Register of Policies - February 2025

The creation of the European Health Data Space (EHDS) marks an important step in improving the use and sharing of health data in the Union. After the Data Governance Act and the Data Act laid the foundations to facilitate data sharing and established a framework for data governance within the EU, the EDHS supports the idea of a Single Market for digital health services and products. The regulation distinguishes between “primary” and “secondary” use of data, with the former giving people rights over their data (free access, access control, rectification of inaccuracies), and the latter allowing entities (e.g., researchers, policymakers and innovators) to access anonymized or pseudonymized health data to foster medical research, policymaking and innovation. The EDHS also improves interoperability between electronic health record (EHR) systems in member states. While the provisions on primary use of health data will apply from March 2027, those on secondary use will apply from March 2029, with some exceptions extending to March 2031.

EU law: Regulation (EU) 2025/327

After the EU AI Act came into force on August 1, 2024, its four-stage application began six months later. The AI Act, which aims to ensure the safety, transparency and respect for fundamental rights of AI systems, follows a risk-based classification. The least restricted AI systems are those that pose minimal risks, such as AI-powered video games. This is followed by systems with limited risks, such as chatbots, which require transparency obligations and informing users about their interaction with an AI application. Then come high-risk systems, which are used in critical infrastructure, education, employment and essential public services requiring strict requirements (reporting, cybersecurity, data protection) before deployment. Finally, systems with unacceptable risk, such as social scoring, surveillance/manipulation of individuals and groups and real-time biometric identification in public spaces, are prohibited. The first implementation phase of the EU AI Act concerns the latter systems, which are banned. It also includes AI literacy obligations, i.e., initiatives to promote AI literacy among the public to ensure informed use and understanding of AI technologies.

EU law: Regulation (EU) 2024/1689

Following the presentation of the Competitiveness Compass in January 2025, the European Commission proposed two packages aimed collectively at significantly reducing administrative burdens, namely by 25% for large companies and 35% for SMEs. Known as Omnibus I and Omnibus II, they aim to simplify and strengthen the EU's sustainability information and due diligence frameworks, potentially saving up to €6.3 billion in annual administrative costs and mobilizing an additional €50 billion in public and private investment capacity. Omnibus I focuses on postponing the application dates for corporate disclosure and due diligence requirements in the Corporate Sustainability Reporting Directive (CSRD) from 2025 and 2026 to 2027 and 2028, and by one year in the Corporate Sustainability Due Diligence Directive (CSDD). Omnibus II makes changes to both these frameworks, in addition to the Cross-Border Carbon Adjustment Mechanism (CBAM) and the EU taxonomy. For example, the scope of the CSRD will now apply to companies employing more than 1,000 people and with total assets or net sales in excess of €25 million, which should exclude around 80% of the companies initially covered by the directive. Similarly, a tonnage threshold excluding small importers (182,000, or 90% of the participants currently concerned) from the scope of CBAM will be introduced.

EU law: Communication 2025(80) final / Communication 2025(81) final

Leave Us A Comment