Tag Archives: news

A More Volatile World: The Digital Omnibus

Legal news, , , , , , , ,

On November 19, 2025, the European Commission unveiled a landmark proposal: the Digital Omnibus Regulation. This initiative is not just another legislative tweak – it signals a philosophical shift in how Europe approaches digital regulation. In a world increasingly defined by volatility, complexity, and rapid technological change, the Commission seems to be saying: “We’ve heard you – let’s regulate, but let’s make it easier to comply.”

Why Now? The Context Behind the ‘Digital Omnibus’

The proposal comes against a backdrop of mounting pressure on Europe’s competitiveness. In his now-famous “Please, do something” speech to the European Parliament, Mario Draghi urged EU institutions to act decisively to restore Europe’s ability to innovate and compete globally. Could the Digital Omnibus be seen as a response to this heartfelt appeal?

For years, the EU has been a global pioneer in digital regulation – think GDPR, AI Act, Data Act, Digital Services Act (DSA), Digital Markets Act (DMA), NIS2, and more. But this success has come at a cost: fragmentation, complexity, and heavy compliance burdens. Businesses have struggled to navigate overlapping obligations. The Digital Omnibus is designed to change that. In the “explanatory memorandum” to the Digital Omnibus, the Commission emblematically acknowledges, for instance, that “some entities, especially smaller companies and associations with a low number of non-intensive, often low-risk data processing operations, expressed concerns regarding the application of some obligations of the GDPR”.

The ‘Digital Omnibus’ Proposal

The proposal introduces technical amendments and structural simplifications across a wide range of legislation, including:

  • General Data Protection Regulation (GDPR)
  • AI Act
  • Data Act
  • ePrivacy Directive
  • NIS2 Directive
  • Data Governance Act
  • Free Flow of Non-Personal Data Regulation
  • Platform-to-Business (P2B) Regulation (to be repealed

Key Highlights

  • GDPR Simplification:
    • Clarifies the definition of personal data
    • Supports controllers with respect to the criteria and means to determine whether data resulting from pseudonymization does not constitute personal data
    • Introduces flexibility for AI development: processing personal data for AI training under “legitimate interest,” with safeguards.
    • Modernizes cookie consent rules – centralized browser settings to end “cookie fatigue.”
  • AI Act Adjustments:
    • Expands regulatory sandboxes and simplifies compliance for SMEs and mid-cap companies.
    • Clarifies the interplay between the AI Act and other EU legislation
    • Introduces an obligation on the Commission and Member States to foster AI literacy
  • Incident Reporting:
    • Creates a single-entry point for incident notifications under GDPR, NIS2, DORA, and CER – ending duplicative reporting.

A New Philosophy?

There are strong indications that the “Digital Omnibus” is more than a mere technical adjustment and may represents a strategic shift in EU “digital law”. The proposals will now proceed to the European Parliament and the Council for deliberation. It remains to be seen whether words will be turned into action.

Italy’s New AI Law: A Boost for Healthcare Research?

Legal news, , , , , , , , , , , ,

Italy has recently enacted its own “Artificial Intelligence Act”, set to take effect on October 10, 2025.

You might be wondering: Did we really need another layer of AI regulation? That was our initial reaction, too. But a closer look reveals that the Italian AI Law introduces several interesting provisions, especially in the healthcare sector, that could facilitate research for both public and private entities. Here are some highlights:

1. Healthcare Data Processing as Based on Public Interest

The law explicitly recognizes that the processing of health-related personal data by:

  • Public or private non-profit entities,
  • Research hospitals (IRCCS),
  • Private entities collaborating with the above for healthcare research,

is of “substantial public interest.” This significantly expands the scope of Article 9(2)(g) of the GDPR, offering a clearer legal basis for processing sensitive data in research contexts.

2. Secondary Use of Data

The law introduces a simplified regime for the secondary use of personal data without direct identifiers. In particular:

  • No new consent required, as long as data subjects are informed (even via a website).
  • Automatic authorization unless blocked by the Data Protection Authority within 30 days of notification.

This provision applies only to the entities mentioned above so it is limited in scope, but in any case significantly strengthens the framework for nonprofit research projects.

3. Freedom to Anonymize, Pseudonymize and Synthesize

Under Article 8(4) of the AI Law, processing data for anonymization, pseudonymization, or synthesization is always permitted, provided the data subject is informed. This is a major step forward in enabling privacy-preserving AI research.

4. Guidelines and Governance

The law delegates the creation of technical guidelines to:

  • AGENAS – for anonymization and synthetic data generation.
  • Ministry of Health – for processing health data in research, including AI applications.

It also establishes a national AI platform at AGENAS, which will act as the data controller for personal data collected and generated within the platform.

Final Thoughts

While the GDPR aimed to support research, its implementation often created legal uncertainty and operational hurdles. Italy’s AI Law appears to address some of these gaps, offering a more pragmatic and enabling framework for healthcare research.

A new decree (and new obligations) to tackle counterfeiting in the pharmaceutical sector

Legal news, ,

On January 28, 2025 the Italian government approved a legislative decree (“Decree”) implementing EU regulation 2016/161 through which the European Union has introduced specific measures aimed at fighting counterfeit medicines.

Packaging. Packaging of pharmaceutical products will have to include: (i) a two-dimensional bar code (i.e. “unique identifier”) able to guarantee the authenticity and the identification of the single individual pack of medicinal products; and (ii) an anti-tampering device.

Marketing authorization. Any new or existing marketing authorization (“MA”) requests must include information on the unique identifier and anti-tampering device when it has an impact on the primary packaging, the locking system or the label’s legibility. MA holders must update their MA to ensure full compliance with the new regulation.

Timeline.  The Decree should come into force on February 9, 2025, but its publication in the official Gazette is still awaited. However, the Decree has provided for a transition period between February 9, 2025, to February 8, 2027, where it will be possible to continue using the old “Bollino” system without incurring penalties.

Sanctions.  The manufacturer who does not apply and activate the unique identifier may be sanctioned with an administrative fine ranging from Euro 10,000 up to 60,000 for each batch. An MA holder may be sanctioned with a fine, ranging from Euro 10,000 up to 60,000 for each batch, for trading a medical product lacking an anti-tampering device. Manufacturers, wholesalers, and suppliers of medicines to the public who do not notify immediately to the competent authorities of any case of tampering or counterfeiting may be sanctioned with a fine starting from Euro 20,000 up to Euro 80,000 for each batch.

The Italian Government Fund for the Governance of Medical Devices

Legal news, , , , , , , ,

With Ministerial Decree dated December 29, 2023, the Italian Ministry of Health has established criteria and methods for feeding the fund dedicated to the governance of medical devices, the so-called “Fondo per il governo dei dispositivi medici” (Fund for medical devices governance, “Fund”).

Key Features

  • Annual payment obligation.  Companies manufacturing or distributing medical devices, large medical equipment and in vitro diagnostic medical devices must pay a sum equal to 0.75% of the company’s previous year turnover from the sale of such devices to the National Health Service, net of VAT.
  • Annual Declaration Requirement.  Companies must submit an annual statement to the Ministry of Health regarding:
    • The estimated amount of 0.75% of the above-mentioned turnover.
    • The company’s previous year turnover to the National Health Service, net of VAT;
  • Use of the Fund. The Fund will be used for various activities related to Health Technology Assessment and governance of medical devices (including the management of the National Price Observatory, the vigilance system and the market surveillance system).
  • Deadlines and next steps. The first deadline for compliance with the fund regulations is set for December 31, 2024.

Companies are currently assessing whether the Fund can be challenged in court with arguments that may be similar to those raised in the so called “payback” litigation, which will see its day in Court (namely, the Italian Constitutional Court) on May 22, 2024.

Five Key Takeaways from Our Seminar on Clinical Trials

Events, Legal news, , , , , , , , , , , , , ,

If you missed our seminar on clinical trials on January 16, here are five key takeaways to help you understand the changing regulatory environment in Europe and Italy.

  1. Be ready for a new regulatory landscape

The recent clinical trials regulatory overhaul within the EU aims at fostering research and facilitating the tasks of all actors involved in this area. However, delays in the implementation of such new legislation are posing an actual risk for the entire sector throughout the EU, while competition from emerging economies is getting stronger.

  1. Harmonized, but not enough

In several areas, such as observational studies or ethical committee’s assessments, a unified approach at European level is yet to be adopted. This leaves a lot of fragmentation among the various countries and a lot of work to be done at local level in order to ensure compliance with applicable regulations. Be prepared to deal with such inconveniences, in particular in the pharmaceutical sector.

  1. Changes in data protection laws offer new opportunities but challenges remain

GDPR brought new harmonized provisions to improve and support the use of data for the purpose of conducting research. However, guidance from national data protection and regulatory authorities in areas such as legal grounds for processing and secondary use is far from established. Moreover, different EU countries continue to adopt opposite approaches when it comes to consent and legitimate interest as valid legal grounds for data processing in the framework of clinical research. Data protection compliance will therefore continue to require local check-ups.

  1. New opportunities for independent research

Recent regulatory changes in Italy are being implemented to foster independent not-for-profit research in the clinical area. The new regulations, which are about to be adopted, envisage new opportunities for the participation of private actors in independent research and allow not-for-profit research institutions to better exploit the results of their research. The potential for conflicts remain and caution should be exercised within public-private relationships, but there is hope that new paradigms of collaboration will see the light.

  1. A new world of evidence is out there

More and more projects in the clinical research field involve real world data and real world evidence, gathered in a number of different ways outside the rigid protocols of a controlled study, whether through medical devices or other data collection instruments. Real world data are key to understanding how treatments work in reality and developing new healthcare paths. However, both clinicians and private actors are operating in uncharted territories and the line between studies and alternative research projects is thinner than you may expect. Be mindful of the regulatory and compliance ramifications of these new powerful tools.