Newsletter #27

In this Newsletter
Summary
This month, we dive into the most critical developments shaping data protection, AI, and innovation in life sciences. From the CNIL’s new guidance on compassionate use frameworks and the extension of the UK’s data adequacy status, to the EDPB’s latest training on building secure AI systems—our regulatory spotlight keeps you up to date on what matters most. We also unpack how federated learning is transforming privacy in AI, the emergence of medical digital twins in clinical practice, and breakthrough advances from ASCO 2025 pointing to a future of precision, AI-driven cancer care.
Regulations & Guidelines

Compassionate Prescription Framework and its CNIL Formalities
The Compassionate Prescription Framework (CPC) allows off-label use of medications in France and requires prior CNIL authorization for patient data processing when initiated after November 11, 2022. New guidelines from the CNIL clarify the applicable procedures, emphasizing that for CPCs launched before this date, no new formalities are required if previous compliance (under AU-041) is documented and unchanged, while newer CPCs must follow a formal authorization process with detailed documentation and safeguards.

Fundamentals of Secure AI Systems with Personal Data - EDPB
The Fundamentals of Secure AI Systems with Personal Data training, developed by Dr. Enrico Glerean and updated in April 2025, is designed for cybersecurity professionals, AI developers, and system deployers. It focuses on building technical skills for designing and managing AI systems securely, while aligning with data protection, privacy, and AI ethics principles. Initiated by the EDPB under the SPE programme, the training covers the full AI lifecycle, emphasizing privacy-preserving practices and responsible system development.

EU Extends UK Data Adequacy Status Until December 2025
The European Commission has extended the validity of its data adequacy decisions with the United Kingdom by six months, allowing continued free flow of personal data until 27 December 2025. This extension gives the Commission time to assess the UK’s newly adopted Data Bill and determine whether it maintains an adequate level of data protection. Until then, the existing UK safeguards deemed sufficient in 2021 remain in force for EU data transfers.

Understanding AI & Medical Device Regulations: First FAQs Released
A new FAQ document has been published to clarify how the EU Artificial Intelligence Act (AIA) applies alongside the MDR and IVDR for medical device manufacturers. It provides early guidance for manufacturers, notified bodies, and regulators on roles and terminology—such as distinguishing “deployers” under AIA from “users” under MDR/IVDR. This living document will be continuously updated to support compliance and smooth implementation across sectors.

Decentralized AI for a Safer - Spanish AEPD
The EDPS and AEPD's joint report highlights federated learning as a privacy-enhancing technology for AI, allowing decentralized training on local devices to protect personal data. Use cases include healthcare, speech recognition, and autonomous transport, while addressing challenges like data leakage and bias mitigation.

EU Clarifies App Platform Roles for Medical Device Software Distribution
The new MDCG 2025-4 guidance defines how online platforms hosting Medical Device Software (MDSW) apps must comply with EU regulations. It explains when platforms act as intermediaries under the Digital Services Act (DSA) or as distributors/importers under MDR/IVDR, each role carrying distinct responsibilities. Key obligations include ensuring transparency, facilitating access to device information and legal documents, and supporting regulatory cooperation.

UK Parliament advances Data (Use and Access) Bill, awaits Royal Assent
The UK Parliament has passed the Data (Use and Access) Bill, which reforms the UK GDPR and Privacy and Electronic Communications Regulations. After debates between the House of Commons and Lords regarding AI and copyright transparency, a compromise was reached requiring the Secretary of State to draft legislation on transparency for copyright owners regarding AI model inputs.
AI & Techbio

MIT scientists’ AI model one-ups AlphaFold 3, takes on ‘fundamental issue’ in drug R&D
A team of young MIT scientists has introduced Boltz-2, a new AI model that not only predicts protein structures like AlphaFold 3 but also estimates binding affinity—a crucial factor in drug discovery that existing AI methods have struggled to accurately model. By combining traditional structural data with synthetic and molecular dynamics data, Boltz-2 achieves a predictive correlation of 0.65, outperforming previous models and costing 1,000 times less than standard physics-based simulations like FEP. While still short of experimental accuracy, Boltz-2 is already being applied to hit identification and reverse screening, potentially accelerating early-stage drug discovery.

Medical Digital Twins: Bridging AI, Data, and Clinical Practice
A new Health Policy paper explores the emerging concept of medical digital twins—dynamic virtual models of patients powered by real-time data and advanced simulation. It defines five core components (patient, data connection, patient-in-silico, interface, and synchronization) and highlights how AI, multimodal data, and mechanistic modelling can together accelerate clinical applications in areas like oncology and diabetes. The paper also underscores how digital twins could enhance large language model performance in medicine, offering a transformative tool for personalized care.
Biotech, Healthtech and Healthcare

ASCO 2025: The Future of Cancer Care Is Personalized and Precise
At ASCO 2025, a major shift toward precision oncology was evident, driven by breakthroughs in immunotherapies, antibody-drug conjugates (ADCs), and cell-based treatments. Keytruda, Imfinzi, and novel candidates like Versamune HPV and EO4010 showed strong survival benefits, particularly in early-stage cancers. Cutting-edge advances in CAR-T therapies, personalized cancer vaccines, radiopharmaceuticals, and AI-powered digital trials are redefining how cancer is treated—more targeted, effective, and patient-centric than ever before.
Podcasts
- What happens if AI gets smarter than we are?

- Advancing Breast Cancer Screening - ScreenPoint Medical

Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.

Newsletter #27
This edition unpacks the latest regulatory shifts, including UK data adequacy, secure AI training, and the EU’s evolving stance on medical software platforms.

Newsletter #26
This month’s highlights span AI in health, new U.S. and EU privacy rules, and evolving data and cybersecurity regulations.

Newsletter #25
This month, we cover how regulatory shifts, AI advancements, and major initiatives like Bridge2AI-Voice, India’s Genome Project, and the EU Cybersecurity Action Plan are driving transformation across healthcare, data protection, and precision medicine.