Demonstration
To process your request, we need to process your personal data. Find out more about the processing of your personal data here.

1. Introduction

Healthcare in Europe is entering a new phase of digital transformation. Electronic health records, telemedicine, artificial intelligence: health data is now at the heart of improving care and medical innovation.

Faced with the fragmentation of national systems, the European Union has launched the EHDS (European Health Data Space). Its objective is to enable secure, harmonized, and cross-border access to health data for both healthcare and research purposes.

For healthcare professionals, the EHDS represents a major change in medical data management. Understanding this new framework is becoming essential.

This article helps you understand the EHDS, its rules, its uses, and its practical implications for your practice.

2. What is the EHDS (European Health Data Space)?

The European Health Data Space (EHDS) is the European Union's first data space dedicated specifically to the health sector. It aims to create a unified digital ecosystem enabling the secure exchange and optimized use of health data across the 27 EU member states.

European Union flags in front of the Parliament illustrating the governance of the ehds

This ambitious project originated in a proposal by the European Commission presented on May 3, 2022. After extensive negotiations between the European Parliament and the Council of the EU, the regulation was published in the Official Journal of the European Union on March 5, 2025, and entered into force on March 26, 2025 (Official text).

The EHDS has three interrelated overarching objectives:

  • Improving access to data for healthcare: The EHDS makes it easier for citizens to access their own health data and allows healthcare professionals to consult their patients' medical information, even when it comes from other European countries. This cross-border interoperability improves continuity of care and the quality of treatment.
  • Facilitating research and innovation: By creating a harmonized framework for accessing anonymized health data, the EHDS opens up new opportunities for medical research, the development of innovative treatments, and the improvement of public health policies.
  • Promoting health data governance at European level: The EHDS establishes common standards for security, interoperability, and data protection, thereby creating an environment of trust for all stakeholders in the European healthcare system.

3. EHDS: a pillar of the European digital strategy

The EHDS is not an isolated initiative but is fully in line with the European data strategy adopted in February 2020. This strategy aims to create a single market for data in Europe, enabling the EU to become a global leader in the digital economy while preserving European values of privacy protection.

The EHDS is highly complementary to other recent European initiatives. The Data Governance Act (2022) establishes the general principles of data governance, while the Data Act (2023) defines the rules for accessing and using data. The EHDS builds on these foundations to develop rules specific to the healthcare sector.

This regulatory architecture ensures consistency between the various European texts. The EHDS complies with and supplements the General Data Protection Regulation (GDPR), adding specific provisions tailored to the specific nature of health data. It also draws on the NIS2 Directive for cybersecurity aspects and on various sectoral regulations such as the Clinical Trials Regulation.

This integrated approach enables Europe to develop a coherent vision of digital governance, where the protection of fundamental rights goes hand in hand with innovation and economic development.

4. The two main uses of data in the EHDS

The EHDS structures the use of health data around two main areas, each responding to specific needs and rationales.

4.1 Primary use of data (patient care)

Doctor holding a patient's hand in the context of trust established by the ehds

The primary use concerns the direct use of health data in the context of the care pathway. It aims to facilitate patients' access to their own data and improve the coordination of care, particularly in a cross-border context.

In practical terms, the EHDS gives European citizens quick and free access to their electronic health records, regardless of which Member State they are in. A French patient on a business trip to Germany will thus be able to authorize a German doctor to consult their French medical records in an emergency. This cross-border interoperability is based on the MyHealth@EU infrastructure, for which Sesali is the French entry point.

Primary use also strengthens patients' rights over their data. They can now:

  • View their data in a standardized European format
  • Allow or restrict access to certain parts of their file
  • Add personal health information
  • See who has viewed their data
  • Request corrections in case of errors

For healthcare professionals, this development means easier access to their patients' medical histories, better coordination between the various parties involved in the care process, and thus an improvement in overall patient care.

4.2 Secondary use of data (research, innovation, public policy)

Researcher analyzing health data in a laboratory for a project related to ehds

Secondary use refers to the reuse of health data for research purposes other than direct care: medical research, development of new treatments, epidemiological surveillance, public health policy development, or industrial innovation.

In this context, data is systematically pseudonymized or anonymized according to the needs of the project, and access to it is strictly regulated. Applicants—whether university researchers, pharmaceutical companies, or health authorities— must submit their projects to Health Data Access Bodies (HDABs), national organizations responsible for assessing the relevance and security of access requests.

The HealthData@EU research infrastructure enables secure networking between these national organizations, facilitating access to multi-country data for large-scale European research projects.

This pooling of resources is particularly valuable for the study of rare diseases, where the limited size of national populations is a major obstacle to research.

Ethical oversight remains a top priority. All data processing is carried out in secure environments, with strict pseudonymization and anonymization measures in place. Citizens retain an opt-out right, allowing them to refuse to have their data used for secondary purposes.

5. Who is affected by the EHDS?

The EHDS is transforming the European digital health ecosystem by involving a variety of stakeholders, each with their own specific characteristics and responsibilities.

Medical team collaborating on data usage within the framework of the ehds

Healthcare professionals are the first to be affected: general practitioners and specialists, pharmacists, nursing staff, hospitals, and testing laboratories. They will have to adapt their record systems to comply with European interoperability standards and integrate new tools for accessing cross-border data.

Patients and citizens enjoy enhanced rights over their health data. They become central players in the governance of their medical information, with the ability to finely control access to and disposal of data.

Public authorities and European agencies play a key role in governing and monitoring the system. This includes national health ministries, the Digital Delegation, agencies such as the EMA (European Medicines Agency) and the ECDC (European Centre for Disease Prevention and Control), as well as new structures created by the EHDS such as the HDABs (Health Data Access Bodies).

Researchers and innovative companies— universities, public and private research centers, biotechnology and medical technology companies—have access to new research opportunities thanks to richer and more diverse data.

Finally, healthcare software publishers and digital companies must adapt their solutions to ensure compliance with European interoperability and security standards. This transformation represents a significant technical challenge, but also an opportunity for competitive differentiation.

6. Concrete impacts for healthcare professionals

The EHDS is profoundly transforming professional practices in the healthcare sector, bringing both new opportunities and new responsibilities.

6.1 Changes in daily practices and access to data

New cross-border access tools

You will need to familiarize yourself with new tools such as the Sesali service, which already allows you to view European patient data.

Interoperability is becoming an essential skill, requiring adaptation of your work processes and electronic health record systems.

Physicians consulting electronic records as part of the ehds

Strengthened patient rights

Your patients have extensive rights over their health data. The timeframe for accessing health data has been reduced to 8 days, compared to 1 month under the GDPR . They can now request the portability of their data from one provider to another, restrict access to certain information, or request corrections. These new rights require you to adapt your administrative procedures and train your teams.

Opportunities for improving care

Access to more comprehensive and up-to-date high-quality data improves the quality of your diagnoses and prescriptions. The ability to view your patients' European medical history can reveal important information and prevent dangerous drug interactions. Research also benefits from richer data, accelerating the development of personalized treatments.

6.2 Technical and organizational challenges

Extended compliance obligations

Beyond the GDPR , the EHDS imposes technical standards for cross-border exchange and sharing obligations for secondary use. Organizations must comply with European standards for health data exchange and connect to the MyHealth@EU and HealthData@EU infrastructures .

Enhanced cybersecurity

The EHDS imposes high security standards, with requirements for encryption, strong authentication, and continuous monitoring. All data sharing takes place in secure environments, where sensitive data, including images, is either anonymized or pseudonymized to protect individual identities.

Required investments

This technical transformation represents a considerable investment in infrastructure and training. The success of the EHDS depends on the ability of national systems to communicate with each other, requiring the adoption of common technical standards and the harmonization of data formats.

These changes require support and preparation. Professional organizations and supervisory authorities will need to offer appropriate training programs to facilitate this transition.

7. Will the EHDS replace the GDPR

A crucial question arises for healthcare professionals who are already GDPR compliant GDPR GDPR compliance GDPR to be EHDS compliant? The answer is clear: no, GDPR compliance GDPR is not enough.

In an FAQ published on March 5, 2025, dedicated to the EHDS, the European Commission provided details on the relationship between these two regulations. The EHDS is based on the GDPR , but adds specific obligations for the healthcare sector.

Professionals analyzing the legal framework of the EHDs regulation in addition to GDPR

The GDPR the basis: The fundamental principles of personal data protection (minimization, Purpose, consent, individual rights) continue to apply in full.

The EHDS adds sector-specific rules: The EHDS supplements the GDPR four rules specific to the healthcare sector:

  • Technical interoperability standards: The EHDS imposes technical standards for cross-border exchange and connection to the MyHealth@EU and HealthData@EU infrastructures.
  • Strengthened patient rights: Access time reduced to 8 days (vs. 1 month GDPR), restricted access for certain professionals, and transparency regarding consultations.
  • Sharing obligation: Data holders must share electronic health data for specified secondary purposes – an obligation that does not exist in the GDPR.
  • Specific penalties: Fines of up to €20 million or 4% of turnover, in addition to GDPR penalties.

This complementarity GDPR creates new compliance requirements. Organizations must maintain their GDPR compliance GDPR adapting to the additional requirements of the EHDS. This dual compliance could become the standard in the European digital health market.

8. When will the EHDS come into effect? The rollout schedule

Calendar illustrating the phased implementation schedule for the ehds

Transition phase (2025–2027)

We are currently in the preparation and implementation phase. Although the regulation came into force on March 26, 2025, this does not mean that it applies immediately. This transition period allows Member States and healthcare stakeholders to prepare.

By March 2027, the European Commission must adopt several key implementing acts setting out detailed rules for the operational implementation of the regulation. At the same time, Member States must designate their national authorities and put in place the necessary infrastructure.

First phase of implementation (2027–2029)

In March 2029, significant parts of the EHDS regulation will come into force. This first phase will concern:

  • For primary use: exchange of the first set of priority categories of health data (patient records, electronic prescriptions, and electronic dispensing) in all EU Member States.
  • For secondary use: rules relating to secondary use will also begin to apply to most categories of data (those from electronic medical records, for example).

Next operational phases (2031–2035)

In March 2031, for primary use, the exchange of the second group of priority health data categories ( medical images, laboratory results, and hospital discharge letters) should be operational in all Member States.

Certain other categories of data, such as genomic data and other "-omic" data, will only be included as of March 26, 2031, marking the full entry into force of these provisions.

The full rollout of all features is expected to be completed by 2035, as established by a consortium of 17 European partners working on these digital health priorities (digital health authorities).

9. Six key points for preparing your organization for the EHDS

Checklist of steps for compliance with the European EHS regulation

Preparing for the EHDS requires a structured and proactive approach to ensure a successful transition to dual compliance with GDPR EHDS.

1. Stay informed

Follow legislative developments concerning the EHDS via reliable sources: the Department of Health, CNIL (National Commission for Information Technology and Civil Liberties), the European Commission, or our monthly Dipeeo newsletter.

2. Audit your information systems

Check whether your healthcare software:

  • Are interoperable with European standards
  • Comply with exchange standards (HL7, FHIR)
  • Enable traceability and consent management

Identify cybersecurity gaps and estimate the investments needed to comply with European standards.

3. Raise awareness and empower your teams

Involve your healthcare professionals (doctors, nurses, administrative staff) in discussions about secure data sharing and the proper use of digital technology in healthcare.

Define local data governance: who does what, when, and how in this new European initiative?

4. Strengthen data security

Update your cybersecurity protocols to meet EHDS standards: encryption, strict access controls, and continuous monitoring.

Prepare your internal documents: processing records, consent policies, portability procedures.

5. Collaborate with the right partners

Contact your software publishers to find out about their EHDS roadmap. Participate in local pilot projects related to health data.

At Dipeeo, we support organizations in their GDPR EHDS compliance efforts, thanks to our specific expertise tailored to the technical and legal challenges of this new framework.

6. Anticipate future obligations

Start building a health data culture in your institution now. By March 2027: European implementing acts will be adopted and HDABs designated.By March 2029: your systems must be operational for cross-border exchange.

10. Conclusion

The EHDS embodies Europe's ambition to use health data as a lever for improving healthcare, research, and innovation. By creating a unified and secure digital space, it opens up unprecedented opportunities for personalized medicine, collaborative research, and improved public health policies.

For healthcare professionals, this transformation represents a major opportunity to improve the quality of your practices and participate in European medical innovation. But it also entails new responsibilities in terms of data protection and technological adaptation.

The success of the EHDS will depend largely on your commitment and preparedness. The more you anticipate these changes, the more you will be able to benefit your patients and your organization. Use the current transition phase to learn, train, and gradually adapt your practices.

Remain vigilant on issues of trust and transparency: social acceptance of the EHDS is key to its success. As practitioners in the field, you play a key role in building this trust among your patients and society. The EHDS will only be a success if it benefits everyone: patients, professionals, and European citizens.

To go further:

Discover our webinar dedicated to the EHDS: YouTube link

EHDS webinar by expert lawyers Health Dipeeo
Anaïs Guilloton
Anaïs Guilloton

Marketing Manager - GDPR Expert