Summary
In our August edition of the monthly newsletter, we highlight major global regulatory developments, including the FDA’s 2025 cybersecurity guidance for medical devices, the EU AI Office’s voluntary code for general-purpose AI, and new data protection initiatives in Korea and China. This issue also explores groundbreaking innovations in AI and biotech—such as AI-driven gene editing, advanced cancer prognosis tools, and brain-computer interfaces—alongside critical warnings about risks in AI therapy chatbots. Finally, we cover a significant healthcare data breach at Episource affecting 5.4 million records, underscoring the urgent need for robust cybersecurity measures in healthtech.
Regulations & Guidelines
FDA Finalizes 2025 Cybersecurity Guidance for Medical Devices
The FDA has released its 2025 cybersecurity guidance, introducing a comprehensive risk management framework for medical devices through a Secure Product Development Framework (SPDF). This guidance mandates security-by-design, detailed threat modeling, and robust controls to safeguard connected healthcare technologies and protect patient safety.
EU AI Office Publishes Voluntary Code of Practice for GPAI Models
The EU AI Office has released a voluntary code of practice to guide providers of general purpose AI models in meeting upcoming AI Act requirements. The framework focuses on transparency, copyright compliance, and safety measures, promoting responsible AI development and deployment across the European market.
EDPB Highlights Key Issues in Draft Model Contractual Terms under the Data Act
The EDPB issued a statement on the European Commission’s draft Model Contractual Terms (MCTs) for data sharing under the Data Act, stressing ambiguities in user definitions, the need to distinguish between personal and non-personal data, and clearer contractual structure. It also clarified that compliance with MCTs does not ensure GDPR compliance, and that EU and national data protection laws take precedence over the Data Act in case of conflict.
Korean PIPC Publishes Integrated Guide on Personal Information Processing
On July 14, 2025, the PIPC released an Integrated Guide to Personal Information Processing, incorporating the 2023 amendments to the Personal Information Protection Act (PIPA). The guide provides comprehensive coverage of compliance obligations, including processing principles, consent requirements, and cross-border data transfers, and will be updated annually to reflect new developments.
.jpeg)
China’s MIIT Issues Third Batch of Compliance Notices for App Privacy Violations
On June 26, 2025, China’s MIIT announced its third round of notices to apps and SDKs for violating user rights under laws including the Personal Information Protection Law. The investigation flagged 57 apps for illegal data collection, excessive permissions, and poor disclosure, requiring prompt rectification or risk of legal penalties.
EU Strengthens Regulatory Framework for Medical Software and Online Platforms with Updated MDCG Guidelines
Revised MDCG 2019-11 introduces specific rules for qualifying and classifying medical device software, explicitly addressing modular software, preventive AI applications, Annex XVI products, interoperability with electronic health records via EHDS, and requiring precise intended purposes backed by clinical evidence. MDCG 2025-4 further establishes clear economic-operator obligations for online marketplaces and app platforms—including detailed conformity checks (CE, UDI, labeling), robust post-market oversight, and transparency—while highlighting intersectional compliance with the EU AI Act for high-risk predictive AI software.
Data Breach & Cybersecurity
Episource Data Breach Exposes Health Information of 5.4 Million Individuals
Episource, a medical billing firm owned by UnitedHealth’s Optum, is notifying over 5.4 million people after a February cyberattack stole sensitive personal and health data, including medical records and insurance details. The breach, reportedly ransomware-related, follows previous major security incidents at UnitedHealth subsidiaries, highlighting ongoing vulnerabilities in healthcare cybersecurity.
AI & Techbio
AI and Gene Editing: Driving a New Era in Drug Development
AI is set to revolutionize gene-editing drug development by streamlining the identification of safe, effective targets and reducing reliance on costly trial-and-error methods. This approach could lower the multi-million-euro costs of current therapies and enable scalable, “plug-and-play” platforms for treating rare diseases.
Study Finds Serious Mental Health Risks in AI Therapy Chatbots
A Stanford study reveals that AI therapy chatbots can perpetuate stigma toward certain mental health conditions and respond inappropriately to severe symptoms such as suicidal thoughts. Researchers recommend limiting AI’s role to administrative support rather than direct therapeutic interactions.
AI Tool RlapsRisk BC Enhances Prognosis for Early Breast Cancer Patients
Researchers introduced RlapsRisk BC, an AI model that predicts five-year metastasis-free survival in early-stage ER-positive, HER2-negative breast cancer by analyzing digitized histological slides. The tool outperforms traditional factors, effectively stratifies risk, and improves treatment decision-making when combined with clinical data.
Google DeepMind Launches AlphaGenome to Decode DNA Variations with AI
Google DeepMind unveiled AlphaGenome, an AI system that predicts how DNA sequence changes affect biological processes, advancing understanding of genome function and disease mechanisms. The tool delivers high-resolution analysis of up to 1 million DNA letters and surpasses existing models in predicting regulatory variant effects.
Biotech, Healthtech & Healthcare
Health Insurance Coverage Linked to Higher Cancer Survival with Immunotherapy
A recent study shows that cancer patients with health insurance, especially private coverage, achieve significantly better two-year survival rates when treated with immune checkpoint inhibitors compared to uninsured patients. The findings underscore the critical role of insurance in accessing and benefiting from innovative cancer therapies.
China Accelerates Brain-Computer Interface Development with Breakthrough Trials
China is rapidly advancing brain-computer interface (BCI) technology through government-backed initiatives and large-scale trials, enabling paralyzed individuals to control devices and communicate using brain signals. Companies like StairMed, NEO, and NeuroXess are pioneering minimally invasive implants that restore mobility and interaction, positioning China as a major player in the BCI field.
Podcasts
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Newsletter #28
August insights: FDA cybersecurity, EU AI code, biotech breakthroughs, Episource breach alert.
Newsletter #27
This edition unpacks the latest regulatory shifts, including UK data adequacy, secure AI training, and the EU’s evolving stance on medical software platforms.
Newsletter #26
This month’s highlights span AI in health, new U.S. and EU privacy rules, and evolving data and cybersecurity regulations.
