Insights

  • Home
  • Insights
  • Vital Signs: Digital Health Law Update | Winter 2026

Share

Vital Signs: Digital Health Law Update | Winter 2026

FEBRUARY 2026 Newsletters

INTRODUCTION

Note From the Editors

2025 was an incredibly busy year for digital health, and 2026 is likely to be no different. This edition of Vital Signs covers numerous developments, along with a look to 2026 in Industry Insights. Thank you to our Jones Day contributors who are committed to bringing you a curated one-stop resource on notable digital health updates.

INDUSTRY INSIGHTS

A Busy 2025 for Digital Health: More of the Same in 2026?

This past year was a busy one for the entire health care and life sciences industries, and the realm of digital health was no exception. Trends and developments in 2025 inevitably give clues as to what may be on the horizon for 2026:

Trends in State AI Regulation, With Preempting Federal Regulation to Follow?

2025 saw a flurry of activity at the state level to regulate the use of AI in the health care context. However, state approaches to AI regulation have shifted from broad AI laws to narrower, use-case-specific rules, including targeted applications in the contexts of clinical care, system safety, and mental health.

In clinical settings, for example, Texas SB 1188 establishes obligations when AI is used for "diagnostic" purposes and involving AI‑generated records. On the AI model system safety front, California's SB 53, a first-of-its-kind legislation governing large AI model developers, appears to mandate transparency reports and safety frameworks for identifying, assessing, and mitigating high‑impact risks. While focused on developers of AI models, the requirements will influence health care entities as they adopt and integrate such models in operations. And for direct AI-patient interaction, especially in the mental health space, California's SB 243 calls for disclosures when certain users are interacting with non‑human agents, robust protocols to prevent suicide and self‑harm content, and annual reporting regarding suicide prevention. Legislatures in New York and Illinois have similarly focused on the mental health chatbot space.

Though states have narrowed their application of AI laws, the federal government has called for further de-regulation. On December 11, 2025, President Trump signed an Executive Order ("EO") calling for a "national [AI] policy" free of "cumbersome" state AI regulation. While Congressional action on the topic may be necessary, the EO foreshadows increasing government attention and likely litigation over state AI laws inconsistent with the policy of "global AI dominance through a minimally burdensome national policy framework for AI." A few days after the EO, on December 19, 2025, the U.S. Department of Health and Human Services ("HHS") issued a Request for Information seeking broad stakeholder feedback on how HHS should use its regulatory, reimbursement, and research and development authorities to accelerate the adoption and use of AI in clinical care in a "forward-leaning, industry-supportive" approach. Comments are due by February 23, 2026.

Continued Medicare Coverage for Telehealth Services . . . For Now

Following uncertainty over coverage for Medicare telehealth services during the 2025 federal government shutdown, broad Medicare coverage for such services remains temporary, with key waivers and flexibilities currently extended only through January 30, 2026, as of the date of this publication. These flexibilities, which were first implemented during the COVID-19 public health emergency and subsequently extended on a temporary basis several times, make telehealth services available to many more Medicare beneficiaries than would have access under pre-COVID limitations. We expect to see continued lobbying by stakeholders in 2026, as Congress must act to make many of these flexibilities permanent.

Absent Congressional action, the Centers for Medicare and Medicaid Services ("CMS") continues to take action aimed at increasing the adoption of digital health tools and this focus seems likely to continue into 2026. In addition to the TEMPO/ACCESS collaboration (described below), CMS recently clarified rules regarding provider billing location and related Medicare enrollment requirements (making it easier for providers to provide services from home) and adopted changes as part of the 2026 Physician Fee Schedule that reflect its support of telehealth and the use of other digital health technologies. These changes include making it easier to permanently add services to the Medicare telehealth services list, permanently removing frequency limitations on certain telehealth subsequent care services in inpatient and nursing facility settings and critical care consultations, permanently allowing use of two-way audio/video communications technology to satisfy "direct supervision" in most circumstances, and authorizing payment for certain digital mental health treatment.

Final Rules (Finally?) on Remote Controlled Substances Prescribing

The Drug Enforcement Administration ("DEA") also opted to temporarily continue telehealth flexibilities into 2026 to prevent the "telemedicine cliff:" the reinstatement of the pre-pandemic restrictions imposed by the Controlled Substances Act requiring (in most cases) at least one in-person medical evaluation before a provider can remotely prescribe controlled substances. The latest temporary rule, published on December 31, 2025, and authorizing DEA-registered practitioners to remotely prescribe Schedules II-V controlled substances without an in-person medical evaluation through December 31, 2026, is the fourth time DEA has issued such an extension. Notably, DEA cited the abrupt cessation of Medicare's telehealth flexibilities during the government shutdown and disruption in care that followed as one of the justifications for issuing the extension.

DEA also indicated that the continued extension will provide DEA with additional time to finalize and implement effective permanent regulations (e.g., under the special registration authority in the Controlled Substances Act). DEA published a proposed special registration framework in a proposed rule on January 17, 2025, but the rule has not yet been finalized. According to DEA, the latest extension provides it additional time to consider the more than 6,000 comments it received on the proposed rule, as well as the presentations made at the Telemedicine Listening Sessions, the Tribal Consultations, and the E.O. 12866 meetings held in 2023 and 2024. This suggests that 2026 may be the year we finally see final remote controlled substance prescribing regulations.

An FDA Focused on Accelerating Adoption and Integration of Digital Health Technologies

In 2025, the Food and Drug Administration ("FDA") Commissioner Marty Makary announced a number of policy changes and launched several pilot programs, all aimed at accelerating the development and marketing of new therapies and products to address unmet medical needs. This includes the adoption and integration of new technologies and digital health devices.

On December 5, 2025, FDA announced the voluntary Technology‑Enabled Meaningful Patient Outcomes for Digital Health Devices Pilot ("TEMPO"), a program designed to expand access to technology-enabled, integrated care for patients with chronic diseases. TEMPO appears to support limited, clinician‑supervised real‑world use of certain digital health devices in Medicare—focused on cardio‑kidney‑metabolic, musculoskeletal, and behavioral health—to generate evidence for future FDA authorization, while CMS's Advancing Chronic Care with Effective, Scalable Solutions ("ACCESS") model tests outcomes‑based payment to support adoption. Together, the TEMPO/ACCESS collaboration signals FDA and CMS interest in new development models that bridge evidence generation for authorization, clinical adoption, and payer coverage. Expected to accept statements of interest starting January 2, 2026, FDA may select 10 manufacturers per clinical area, and operate in parallel with ACCESS, which plans to accept applications in early 2026 (due April 1) for a first performance period beginning July 1, 2026. For more information about TEMPO, read our recent Alert.

On December 15, 2025, FDA issued a press release stating that the agency intends to accept real-world evidence ("RWE") for devices, drugs, and biologics without requiring sponsors to submit identifiable, individual patient data in all cases collected from real-world data ("RWD") sources in regulated product marketing applications. This means digital health, AI, and software-enabled medical products can now use large scale, de-identified RWD from registries, hospital networks, and claims databases as FDA-acceptable evidence to demonstrate treatment impact at scale and bring therapies to patients faster.

Complementing this change, on December 18, 2025, FDA finalized a long-awaited guidance for device sponsors on the Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices. The guidance clarifies how FDA evaluates RWD to determine whether they are of sufficient quality and provenance to be accepted as RWE suitable for review and reliance by FDA in regulatory decision-making for medical devices. Relative to the draft guidance from 2023, the final guidance places greater focus on assessing the relevance and reliability of RWD rather than whether they are "fit-for-purpose" going so far as to include a Relevance and Reliability Elements for Documentation and FDA Review checklist in Appendix A. FDA also expanded Appendix B of the final guidance with lengthier examples of how FDA may consider RWE in regulatory decision-making, including for a new PMA approval, expanded indications for use, 522 responses, and a de novo grant. FDA does not expect industry to begin implementing the final guidance recommendations until February 16, 2026, but has indicated that the agency is ready to review such information if submitted at any time.

Pairing the changes discussed here with the three other guidances with digital health and AI-related content that CDRH published in 2025 (final guidance for a Predetermined Change Control Plan for AI Enabled Device Software Functions (August 2025); a final guidance on Cybersecurity in Medical Devices (June 2025); and a draft guidance on AI-Enabled Device Software Functions (January 2025)), we see an FDA focused on embracing the integration of new technologies and RWE into regulatory frameworks to permit more agile pathways for digital health technologies across therapeutic areas. Indeed, for 2026, CDRH has prioritized plans to publish a new draft guidance on Policy for Device Software Functions, and, as resources permit, plans to finalize the draft guidance on AI-Enabled Device Software Functions and develop a guidance on Clinical Evidence Considerations for Digital Mental Health Treatment Devices, including Computerized Behavioral Therapy Devices.

United States Developments

FEDERAL

OIG Issues Favorable Opinion on Telehealth Arrangement

In a recent Advisory Opinion (AO 25-03), the Office of Inspector General ("OIG") of the U.S. Department of Health and Human Services ("HHS") offered a note of reassurance to a telehealth platform company and its affiliated "friendly PCs" (professional corporations or "PCs"). The June 2025 Advisory Opinion responded to a request by a "hub" PC and its management services organization ("MSO") that proposed an arrangement with specialty PCs ("Platform PCs") offering telehealth services using platforms hosted by their related MSOs ("Platforms").

As described in the Advisory Opinion, the hub PC maintained contracts with payors representing roughly 80% of all commercially covered lives and 65% of Medicare Advantage covered lives. The Platform PCs wanted to leverage the reach of the hub PC to expand their respective specialty telehealth offerings. The Platform PCs leased their contracted health care practitioners ("HCPs") to the hub PC, and the hub PC contracted with the Platforms for the HIPAA-compliant telehealth platform and administrative services. Supported by third-party valuations, the hub PC paid hourly lease fees to the Platform PCs and administrative fees to the Platforms. In turn, under its managed care contracts, the hub PC billed and retained the fees paid for services provided by the contracted HCPs, taking the collection risk under its contracts.

OIG analyzed the proposed arrangement under the Personal Services and Management Contracts Safe Harbor, 42 CFR 1001.952(d). OIG found that the proposed arrangement would qualify for the Safe Harbor and accordingly would not generate prohibited remuneration under the Federal Anti-Kickback statute.

DOJ Remains Focused on Telehealth & "Telehealth-Like" Schemes Involving Durable Medical Equipment, Genetic Testing, and Laboratory Services

The Department of Justice ("DOJ") continues to focus its health care enforcement efforts on telemedicine schemes, including claims for genetic testing and Durable Medical Equipment ("DME"), as evidenced by a number of actions over the past several months:

  • On June 25, 2025, a New York-licensed nurse practitioner agreed to pay $188,850 to resolve allegations that she submitted false claims to Medicare for remotely performed psychotherapy services and used $48,670 in Coronavirus Provider Relief Funds for impermissible purposes. In the settlement agreement, the nurse practitioner admitted that between January 1, 2021, and October 28, 2024, she billed 528 Evaluation and Management claims to Medicare using Current Procedural Terminology ("CPT") code 90838, thereby falsely representing that she conducted face-to-face psychotherapy sessions lasting 53 minutes or more, during which the patient was present for the service, even though she did not physically meet with her patients or regularly use a two-way interactive telecommunications system with audio and video components. The claims involved patients primarily located in upstate New York, where the nurse practitioner previously maintained a medical office before relocating to Florida in 2020. The nurse practitioner also admitted to falsely certifying to the Health Resources and Services Administration that she used Provider Relief Funds for permissible purposes, including "General Administrative Expenses" and "Healthcare Related Expenses," when, in fact, she spent $48,670 on pre-pandemic costs and rent for the New York office she had already vacated. Note that the requirements for Medicare Part B coverage for telehealth services were evolving and complicated during the relevant time period (and since), so this settlement is significant in that it reflects that the government is now affirmatively looking for enforcement opportunities regarding potential errors in telehealth billing practices.
  • On June 30, 2025, the DOJ announced the results of its 2025 National Health Care Fraud Takedown, the largest in DOJ history, which led to criminal charges against 324 defendants. The action included charges against 49 individuals in connection with the submission of over $1.17 billion in allegedly fraudulent claims to Medicare arising from "telemedicine-like" and genetic testing fraud schemes. In one example from the Southern District of Florida, prosecutors charged the owner of telemarketing and DME companies in a $46 million scheme that allegedly used deceptive telemarketing to target Medicare beneficiaries and resulted in the submission of false claims to Medicare for DME and genetic tests. Civil claims against 20 defendants for $14.2 million in alleged fraud, as well as civil settlements with 106 defendants totaling $34.3 million, were also announced as part of the Takedown.
  • On May 2, 2025, a federal jury convicted a Louisiana nurse practitioner for her role in a $2 million Medicare fraud scheme. According to evidence presented at trial, the nurse practitioner ordered DME, such as knee braces and suspension sleeves, for patients that had not been examined by her or any other medical provider and falsified documentation to support the claims. The nurse received kickbacks and bribes from purported telehealth services companies in exchange for the fraudulent orders, which resulted in the submission of over $2 million in fraudulent claims and over $1 million in Medicare reimbursements.
  • On May 29, 2025, a Missouri resident pleaded guilty to orchestrating a scheme to defraud Medicare by submitting over $174 million in false claims for cancer and cardiovascular genetic testing, which resulted in over $55 million in reimbursements. The individual operated laboratories that obtained doctors' orders through aggressive telemarketing and paid illegal kickbacks to telemedicine physicians who did not treat or consult with the beneficiaries. The individual further concealed his ownership and control of the laboratories by shifting billing between the laboratories.
  • On June 3, 2025, a federal jury convicted the CEO of a health care software company for orchestrating a $1 billion health care fraud scheme. According to the evidence presented at trial, the CEO and his co-conspirators used an internet-based platform to generate false doctors' orders for medically unnecessary orthotic braces, pain creams, and other items, targeting hundreds of thousands of Medicare beneficiaries through misleading mailers, television advertisements, and calls from offshore call centers. The scheme connected pharmacies, DME suppliers, and marketers with supposed telemedicine companies that accepted kickbacks and bribes in exchange for signed doctors' orders transmitted using the internet-based platform, resulting in over $360 million in reimbursements.
  • On June 26, 2025, a Michigan physician was sentenced to four years in prison for her involvement in a $6.3 million Medicare fraud scheme. According to the evidence presented at trial, the physician prescribed over 7,900 unnecessary orthotic braces to more than 2,600 Medicare patients, often with little or no patient contact. The prescriptions were used by brace supply companies to bill Medicare, and the physician received approximately $120,000 from purported telemedicine companies for signing the prescriptions.

FDA Issues Final Guidance on Cybersecurity in Medical Devices

On June 27, 2025, FDA issued its updated final guidance entitled "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions," which builds on the guidance and select updates issued in 2023 and 2024 and provides a robust framework for ensuring the cybersecurity of medical devices and clarifications that reflect the evolving cyber and technological landscape, including FDA's expectations for documentation, design, and labeling requirements under section 524B of the Federal Food, Drug, and Cosmetic Act ("FDCA"). By stressing that cybersecurity must be a core quality attribute throughout the total product lifecycle, FDA clarifies in the guidance how manufacturers should demonstrate "reasonable assurance of cybersecurity" in both device pre-submissions and significant postmarket modifications. Further, FDA elaborates on expectations for software bills of materials, secure product development frameworks, coordinated vulnerability disclosure policies, and labeling that communicates cybersecurity controls to users. FDA also notably expands the definition of "cyber device" to include any device with software capabilities with connectivity features.

FDA Expands Agency-Wide AI Integration and Launches "Elsa"

In June 2025, FDA announced the launch of "Elsa," its first Agency-wide generative artificial intelligence platform designed to augment internal regulatory review processes. The announcement followed completion of the Agency's initial AI-assisted scientific review pilot, which tested the use of AI tools for summarizing complex clinical and scientific data. Elsa operates within FDA's information technology environment and is explicitly isolated from industry-submitted data, meaning it cannot train on confidential submissions. Reports indicate the tool is already being used to help staff summarize clinical protocols, compare labeling across drug products, identify trends in adverse event data, and assist in drafting technical documents. FDA officials have described Elsa as part of a broader digital modernization effort aimed at improving efficiency, transparency, and workload management across centers. The Agency has plans for additional pilots to evaluate AI support for other tasks.

FDA Warns Wrist Wearable Company Over Blood Pressure Insights Feature

FDA issued a warning letter to a fitness technology company for allegedly marketing its "Blood Pressure Insights" feature without FDA marketing authorization in violation of the FDCA. FDA takes the position that the feature, which provides users with feedback based on biometric data collected through wearable wristbands, meets the definition of a medical device because it purports to measure or estimate users' blood pressure, which is inherently associated with the diagnosis of hypo- and hypertension. As such, according to FDA, it is not an exempt general wellness software device because it implies a causal link between a user's blood pressure measurement and wellness results. Also, it is not a low-risk device that qualifies for FDA enforcement discretion under its general wellness policy because providing blood pressure estimation is not a low-risk function given the significant consequences to users who may rely on an inaccurate or misleading blood pressure measurement. In response, the company asserts that the feature is not intended to diagnose any condition and is clearly labeled for non-medical use. The dispute highlights the growing tension between wellness-focused wearable technologies and medical device regulation as companies continue to expand their biometric capabilities.

FDA Seeks Public Comment on Real-World Performance of AI-Enabled Devices

On September 30, 2025, FDA's Center for Devices and Radiological Health published a Request for Public Comment on methods for measuring and evaluating the performance of AI-enabled medical devices in real-world settings. The Agency seeks stakeholder input on how best to assess "data drift," define performance baselines, and monitor adaptive algorithms once deployed in clinical environments. The notice reflects FDA's ongoing effort to develop a comprehensive framework for AI-driven technologies, complementing earlier guidance on predetermined change control plans. FDA asked developers, health systems, and patient groups to provide feedback on practical metrics for reliability, transparency, and human oversight.

Digital Health Advisory Committee to Examine Generative AI Mental Health Tools

FDA's Digital Health Advisory Committee met in November 2025 to discuss the emerging category of generative AI-enabled digital mental health medical devices. The meeting focused on how AI tools can address the widening gap in access to mental health services in the United States, while also considering the potential risks associated with hallucination, bias, and patient harm in conversational or generative models used for mental health purposes. The session also aimed to clarify the boundary between general wellness applications and products requiring FDA authorization.

Bipartisan Healthcare Cybersecurity Act of 2025 Introduced in House and Senate

In June 2025, Congress introduced parallel bipartisan bills (H.R. 3841 / S. 1851) to strengthen cybersecurity in the health sector by directing HHS and the Cybersecurity and Infrastructure Security Agency ("CISA") to partner more closely. If passed, the bills would establish a permanent CISA liaison embedded within HHS and require CISA to provide direct technical assistance, threat intelligence, and incident-response support to non-federal health care entities, including hospitals, clinics, and public health agencies. Proponents cite the growing incidence of health data breaches, including the 2024 Change Healthcare cyber attack, and argue the bill is necessary to protect uptime and patient safety in health systems.

Federal Lawmakers Reintroduce "My Body, My Data" Act

Federal lawmakers reintroduced the My Body, My Data Act to protect reproductive and sexual health information. If passed, the bill would apply to all entities that collect, use, or disclose reproductive health data, including mobile app developers, data brokers, and online platforms, and would require them to limit such activities to what is strictly necessary to provide a requested service. Covered entities would also be obligated to implement reasonable security measures, publish clear privacy policies, and obtain affirmative consent before sharing or selling reproductive health data to third parties. In addition, the bill grants individual consumers the right to access, delete, and correct reproductive health information held by covered entities. Enforcement authority would rest with the Federal Trade Commission, which would be empowered to investigate and penalize companies that fail to comply with these data-handling requirements.

STATE

Montana Genetic Information Privacy Act Amended to Include "Neurotechnology Data"

Montana recently enacted SB 163, amending the Montana Genetic Information Privacy Act ("MGIPA") to include "neurotechnology data" within its scope of protection. MGIPA, first enacted in 2021, involves the collection, use, or disclosure of genetic information and involves consent from consumers, privacy notices, certain data deletion capabilities, and restrictions around certain third-party transfers. Under SB 163, those same obligations now extend to data generated by technologies that record, interpret, or alter activity of the human nervous system, including brain–computer interfaces and neural sensors. The new law also includes a de-identification exception for research data and consent when transferring or storing certain neurotechnology data. The law took effect October 1, 2025.

Texas SB 922: EMR Holding Period for Sensitive Results

SB 922 amends certain provisions of the Texas Medical Practice Act, establishing criteria involving disclosure by electronic means of "sensitive test results". A "sensitive test result" is defined as: (i) a pathology or radiology report that has a "reasonable likelihood of showing a finding of malignancy"; or (ii) a test result that may reveal a genetic marker. SB 922 went into effect September 1, 2025.

Global Developments

EUROPE

EU Prepares for a New BioTech Act

The European Commission proposed a new European BioTech Act as part of the Commission's broader Strategy for European Life Sciences, which focuses on how the EU can support green and digital transitions and develop high-value technologies. The forthcoming BioTech Act provides a framework for biotechnology, covering health and pharmaceuticals and other adjacent industry applications. Its central goal is to make it easier to bring biotechnological products from laboratory to factory and onto the market, while upholding the EU's high standards for safety and environmental protection.

According to Commission President Ursula von der Leyen's Political Guidelines for the Next European Commission, the BioTech Act is expected to: (i) introduce measures to streamline regulatory pathways and accelerate the transition of biotech products to market; (ii) encourage innovation in areas such as health technology assessment and clinical trials; and (iii) examine factors including regulatory speed and efficiency, access to finance, scaling of production and market size, and the use of AI in biotechnology.

As part of the legislative preparation, the Commission held a public consultation through November 10, 2025. The European Parliament previously published a briefing outlining Member State positions and key policy considerations. The proposal was officially published on December 16, 2025.

European Commission Launches Life Sciences Strategy

This summer, the European Commission launched its "Life Sciences Strategy" (the "Strategy") covering economic activities that rely on knowledge of living systems, including biotechnology, agriculture, food technologies, health care, pharmaceuticals, medical devices, bio-based products, and biomanufacturing. The Strategy aims to unlock the full potential of life sciences to strengthen Europe's competitiveness, health resilience, and sustainability. The Commission has published a Communication, Q&A, and factsheet relating to the Strategy.

The Strategy sets out a three-phase approach: (i) fostering research and innovation; (ii) accelerating market access; and (iii) promoting the uptake of innovative medical and biotechnological solutions. It seeks to ensure that Europe remains an attractive location for life sciences investment, supports strategic autonomy in critical technologies and medicines, and promotes environmentally sustainable production.

Key initiatives include improving coordination between research and industrial policy, reducing regulatory complexity to shorten time-to-market for innovative products, enhancing access to finance, and strengthening the EU's biomanufacturing capabilities. The Strategy also supports closer collaboration between regulators, industry, and health systems to facilitate faster patient access to innovation.

The Strategy complements other EU initiatives such as the Pharmaceutical Strategy for Europe, the Green Deal Industrial Plan, and the European Health Union, positioning life sciences as a central pillar of Europe's competitiveness and health preparedness.

European Commission Publishes Guidance on Medical Device Software Apps

The European Commission issued "Guidance on the safe making available of medical device software" ("MDSW") apps on online platforms (MDCG 2025-4). The document outlines the respective obligations and responsibilities of platform providers under the Medical Devices Regulation ("MDR"), the In Vitro Diagnostic Medical Devices Regulation ("IVDR"), and the Digital Services Act ("DSA"). The guidance emphasizes that clear distinction is required—platforms should clearly separate MDSW from non-medical wellness or lifestyle apps—while also clarifying key definitions: Uploading an MDSW app by the manufacturer constitutes "placing [the app] on the market," while the period during which the app is hosted on the platform and can be obtained by users constitutes "making [the app] available on the market."

Additional key principles outlined in the guidance include the following: 

  • Different legal regimes may apply. Platform providers' obligations depend on their role in the supply chain. Platforms that merely host third-party MDSW and enable consumers to conclude distance contracts with the relevant trader are intermediary service providers (and potentially online marketplaces) under the DSA, in which case DSA obligations apply. Platforms become distributors or importers under the MDR/IVDR when directly involved in making the MDSW available to users, in which case MDR/IVDR obligations apply.
  • Traceability and information obligations. Platforms must be designed in a way that enables MDSW manufacturers, distributors, or importers to comply with their traceability and information obligations under the MDR/IVDR by providing, at a minimum, the economic operator's name, address, and contact details, product identifiers, any trader sign, and all MDR/IVDR labeling elements.
  • Verification and oversight duties. Before allowing MDSW to be offered, platforms must verify trader information and take reasonable steps to check official databases for flags indicating illegality or non‑compliance. Certain large online platforms must also conduct annual systemic risk assessments focused on risks arising from the functioning or use of their services, including dissemination of illegal or noncompliant MDSW and implementing proportionate mitigation measures.

 

European Commission Publishes Draft Guidelines on Good Manufacturing Practice (GMP)

On July 7, 2025, the European Commission published revised draft guidelines on Good Manufacturing Practice ("GMP"). The updated GMP guidelines revise Chapter 4 (Documentation) and Annex 11 (Computerized Systems) and include a new Annex 22 (Artificial Intelligence):

  • Chapter 4 (Documentation). The revised chapter underscores the critical role of documentation in GMP compliance and supports the use of new technologies, hybrid solutions, and innovative services for document management. It integrates risk management principles into data governance systems and clarifies requirements for electronic records, signatures, and data integrity. The guidance also specifies that documents—regardless of format (including digital text, image, video, and audio)—must remain complete, accurate, and readable throughout their lifecycle.
  • Annex 11 (Computerized Systems). The updated annex strengthens lifecycle management requirements for computerized systems, mandating the comprehensive application of Quality Risk Management principles. It reinforces obligations relating to the definition and ongoing maintenance of system requirements, oversight of suppliers and external service providers, and control measures ensuring data integrity, audit trails, electronic signatures, and system security.
  • Annex 22 (Artificial Intelligence). The newly introduced annex sets out requirements for the use of AI and machine learning in the manufacturing of active substances and medicinal products. It covers the selection, training, and validation of AI models, with a focus on defining the model's intended use, establishing performance metrics, ensuring the quality of training and test data, and managing data processing. Annex 22 also introduces continuous oversight obligations, including change control, performance monitoring, and procedures for human review, where appropriate.

 

European Commission Publishes FAQ on Interplay Between Medical Devices and AI

The European Commission published frequently asked questions (FAQ) on the interplay between the MDR, IVDR, and AI Act (MDCG 2025-6). The FAQ clarifies how regulated medical devices and in-vitro diagnostics that incorporate or operate together with AI should navigate the convergence of the MDR, IVDR, and the AI Act.

Among others, the FAQ clarifies the following:

  • Scope and classification. The FAQ clarifies when an AI-enabled medical device—alternatively called a Medical Device Artificial Intelligence ("MDAI")—falls under both the MDR/IVDR and the AI Act.

  • Terminology. The FAQ also clarifies the relationship between terms under each regulatory regime. For example, the FAQ explains how "manufacturer" under the MDR/IVDR corresponds to "provider" under the AI Act, and that "deployer" under the AI Act is not equivalent to "user" under the MDR/IVDR.

  • Regulatory obligations and system alignment. Per the FAQ, manufacturers should integrate their quality management systems ("QMS"), risk management systems ("RMS") and technical documentation so that both the MDR/IVDR and AI Act requirements are addressed without unnecessary duplication. However, where functions are high-risk under the AI Act, additional obligations (e.g., comprehensive risk assessments, documentation of risk mitigation measures, continuous monitoring of system performance) must be demonstrated.

  • Data quality, bias, and transparency. The FAQ places a strong focus on the governance of datasets used for training, validation, and testing of AI systems, on mitigating bias, ensuring traceability of decision-making logic, and ensuring user-centered design and meaningful human oversight, especially in high-risk clinical contexts.

  • Post-market and change control considerations. The FAQ clarifies how modifications to AI-enabled medical devices must be managed, when they may constitute "significant changes" triggering further conformity assessment under the AI Act and the MDR/IVDR, and how post-market monitoring obligations extend to AI systems embedded in devices.

The iterative guidance will be continuously developed and updated. Stakeholders may wish to consider submitting concrete examples (e.g., device use cases, training-data provenance documents, performance monitoring records) to inform subsequent guidance.

Study Shows Environmental Impact of Electronic Patient Information

The European Federation of Pharmaceutical Industries and Associations ("EFPIA") published the results of a comparative Life Cycle Assessment ("LCA") comparing the difference in environmental impacts between a paper patient information leaflet ("PIL") and an electronic version ("ePI"). Results of the LCA indicate that an ePI has between 89% and 98% fewer environmental impacts in the studied categories (ecosystems, resources, cumulative energy demand, and climate change). A paper PIL has 20 times higher climate change impacts than an ePI. When scaling up to a full year of drug sales for four of the pharmaceutical companies identified in the assessment (5.2 billion units), switching to 100% ePI would reduce carbon emissions by 49,507 Metric Tons of Carbon Dioxide Equivalent ("MTCO2e") in one year.

Council of the EU Calls for Greater Efforts to Protect Youth Mental Health in the Digital Era

In the summer of 2025, the Council of the EU adopted conclusions urging Member States and EU institutions to intensify efforts to protect the mental health of children and adolescents in a rapidly evolving digital landscape. While acknowledging the positive potential of digital technologies—including access to information, social connection, and remote psychological support—the Council warns of the growing mental health risks linked to online manipulation, addictive features, harmful content, and excessive screen time.

The Council's conclusions set out several expectations for online platforms, digital service providers, and AI developers, including to:

  • Comply with the Digital Services Act ("DSA") by ensuring a safe online environment for minors and addressing harmful or illegal content;
  • Ensure compliance with the AI Act, particularly regarding systems used by or likely to affect children, to guarantee a high level of protection of fundamental rights and mental health;
  • Design-by-default for safety and privacy, setting children's accounts to the highest protection standards and avoiding manipulative or addictive design elements such as infinite scrolling or opaque algorithms;
  • Implement effective age verification systems, applied proportionately and in line with privacy requirements; and
  • Conduct transparent and independent impact assessments on how digital technologies influence young users' mental wellbeing.

The Council also calls for the following action items: (i) greater access to psychological counseling, peer-support and digital safety services for young people; (ii) integration of mental health, media, and digital literacy into education; (iii) public campaigns to help parents and educators identify signs of digital distress; and (iv) research and expert advisory bodies to improve understanding of the "psyche-digital" interface.

These conclusions reinforce existing obligations under the DSA and AI Act, signaling a broader EU policy shift toward responsible digital design and child-centric online governance. Companies operating in digital markets may wish to consider proactively assessing compliance and preparing for heightened scrutiny of the mental health impacts of their services.

European Council Adopts Position on New Pharma Package

The Council of the EU adopted a position regarding the proposed reform of EU pharmaceutical legislation (the "Proposed Reform"), paving the way for negotiations with the European Parliament, which previously adopted a position in April 2024. (See Jones Day's coverage of the European Commission's Proposal of Major Reform of Pharmaceutical Legislation in a prior edition of Vital Signs here). Those negotiations have since resulted in a provisional ("early second reading") political agreement between the co-legislators.

Key pieces of the Council and Parliament's provisional agreement include an eight-year regulatory data protection term for innovative medicines and an additional year of regulatory market protection.

The Council of the EU and the European Parliament reached a provisional agreement on the Proposed Reform in December 2025; formal adoption steps are expected to follow.

European Court of Justice Rules that Polish Prohibition on Pharmacy Advertising Violates EU Law

On June 19, 2025, the European Court of Justice ("ECJ") delivered its judgment in case C-200/24 Commission v. Poland (Publicité pour les pharmacies), finding that Poland's general and absolute prohibition on pharmacy advertising is incompatible with EU law.

The court held that the EU Directive on Electronic Commerce entitles members of regulated professions—such as pharmacists in Poland—to use online commercial communications to promote their services. While such communications must comply with professional conduct rules, those rules cannot impose a blanket ban on all forms of advertising, as Polish law currently does.

The ECJ further found that the Polish prohibition infringes on the EU freedoms to provide services and of establishment, as it prevents pharmacists from making their services known to potential clients and from promoting their professional activities. The restriction also makes market access more difficult, particularly for pharmacists established in other Member States who wish to open pharmacies in Poland.

European Union Agency for Cybersecurity Publishes a Cyber Stress Testing Handbook

In 2025, the European Union Agency for Cybersecurity (ENISA) released a practical Handbook for Cyber Stress Testing to help national authorities assess the resilience of critical sectors, including health care. The handbook introduces a five-step process—planning, preparation, execution, analysis, and follow-up—to design and conduct stress tests at a national, regional, or EU level. It provides guidance on selecting target entities, developing realistic threat scenarios, defining resilience metrics, assessing interdependencies, and translating results into policy and regulatory measures to strengthen systemic cyber resilience.

In a practical example from the health care sector, the handbook shows how a national authority could apply this process to test the resilience of hospitals, large clinics, and health agencies. The exercise focuses on both IT systems—such as electronic health records and hospital management platforms—and operational technology, including connected medical devices and building infrastructure. The simulated scenario involves a ransomware attack that encrypts hospital networks, steals patient data, and disrupts emergency and online services. Working with Computer Security Incident Response Teams (CSIRTs), law enforcement, and information and communication technology ("ICT") providers, participants assess their ability to detect, respond to, and recover from such an incident using predefined resilience metrics. The results expose weak technical safeguards and the rapid spread of ransomware between systems, prompting specific recommendations and a national program to strengthen cybersecurity and modernize healthcare infrastructure.

EU Commission adopts EU4Health Work Program 2025

On July 23, 2025, the European Commission announced two targeted initiatives aimed at accelerating digital health and responsible AI innovation in the EU, to be implemented under the EU4Health Programme, notably including the following:

  • Health Data Access Bodies (HDABs) Grants: This initiative provides funding to EU and European Economic Area (EEA) Member States to establish or strengthen Health Data Access Bodies (HDABs)—specialized national authorities responsible for facilitating the secure and efficient secondary use of health data, such as for research, innovation, and policy-making. The grants support the development of key digital capabilities, including secure data processing environments, national health data catalogues, and cross-border access gateways. These efforts aim to ensure full alignment and interoperability with the upcoming HealthData@EU infrastructure, the future decentralized platform enabling cross-border access to health data across Europe.
  • AI-driven Biotechnology Innovation Call: This action aims to strengthen collaboration between biotech companies, AI developers, research infrastructures, and regulators to accelerate the creation of AI-driven health care solutions. It prioritizes improving access to high-quality datasets—particularly in the fields of genomics, cancer, and brain research—and testing the integration of national and cross-border data infrastructures. By leveraging resources such as "AI Factories"—EU-supported hubs providing advanced computing infrastructure and expertise for training large-scale AI models—the initiative promotes rapid prototyping and validation of new technologies. All activities must fully comply with the General Data Protection Regulation ("GDPR") and the EU AI Act.

FINLAND

Finnish Data Protection Authority Fines Large Pharmacy Chain

On June 17, 2025, the Finnish Data Protection Authority (DPA) imposed a fine of EUR 1.1 million on one of the nation's largest pharmacy chains for failing to adequately protect personal data in its online shop between May 2018 and September 2022. The investigation, prompted by a doctoral student's research, found that the company violated key GDPR principles (including confidentiality and security) by using cookies and tracking tools that transmitted detailed information about users' interactions—including which prescription and over-the-counter medicines they viewed or added to their carts, along with IP addresses—to third-party technology companies. The DPA concluded that this practice allowed third parties to potentially profile users' health conditions, representing a serious breach of data protection rules.

BELGIUM

Belgian Federal Agency for Medicines and Health Products Publishes Annual Report

On July 28, 2025, the Belgian Federal Agency for Medicines and Health Products ("FAMHP") published its annual report for 2024 (the "Report"), highlighting the agency's key activities and developments over the past year. The Report covers progress across several areas, including pharmacovigilance, digital transformation, and EU-level collaboration, with a particular emphasis on the agency's growing use of digital and AI tools.

The Report outlines how FAMHP is integrating AI into pharmacovigilance processes—such as through automating translations, supporting case analysis, and facilitating communication with the EMA. However, FAMHP highlights the continued need for high-quality source data: AI complements but does not replace thorough reporting.

Additionally, the report educates readers about several upcoming and existing digital tools, like some applications and websites that allow users (including health care professionals, journalists, and patients) to check the real-time availability of medicines in Belgium as well as substitution tracking.

The Report reaffirms FAMHP's commitment to further invest in digital modernization to strengthen the safety and accessibility of medicines and medical devices and to improve transparency and access to information.

Belgian Council of Ministers Approves Several Draft Laws Related to Digital Health

The Belgian Council of Ministers was active throughout the summer, approving various laws, including these:

  • On July 18, 2025, the Belgian Council of Ministers approved two draft laws to reform the Belgian health care system. The first preliminary draft law seeks to implement key elements of health care reform that also are outlined in the coalition agreement. This includes changes to the budgetary procedures concerning the budget for Belgian national health insurance and an overhaul of how tariff agreements are negotiated with health care providers. The draft also introduces several legislative changes, for instance, enhancing the enforcement mechanisms to address serious fraud in health insurance and setting a timeline for further digitalization and administrative streamlining for healthcare professionals.
  • The second preliminary bill focuses on fulfilling the coalition agreement's commitments related to reviewing and strengthening the Federal Supervisory Commission. Its goals include simplifying the Commission's procedures, increasing the authority of its inspectors, and expanding its role to cover oversight, investigation, and reporting of breaches of health care laws, including legislation on the practice of health care professions and aesthetic surgery. Additionally, the draft law proposes the introduction of administrative fines to improve legal compliance.
  • On July 18, 2025, the Belgian Council of Ministers approved a draft law that establishes a GDPR compliant legal framework for the processing of personal data by the FAMHP in the context of its inspection and regulatory duties. This preliminary draft aims to clarify the various purposes for which FAMHP is authorized to process personal data relating to medical devices and veterinary medicines. It aims to broadly align existing legislation with the obligations arising from GDPR.

These draft laws were submitted for advice and upon formal adoption by Parliament are entered into force.

Belgian FAMHP Applies Accelerated Timelines for Clinical Trials

On October 14, 2025, the Belgian FAMHP announced expedited review timelines for clinical trial applications to facilitate quicker access to innovative therapies in Belgium.

From January 2026, clinical trials conducted exclusively in Belgium will benefit from substantially reduced evaluation timelines, which represent (approximately) a 50% reduction compared to current procedures:

  • Phase I, I/II, and II trials: Decisions will be made within 20 days of submission, or up to 59 days if additional information is needed.
  • Phase II/III, III, III/IV, and IV trials: Evaluations will be completed within 35 days, or up to 79 days with a request for more details.
  • For Advanced Therapy Medicinal Products ("ATMPs") and certain biotech drugs, an additional 10-day extension may apply.

FAHMP also initiated a pilot program for expedited assessment of multinational clinical trials in early phases (Phase I, I/II, and II), where Belgium acts as the reporting Member State under the EU Clinical Trials Regulation. The pilot program's key features include the following:

  • Applications will be reviewed within 35 days, or 79 days if additional input is requested.
  • An optional 10-day extension applies for ATMPs and certain biotech medicines.
  • This accelerated process is available upon sponsor request and depends on agreement from the participating Member States.

SLOVENIA

Information Commissioner Issues an Opinion on Patient Access to Health Records and Data Management

On July 22, 2025, the Slovenian Information Commissioner issued a non-binding opinion (No. 07121-1/2025/573) to clarify patients' rights to access their medical records and the corresponding obligations of health care providers. The opinion confirmed that while patients are not entitled to a detailed explanation of every data-entry practice, they do have a clear right to obtain a copy of their medical record or an electronic printout. The Commissioner stressed that data controllers are required to implement clear and transparent procedures for handling such requests, maintaining traceability and accurate record-keeping.

ITALY

Italy's First National AI Law Becomes Effective

On October 10, 2025, Italy's first national law on artificial intelligence (Law No. 132/2025) officially came into effect. Complementing the EU AI Act, the new legislation introduces specific provisions for "general-purpose" AI systems and models, along with a range of sector-specific measures.

In the health care sector, the law recognizes the development and experimentation of AI systems for scientific research as an area of substantial public interest. It allows public and private entities to process personal data, including special categories of data, for these purposes. The law also simplifies patient information obligations and enables the secondary use of personal and health data for scientific research without requiring renewed consent, provided appropriate de-identification measures are applied.

Moreover, while the duty to inform remains, the law explicitly permits the reuse of personal and health data for anonymization, pseudonymization, or data synthesis—so long as this processing supports scientific research or the planning, management, control, or evaluation of health care services. Certain data processing activities in this context are now formally recognized as being of significant public interest, subject to rules on secondary use and prior notification to the Italian Data Protection Authority.

Italy's Garante Issues a Fine for GDPR Violations in AI-Based Cancer Research

Earlier in the year, the Italian Data Protection Authority fined a cancer-focused technology and research company for GDPR breaches related to its software, which used deep learning to analyze patient cell images for cancer research. Although most data were pseudonymized and the company cooperated fully, the DPA found that fundamental GDPR obligations—particularly regarding transparency, data minimization, and accountability—were not fully met during the processing of highly sensitive health data, including data from individuals with multiple myeloma.

Italian Data Protection Authority Warns on Health Data and AI Risks

On July 30, 2025, the Italian Data Protection Authority issued a statement addressing the privacy and safety risks of individuals uploading sensitive medical data—such as lab results, X-rays, and clinical analyses—to generative AI platforms for interpretation or diagnosis. The authority cautioned that these AI tools are often not certified as medical devices, creating potential patient safety hazards and risks related to data control, as uploaded data could be used for future model training. The DPA stressed that AI must not replace professional medical advice and highlighted the necessity of qualified human oversight and strict compliance with GDPR and the EU Artificial Intelligence Act, particularly regarding safety, transparency, and accountability.

GREECE

Hellenic Association of Pharmaceutical Companies Issues Revised Code of Ethics

On July 1, 2025, the new Code of Ethics (the "Code"), issued by the Hellenic Association of Pharmaceutical Companies, entered into force. The new Code introduces a series of amendments aimed at enhancing transparency, aligning industry practices with recent regulatory developments, and strengthening the principles of self-regulation.

The new Code updates and clarifies definitions, expands rules on advisory boards and scientific events in line with the National Organization for Medicines' new Corrigendum Circular 45560/16.04.2025, and revises guidance on patient education. It adds a section on the origin and value of self‑regulation programs, tightens provisions on medical samples, and allows inclusion of Summary of Product Characteristics ("SmPC") via QR code provided a printed SmPC is available on request. It also reclassifies scientific events and categorizes patient information events by organizer (patient organizations, health care organizations, pharmaceutical companies), and introduces dedicated sections for events organized by foreign pharmaceutical companies both abroad and in Greece. The Code also revises sponsorship thresholds and daily hospitality/accommodation caps and updates the methodology for calculating fair market value.

FRANCE

The French Top Administrative Court Rejects a Potential Appeal Against the Health Minister's Decision to Allow Health Data Hosting by U.S. Companies

In a challenge brought by several claimants, the French top administrative court, the Conseil d'État, (the "Conseil") rejected an action seeking annulment of a February 2023 ministerial letter (and of a prior 2020 letter) relating to the hosting of the French Health Data Hub by a U.S. company. The claimants argued that the letter amounted to the State renouncing its earlier commitment to migrate the health-data platform to a fully "sovereign" European hosting solution to avoid potential U.S. jurisdictional access. The Conseil held that the letter did not constitute a binding decision subject to judicial review (since it gave rise to no definitive legal consequences) and accordingly dismissed the action. However, the court simultaneously affirmed that the objective of migrating to a more sovereign hosting solution remains alive and that the Minister's letter was characterized not as a renunciation but as a temporary adjustment in light of the absence of an immediately viable alternative hosted exclusively under French/EU law. The decision confirms that policy commitments lacking finality may not be litigated, yet the underlying sovereignty objective retains operational importance.

The French DPA Holds a Public Consultation on its Recommendations Concerning Electronic Patient Records

In light of numerous inspections and formal notices issued to health care establishments for deficiencies in security and confidentiality of patient records, the French DPA issued a draft recommendation specifically addressing the management and protection of electronic patient records ("DPI"). The draft document consolidates both legal obligations and technical/organizational measures and was subject to a public consultation open until 16 June 2025.

For those in the health-data ecosystem (hospitals, health-IT vendors, data protection officers), the draft recommendation signals heightened regulatory scrutiny. Key features include the following: (i) reinforced measures such as multifactor authentication and encryption of DPI systems; (ii) clearer delineation of sub-processors and third-party obligations; and (iii) structured guidance via 14 thematic guides covering governance, retention, access control, and maintenance of health-data systems.

NETHERLANDS

Dutch Authority for Consumers and Markets Calls for Mandatory Openness of Health Care Information and Communication Technology Systems

The Dutch Authority for Consumers and Markets ("ACM") found that ICT systems markets in the health care sector do not function effectively due to the "closed" nature of the systems. This means that other suppliers or health care providers who want to develop their own ICT cannot test or integrate new services, and their information systems do not communicate as effectively or efficiently. As a result, innovation stalls, it is difficult for new entrants to compete, and health care providers become dependent on an increasingly limited number of ICT suppliers. This leads to fewer choices, rising administrative burdens, and ultimately lower-quality care for patients.

The ACM states that it does not have the tools to effect structural change against this closed system. It therefore advises the Ministry of Health, Welfare and Sport to act through the Electronic Data Exchange in Healthcare Act. This law offers the possibility of setting sector-wide requirements for the openness of ICT systems, within strict frameworks for information security.

Dutch University Hospital Introduces AI Model to Predict Postoperative Infection Risks

Health care providers at a prominent university medical center will now use a new AI model to predict infection risk in newly operated patients. This will enable them to intervene more quickly and detect complications earlier. Now, 5% to 20% of patients experience an infection following operations. The model predicts the risk of infections within seven and 30 days after surgery, aiding provider assessment of at-risk patients.

Lawyer Spotlights

Melissa Mannion (Washington, Health Care & Life Sciences) is a seasoned regulatory attorney with more than a decade of experience in the public health space, notably serving at the Food and Drug Administration in the Center for Drug Evaluation and Research, where she led agency-wide implementation of programs and represented the agency both domestically and internationally. She is a leading strategic counselor to clients in the life sciences space, helping them navigate complex regulatory regimes and requirements, particularly in drug development and testing, supply chain and distribution, and investigations. Melissa has testified as an expert witness during criminal proceedings involving the Food, Drug & Cosmetic Act, and other related statutes, and is a licensed pharmacist.

Taylor Stevens (San Diego/Silicon Valley, M&A, Private Equity, Technology, Health Care & Life Sciences, Venture Capital & Emerging Companies) is an industry-leading corporate lawyer and M.B.A.-trained advisor to high-growth technology and life sciences companies, with more than 25 years of experience across venture capital, mergers and acquisitions, and capital market transactions. Active in the San Diego and Silicon Valley communities, he counsels a range of emerging growth and established companies throughout the full corporate life cycle—from formation and financing to strategic exits—and represents venture capital firms and strategic corporate investors in early-stage and growth investments. Taylor has led a wide range of public and private M&A transactions, including auction sales, divestitures, carve outs, roll ups, and cross-border deals, and regularly guides clients through venture capital and debt financing transactions. He is frequently recognized by Best Lawyers in America and The Legal 500 United States for his corporate and venture capital work, and he presents on venture and corporate topics at leading forums. Taylor also contributes to the innovation ecosystem through service and prior Executive Committee and board roles for an organization fostering technology and life sciences innovation.

Steve Forster (Washington, Health Care & Life Sciences) is a leading regulatory attorney who advises digital health and pharmaceutical companies on a range of complex drug and device pricing regulations under Medicare, Medicaid, and the 340B Drug Pricing Program, as well as on product launches, patient assistance and copay programs, distribution and specialty-pharmacy arrangements, and state price-transparency laws. Steve's practice also includes compliance counseling, litigation, and government-investigation matters involving the Anti-Kickback Statute and the False Claims Act. Steve also guides organizations (global and emerging) and investors throughout all stages of commercialization and provides strategic counsel on transactions. Drawing on years of in-house leadership at global pharmaceutical companies and the government, Steve brings a rare blend of public sector and senior in-house experience to support insightful solutions.

Recent and Upcoming Speaking Engagements

  • Laura Laemmle-Weidenfeld, PLI Life Sciences 2025: Navigating Legal Challenges in Drug and Device Industries, September 2025.
  • Cristiana Spontoni, Cambridge University (Downing College), European Pharma Law Academy, September 2025.
  • Laura Koman, "AI and Clinical Trials: Progress, Pitfalls, and Evidence the Regulators Will Trust" at ACI's 3rd Annual Life Sciences AI Summit in New York on February 24-25.

In Case You Missed It

FDA Drives Digital Health Forward With Pilot Program for Chronic Condition Devices

From Fragmented to Framework: Executive Order Advances National AI Consistency

Balancing Possibilities with Realities—Cyber and Privacy Legal Trends in Life Sciences

EU Digital Omnibus: How EU Data, Cyber, and AI Rules Will Shift

Innovative Insights: Legal Updates in Life Sciences | Fourth Quarter 2025

Innovative Insights: Legal Updates in Life Sciences | Third Quarter 2025

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.
You May Also Be Interested In

January 15, 2026 Firm Hosted

2026 Public Company Speaker Series

February 03, 2026 Commentary

Civil Aviation Cybersecurity: EASA Part-IS Sets New Information Security Obligations

January 28, 2026 Alert

EMA and FDA Align on Good AI Practice in Drug Development

January 27, 2026 Commentary

European Commission Publishes Draft Code of Practice on AI Labelling and Transparency

Before sending, please note:

Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.