French medicines regulator produces first in Europe medical devices cybersecurity guidelines

By Harriet Fletcher, Delphine Marchal and Sarah Cowlishaw on Posted in Food & Drug Regulatory, Medical Devices, Privacy & Data Security

France’s medicines regulator, the Agence Nationale de Sécurité du Médicament et des Produits de Santé (ANSM), has released draft guidelines, currently subject to a public consultation, setting out recommendations for manufacturers designed to help prevent cybersecurity attacks to medical devices. Notably, the draft guidelines are the first instance of recommendations released by a national regulator in Europe that apply cybersecurity considerations specifically to medical devices. The full ANSM draft guidelines, ‘Cybersécurité des dispositifs médicaux intégrant du logiciel au cours de leur cycle de vie’ (‘Cybersecurity of medical devices integrating software during their life cycle’) published 19 July 2019, is available in French here, and in English here.

The draft guidelines note that while the European regulatory framework (the Medical Devices Regulation 2017/745 and In Vitro Diagnostic Medical Devices Regulation 2017 /746) has been modified “in line with technological developments” (e.g. “data exchange, monitoring, risk prediction and control software”) to include software within the definition of a medical device, and accompanying security and performance requirements specific to such medical devices incorporating software, the “[medical device and in vitro diagnostic medical device r]egulations do not explicitly refer to or elaborate on the notion of cybersecurity”. For the purposes of the guidelines, ‘cybersecurity’ is described as “the full set of technical or organisational measures set up to ensure the integrity and availability of a [medical device] and the confidentiality of the information held on or output by this [medical device] against the risk of targeted attacks.”  Continue Reading

UK regulator provides further ‘no deal’ Brexit guidance for medical devices regulation

By Katharina Ewert and Harriet Fletcher on Posted in Brexit, European Union, Food & Drug Regulatory, Medical Devices

On 26 February, the UK’s Medicines and Healthcare products Regulatory Agency (MHRA) published further guidance (available here) setting out the anticipated regulation of medical devices in the UK, should the UK leave the EU without a deal (Guidance).  This Guidance will apply from ‘exit day’ (expected to be 11 p.m. 29 March 2019) subject to the (currently draft) Medical Devices (Amendment) (EU Exit) Regulations 2019 (UK MDR 2019) (available here) being passed by UK Parliament. This latest Guidance follows on from the MHRA’s previous ‘no deal’ scenario further guidance note in January regarding medicines, medical devices and clinical trials regulation (available here).

  1. Legislative Background

The Medical Devices Regulations 2002 (UK MDR 2002) implement Directives 90/385/EEC, 93/42/EEC and 98/79/EC on active implantable medical devices, medical devices, and in vitro diagnostic medical devices (IVDs), respectively (EU Directives) into UK law.  Pursuant to the European Union (Withdrawal) Act 2018, the UK MDR 2002 will continue to apply.

Continue Reading

European Commission publishes Letter on Exemption allowing for UK Batch Testing post-Brexit

By Grant Castle and Katharina Ewert on Posted in Brexit, European Union, Food & Drug Regulatory, Medicinal Products, Pharmaceutical companies

On 21 February 2019, the European Commission wrote to the European Medicines Agency (“EMA”) and the Heads of Medicines Agencies of the EU-27 Member States concerning the acceptability of UK batch testing after Brexit (see the letter here).  The letter seeks to address concerns that a number of pharmaceutical companies will not have been able to adjust their pharmaceutical supply chains to provide for quality control testing and batch release of product in the EU-27 and to reflect these changes in relevant marketing authorizations in time for a no-deal Brexit if that occurs on 29 March 2019.  The Commission gives EU-27 (or EEA-30) regulators scope to accept the results of quality control and batch release testing in the UK, provided that marketing authorization holders (“MAHs”) submit valid requests for an exemption before 29 March 2019.

The UK will become a third country vis-à-vis the EU-27 at midnight CET on 29 March 2019, unless the parties agree an extension under Article 50 of the Treaty on European Union or a transitional period, e.g., by ratifying the Withdrawal Agreement.

This means that the rules for imports from third countries will apply to medicines  entering the EU-27 from the UK.  Specifically, Directives 2001/82/EC and 2001/83/EC require that: (a) medicinal products imported from third countries undergo quality control testing in the EU/EEA; and (b) the qualified person within an appropriately authorized batch release site within the EU/EEA batch releases the product onto the EEA market.

The Commission’s letter allows competent authorities to permit MAHs, manufacturers and importers of medicinal products coming from third countries “in justifiable cases” to have third parties carry out certain controls (Article 20(b) of Directive 2001/83/EC and Article 24(b) of Directive 2001/82/EC).  With this in mind, competent authorities may grant MAHs an exemption allowing them to rely on UK quality control testing for a limited period after Brexit.  The exemption is subject to the following conditions:

  1. A batch release site in the EU27 is identified by the marketing authorisation holder by the withdrawal date.
  2. The batch release site is supervised by a qualified person established in the EU27 by the withdrawal date.
  3. The establishment designated by the third party conducting the quality control testing may be verified by a competent authority of the EU27, including on the spot checks.
  4. All necessary steps have been taken to prepare the transfer of the quality control testing site from the United Kingdom to the EU27.

MAHs must notify their intention to rely on the exemption immediately and in any event before 29 March 2019 either to their national competent authority or to the EMA  for centrally authorized products:

“In the notification the marketing authorisation holder must:

  • specify the batch release site in the EU27.
  • confirm that the qualified person established in the EU27 is responsible for the quality control testing site in the United Kingdom.
  • confirm and set out their precise timetable for transfer of the quality control testing site (which should allow the process to be completed quickly and in principle by the end of 2019 at the latest).
  • specify the period of time and batches (packs and quantities) that are requested to be exempted. This should be strictly restricted to what is necessary.
  • commit to providing batch testing results for those batches from the existing facilities within the United Kingdom.
  • transfer samples of those tested batches together with the testing results to the batch release site in the EU27 in due time to make them available for inspection.”

Under this special procedure, which falls outside the scope of the Variations Regulation (EC) No. 1234/2008, the EMA or national competent authority will assess the notification and if justified, grant the exemption “for the time period strictly necessary and for the specific batches identified.”  The relevant authority will notify the MAH about the grant of the exemption in writing.  The MAH shall provide a copy of the confirmation to the competent authority responsible for the batch release site.  The effect of the exemption is that the qualified person may batch release UK-control tested products for the EU-27 (or EEA-30) market.

In the absence of an exemption, products entering the EEA-30 from the UK must undergo both control testing and batch release in the EU/EEA before they can be placed on the those markets.  In this context, the Commission also reminds MAHs of their obligation to notify any anticipated disruption of supply two months in advance.  This means, if companies anticipate Brexit-related supply issues, they should notify the relevant competent authorities now.

This exemption would not apply if the EU-27 and the UK are able to ratify the Withdrawal Agreement.  The terms of that Agreement provide for a transitional period until the end of 2020, during which the medicines regime will continue to apply to and in the UK.  Thus, MAHs could continue to rely on UK quality control testing during such a period.

Reconciling Personalized Nutrition with the GDPR

By Brian Kelly and Kristof Van Quathem on Posted in Food & Beverage

As with anything personalized, be it advertising, medicines or training schedules, also personalized nutrition — using information on individual characteristics to develop targeted nutritional advice, products, or services — risks being affected by the feared GDPR.  Kristof Van Quathem discusses the topic in Vitafoods’ Insights magazine of January 2019, available here.

European Data Protection Board releases Guidance on Intersection of the GDPR and the Clinical Trials Regulation

By Kristof Van Quathem on Posted in Food & Drug Regulatory, Healthcare system, Pharmaceutical companies, Privacy & Data Security

The European Data Protection Board (“Board”) released an opinion on January 23, 2019, on the intersection between the EU General Data Protection Regulation (“GDPR”) and the Clinical Trials Regulation (“CTR”).  The opinion considers a Q&A on this topic prepared by the European Commission’s Directorate General for Health.  The Directorate General decided to create this Q&A because of perceived contradictions between the GDPR and the CTR, in particular in relation to the legal basis (e.g., the use of consent) and the further use of clinical trial data. (See also here). Continue Reading

Proposed Changes to UK Allergen Labelling Law

By Brian Kelly and Caecilia Dance on Posted in Food & Beverage, Food & Drug Regulatory

Introduction

The Department for Environment, Food & Rural Affairs (“DEFRA”) has announced a consultation regarding proposed changes to allergen labelling laws for food prepacked for direct sale in the UK.

This follows the death of Natasha Ednan-Laperouse in July 2016, which was the result of an allergic reaction after consuming a baguette from Pret a Manger that contained sesame seeds. The coroner’s inquest in September 2018 found that Pret’s allergen labelling system was “inadequate”, as the allergen stickers on food display units (which instructed consumers to ask staff for details of allergens) were not sufficiently visible. In response, Environment Secretary Michael Gove promised an overhaul of allergen labelling law to avoid such incidents in the future. The current consultation follows Gove’s meeting with retailers, specialists and allergy groups in December 2018.

Current Position

Currently, allergen labelling in the UK is covered by the Food Information Regulation 1169/2011 (“Food Information Regulation”). The Food Information Regulation states that prepacked food must include allergen information either on the packaging or an attached label. Food business operators (“FBOs”) also have to provide allergen information for non-prepackaged food (i.e., food offered for sale without prepackaging, or packed on sales premises at the consumer’s request or prepacked for direct sale).

However, FBOs can provide allergen information for non-prepackaged food by any means they choose. The Regulation leaves it open to Member States to impose stricter allergen labelling measures. Some Member States have taken a more restrictive approach. In France, for example, allergen information for non-prepacked food must be in writing, on the food itself or close to it, in a way that excludes any uncertainty. In Ireland, all allergen information must be provided to consumers in writing, at the point of presentation, sale or supply. In contrast, the UK gave FBOs more freedom, allowing them to make allergen information for non-prepacked food available by any means they choose, including orally.

Continue Reading

The Implications of the GDPR on Clinical Trials in Europe

By Kristof Van Quathem on Posted in European Union, HEALTH PRIVACY, Pharmaceutical companies, Privacy & Data Security

On October 22, 2018, the European Federation of Pharmaceutical Industries in cooperation with the Future of Privacy Forum and the Center for Information Policy Leadership organized a workshop entitled “Can GDPR Work for Health Research.”  In the first session, the workshop discussed the implications of the General Data Protection Regulation (“GDPR”) on clinical trials in the EU.  The second session was devoted to further use of health data for scientific research.  Among other things, this session discussed the relationship between the Clinical Trials Regulation (“CTR”) and the GDPR.

The CTR appears to subject further use of clinical trial data (i.e., any use outside the protocol) to consent.  In a note available here, we point out that such a reading is overly restrictive.  At the very least, the derogations in the GDPR for the use of health data for scientific research without consent should continue to apply.

UK Government Issues “No Deal” Brexit Notices for the Food & Beverage Sector

By Brian Kelly, Maree Gallagher, Bart Van Vooren, Katharina Ewert and Caecilia Dance on Posted in Brexit, Food & Beverage, Food & Drug Regulatory

Over the past months, the Government has regularly  posted technical guidance notices on what it calls a “no deal” Brexit, i.e., a scenario in which the UK and the EU will not reach an agreement and the UK will become a third country on 29 March 2019.  The UK Government has now published four notices addressed specifically to UK food and beverage producers outlining its plans for a no-deal Brexit.  The notices emphasise that the Government believes a no-deal scenario is unlikely, and essentially summarise the Government’s policy decision on certain key issues.  Key areas covered by the notices include geographical indications, food labelling and exports of food containing ingredients of animal origin.  These are discussed further below.

Geographical indications (“GIs”)

The Government indicates that it is keen to protect UK products that benefit from a GI, and if no agreement is reached then it intends to set up its own GI scheme.  The Government argues that it will “broadly mirror the EU regime and be no more burdensome to producers”.  Businesses will have to wait until early 2019 for detailed guidance on what it will involve, but the notice confirms the following:

  • The scheme will be compliant with the World Trade Organisation (“WTO”) Agreement on Trade-Related Aspects of Intellectual Property Rights (“TRIPS”).
  • All 86 UK GIs currently protected under the EU scheme will automatically be given new UK GI status.
  • The UK would not have to recognise EU GI status anymore.

Producers will need to adjust product packaging/labelling to include the new UK GI logo.

It is unclear whether, following a no-deal Brexit, current UK GIs would still be protected under the EU regime.  The UK Government assumes that existing UK GIs “will continue to be protected by the EU’s GI schemes”, but this is not guaranteed.  If current UK GIs are not protected under the EU regime after 29 March 2019, then UK producers wishing to regain EU GI status will need to submit applications to the European Commission as third country producers.  The notice also highlights that companies should consider applying for EU Collective Marks or EU Certification Marks through the EU Intellectual Property Office (“EUIPO”) or the World International Property Organisation (“WIPO”).

The Government has recently launched a consultation for its proposed GI scheme. Responses may be submitted until 1 November 2018 on the DEFRA website.

Food labelling

The Government’s no-deal Brexit notice on food labelling raises two main issues.

First, labels on products manufactured in the UK would no longer fall within the scope of “EU” as a descriptor of origin.  This applies to both products sold in the UK and the EU.

Second, food products sold in the EU are required to include on the label the name and address of a responsible food business operator (“FBO”) which must be located in an EU Member State, or failing that, the details of the relevant importer.  In case of a no-deal Brexit, food sold in the UK must bear the details of either a UK-based FBO or the UK importer.  Similarly, food sold in the EU-27 must bear the details of an EU FBO or the relevant EU importer.

The Government intends to consult with stakeholders on the wider implications.  There will be a six month transitional period during which companies are still permitted to sell products labelled with an EU FBO.  Similarly, goods already labelled and placed on the market with only an EU FBO address may be sold until stocks run out.

Foods containing products of animal origin

Currently, most foods containing products of animal origin do not require any certification to be exported from the UK to other EU Member States, and vice versa.  However, following a no-deal Brexit, UK producers wishing to export foods containing animal products to the EU would need to obtain an Export Health Certificate (“EHC”) from the Animal and Plant Health Agency (“APHA”); or in Northern Ireland, the Department of Agriculture, Environment and Rural Affairs (“DAERA”).  The Government is working on simplifying the EHC application process and ensuring that there is “enough capacity amongst appropriately trained veterinarians or authorised signatories to approve the additional certificates”.  Stakeholders will be informed of any changes to the existing process.

In addition, in a no-deal Brexit scenario all exports of UK food containing animal products to Member States would have to be inspected and signed off at an (approved) Border Inspection Post within the EU, in order to permit onward travel.  The establishment in the UK from which the food of animal origin is prepared, obtained, or dispatched, must also be included in the list of registered establishments held by the European Commission.

A no-deal scenario therefore poses expensive and time-consuming regulatory hurdles for UK producers of food containing animal products.  Moreover, the EU will need to grant the UK listed third country status, otherwise no exports from the UK to the EU can take place.  The UK Government intends to apply for listed third country status and is confident that the EU will grant it, but the timing for this is uncertain.

Requirements for UK businesses exporting to third countries outside the EU should not change, other than the wording of the documentation which would have to reflect the fact the UK was no longer an EU Member State.  Such changes in wording would have to be agreed with the destination country.  DEFRA “will work to agree updates for all existing EHCs, prioritising the countries to which the UK exports the highest volumes”.

Tariffs and customs duties

The no-deal notices do not directly address tariffs and customs issues relating to food and beverage producers, but the Government has issued general guidance about what tariffs and customs would look like in the event of a no-deal Brexit.  Trade with the EU will be on WTO terms.  Currently the UK is part of the EU’s WTO Schedule of Concessions annexed to the General Agreement on Trade in Goods (“GATT”).  The UK and the EU reached an agreement which proposed that the UK would largely replicate the EU’s GATT Schedule, with tariff-rate quotas (“TRQs”) that largely affect agricultural and food products to be apportioned between the EU and the UK.  A number of WTO Members have challenged this approach, and we can expect to see further development in this area over the coming months.

The general notice highlights that in the case of a no-deal Brexit, the UK would not be able to trade with EU Member States on more favourable terms (than the WTO Schedules) until a separate free trade agreement was implemented.  The EU will therefore require payment of customs duty at the rate under the EU’s Common Customs tariff (“CCT”).  For EU goods imported into the UK, the UK will require a payment of customs duty at the rate set by the UK Government.  HM Treasury is set to establish a new UK trade tariff.

Conclusions

The notices restate the principle of the European Union (Withdrawal) Act 2018 that any existing EU legislation will be transposed into UK domestic law on the day before Brexit.  Government Ministers will then pass Statutory Instruments to address any gaps that might result from the transposition.  These should hopefully bring the required clarity.  Although the Government has indicated in these notices that it thinks a “no deal” scenario is unlikely, producers should ensure that they are well-prepared given the current uncertainty.  In the short term, supply chain disruption is likely to be the most pressing issue for producers, but they will also need to consider how to approach issues around labelling, GIs, and manufacturing standards.  Food and drink producers will need to bear in mind that the UK Government may make unilateral deviations from EU labelling rules, considering for instance the Government’s proposed review of allergen labelling on food products.  Such unilateral deviations would lead to increased costs and be likely to give rise to legal issues in the future.  Food and beverage producers not accustomed to dealing with non-EU/global tariffs will also need to find relevant expertise to help them deal with navigating the complex system of tariffs outside the EU.

Sources

“Producing food products protected by a ‘geographical indication’ if there’s no Brexit deal”

“Producing and labelling food if there’s no Brexit deal”

“Exporting animals and animal products if there’s no Brexit deal”

The Commission’s Proposal on Health Technology Assessment – Will the EU Member States Accept its Mandatory Provisions?

By Lucas Falco on Posted in Food & Drug Regulatory, Medical Devices, Medicinal Products

This article was originally posted on our sister blog Global Policy Watch

Introduction

Health technology assessment (“HTA”) is a multidisciplinary assessment process that seeks to evaluate the added therapeutic value of health technologies (i.e., drugs, certain medical devices, medical treatments including surgical procedures, and measures for disease prevention and diagnosis) based on both clinical and non-clinical elements.  Until now, HTA has strictly fallen in the purview of EU Member States; they have cooperated among themselves in this field for more than 20 years on a purely voluntary basis.  This has led to initiatives such as EUnetHTA, which is a network of national HTA bodies, and its various Joint Actions.  Article 15 of the Cross-Border Healthcare Directive (Directive 2011/24) also provides for that national bodies responsible for HTA should cooperate on a voluntary basis.  Gradually, these various actions have developed common criteria for the performance of HTA at national level.  For example, the last “Joint Action 3” of EUnetHTA seeks to define common assessment methodologies, develop common ICT tools, and conduct and produce joint clinical assessments and HTA reports.

EU Member States have acknowledged the significant role that HTA plays and called on the European Commission to continue to support such initiatives (see, e.g.Council conclusions of December 6, 2014, on innovation for the benefit of patients).  However, in a resolution of March 2, 2017, the European Parliament went a step further and called on the Commission to propose legislation on health technology assessment at the EU level to provide transparent and harmonized criteria to evaluate the added therapeutic value of drugs and other health technologies. Continue Reading

German government has started enforcement of the Nagoya Protocol and reviews compliance of pharmaceutical companies

By Dr. Dr. Adem Koyuncu and Bart Van Vooren on Posted in Food & Beverage, Food & Drug Regulatory, Medicinal Products, Pharmaceutical companies

The “Nagoya Protocol on Access to Genetic Resources and the Fair and Equitable Sharing of Benefits Arising from their Utilization to the Convention on Biological Diversity” is an international agreement which aims at sharing the benefits arising from the utilization of genetic resources in a fair and equitable way. It entered into force on 12 October 2014.

The Nagoya Protocol imposes a complex set of multi-jurisdictional compliance obligations on businesses active in the pharmaceutical, food, cosmetics and other life science sectors. It now has more than 100 contracting parties, including the EU. The key legal source in the EU is Regulation (EU) No. 511/2014 on compliance measures for users from the Nagoya Protocol on Access to Genetic Resources and the Fair and Equitable Sharing of Benefits Arising from their Utilization in the Union. Continue Reading

LexBlog