We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
The EU has extended its data adequacy agreement with the UK and Switzerland introduced new MCCs for international data transfers. Germany rolled out stricter medical device regulations, and the European Commission published model clauses for AI procurement. Meanwhile, Google and Microsoft launched healthcare AI tools, and The Lancet called for a certification framework for generalist medical AI systems. Lastly, French medtech Gleamer expanded into MRI through acquisitions, and we announced the formation of a new Advisory Board.
Regulations & Guidelines
UK-EU Data Transfers: Adequacy Extended (For Now)
On March 18, 2025, the European Commission proposed a six-month extension of its data transfer adequacy decisions with the UK, which were originally set to expire on June 27, 2025. This extension gives the UK time to finalize its draft Data (Use and Access) Bill. Once adopted, the Commission will reassess whether the UK continues to ensure adequate protection of personal data. The proposed extension will be valid until December 27, 2025, pending the opinion of the European Data Protection Board (EDPB).
Switzerland Expands Its Toolbox: New MCCs for International Data Transfers
Switzerland’s FDPIC has introduced new Model Contractual Clauses (MCCs) for international personal data transfers, aligning with Convention 108+ standards. These clauses, structured in three modules adopted between 2023 and 2024, address various transfer scenarios between controllers and processors. The FDPIC now officially recognizes these MCCs as valid transfer mechanisms under Article 16(2)(d) of the revised Swiss FADP.
Germany’s updated Medical Devices Operator Ordinance (MPBetreibV), effective February 20, 2025, expands its scope to include non-medical purpose devices like bodyforming tools and IPL machines. It introduces new terminology, stricter IT security obligations, and formalizes requirements for software updates and training. Both manufacturers and operators must now align their processes with the new standards, including mandatory cybersecurity checks and regulated reprocessing of single-use devices.
EHDS FAQ Published: Shedding Light on the EU’s Health Data Revolution
On March 5, 2025, Regulation 2025/327 establishing the European Health Data Space (EHDS) was officially published in the EU Official Journal, marking the conclusion of its legislative journey. To support implementation and clarify key aspects of this ambitious initiative, an FAQ has also been released, addressing the most common questions surrounding the regulation and its impact across the EU health ecosystem.
AI Procurement: Commission Releases Model Clauses Ahead of AI Act Implementation
The European Commission has released new Model Contractual Clauses (MCCs) for AI procurement, tailored to distinguish between high-risk and non-high-risk systems. These clauses, aimed at public bodies, address obligations such as transparency, data access, and human oversight, aligning with the AI Act’s upcoming requirements. As interim tools, they are meant to be annexed to contracts but exclude commercial terms like IP, payment, or liability.
Google Doubles Down on Digital Health with New AI Tools
Google has unveiled a suite of new AI-driven healthcare products, including enhanced health search features, medical records APIs, and drug discovery models like TxGemma. The company also introduced user-experience-based suggestions in Search and health-tracking features for Pixel Watch 3. These launches signal Google’s deepening investment in digital health and AI-powered medical innovation.
AI agents—autonomous tools that go far beyond assistants like Siri—are gaining momentum, with major tech players driving development and healthcare companies already deploying them for admin and clinical tasks. Their future potential includes analyzing medical records, suggesting diagnoses, and navigating treatment plans, but adoption still faces hurdles like cost, infrastructure, and regulatory clarity. Despite the challenges, over 80% of organizations are expected to integrate AI agents within the next three years.
Google Launches TxGemma: Open AI Models for Drug Discovery
At a recent health event in New York, Google unveiled TxGemma, a suite of open AI models designed to accelerate drug discovery by analyzing text and molecular structures. Part of its Health AI Developer Foundations program, the models are expected to launch later this month. However, details around licensing and commercial use remain unclear for now.
Establishing a Certification Pathway for Generalist Medical AI Systems
The Lancet highlights the need for a structured evaluation and deployment framework for generalist medical AI systems capable of performing a broad range of tasks. Drawing inspiration from the rigorous education and training processes of medical professionals, the article suggests that a similar, staged approach could be applied to certify these AI systems, ensuring their reliability and safety in clinical settings.
Gleamer Moves Into MRI: AI Imaging Pioneer Expands with Strategic Acquisitions
French medtech startup Gleamer is entering the MRI space by acquiring Pixyl and Caerus Medical, accelerating development without starting from scratch. Known for its AI tools in X-rays and mammographies, Gleamer’s solutions are already deployed in 2,000 institutions across 45 countries. With this move, the company aims to tackle the complex challenges of MRI and solidify its position as a global leader in AI-powered diagnostic imaging.
Microsoft Unveils Dragon Copilot: Voice AI to Transform Clinical Workflows
Microsoft has announced Dragon Copilot, a unified voice AI assistant that merges Dragon Medical One with DAX Copilot to streamline clinical documentation and reduce administrative burden. Launching in May 2025 across six countries, it integrates with EHRs, supports real-time medical searches, and is built on Microsoft Cloud for Healthcare with strong data privacy safeguards. The tool aims to enhance efficiency, reduce clinician burnout, and improve patient care through secure, AI-powered automation.
iliomad Health Data is proud to have partnered with SOPHiA GENETICS on the UNITY Project—an ambitious initiative to create a global network of healthcare institutions contributing to a high-quality, real-world multimodal dataset. We were honored to support SOPHiA GENETICS in designing the compliance framework, ensuring the project aligns with the highest regulatory standards. Here is our chat with Paul Chilo - Director, Governance, Risk & Compliance at SOPHiA GENETICS.
We’re incredibly excited to welcome a brilliant group of minds to our team with the formation of our Advisory Board.
Please join us in welcoming:
• Eric Boroian, Investment Analyst at Harris Associates, where he helps manage over $100 billion in assets, with a focus on European markets.
• Jakub Klimes, an expert in scaling operations across high-growth companies, including MindMed, which he helped take public on NASDAQ.
• Bernard Kirsch, Managing Director at L’Oréal, where he leads digital trust initiatives.
We’re proud to have such exceptional advisors supporting our next chapter of growth.
Seamus Larroque
CDPO / CPIM / ISO 27005 Certified
Share
Copy to clipboard
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
April brought major updates in data transfer, AI regulation, and healthtech innovation—including EU adequacy extensions, new AI tools, and iliomad’s Advisory Board launch.
Regulators in Europe and the UK advance AI governance, data protection, and cybersecurity, while healthtech innovations like Owkin and Apple reshape digital healthcare.
In this edition, we cover major regulatory shifts and AI advancements shaping healthcare and data security. The U.S. tightens HIPAA security rules, the EU rolls out the European Health Data Space (EHDS) for cross-border health data exchange, and new U.S. regulations restrict sensitive health data transfers to certain countries. Meanwhile, AI is revolutionizing healthcare, with Truveta’s 10M-volunteer Genome Project, Owkin’s AI-powered drug development, and AI-driven medical scribes making waves—though accuracy concerns remain. On the data privacy front, GDPR fines have soared to €5.88B, with Ireland leading at €3.5B, and the UK ICO reports 36K data complaints and £1.27M in fines, highlighting ongoing challenges in digital security.