On March 5, 2025, the final text of the European Health Data Space (EHDS) was published in the EU Official Journal (see here).  In April 2024,we wrote several blog posts on EHDS based on a provisional compromise text.  We have now updated those to reflect the final version and included references to the correct provisions.

This article focuses on the implications for “wellness applications” and medical devices; for an overview of the EHDS generally, see our first post in this series.

1: Wellness Applications and Medical Devices in Relation to Electronic Health Records

a) Wellness applications

The EHDS contains specific provisions on “wellness applications” that claim interoperability with electronic health records (“EHRs”).   Under the original proposal for the EHDS, published in May 2022, “wellness applications” were defined as:

any appliance or software intended by the manufacturer to be used by a natural person for processing
electronic health data for other purposes than healthcare, such as well-being and pursuing healthy life-styles.” (emphasis added)

The latest draft of the EHDS defines the term more broadly as:

any software, or any combination of hardware and software, intended by the manufacturer to be used by a natural person, for the processing of electronic health data, specifically for providing information on the health of natural persons, or the delivery of care for purposes other than the provision of healthcare.” (emphasis added) (Art. 2(2)(ab) EHDS)

Wellness applications claiming interoperability with the EHR system in relation to the harmonized components of EHR systems (and thus complying with the essential requirements and applicable common specifications), must, before they are placed on the market (and just like EHR systems) use a “digital testing environment” made available by the European Commission or the Member States to assess the harmonized components of their application (Art. 40(3) EHDS).

Assuming the result of the test is positive, the manufacturer has to apply a (digital) label to the wellness application to inform the user of the interoperability and its effects.  The label is issued by the manufacturer and is valid for a maximum of three years.  The European Commission will determine the format and content of the label (Art. 47 EHDS).

Interoperability of a wellness application does not mean automatic transfer of data to the user’s EHR.  Such sharing may only take place with the consent of the users, who must also have the technical ability to decide which parts of the data they want to insert in their EHR and in which circumstances (Art. 48(2) EHDS).

Finally, manufacturers of labelled wellness applications must register their application, including the results of the test environment, into an the EU database maintained and made public by the European Commission (Art. 49 EHDS). 

b) Medical devices

  1. Interoperability

The EHDS also has implications for medical devices but when it comes to defining those obligations, the definitions and current drafting of the EHDS are open to interpretation.  For one, the revised definition of “wellness application” is potentially broad enough to capture medical devices as it now seems to cover appliances or software that provide information on the health of individual persons or the delivery of care for other purposes than the provision of healthcare.  Depending on how you read it, the ‘other purposes than the provision of healthcare’ does not necessarily limit both preceding elements of the definition.  Further, the definition of “EHR system” (electronic health record system) is very broad and includes “any system whereby the software, or a combination of the hardware and the software of that system, allows personal electronic health data that belong to the priority categories of personal electronic health data established under this Regulation to be stored, intermediated, exported, imported, converted, edited or viewed, and intended by the manufacturer to be used by healthcare providers when providing patient care or by patients when accessing their electronic health data” (Art. 2(2)(k) EHDS). This definition could potentially include medical devices.  

Similar to the position for wellness applications, medical devices and IVDs that claim interoperability with the harmonized components of EHR systems must “prove compliance with the essential requirements on the European interoperability software component for EHR systems and the European logging component for EHR systems” laid down in Section 2, Annex II of the EHDS (Art. 27(1) EHDS).

The essential requirements on interoperability of the EHDS would only apply to the extent that the manufacturer of a medical device/IVD, which is providing electronic health data to be processed as part of the EHR system, claims interoperability with an EHR system. In such case, the provisions on “common specifications” for EHR systems should be applicable to those medical devices.

  1. Conformity assessment

Recital 42 EHDS expressly acknowledges that certain components of EHR systems can qualify as medical devices and be subject to the Medical Device Regulation (EU) 2017/745 (“MDR”) or the In vitro diagnostics Regulation (EU) 2017/746 (“IVDR”).

As articulated in Recital 42 EHDS, software or module(s) of software which is a medical device, IVD or high-risk AI system should be certified in accordance with the MDR, IVDR and the AI Act, as applicable.  Let’s imagine (1) a medical device (2) that stores or views electronic health records (3) to achieve its medical device intended purpose and that (4) uses AI for data processing.  This hypothetical product would qualify as a medical device and EHR system and, on top of that, it uses AI to achieve its intended device purpose.  Hence, the manufacturer will be required to conduct conformity assessments under (at least) three different EU Regulations which are the (1) MDR, the (2) AI Act and (3) the EHDS. 

In such cases, where “an EHR system is subject to other Union legal acts in respect of aspects not covered by this Regulation, which also require an EU declaration of conformity by the manufacturer in which it is stated that the fulfilment of the requirements of those legal acts has been demonstrated, a single EU declaration of conformity shall be drawn up in respect of all Union legal acts applicable to the EHR system. That EU declaration of conformity shall contain all the information required for the identification of the Union legal acts to which it relates(Art. 39(2) EHDS).

For such cases, where products are required to fulfil the requirements under several regulations governing those products, Recital 42 EHDS also states that “Member States should take appropriate measures to ensure that the respective conformity assessment is carried out as a joint or coordinated procedure in order to limit the administrative burden on manufacturers and other economic operators.” It will be very interesting to see how Member States will ensure that the foreseeable (high) administrative burden to manufacturers will be limited. Experience has shown that this has not worked for the (single) conformity assessments under the MDR… It would have been preferable if the EHDS had set forth EU-wide rules on how this purpose should be achieved instead of leaving this to 27 Member States to come up with their own (and possibly 27 different) approaches to limit administrative burden.

  1. Registration

The final version of the EHDS has modified the provisions on the registration requirements for medical devices and AI systems under the EHDS. Article 49(3) EHDS suggests that medical devices and IVDs and high-risk AI systems that also qualify as EHR systems or claim interoperability with EHR systems “shall also be registered in the databases established pursuant to Regulation (EU) 2017/745, (EU) 2017/746 or (EU) 2024/1689, as applicable. In such cases, the data to be entered shall also be forwarded to the “EU database for registration of EHR systems and wellness applications” (defined in Art. 49(1) EHDS).

Since the EU appears to be facing significant challenges with large IT projects like EU-wide databases (e.g., EUDAMED, CTIS), it in any event remains to be seen whether the new EU database for registration of EHR systems and wellness applications under the EHDS will be functional in time to support implementation of the EHDS.

2: Secondary use

The EHDS sets out a long list of covered electronic health data that should be made available for secondary use under the EHDS.  It includes, among others, data from wellness applications and health data from medical devices (Art. 51 EHDS).  Note that this chapter of the EHDS is not limited to wellness applications and medical devices that claim interoperability with EHRs; it seems to apply to all wellness applications and medical devices.  Data holders (see our blog here for more) of data generated by wellness applications and devices will have to share this data upon request from an HDAB.

Note, however, that Member States are apparently allowed to introduce stricter safeguards (for example an opt-in consent) for the re-use of health data from wellness applications under the EHDS, but not for health data from the EHR system they can interoperate with or from health data from medical devices (Art. 51(4) EHDS).  This makes little sense, and it will be interesting to see what safeguards (if any) Member States introduce in practice.

We will keep you posted about any further developments.

Photo of Kristof Van Quathem Kristof Van Quathem

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty…

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty years and developed particular experience in the life science and information technology sectors. He counsels clients on government affairs strategies concerning EU lawmaking and their compliance with applicable regulatory frameworks, and has represented clients in non-contentious and contentious matters before data protection authorities, national courts and the Court of the Justice of the EU.

Kristof is admitted to practice in Belgium.

Read more about Kristof Van Quathem
Show more Show less
Photo of Sarah Cowlishaw Sarah Cowlishaw

Advising clients on a broad range of life sciences matters, Sarah Cowlishaw supports innovative pharmaceutical, biotech, medical device, diagnostic and technology companies on regulatory, compliance, transactional, and legislative matters.

Sarah is a partner in London and Dublin practicing in the areas of EU…

Advising clients on a broad range of life sciences matters, Sarah Cowlishaw supports innovative pharmaceutical, biotech, medical device, diagnostic and technology companies on regulatory, compliance, transactional, and legislative matters.

Sarah is a partner in London and Dublin practicing in the areas of EU, UK and Irish life sciences law. She has particular expertise in medical devices and diagnostics, and on advising on legal issues presented by digital health technologies, helping companies navigate regulatory frameworks while balancing challenges presented by the pace of technological change over legislative developments.

Sarah is a co-chair of Covington’s multidisciplinary Digital Health Initiative, which brings together the firm’s considerable resources across the broad array of legal, regulatory, commercial, and policy issues relating to the development and exploitation of digital health products and services.

Sarah regularly advises on:

obligations under the EU Medical Devices Regulation and In Vitro Diagnostics Medical Devices Regulation, including associated transition issues, and UK-specific considerations caused by Brexit;
medical device CE and UKCA marking, quality systems, device vigilance and rules governing clinical investigations and performance evaluations of medical devices and in vitro diagnostics;
borderline classification determinations for software medical devices;
legal issues presented by digital health technologies including artificial intelligence;
general regulatory matters for the pharma and device industry, including borderline determinations, adverse event and other reporting obligations, manufacturing controls, and labeling and promotion;
the full range of agreements that span the product life-cycle in the life sciences sector, including collaborations and other strategic agreements, clinical trial agreements, and manufacturing and supply agreements; and
regulatory and commercial due diligence for life sciences transactions.

Sarah has been recognized as one of the UK’s Rising Stars by Law.com (2021), which lists 25 up and coming female lawyers in the UK. She was named among the Hot 100 by The Lawyer (2020) and was included in the 50 Movers & Shakers in BioBusiness 2019 for advancing legal thinking for digital health.

Sarah is also Graduate Recruitment Partner for Covington’s London office.

Read more about Sarah Cowlishaw
Show more Show less
Photo of Dr. Dr. Adem Koyuncu Dr. Dr. Adem Koyuncu

Adem Koyuncu is double qualified as a lawyer and medical doctor and a partner in our Brussels and Frankfurt office. He is a chair of the firm’s “Food, Drug & Device” practice group and also a member of our Compliance practice. Adem is…

Adem Koyuncu is double qualified as a lawyer and medical doctor and a partner in our Brussels and Frankfurt office. He is a chair of the firm’s “Food, Drug & Device” practice group and also a member of our Compliance practice. Adem is recognized as a “leading lawyer for pharma and medical devices law” (JUVE).

Adem is a life sciences industry advisor with more than 25 years of professional experience. He has a broad practice that cuts across regulatory, compliance, IP, privacy and liability matters. Adem also provides strategic advice. He knows the life sciences sector also from his earlier work in the pharmaceutical industry and as a medical doctor. He represents clients before courts and authorities and assists them in contract negotiations, investigations and transactions. For years, Adem is listed in various lawyer rankings.

See some Accolades from Clients and Surveys:

“Adem Koyuncu is one of the most intelligent lawyers I know.” (Legal 500 2023)
“He is one of the most detail-oriented and client-focused partners I have ever encountered.” (Client, Chambers 2021)
“Great professional and human competence, good team player.” (Client/Adverse Party, JUVE 2022)
“I find him to be one of the most pragmatic regulatory lawyers. He was a doctor before a lawyer, has been in-house, worked on lots of stuff that I have to handle in-house, which helps when getting advice. He is really good at saying it’s a complex situation and your best option is to do this.” (Chambers 2022)
“He always comes through with extremely helpful advice. He brings a unique understanding and experience to his practice as both a lawyer and medical doctor.” (Chambers 2021)
“He is an excellent dispute resolution lawyer and advises at the highest level, including, in particular, strategic advice.” (Legal 500 2023)
“He is very sharp and quick, while at the same time having a good sense of humor and nerves of steel. Very pleasant to work with.” (Legal 500 2022)
He is described as “versatile competent, reliable and high quality” (JUVE 2021) and “incredibly fast.” (JUVE 2018)
Provides advice at “an outstanding level.” (Legal 500 2015)
“Very strong negotiation skills.” (JUVE 2011)
Clients appreciate his “very broad knowledge and long-standing expertise” (JUVE 2021/22) and that “he is approachable, knowledgeable and really easy to talk to over the various issues. He is calm and has seen most problems before.” (Chambers 2020)
Peer lawyers described him as “highly competent” and a “very good and pleasant lawyer” (JUVE 2014) and as “the off-label-guru, substantively very good, creative.” (JUVE 2022)

Adem is the author of numerous publications (e.g., in leading books on pharma law, product liability and clinical trials) and frequent speaker at different events. As such, he will soon speak at following events:

“Pharma Liability and Risk Prevention,” Marburg Symposium on Pharma Law 2025 (March 14, 2025)
“Risk medical device – Basics of liability and insurability,” BVMed Academy, webinar (in German) (March 26, 2025)
“Risk medical device – IT security, risk management & product liability are a matter for the management!,” BVMed Academy, webinar (in German) (April 28, 2025)
“Risk medical device – Challenges & limits of insurability,” BVMed Academy, webinar (in German) (June 4, 2025)

Read more about Dr. Dr. Adem Koyuncu
Show more Show less