Skip to main content
|

Add a bookmark to get started

Bookmarks info
7 November 202410 minute read

Life Sciences News in Italy: October 2024

Regulatory

European Parliament urges revision of MDR and IVDR

On 23 October 2024, the European Parliament adopted Resolution 2024/2849 (Resolution) calling on the European Commission to propose delegated and implementing acts to Regulation (EU) 2017/745 on medical devices (MDR) and Regulation (EU) 2017/746 on in vitro diagnostic medical devices (IVDR). The Resolution stresses the need to address relevant challenges and calls for a simplification of regulatory processes, as well as enhancing transparency, while ensuring patient safety. The Resolution also addresses medical device shortages, advocates for avoiding unnecessary re-certifications, and seeks for a clear definition of "orphan devices". Additionally, the Resolution calls for full EUDAMED implementation to improve market transparency and stresses the importance of providing adequate transition periods for regulatory changes.

European Commission issues Q&A on obligations when supply of certain devices is interrupted or discontinued

On 30 October 2024, the European Commission issued Q&A addressing practical aspects related to the implementation of the Art. 10a obligation in case of interruption or discontinuation of supply of certain devices as introduced by Regulation (EU) 2024/1860, which amends Regulation (EU) 2017/745 (MDR) and Regulation (EU) 2017/746 (IVDR). The Q&A clarify that manufacturers should inform economic operators, health institutions, healthcare professionals, and competent authorities of any supply interruption or discontinuation at least six months in advance. Manufacturers are encouraged to provide this information even earlier, especially for planned discontinuations. If exceptional circumstances prevent manufacturers giving six months' notice, they should notify relevant actors without undue delay.

MDCG updates Guidance on application of MDR to legacy and old devices

On 16 October 2024, the Medical Device Coordination Group (MDCG) updated its Guidance on the application of Regulation (EU) 2017/745 (MDR) to "legacy" devices, ie devices certified under Directives 90/385/EEC or 93/42/EEC and placed on the market after the date of application of the MDR, as well as to "old" devices, ie devices placed on the market before this date. The Guidance has been revised to incorporate changes from Regulation (EU) 2023/607, which amends the transitional provisions for specific medical and in vitro diagnostic devices. An annex to the Guidance provides a table outlining MDR requirements applicable to legacy devices.

European Commission adopts rules for cooperation with EMA under HTA Regulation

On 18 October 2024, the European Commission adopted the Implementing Regulation outlining the rules for cooperation with the European Medicines Agency (EMA) under the Health Technology Assessment (HTA) Regulation. It governs information sharing for joint clinical assessments and scientific consultations, the identification of patients and experts for joint procedures, and addresses scientific and technical matters. The Implementing Regulation also addresses the security and confidentiality of information exchanged between the EMA and the Member State Coordination Group on HTA. This is the second of six acts required before the HTA Regulation comes into effect on 12 January 2025.

AIFA updates instructions to submit applications for parallel import authorizations

On 11 October 2024, the Italian Medicines Agency (AIFA) updated the instructions and forms for submitting applications for new parallel import authorizations. Additionally, AIFA revised the guidelines for submitting variation applications when adding or replacing a secondary packaging site or modifying the repackaging procedure.

MoH issues payment notice for the annual fee of 0.75% of revenue from the sale of medical devices

On 1 October 2024, the Italian Ministry of Health (MoH) issued a payment notice requiring companies in the medical device sector to pay the annual fee of 0.75% of their revenue from the sale of medical devices and in vitro diagnostic devices to the National Health Service. This payment must be made between 1 November and 31 December 2024, according to the procedure established by the Ministerial Decree of 29 December 2023. This fee funds the Medical Device Governance Fund, which supports activities for governing medical devices.

EMA launches public consultation on revised Policy 0044 on handling competing interests

On 10 October 2024, the European Medicines Agency (EMA) launched a public consultation on its revised policy on handling competing interests of scientific committee members and experts (Policy 0044). Stakeholders can submit feedback until 10 November 2024. The revised Policy 0044 aims to strengthen impartiality by implementing stricter rules for experts with current interests in a product and applying the same limitations to experts with an interest as principal investigator and investigator. It also expands conflict-of-interest rules to the medical device industry, disqualifying experts with current roles in this sector from EMA activities. The EMA plans to adopt the final policy by the end of 2024.

MDCG updates Guidance on borderline between medical devices and medicinal products

On 29 October 2024, the Medical Device Coordination Group (MDCG) updated its Guidance on the borderline between medical devices and medicinal products. The Guidance provides several definitions and examples, including on products specifically intended for cleaning, disinfecting, or sterilising medical devices.

EMA and HMA launch public consultation on the strategy for 2025-2028

On 3 October 2024, the European Medicines Agency (EMA) and the Heads of Medicines Agencies (HMA) launched a public consultation on the draft joint EU network strategy 2025-2028. The updated strategy revises the original five-year plan (EMANS 2025) to reflect recent regulatory and technological changes, including revision of the pharmaceutical legislation and progresses in AI. The strategic focus areas for 2028 include improving pathways for medicine access in EU healthcare systems and fostering a regulatory environment that enhances innovation and competitiveness of the EU's healthcare sector. The EMA and HMA plan to adopt the strategy by March 2025.

 

WCC/Compliance

Italian customs reform extends 231 liability for criminal offences related to excise duties (accise) and introduces new penalties for legal entities

On 3 October 2024, Legislative Decree 141/2024 reforming customs legislation in Italy (Decree) was published in the Official Gazette. By amending Art. 25-sexiesdecies of Legislative Decree 231/2001, the Decree introduces offences concerning excise duties (accise) provided by Legislative Decree 504/1995 among the predicate offences of corporate criminal liability. Moreover, the Decree provides for additional disqualifying sanctions for legal entities convicted of customs / excise duties offences in the most serious cases. This reform requires legal entities to assess its impacts and determine if their 231 Models need to be updated.

 

Data, Privacy and Cybersecurity

Legislative Decree implementing NIS2 Directive published in the Official Gazette

On 1 October 2024, Legislative Decree 138/2024 implementing Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the union (NIS2 Directive) was published in the Official Gazette. Asides from enhanced reporting for significant incidents, increased enforcement, and new personal liability for management, one of the key differences between NIS2 and its predecessor Directive (EU) 2016/1148 is its significantly enhanced scope. Among the 18 industries now listed are healthcare providers, including pharmaceutical manufacturers and entities providing research and development of medicinal products, as well as manufacturers of medical devices. The Legislative Decree entered into force on 16 October 2024. For further details read our article.

Agenas reopens deadline for implementing AI healthcare platform

On 9 October 2024, the National Agency for Regional Healthcare Services (Agenas) announced the reopening of the deadline for the implementation of the Artificial Intelligence Platform to support primary healthcare. Agenas had temporarily suspended the tender process as a precautionary measure in response to a request from the Italian Data Protection Authority (further information on this topic is available in our January Newsletter). The overall goal of the project is to support the diagnosis and treatment activities of physicians engaged in healthcare. The deadline for submitting bids is 18 November 2024 at 12:00 noon.

EDPB publishes guidelines on legitimate interest

On 9 October 2024, the European Data Protection Board (EDPB) published the Guidelines 1/2024 on processing of personal data based on Art. 6, par. 1, lett. (f) GDPR which are under public consultation until 20 November 2024. The Guidelines are designed to help organizations of any industry determine whether they can invoke legitimate interest as a valid legal basis to process personal data. The Guidelines stress that identifying a legitimate interest alone is not sufficient. Organizations also have to ensure that the processing of personal data is strictly necessary for pursuing that interest and that it does not override the interests or fundamental rights and freedoms of the individuals. The Guidelines lay out a three-step assessment process for determining whether legitimate interest is applicable.

EDPB publishes opinion on reliance on processors and sub-processors

On 9 October 2024, the European Data Protection Board (EDPB) published the Opinion 22/2024 on certain obligations following from the reliance on processor(s) and sub-processor(s). The Opinion affects organizations of any industry acting as controllers of personal data. In particular, the Opinion addresses questions on the interpretation of certain GDPR duties of data controllers relying on processors and sub-processors and the wording of controller-processor contracts.

Italian DPA sanctions a company for accessing former employees' email accounts

On 22 October 2024, the Italian Data Protection Authority (Italian DPA) published a decision sanctioning a company for accessing email accounts of former employees after their employment ended. The violations pertain to principles of lawfulness, data minimization, and storage limitation, as well as labour law regulations on remote monitoring. This issue arose from a complaint filed by a former employee reporting that the company accessed their email account to collect evidence in a legal dispute involving alleged trade secret misappropriation. The Italian DPA imposed a fine of EUR80,000, along with a prohibition on further processing of the data collected via the company’s email backup software.

Italian DPA sanctions company for not addressing known vulnerability

On 22 October 2024, the Italian Data Protection Authority (Italian DPA) published a decision sanctioning a company for not addressing a known vulnerability, which led to a ransomware attack in August 2023. The attack compromised personal data of 25,000 individuals, including employees and business contacts, with sensitive information later posted on the dark web. Despite prior alerts, the company failed to update its systems, violating data protection standards. Additionally, incomplete breach reporting by the company delayed the Italian DPA's investigation. In addition to fining the company EUR900,000, the Italian DPA also mandated it to perform a full vulnerability assessment and implement an improved risk management plan.

EDPB publishes final Guidelines on Technical Scope of Art. 5, par. 3 of ePrivacy Directive

On 16 October 2024, the European Data Protection Board (EDPB) published the final version of the Guidelines 2/2023 on Technical Scope of Art. 5, par.3 of ePrivacy Directive, following a period of public consultation. These comprehensive Guidelines clarify how Art. 5, par. 3 of the ePrivacy Directive applies to various technical solutions and practices. Notably, the document outlines three essential components for determining the applicability of Art. 5, par. 3: "information", "terminal equipment of a subscriber or user", and "gaining access to and storage of information". Each of these elements is examined, providing stakeholders with a deeper understanding of their implications and how to ensure compliance with the Directive.

 

Antitrust

CJEU rules on enforceability of GDPR before the civil judge when conduct amounts to an unfair commercial practice

On 4 October 2024, the Court of Justice of the European Union (CJEU) published its judgment in case C-21/23. The CJEU clarified that EU law allows competitors to bring an action before a civil court to challenge GDPR infringement on the ground that it constitutes an unfair commercial practice. In this case, the infringement concerned the lack of consent for processing personal data when ordering a medicine through an online marketplace. The CJEU also stresses that the data of pharmacists' customers, which is provided when ordering pharmacy-only but non-prescription medicines on an online marketplace constitute "data concerning health" within the meaning of Art. 4, par. 15, and Art. 9 GDPR. This interpretation expands the understanding of what constitutes "data concerning health", diverging from the Advocate General’s prior opinion (further information on this topic is available in our April Newsletter).

Print

Related capabilities

Life SciencesRegulatory and Government AffairsArtificial Intelligence and Data AnalyticsData, Privacy and CybersecurityLitigation, Arbitration and InvestigationsTaxTechnology
Privacy policyLegal noticesCookie policyModern slaveryWhistleblowingFraud AlertSitemap

DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper's structure, please refer to the Legal Notices page of this website. All rights reserved. Attorney advertising.

© 2024 DLA Piper