Legal Framework Applicable to the Dataspace4Health Project

Key regulations overview: The Dataspace4Health project is governed by GDPR, AI Act, Medical Device Regulation (MDR), European Health Data Space (EHDS), and Data Governance Act (DGA), each addressing specific aspects of data protection, AI systems, medical device compliance, health data usage, and data sharing.

GDPR application: Health data are considered sensitive and require strict transparency, patient consent, documentation, privacy by design, and cooperation with authorities. Research exemptions allow some flexibility under conditions that do not hinder research objectives.

AI Act and MDR compliance: AI systems classified as high-risk, especially those used for diagnosis or treatment, must follow roles mapping, conformity declarations, technical documentation, risk management, quality systems, human oversight, and incident notification.

EHDS and DGA roles: EHDS regulates primary and secondary use of electronic health data, ensuring access, data updates, interoperability, and user rights adaptation. DGA governs data sharing and reuse with obligations on public bodies, re-users, and intermediaries to ensure fair conditions, confidentiality, and prevention of unauthorized data use.