The European Union is awash with an alphabet soup of regulations that relate in full or part to cybersecurity and digital safety - from the long-established GDPR to the newly adopted NIS 2 and upcoming CRA.
Decoding The Cyber Alphabet Soup
CRA: The Cyber Resilience Act is a proposed EU horizontal regulation aimed at improving the cybersecurity of products with digital elements. The initial draft text of this regulation, published in September 2022, explicitly excludes medical devices and IVDs from its scope - but some experts have called for this exclusion to be reversed.
EHDS: The European Health Data Space is an EU proposed initiative and implementing regulation that will allow the use of health data for secondary purposes if it is anonymized. Although the EHDS does not directly relate to cybersecurity, it is focused on changing the digital infrastructure of the EU and may conflict with provisions in the GDPR.
GDPR: The General Data Protection Regulation sets EU-wide data protection and privacy rules, and is regarded as one of the world’s strictest laws around data sharing.
NIS 1: The original EU Directive on security of network and information systems, which is gradually being replaced by the NIS 2, which member states have until October 2024 to transpose into national laws.
NIS 2: The new version of the NIS Directive. NIS 2 sets out legal cybersecurity requirements for critical infrastructures, including medical device companies.
Read the full article – start your free trial today!
Join thousands of industry professionals who rely on Medtech Insight for daily insights
- Start your 7-day free trial
- Explore trusted news, analysis, and insights
- Access comprehensive global coverage
- Enjoy instant access – no credit card required
Already a subscriber?
