Navigating a multi-headed EU regulatory landscape: challenges to compliance for companies in the life science sector

By Natasha Tardif, Managing Partner, & Lucile Chneiweiss, Senior Associate – EU, competition and regulatory department, Reed Smith LL

Enhanced scrutiny of regulatory authorities and an ever-evolving regulatory landscape make compliance with sectorial, competition and data privacy rules challenging for companies in the EU life sciences sector. Maintaining said compliance requires multi-faceted vigilance, in addition to substantial costs in resources, specialized personnel, experienced practitioners, training, infrastructure and documentation.

  1. An ever-evolving and complex regulatory landscape

To reflect “substantial technological and scientific progress”[1] in the sector, the European Commission adopted in 2017 new medical devices regulations[2]. Similarly, to “promote research and technologies that reach patients to fulfil their therapeutic needs”[3], the European Commission recently proposed a new set of Directive and Regulation to “revise and replace the existing general pharmaceutical legislation”.[4]

The common objectives of these legislations are to ensure affordable, timely and safe access to medical devices and medicine, address unmet medical needs, support competitiveness, innovation and sustainability in the industry, enhance supply chain mechanisms, improve traceability and safety, and promote the EU as a spearhead of scientific excellence.

The European Commission has engaged multiple other tools from its enforcement toolbelt to support this objective and focus on the life science sector, amongst which competition enforcement in the pharmaceutical sector;[5] adapting its guidance of exclusionary abuses to reflect caselaw;[6] explicitly stating that transactions in the pharmaceutical sector were at the heart of its call to incentivize Member States to refer mergers to the EU Commission;[7] and proposing to adopt a “European health data space” allowing for the creation of a health data infrastructure.[8]

In this intricate and intermixing landscape of overlapping legislation, life science companies must ensure that they answer the objectives and stay clear of the enforcement aspirations of European authorities.

  1. Ensuring market access for medical devices and medicine

In addition to a comprehensive and centralized system delivering marketing authorization (comprised of the European Commission, the European Medicines Agency and Member States’ medicines regulatory authorities), competition enforcement has already been effective in ensuring that medicine is being distributed in the EU, in particular in the forms of generics and biosimilars.

Favouring market entry of generics and biosimilar have been at the core of the EU and Member States’ priorities for years, in particular due to the cost savings to Member States’ health systems and social security mechanisms.

Product markets in the life science sector are often highly concentrated, with few active market players due to high initial investment costs, protection periods for patented products, and strenuous certification or authorization processes.

In such markets, competition concerns are highly likely to arise. Market dominant companies (such as incumbent market innovators, patent holders or originator drug companies) should be especially careful not to adopt abusive practices that would prevent or exclude alternative players (or generic or biosimilar drug manufacturers) from accessing or remaining on the market, such as bundling offers, refusing to provide products, charging excessive prices, or disparaging other market players to authorities. Price gouging[9] and disparagement practices[10] are especially under recent scrutiny from the European Commission.

Medical device companies do not escape such scrutiny, as the European Commission has recently demonstrated.[11]

Originator and generic drug manufacturers should also be vigilant not to enter into anticompetitive agreements with the objective of delaying the entry of the generic drug on the market (so called pay-for delay agreements).[12]

In addition, European enforcement is increasingly considering whether acquisitions in the life science sector may constitute anti-competitive practices requiring specific intervention.

In particular, the European Commission has targeted the healthcare sector in its communication calling on Member States to refer non-notifiable mergers within the meaning of the European Merger Regulation.[13] This led the Commission to investigate, prohibit the merger and impose a fine for non-compliance with the waiting period on two US companies that did not exceed the European merger control thresholds.[14]

The Court of Justice of the European Union also recently ruled that a merger could constitute an abuse of a dominant position, therefore allowing to review and sanction a non-notifiable acquisition, ex-post.[15]

Such behaviours are considered anticompetitive by competition authorities, and companies entering into such conducts or agreements would face significant fines. Enforcing specific tools internally to ensure proper competition compliance is therefore fundamental.


  1. Enabling innovation while protecting sensitive data

The life science sector is particularly targeted by cyberattacks, at the same time as the digitalisation of patients’ information and demand for accessibility are increasing. This poses specific concerns for personal data protection.

The European pharmaceutical strategy for Europe has objectives of improving data accessibility, availability and analysis.[16] However, the safety and security of such data remain essential. Life science companies know that implementing strict tools to ensure the protection of health data (which is sensitive information)[17] is at the core of their compliance obligations.

Life science companies should adopt strategies such as systematic consent request, regularly monitoring and verifying preferences, informing patients via an explicit privacy policy, training employees, putting in place safety protocols (two-factor authentication, regular and mandatory system updates and use of encryption), and implementing clear and efficient data breach response mechanisms (especially in light of the tight 72-hour notification deadline).[18]

In addition, it is recommended to follow the relevant Members States’ data protection authority’s guidelines

[1] European Commission Fact sheet, New EU rules to ensure safety of medical devices, 5 April 2017

[2] Regulation on Medical Devices (Regulation (EU) 2017/745) and Regulation on In Vitro Diagnostic Devices (Regulation (EU) 2017/746)

[3] European Commission information page, A pharmaceutical strategy for Europe, 26 April 2023

[4] European Commission proposal for the Pharmaceutical Regulation, European Commission proposal for the Pharmaceutical Directive, 26 April 2023

[5] European Commission Communication, European competition authorities working together for affordable and innovative medicines, 28 January 2019

[6] European Commission Communication, Amendments to the Communication from the Commission Guidance on the Commission’s enforcement priorities in applying Article 82 of the EC Treaty to abusive exclusionary conduct by dominant undertakings, 27 March 2023

[7] European Commission Communication, Guidance on the application of the referral mechanism set out in Article 22 of the Merger Regulation to certain categories of cases, 31 March 2021

[8] European Commission Communication, A European strategy for data, 19 February 2020

[9] European Commission Press release, Antitrust: Commission accepts commitments by Aspen to reduce prices for six off-patent cancer medicines by 73% addressing excessive pricing concerns, 10 February 2021

[10] European Commission Press release, Antitrust: Commission sends Statement of Objections to Teva over misuse of the patent system and disparagement of rival multiple sclerosis medicine, 10 October 2022

[11] European Commission Press release, Antitrust: Commission carries out unannounced inspections in the medical devices sector, 19 September 2023

[12] See such landmark decisions as the Lundbeck (Commission Decision of 19 June 2013 in case COMP/AT.39226 – Lundbeck), Fentanyl (Commission Decision of 10 December 2013 in case COMP/AT.39685 – Fentanyl) and Servier (Commission Decision of 9 July 2014 in case COMP/AT.39612 – Servier) cases and their appeals and remedies before the General Court and European Court of Justice

[13] European Commission Communication, Guidance on the application of the referral mechanism set out in Article 22 of the Merger Regulation to certain categories of cases, 31 March 2021

[14] European Commission Press release, Mergers: Commission fines Illumina and GRAIL for implementing their acquisition without prior merger control approval, 12 July 2023; Antitrust cases No. M.10483 (fine for implementation of the acquisition without prior merger control approval); M.10188 (merger review); M.10493 (interim measures procedure); and M.10939 (restorative measures procedure)

[15] European Court of Justice, Case C-449/21, Towercast, 16 March 2023

[16] European Commission Communication, A European strategy for data, 19 February 2020

[17] Under the General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

[18] European Union Factsheet, European Data Protection Supervisor, Personal Data Breaches in a Nutshell, 2021

[19] In order of relevance, the authority of the life science company’s place of establishment, or the patients’ place of residence depending on the nature of the services provided, the products’ marketing and/or where trials are conducted

Hot Topics

Related Articles