European Health Data Space – Is the Proposed Certification System Effective against Cyber Threats?

The proposal for a European Health Data Space aims at creating a common space where individuals may control their health data in a trusted and secure way. The objective is not only improving healthcare delivery, but also enhancing the opportunities to use health data for research and innovation. To achieve these results, the proposal implements a mandatory self-certification scheme for European health records systems as well as for wellness devices and applications, setting up essential requirements related to interoperability and security. Although this is the first intervention that sets a horizontal framework that is mandatory for all Member States, the security requirements that are included in the legislative proposal are not sufficiently detailed and comprehensive. Given that cyberthreats are increasing and security incidents affecting health data may potentially have an impact on the lives of patients, it is important that cybersecurity measures are adopted and implemented in the most effective way. The paper will analyse the European Health Data Space proposal pointing to the open issues and doubts that may be emerging and it will compare them with the proposed Cyber Resilience Act, identifying the issues that may be solved thanks to this horizontal regulation and the ones that instead remain open.