WHO Launches Global BioHub for Pathogen Sharing

On May 24, 2021, the World Health Organization (WHO) announced it singed an MoU with Switzerland to host the WHO’s first BioHub Facility, which is part of the new BioHub System first announced at the World Health Assembly in November 2020.

The stated purpose of the WHO BioHub is to set up a system that guarantees the timely sharing of biological material (e.g., clinical samples, specimens, isolates, cultures) for emerging pathogens, so as to ensure their faster identification and characterization and enable risk assessments and the rapid development of countermeasures (e.g., vaccines, diagnostics and therapeutics).

According to the WHO, the BioHub is needed because not all countries have the capacity to quickly perform sophisticated analysis on these pathogens. The Swiss biosafety laboratory in Spiez will be used for the safe receipt, sequencing, storage and preparation of the biological materials, which will be later distributed to other laboratories and entities.

In a briefing to the industry on May 17, 2021, the WHO further explained that the system is voluntary and that Member States will be free to decide whether they want to donate their biological materials to the BioHub Facility. The BioHub is not intended to replace any existing and future sharing agreements such as the Pandemic Influenza Preparedness Framework or the Nagoya Protocol on Access and Benefit-sharing. It will be up to the WHO Member States to donate their pathogens, and to provide for a transparent framework and clear conditions under which the materials are sent and can be received.

The BioHub system is projected to be based on a number of material transfer agreements (MTAs). First, the donating country will sign a standard MTA with the BioHub Facility. WHO’s intention is to draft a standard MTA (SMTA1) that will ensure that the sharing is for the public benefit of all humanity (and not merely a bilateral benefit sharing). Next, once the material is in the BioHub Facility, the latter will facilitate its transfer to the qualified entities (i.e., entities that have certain biosafety and biosecurity standards and consequently qualify as receiving entities). The BioHub Facility should then be able to transfer the material based on two types of SMTAs: one for non-commercial uses (SMTA2) and one for commercial uses (SMTA3). All these MTAs are still being drafted, and the difference between commercial and non-commercial is yet to be clarified.

In terms of timing, the BioHub will be rolled out in two phases. The first phase will last until the end of 2021. Within this timeframe the WHO expects to develop the SMTA1 and SMTA2 with the help of a core group of Member States that agreed to share their pathogens. The WHO will also test the feasibility of the system through the sharing of SARS-CoV-2 variants (only). In the second phase, starting in 2022, the WHO will develop the SMTA3 and endeavor to extend the system to other laboratories (not only in Switzerland) and to newly emerging, highly hazardous pathogens with endemic or pandemic potential.

Companies active in developing vaccines, diagnostics and treatments relating to infectious diseases are well advised to closely monitor the WHO BioHub.


Major Cyber-Attack on Irish Health System Causes Commercial Concern

On May 20, 2021 there was a major ransomware attack on the Irish health system.  The centralized HSE (Health Service Executive) which provides and manages healthcare for the Irish population was targeted on May 14, and has seen significant disruption since.  It has described the attack as a ‘zero-day threat with a brand new variant of the Conti ransomware.’

Continue Reading

European Commission outlines Strategy on COVID-19 Therapeutics

On 6 May 2021, the European Commission published its “EU Strategy on COVID-19 Therapeutics” (the “Strategy”).  With the vaccination programme now under way, the EU is shifting focus towards the development, approval and procurement of COVID-19 therapeutic products.  The Commission intends to build on the experience from the EU vaccines strategy.  In particular, the aim is to have three new therapeutics available by October 2021 and possibly two further products by the end of the year.

The Strategy touches on a number of key areas for both biotechnology and pharmaceutical companies operating in the space:

  • Research and development: The Commission plans to set up a COVID-19 ‘therapeutics innovation booster’ by July 2021 to develop a clear overview of the COVID-19 therapeutics projects under development. This platform will bring together relevant actors, including the European Medicines Agency (“EMA”), national authorities, and the private sector, to identify promising research projects and technologies, their stages of development and provide guidance on where to best focus investments, in order to accelerate innovation.  The Commission intends to mobilise certain financial instruments (including Horizon Europe, InvestEU and EU4Health) to aid development.
  • Clinical Trials: The Commission proposes that €5 million are earmarked under the EU4Health programme to support coordination in safety assessment and improve quality of safety data generated in clinical trials.  The Commission also intends to offer €2 million to support national competent authorities in carrying out expedited and coordinated assessments of clinical trial authorisation applications for COVID-19 therapeutics.
  • Horizon Scanning: The EMA has already established an Emergency Task Force to identify the development of promising COVID-19 therapeutics.  The Commission seeks to establish a portfolio of ten potential treatments and identify the five most promising ones by June 2021.  As part of the upcoming proposal for a European Health Emergency Preparedness and Response Authority (“HERA”), the Commission intends to provide for an interactive mapping platform across all Member States for upcoming therapeutics to assess their development, manufacturing capacities and supply chains.  This is envisaged for Q2 of 2022.
  • Supply chain: Building on the experience of the EU Task Force for Industrial Scale-up of COVID-19 vaccines, the Commission intends to facilitate cooperation between actors in the supply chain to ensure that available therapeutics are produced in sufficient quantity as soon as possible. It will organise “matchmaking” events (starting in Q3 2021) for all supply chain actors, so that they can find solutions for bottlenecks.
  • Regulatory process: The Commission intends to maximize use of the “rolling review,” allowing the EMA to check data from ongoing studies as they become available, before a formal application for the (conditional) marketing authorisation is submitted.  The EMA is currently conducting rolling reviews of three COVID-19 therapeutics building on monoclonal antibodies and seven rolling reviews for promising COVID-19 therapeutics are expected to start by the end of 2021.  The Commission is working towards granting conditional marketing authorisation for three new COVID-19 therapeutics by October 2021.  Building on national emergency use procedures, the Commission is considering a legislative proposal for an EU emergency-use authorisation of medicinal products.  The timing for the publication of this proposal is currently unclear.
  • Procurement: Since late October 2020, the Commission has signed joint procurement contracts (under the Joint Procurement Agreement for medical countermeasures (“JPA”)) for 19 medicines (analgesics, antibiotics, muscle relaxers, anaesthetics, resuscitation, including dexamethasone, etc.)  The Commission is currently discussing three new joint procurements for COVID-19 therapeutics.

The Commission recognizes that the JPA has limitations and is considering new streamlined solutions. This will involve increasing speed and flexibility in the current legal framework.  In this regard, participating Member States and other joint procurement agreement signatories would need to:

    • adhere to shorter administrative deadlines;
    • use a distribution key where the resources being procured prove to be scarce;
    • place a certain percentage of orders in the first few months of the contract; and
    • refrain from engaging in parallel procurement processes for the same products or services.

The Commission is also looking at using advance purchase agreements or the ‘innovation partnership’ procurement procedure to procure supplies.  The innovation partnership is a relatively new type of public procurement procedure.  It allows for an innovative solution to be developed during the performance of the contract.

In addition, the Commission is considering the emergency stockpiling of therapeutics under rescEU, as part of the Union Civil Protection Mechanism.

  • International Perspective: The Commission intends to expand the engagement with international partners on the development and fair distribution of COVID-19 treatments. The Commission also intends to increase the EU’s support through the Civil Protection Mechanism.


Brazil Ratifies the Nagoya Protocol

On March 4, 2021, Brazil deposited with the United Nations its ratification of the Nagoya Protocol (“Protocol”) (see here the announcement of Brazil’s Ministry of Foreign Affairs).  This represents Brazil’s formal commitment to be bound by the Protocol.

On August 6, 2020, the Brazilian Senate passed a Decree that ratifies the Nagoya Protocol. The Protocol complements Brazil’s existing access and benefit sharing rules relating to Brazil’s genetic heritage and associated traditional knowledge (“ABS Framework”).  One important effect of this ratification is that other countries parties to the Protocol will have to ensure that users of Brazilian genetic heritage and associated traditional knowledge comply with the Brazilian ABS Framework.  However, the inverse is also true.  Brazil will need to ensure that Brazilian users of foreign genetic heritage and associated traditional knowledge comply with the access and benefit sharing regime of the country of origin.

Brazil’s Existing ABS Framework

Brazil’s current ABS Framework can be found in Law no. 13.123, of May 20, 2015, and Decree no. 8.772, of May 11, 2016.  These laws apply to research and development (“R&D”) conducted on Brazilian genetic heritage and/or associated traditional knowledge after the entry into effect of Law 13.123, on November 16, 2015 and, retroactively, to R&D conducted on Brazilian genetic heritage or associated traditional knowledge in scope of the law that was in place prior to Law 13.123 (i.e., Provisional Measure 2.186, of August 23, 2001, which superseded Provisional Measure 2.052-1, of June 29 2000).

Even though Law 13.123 entered into force on November 17, 2015, some of its articles required implementation through secondary legislation.  The Brazilian Government has issued in the past 3 years various ordinances implementing the law (accessible here).  For example, on April 23, 2020, the Brazilian Government published Ordinance no. 199, which regulates the measures that non-Brazilian entities must put in place to bring their R&D activities conducted between June 30, 2000 and November 16, 2015 in compliance with Law 13.123.  These measures include signing terms of commitment with the Secretory of Biodiversity of the Brazilian Ministry of the Environment and entering into a partnership with a Brazilian public or private scientific and technological research institute.  Non-Brazilian entities that take these measures will not be subject to enforcement for the R&D they conducted in disregard with the Provisional Measures.

Some of the Effects of Brazil’s Ratification of the Protocol

Brazil’s ratification of the Protocol will allow it to actively participate in discussions on the issues regarding the implementation of the Protocol, such as the 15th UN Biodiversity Conference 2020 which was postponed to May 2021 due to COVID-19.

Users that are established in the European Union, Switzerland, Korea or Japan, should now ensure that they comply with the local compliance mechanisms in those jurisdictions.  The Nagoya Protocol requires that all countries that are parties implement mechanisms to ensure that the ABS rules of the other members of the other members are complied with.  Brazil is well known for its expansive ABS laws (e.g. they include digital sequence information, or references to Brazilian genetic heritage on products can already trigger the ABS laws), but were beyond the scope of those compliance mechanisms.  The ratification of the Protocol has changed this.

Relationship Between the Brazilian Current ABS Framework and the Protocol

The Decree that ratifies the Protocol provides that the Brazil’s existing ABS Framework implements the Protocol in Brazil.

The Decree exempts from the Protocol’s benefit sharing regime the economic exploitation for the purpose of agricultural activities of reproductive material of species introduced into Brazil by human action before the entry into force of the Protocol (on October 12, 2014).  This means that it will not recognize benefit-sharing claims from other Protocol members relating to species introduced in Brazil before that date.  This exemption was introduced in order to obtain the support of the Brazilian agricultural parties (bancada ruralista), which was necessary to obtain a majority voting and pass the Decree that ratifies the Protocol.

German Patent Law Reform Would Introduce “Disproportionality” Defence

On 27 January 2021, the German Parliament discussed a draft law that would limit a patent owner’s ability to stop the production and distribution of an infringing product. The new law would enable the infringer to rely on a defence of “disproportionate hardship” against an otherwise justified cease-and-desist claim. While the German Association of the Automotive Industry welcomes these changes, citing “unreasonable” royalty demands for standard essential patents for information and communications technology used in cars, the Association of the German Chemical Industry (VCI) and the Association of Research-Based Pharmaceutical Companies (VFA) have argued in a joint statement that the proposed changes go too far.

Scope of the Proposed Disproportionality Defence

The German Federal Government intends to amend several intellectual property laws by the “Second Act on the Simplification and Modernisation of Patent Law”. While the proposed amendments mostly relate to procedural and cost provisions, the draft would also modify the substantive law on a patent owner’s cease-and-desist claim against an infringer.

The proposed amendment to Section 139 Patent Act reads,

“The [cease-and-desist] claim is excluded insofar as due to the special circumstances of the individual case, the order would lead to disproportionate hardship for the infringer or third parties not justified by the intellectual property right. In such cases, the party whose rights were infringed may demand monetary compensation to the extent that this appears reasonable. The claim for damages according to paragraph 2 of this Section shall remain unaffected by this.”

Thus, to the extent that the infringer can prove that the effects of a cease-and-desist order would lead to a disproportionate hardship for him or for third parties, the claim is excluded. The Federal Government explained that an impairment of third parties’ fundamental rights could constitute such a hardship: “This may be relevant, for example, in cases in which an injunction leads to the result that the supply of patients with life-preserving products of the patent infringer can no longer be ensured, or important infrastructures are significantly impaired.” (p. 55 of the draft).

The injured party is entitled to adequate monetary compensation and can claim damages, and the patent infringement remains illegal. However, the infringer will not be subject to criminal law sanctions for intentional infringement according to a proposed amendment to Section 142 Patent Act.

The Utility Patents Act (Gebrauchsmustergesetz) will be amended accordingly. In contrast, a similar provision will not be included in the Semiconductor Protection Act (Halbleiterschutzgesetz) or any other intellectual property laws.

Continue Reading

EU Adopts Export Authorization Scheme for COVID-19 Vaccines and their Active Substances

On January 30, 2021, the European Commission published the Regulation establishing an export authorization and notification scheme relating to COVID-19 vaccines and their active substances.  It applies “for a limited duration” to COVID-19 vaccines covered by Advanced Purchased Agreements (“APAs”) concluded with the Union.  As regards APAs contracted by third countries, “the Commission will endeavour that the expectations of these countries to obtain their deliveries will be met as much as possible.”  This post briefly outlines the key elements of the export authorization and notification scheme that require further scrutiny.

Continue Reading

Belgium Amends Compassionate Use and Medical Need Program Rules to Expand Access

On 13 December 2020, Belgium amended its rules regarding compassionate use and medical need programs to confirm that authorized programs can continue to operate after the marketing authorization for the concerned product has been granted but while the decision on reimbursement is still pending.

The Law of 25 March 1964 (“Medicines Law”) regulates the use of medicinal products that have not (yet) received a marketing authorization (“compassionate use”, “CU”) and for off-label use (“medical need”, “MNP”). The Belgian Federal Agency for Medicines and Health Products (“FAMHP”) must grant an authorization to allow the use of medicinal products in a compassionate or medical need context

The grant of authorization for both CU and MN is subject to the following requirements, as amended:

  1. the patient suffers from a chronically or seriously debilitating disease or disease considered to be life‐threatening,
  2. such disease cannot be satisfactorily treated by a medicinal product “that is reimbursed” and that is authorized and marketed, and
  3. for compassionate use programs:
    • a market authorization application for the medicinal product has been submitted, or
    • the medicinal product is subject to ongoing clinical trials,
  4. for medical need programs:
    • a market authorization application has been submitted for the indication for which the medicinal product will be used,
    • the market authorization has been granted for this indication but the medicinal product is not yet on the market, or
    • the medicinal product is subject to clinical trials that are ongoing or have demonstrated that the use of the medicinal product is relevant to treat the disease in question.

The Compassionate Use Law amended the second condition by adding the reference to reimbursement.

The amendment ensures that it is possible for a company to (continue to) operate a CU or MN program during the period between authorization and reimbursement. The preparatory works give the example of a terminal cancer patient who cannot afford to cover the cost of a treatment that has been authorized, but whose reimbursement status is pending.

The Compassionate Use Law does not amend the other requirements.

Proposed New EU Cyber Rules Introduce More Onerous Requirements and Extend to More Sectors

In addition to releasing the new EU Cybersecurity Strategy before the holidays (see our post here), the Commission published a revised Directive on measures for high common level of cybersecurity across the Union (“NIS2”) and a Directive on the resilience of critical entities (“Critical Entities Resilience Directive”). In this blog post, we summarize key points relating to NIS2, including more onerous security and incident reporting requirements; extending requirements to companies in the food, pharma, medical device, and chemical sectors, among others; and increased powers for regulators, including the ability to impose multi-million Euro fines.

The Commission is seeking feedback on NIS2 and the Critical Entities Resilience Directive, and recently extended its original deadline of early February to March 11, 2021 (responses can be submitted here and here).

Proposal for NIS2

As many readers will be aware, the European institutions passed Directive 2016/1148 (“NIS Directive”) back in 2016 around the same time as the GDPR.  This was the first-ever “horizontal” cybersecurity law in Europe, i.e., that did not focus exclusively on a single sector.  The NIS Directive imposes baseline security and incident reporting obligations on:

  • “operators of essential services”, designated by Member States, within the energy, transport, banking, financial market infrastructures, health, drinking water supply and distribution, and digital infrastructure sectors; and
  • certain “digital service providers” that offer services within the EU, namely online marketplaces, online search engines and cloud computing services, excluding small/micro enterprises. (For more background, see previous posts.)

At the time, it was agreed that supervision by competent authorities should be lighter-touch for emerging digital services providers compared to operators of essential services.  Accordingly, the current law provides that competent authorities should only take action against digital services providers when provided with evidence of non-compliance and “should therefore have no general obligation to supervise digital services providers”.

Evaluation of the law leading to expanding its scope

 Last year, the Commission evaluated the NIS Directive’s effectiveness and identified various concerns, including the expanding threat landscape and volume of cyber-attacks, generally low level of cyber resilience of EU businesses, and inconsistencies in the level of resilience across the EU.  NIS2 is an attempt to respond to and remedy these issues.

To start with, NIS2 eliminates the distinction between operators of essential services and digital service providers, as well as the current complex process to identify operators of essential services.  Instead, the proposed revised law covers “important entities” and “essential entities”, and these designations cover companies in a much broader range of sectors than in the current NIS Directive:

  • “Essential entities” includes operators of essential services in the sectors listed in the NIS Directive (see above); organizations in additional sectors, including food production and distribution, pharmaceutical research and development, and manufacturers of medical devices; and digital infrastructure services (g., cloud computing providers, DNS service providers, and content delivery network providers);
  • “Important entities” includes postal and waste management, food production and distribution, and digital providers (namely online marketplaces, search engines and social networks).

A major shift here is categorizing cloud computing providers as essential entities.

More detailed cybersecurity obligations

Essential and important entities will be subject to the same substantive obligations under NIS2.  Broadly, these are intended to ensure that they can detect and manage the risks to the their networks and information systems, and include requirements to:

  • put governance structures in place to manage cybersecurity risk, including by conducting risk assessments and putting crisis management plans in place. A “management body” of an entity, likely the board, will be required to approve the risk management measures the entity will take and be held accountable for non-compliance;
  • consider security matters when acquiring and developing network and information systems;
  • consider and manage supply chain security risks, including the security of their hardware and software suppliers, and providers of data storage or managed security services;
  • use cryptography and encryption where appropriate and proportionate to the cybersecurity risk; and
  • notify the relevant competent authority and, where applicable, their clients of “any incident having a significant impact on the provision of their services” (Article 20(1)).

One interesting and potentially concerning aspect of NIS2 is that, in addition to having to report “incidents” as described above, it proposes that organizations must report “any significant cyber threat that those entities identify that could have potentially resulted in a significant incident”.

 Oversight, vulnerabilities and enforcement

Like the NIS Directive, NIS2 obliges Member States to establish national cybersecurity frameworks, including a cybersecurity strategy, crisis management framework, competent authorities and computer security incident response team.

A new requirement is that competent authorities must maintain a list of known vulnerabilities in network and information systems, and pool them in a centralized database — similar to the United States’ National Vulnerability Database.  NIS2 proposes that ENISA will manage this database, which will be open to all “interested parties”, such as academics and other researchers.

At a European level, the NIS Cooperation Group (composed of national cybersecurity agencies, ENISA, and the Commission) may conduct “coordinated security risk assessments” of supply chains for ICT systems, services and products specified as “critical” by the Commission.

In terms of specific enforcement, “essential” entities will be subject to ex ante regulation.  This means that competent authorities will be able to carry out inspections, regular audits and information requests on these entities at any time — even if there is no evidence of non-compliance.  Competent authorities are given new powers to issue warnings, suspend authorisations and licenses, designate a monitoring officer to oversee compliance, and temporarily suspend a company’s chief executive or legal representative if they fail to remedy a sustained breach.

By contrast, “important” entities will be regulated ex post.  This means that competent authorities will only assess their compliance with NIS2 as part of an investigation following a breach of the Directive or cybersecurity incident.  Competent authorities have most of the same powers in relation to important entities as they do in relation to essential entities.

Competent authorities can impose administrative fines on essential and important entities. NIS2 states that, at a minimum, Member States must permit competent authorities to impose fines of up to the higher of EUR 10m or 2% of the worldwide annual turnover of the “undertaking” involved (note that this mirrors the language of the GDPR).  However, Member States have the ability to permit competent authorities to impose higher fining thresholds.  The proposed new minimum fine level is notably higher than existing thresholds implemented by many Member States under the NIS Directive.

Finally, essential and important entities will, as a rule, be deemed to be under the jurisdiction of the Member State where they provide their services.  However, certain types of entities, including cloud computing service providers, will be deemed to be under the jurisdiction of the Member State in which they have their “main establishment” in the Union.  NIS2 provides more detail than the current law on what constitutes a “main establishment”, and provides for authorities to provide mutual assistance in cross-border cases.

Critical Entities Resilience Directive

In addition to NIS2, the Commission published a proposed Critical Entities Resilience Directive that expands the scope of the current European Critical Infrastructure Directive (2008/114/EC).  Whereas the Critical Infrastructure Directive only applies in the energy and transport sectors, the Commission’s proposed new law would widen the scope dramatically, bringing (among others) certain financial services entities, the health and space sectors, and digital infrastructure providers into scope.

The proposed Directive would also oblige Member States to adopt a national strategy for ensuring the resilience of critical entities in these sectors, and to carry out regular risk assessments.

Next steps

The two proposed Directives are at the early stages of the legislative process, and are open for feedback until 11 March 2021.  In each case, the European Parliament and Council will need to agree their positions, before the three institutions negotiate the final text and bring them into force.  We will be monitoring developments in all these areas in the coming months.

CJEU Confirms that CBD is Not a Narcotic Drug

In a landmark judgment on 19 November 2020, the CJEU ruled in Case C-663/18 that cannabidiol (“CBD”) is not a narcotic drug under the UN Conventions.  This is the case even where the CBD is derived from the whole cannabis plant.  The ruling provides clarity on the non-controlled status of CBD and the free movement of CBD products within the Union.  This is likely to have wide implications for the CBD industry.


The case concerned the marketing of an electronic cigarette containing CBD in France.  The directors of the company that marketed the e-cigarette, known commercially as “Kanavape”, were convicted of a criminal offence on the grounds that the CBD oil contained in the cigarettes’ cartridges was extracted from the whole hemp plant, including the leaves and flowers.  The CBD oil in Kanavape was imported into France from the Czech Republic, where the hemp was legitimately cultivated and the CBD extracted, then packaged.  However, French legislation restricts the cultivation, importation, exportation and industrial and commercial use of hemp solely to its fibre and seeds.  In practice, this amounts to a ban on the marketing of all products containing CBD in France.

The directors were sentenced to a suspended term of imprisonment and a substantial fine by the Criminal Court in Marseille, France.  They appealed to the Court of Appeal, Aix-en-Provence in France and this court questioned the conformity of the French law with EU law, in particular provisions on free movement of goods.

CJEU Ruling:

(1) CBD is not a “narcotic drug”

The CJEU considered whether CBD is a “narcotic drug” under EU law. Article 1(1) of the Council Framework Decision 2004/757 references two UN Conventions that must be considered to determine whether a substance is a narcotic drug.

(i) the United Nations Convention on Psychotropic Substances, 1971 –

The Court noted that CBD is not covered by this Convention.

(ii) the United Nations Single Convention on Narcotic Drugs, 1961 –

Schedule I of the Single Convention includes the drugs “cannabis, cannabis resin and cannabis extracts and tinctures”. Articles 1(1)(b) and (c) of the Single Convention define “cannabis” as “the flowering or fruiting tops of the cannabis plant (excluding the seeds and leaves when not accompanied by the tops) from which the resin has not been extracted, by whatever name they may be designated”, and “cannabis plant” as “any plant of the genus Cannabis”.

The CJEU noted that the CBD at issue was extracted from the Cannabis sativa plant in its entirety (i.e. not just the seeds and leaves) and a literal interpretation of the Single Convention might lead to a conclusion that the CBD constitutes a “cannabis extract” and thereby a narcotic drug.

However, the CJEU stated that such an interpretation would be contrary to the general spirit of the Single Convention, which is to protect the health and welfare of mankind. The Court stated that on the basis of current scientific knowledge (which must be considered) the CBD at issue “does not appear to have any psychotropic effect or any harmful effect on human health” (the Court also noted that cannabis variety from which the CBD was extracted was grown legally and has THC content not exceeding 0.2%). Therefore, the CBD at issue should not be considered a narcotic drug within the meaning of the Single Convention.

(2) Free movement of goods

As the CBD at issue was not a narcotic drug the CJEU found that the provisions on free movement of goods within the EU (Articles 34 and 36 TFEU) were applicable. The CJEU stated that the French prohibition on marketing of CBD was equivalent in effect to quantitative restrictions on imports, which are prohibited by Article 34. However, it is left to the French national courts to determine whether such a prohibition could be justified on the grounds of public interest set out in Article 36 (although the CJEU appeared sceptical as to whether this was the case).


This CJEU ruling is likely to have wide implications for the CBD industry and assist removing certain regulatory hurdles for access to the Union market. For example, if the Commission follows the CJEU ruling, it may commence reviewing novel food applications for hemp-derived CBD products, which are currently paused due to the question whether CBD is a narcotic drug.

European Health Union: European Commission proposes Changes to the Joint Procurement Agreement

On 11 November 2020, the European Commission has announced a range of proposals to build a European Health Union.  The proposed measures reflect on the learnings from the current COVID-19 and previous influenza pandemics and seek to enhance Member States’ preparedness for future health crises, which also includes a greater involvement of the EU.  As part of its set of measures, the Commission is proposing to revise the current EU joint procurement framework.

  1. Current Joint Procurement Framework

In 2010, as part of its “lessons learnt from the A/H1N1 pandemic”, the European Council called for the development of a joint procurement framework for vaccines and antiviral medication.  Subsequently, the European Parliament and Council adopted Decision 1082/2013/EU (the “Decision”) on serious cross-border threats to health, which, among others, provides that the EU and any interested Member States may conduct a joint procurement procedure.  The detailed procedure was then agreed between the Commission and the Member States in the Joint Procurement Agreement (the “JPA”).

  1. Proposed Changes to the Joint Procurement Framework

As part of its announcement, the Commission has published a draft Regulation on serious cross-border threats to health, which would repeal Decision 1082/2013/EU.  The draft Regulation proposes a number of changes to the current joint procurement framework:

  • Participation in joint procurement activities would now also be open to EFTA and EU candidate countries. The Decision only envisaged participation of EU Member States.  However, in reality, this change only constitutes a clarification because since the beginning of the COVID-19 pandemic, several EEA, EFTA, candidate and potential candidate countries have joined the current JPA.  This includes countries, such as Norway, Iceland, Liechtenstein, Montenegro, North Macedonia, Albania, Serbia, as well as Bosnia and Herzegovina and Kosovo.
  • Consistent with the current JPA, the draft Regulation also provides that participation in any joint procurement initiative is voluntary. However, the draft Regulation introduces a new requirement that countries that choose to participate in a joint procurement must not procure the same goods “through other channels” or “run parallel negotiation processes”.  This is a significant change from the current JPA, which does not preclude participating countries from negotiating bilaterally in parallel to the joint initiative.  This change clearly reflects the frictions earlier this year where some Member States formed alliances placing national interests ahead of the common EU interest in the procurement of personal protective equipment and medicinal products to treat COVID-19.
  • The Commission and Member States are required to coordinate and exchange information, among others, in relation to joint procurement, stockpiling and donation of medical countermeasures under various EU instruments.

It is likely that the proposed Regulation will undergo further changes during the legislative process.  Once the Regulation is adopted, the Commission and participating countries will need to consider adjusting the terms of the current JPA to reflect the new framework.