has to be justified and their anonymization is required in the context of (clinical) research projects. Health data have to be collected and processed for a specific, explicit and legitimate purpose. Their integrity and confidentiality have to be ensured.

The controller has to declare or obtain an authorization for the processing for these data: active consent from the data subject in the context of a research project or due to a therapeutic relationship between the practitioner and the patient. For research purposes, these data can be re-used and stored for a longer period.

Note: “If the purposes for which a controller processes personal data do not or do no longer require the identification of a data subject by the controller, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the data subject for the sole purpose of complying with this Regulation.” (Art. 11.1 GDPR)

More information on GDPR here.

More information on processing of sensitive data here.