Non-profit clinical studies have a new source of regulation: the Ministry of Health November 30, 2021 decree (“Non-Profit Decree”), repealing the December 17, 2004 decree.
The Non-Profit Decree applies to:
- low-intervention clinical trials;
- observational trials;
- non-profit clinical trials provided that the following conditions apply:
- The trial is not aimed at industrial or commercial developments of drugs;
- The sponsor is a non-profit entity (if non-profit and profit sponsors coexist, then the trial falls outside the scope of the Non-Profit Decree);
- The sponsor does not have title to the marketing authorization of the trial drug, nor has any economic relationships (cointeressenze) with the marketing authorization holder;
- Data and results of the trial, as well as decisions over their publication, are exclusively of the sponsor.
The main novelty of the Non-Profit Decree is the possibility that sponsors of non-profit trials transfer the relating data and results, both in the trial phase and once the trial is completed, for registration purposes. Such transfer must be governed by a contract between the promoter and the transferee, the consideration of which is identified by a patent consultant jointly identified by the parties.
In the event of a transfer:
- The transferee becomes the data controller of the trial data;
- Costs associated with the trial, as well as fees due to AIFA and the competent ethics committees, which were waived in light of the non-profit status of the trial, must be paid; and
- The proceeds of the transfer are allocated in favor of the sponsor (50%), a non-profit trial fund (25%) and a an AIFA fund (25%).
The transfer must be notified by the promoter to AIFA, the competent Ethics Committee and the trial centers involved.
The Non-Profit Decree also sets forth that observational studies require prior approval by the competent ethics committee and that AIFA will adopt new guidelines for the classification and conduct of observational studies on drugs.
In case of any non-profit trial on a study drug, the pharmaceutical company having title to the drug must share with the sponsor an updated copy of the drug dossier and any safety data on the trial drug must be shared between the pharmaceutical company and the sponsor.
The Non-Profit Decree opens new opportunities for non-profit sponsors: it remains to be seen if there will be an appetite to purchase data by private entities and if a price set forth by an independent expert will be an effective mechanism.
Whistleblowing, or reporting of breaches of the law, is often regulated in a fragmented and non-comprehensive fashion. This is about to change thanks to Directive 2019/1937 of October 23, 2019 “on the protection of persons who report breaches of Union law” (the “Directive”), aimed at harmonizing and broadening the protection of whistleblowers and of reported entities.
In Italy whistleblowing is currently governed by Legislative Decree no. 165/2001 (for public employees) and by Legislative Decree no. 231/2001 (for private employees). With regard to the private sector, whistleblowing provisions are only applicable to companies who have adopted a “231 Organizational Model”.
The Directive should have been implemented by December 17, 2021. The Italian government has been delegated by the Parliament to adopt the necessary implementing measures but, as many other EU countries, the legislative process has already exceeded the December 17 deadline.
While the details of the national law that will implement the Directive are still unknown, certain basic principles can already be envisaged:
- In principle, the Directive applies to public entities and to private entities with at least 50 employees or with an annual turnover of more than Euro 10 million, with two caveats: (i) the Directive is applicable, regardless of the number of employees, if your company operates within the scope of EU legislation preventing money laundering and terrorist financing (e.g., financial services); and (ii) Member States may decide to apply new whistleblowing provisions also to companies below the 50-employees threshold;
- The Directive broadens the concept of reporting person: among others, also self-employed workers, shareholders, members of the key company’s bodies, (sub)contractors and suppliers will be covered by the protection afforded by whistleblowing legislation (such as the protection of their identity), even if their work relationship has ended or has yet to begin;
- The Directive also broadens the subject matter of the report: to be covered by the Directive, reports have to relate to breaches of EU law in specific sectors. However, the Directive provides for the possibility to broaden the subject matter as to include violation of domestic legislation;
- The Directive provides for three reporting channels:
- Internal channel: if you have adopted a 231 Model, you are surely already equipped with an internal whistleblowing channel, which however will require to be upgraded as to cover the new definition of reporting person and the strict reporting and follow-up requirements established by the Directive;
- External channel, which will be set up by the government and will likely allow to blow the whistle to public authorities, such as the Italian Anticorruption Authority. (If you have an IT provider which helps you run a whistleblowing channel, that’s an internal one);
- Public disclosure: reporting persons may “go public” only if other channels have not been successful.
- In relationto groups of companies, the European Commission has clarified the matter with two opinions, dated June 2, 2021 and June 29, 2021: each legal entity with 50 or more workers is required to set up its own channels and procedures for internal reporting. Entities with 50 to 249 employees, may “share resources” with their parent companies (but also with non-linked companies) and may also, but not exclusively, rely on their channels;
- Data collection and processing activities under whistleblowing provisions must be carried out in compliance with the GDPR: as an example, personal data which are manifestly not useful for the purposes of a specific report must not be collected or, if collected accidentally, deleted.
While we wait for the Italian law implementing the Directive, the above basics already give you an idea of what is to come.
New Crimes under Legislative Decree no. 231/2001. The list of crimes triggering corporate liability under Legislative Decree no. 231/2001 was recently expanded by Legislative Decree no. 184/2021, implementing Directive (EU) 2019/713 “on combating fraud and counterfeiting of non-cash means of payment and replacing Council Framework Decision 2001/413/JHA”. As a result, Section 25-octies.1 on “Crimes related to non-cash payment instruments” was introduced. Such crime arises in case of:
- Unlawful use and forgery of non-cash payment instruments;
- Possession and dissemination of equipment, devices or computer programs aimed at committing offences concerning non-cash payment instruments; and
- Computer fraud, provided for by Article 24 of Legislative Decree No. 231/2001, for which an aggravating circumstance has been introduced in case the conduct results in the transfer of money, monetary value or virtual currency.
Sanctions for committing such crimes are monetary fines up to 800 quotas and the application of blacklisting sanctions.
Amendments to the Italian Criminal Code. Legislative Decree No. 195/2021, implementing Directive (EU) 2018/1673 “on combating money laundering by criminal law”, introduced several amendments to Sections 648, 648-bis, 648-ter and 648-ter.1 of the Italian Criminal Code, providing for the offences of receiving stolen goods, use of goods of unlawful origin, money laundering and self-laundering, all already included in the catalogue of predicate offences under Section 25-octies of the Legislative Decree No. 231/2001. More specifically, the above-mentioned Legislative Decree amended the provisions:
- By extending the scope of the crime of receiving stolen goods also to contraventions and by providing for an aggravating circumstance in case the offence is committed in the exercise of a professional activity;
- By extending the scope of the crimes of money laundering and self-laundering also to culpable offences and contraventions;
- By extending the scope of the crime of use of goods of unlawful origin crime also to contraventions.
Further Proposed Legislative Amendments. Draft law No. 2427 provides for the inclusion of agri-food crimes the list of predicate offences under Legislative Decree No. 231/2001, with the aim of safeguarding public health, with a focus on the traceability of raw materials and products, hygiene violations, and combating fraud in trade, from agro-piracy to Italian sounding. However, the bill has been submitted to Parliament but has not been approved yet.
Any Impacts for Your Company? If your company has not yet adopted an organizational model pursuant to Legislative Decree no. 231/2001, then it will obviously need to consider all the above crimes, in addition to those previously existing. If, instead, your company has already adopted a 231 model, it will be necessary to check if it is at risk of committing such new offences. It would be advisable to carry out a new risk assessment aimed at ensuring that the model is duly updated.