With multiple legislative processes underway, we are now in an important moment for Europe’s ambition to boost access and be a global leader in innovation. An agile, modernized regulatory system — coupled with supportive intellectual property and access policies — can attract research and development and advanced manufacturing to Europe. This will contribute to the earlier availability of new cures for European patients and a healthier innovative ecosystem. Unfortunately, today we see that Europe is falling behind global competition. Over the last decade, there has been a 10 percent decrease in clinical trials in the European Union, which has led to 60,000 fewer European patients participating in trials.[1] Europe’s fragmented system for clinical trial approvals is a leading cause of this decline, impacting early access to innovative treatments. As scientific breakthroughs can deliver better health outcomes for patients, governments need to keep pace with this speed of innovation. > Draghi report on EU competitiveness importantly identified pharmaceutical > innovation as a strategic sector for growth in Europe. That said, the report > also noted that what is missing is a simple and strong execution plan behind > it, with simplified regulation and coherent and predictable policies that > could drive the European goals of increased competitiveness and strategic > autonomy. Europe’s marketing authorisation process now exceeds 14 months (444 days), causing patients to wait nearly three months longer than in the US (356 days) and over five months longer than in Japan (290 days) for access to innovative medicines.[2] Such delays, combined with complex and lengthy country-level market access systems, mean patients in Europe are waiting an average of 20 months longer than people living in the United States to benefit from scientific innovation.[3] Last year’s Draghi report on EU competitiveness importantly identified pharmaceutical innovation as a strategic sector for growth in Europe. That said, the report also noted that what is missing is a simple and strong execution plan behind it, with simplified regulation and coherent and predictable policies that could drive the European goals of increased competitiveness and strategic autonomy. Ongoing discussions on the revision of the General Pharmaceutical Legislation and the In Vitro Diagnostic Regulation (IVDR), the Critical Medicines Act and the upcoming Biotech Act (Part 1) mark crucial opportunities for Europe to become a global leader for innovation. However, to make this vision a reality, the EU must address structural challenges that undermine innovation and patient access to novel, lifesaving medicines. > To reverse the worrying decline in European clinical trial activity, the EU > should implement a maximum two-month approval process for clinical trial > applications (CTAs), encompassing the reviews of both regulators and ethics > committees consistent with other global leaders. The successful implementation of structural, future-proof policy changes can ensure timely access to innovative medicines for EU citizens, and this can be achieved through five key policy recommendations: Facilitate and accelerate clinical trial applications To reverse the worrying decline in European clinical trial activity, the EU should implement a maximum two-month approval process for clinical trial applications (CTAs), encompassing the reviews of both regulators and ethics committees consistent with other global leaders. It is equally important to increase collaboration among EU member states to remove unique and specific national CTA requirements and questions, and to also introduce opportunities for an informal dialogue with regulators to expediently address smaller challenges that can be quickly fixed. Legislative overlaps and fragmentation between the Clinical Trials Regulation (CTR) and the IVDR should also be addressed to avoid delays in clinical trials that utilize companion diagnostics. Expand expedited pathways Despite their potential, the EU’s expedited pathways (such as the European Medicines Agency’s PRIME scheme for unmet medical needs, Conditional Marketing Authorisation and Accelerated Assessment) are underutilised, limiting rapid patient access to important medicines. Similar expedited pathways are widely used by other regulators around the world, like the United States and Japan. Expanding the use of expedited pathways in the EU to new indications and aligning eligibility criteria with global standards would ensure that the EU has more competitive regulatory pathways and earlier patient access to life-saving medicines. Shorten scientific advice and approval timelines Shortening the EU’s scientific advice procedure is critical to optimise the development of innovative products, ensure timely and efficient resource management for both applicants and regulators, and maintain the EU’s influence in global scientific and clinical research. By evolving to a more integrated and agile dialogue, the EU can provide comprehensive, consistent guidance throughout the product lifecycle and remain competitive with other regions. Given their growing number, scientific advice should be available for medicines used with all types of medical devices and in vitro diagnostics (including combinations diagnostics) to address the complexities of working across these regulatory frameworks. > An agile, modernized regulatory system — coupled with supportive intellectual > property and access policies — can attract research and development and > advanced manufacturing to Europe. Regarding the current lengthy approval times, the proposed reduction of EMA’s standard assessment timelines from 210 to 180 days — as suggested in the revision of the pharmaceutical legislation — would allow regulators to accelerate their scientific assessments. Furthermore, the European Commission can streamline its decision phase (currently requiring up to 67 days) by conducting its activities in parallel with the scientific assessment. Strengthen the EU Medicines Regulatory Network and embrace regulatory sandboxes Achieving greater speed and agility within a regulatory system requires an appropriately resourced, sustainable regulatory infrastructure. We support transparent regulatory budgets across the network, backed by consistent investments in expertise, funding and infrastructure to support continuous capacity and capability advancements. Collaborative regulatory pathways (such as the EMA OPEN framework) could be further expanded to encourage simultaneous approvals and supply chain resilience across geographies. Additionally, regulatory sandboxes would be beneficial to pilot and adapt frameworks for disruptive future innovations, while ensuring appropriate guardrails to enable the safe development and implementation of these innovations. Enhance patient engagement Effective regulatory decision-making requires both inclusivity and adaptability. Limited patient and expert input can hinder effective regulatory decision-making, while rapid pharmaceutical innovation requires adaptable frameworks. Expert and patient perspectives are crucial for informed benefit-risk and clinical meaningfulness determinations. Disclaimer POLITICAL ADVERTISEMENT * The sponsor is Eli Lilly & Company * The advertisement is linked to General Pharmaceutical Legislation (GPL), In Vitro Diagnostic Regulation (IVDR), Critical Medicines Act (CMA), Biotech Act (Part 1), Clinical Trials Regulation (CTR), EU Medicines Regulatory Network More information here. -------------------------------------------------------------------------------- [1] IQVIA, Assessing the clinical trial ecosystem in Europe, Final Report, October 2024: efpia_ve_iqvia_assessing-the-clinical-trial-ct-ecosystem.pdf. [2] Lara J, Kermad A, Bujar M, McAuslane N. 2025. R&D Briefing 101: New drug approvals in six major authorities 2015-2024: Trends in an evolving regulatory landscape. Centre for Innovation in Regulatory Science. London, UK: https://cirsci.org/wp-content/uploads/dlm_uploads/2025/08/CIRS-RD-Briefing-101-v1.1.pdf. [3] The Patients W.A.I.T. Indicator 2024 Survey. https://www.efpia.eu/media/oeganukm/efpia-patients-wait-indicator-2024-final-110425.pdf

The European Commission is set to unveil the Biotech Act I, an EU cardiovascular health plan and a simplification of the bloc’s medical devices and in vitro diagnostics rules on Dec. 16, according to the latest Commission agenda published Monday. The first part of the Biotech Act will focus on the pharmaceutical industry and is being produced without a dedicated impact assessment. The second part — covering other biotech sectors — is expected in the third quarter of 2026. The upcoming cardiovascular health plan — inspired by the bloc’s Beating Cancer Plan — will cover prevention, early detection and screening, treatment and management, and rehabilitation. Meanwhile, simplification of the bloc’s medical devices and in vitro diagnostics rules comes after the regulations drove up assessment costs, caused certification delays, and led to product withdrawals from the market. Europe’s Health Commissioner Olivér Várhelyi has previously said the sector needs a “major overhaul.” Additionally, the Commission’s agenda includes a “drugs package” comprising new rules on drug precursors and an EU Drugs Strategy and European action plan against drug trafficking — both scheduled for Dec. 3.

BRUSSELS — Ursula von der Leyen played hardball on trade with China in Beijing last week. Within days, she was rewarded with a trade deal with U.S. President Donald Trump. After reaching a handshake deal at the U.S. president’s Turnberry gold resort in Scotland on Sunday, the European Commission President made clear — without name-checking China — that Washington and Brussels needed to team up to confront the competitive threat from the east. “On steel and aluminum, the European Union and the U.S. face the common external challenge of global overcapacity,” she said — referring to China’s excess production of subsidized products such as steel, as well as solar panels or batteries. When Washington and Brussels “work together as partners, the benefits are tangible on both sides,” she added.  The EU’s deal with the U.S., which fends off Trump’s threat to raise tariffs on most EU goods to 30 percent on Aug. 1, came days after von der Leyen met Chinese President Xi Jinping and Premier Li Qiang in Beijing for what should have been a celebration, yet ended up being anything but.  Speaking after a one-day EU-China summit — marking the 50th anniversary of diplomatic relations — von der Leyen said relations between the bloc and China had reached an “inflection point.”  “Trade must become more balanced,” she said, arguing that the EU will not be able to keep its markets open to Chinese exports unless Beijing takes decisive action on the trading relationship.  In her strategy to win over the White House, von der Leyen, a transatlanticist at heart, has over recent months gradually toughened her stance toward Beijing — which in return has warned it will retaliate against any country that seals a trade deal with the U.S. Ahead of the EU-China summit, expectations for any concrete deliverables on trade were low, with some EU officials pointing out it was an achievement the EU and China were meeting at all in the current climate. Right on cue before the summit, the EU listed two Chinese banks in its latest sanctions against Russia, leading Beijing to vent its “strong dissatisfaction and resolute opposition” at a step that it called “egregious.” In the end, the two sides agreed a mechanism to facilitate the fast-tracking of licenses for raw materials, something many European companies had complained about as China tightened its leash on export controls over its rare earth minerals. Big spats — such as over the EU’s anti-subsidy duties on Chinese electric vehicles and access to tenders for medical devices — were left unresolved, however.  EU officials have started referring to China’s negotiation tactics as “the stinking fish strategy” — in which Beijing manufactures new frictions (aka stinking fish) that the EU then has to remove through negotiation.  THE ENEMY OF MY ENEMY IS MY FRIEND The optics could hardly have been more different at the Scottish coast on Sunday.  Following a meeting that lasted about an hour, von der Leyen, a grin on her face, said she wanted to “thank President Trump personally for his personal commitment and leadership to achieve this breakthrough. He’s a tough negotiator, but he is also a deal maker.” The “breakthrough” amounted to Donald Trump lowering his originally threatened 30 percent to 15 percent tariffs on imports of EU goods, as well as agreeing to certain sectoral exemptions. | Andrew Harnik/Getty Images The “breakthrough” amounted to Trump lowering his originally threatened 30 percent to 15 percent tariffs on imports of EU goods, as well as agreeing to certain sectoral exemptions.  As part of their preliminary deal, von der Leyen and Trump also agreed to form an alliance on industrial metals — steel, aluminum, copper and their derivatives — to mitigate the impact of subsidized Chinese overproduction on global markets. This alliance would “effectively [create] a joint ring fence around our respective economies through tariff rate quotas at historic levels with preferential treatment,” Maroš Šefčovič, the EU’s trade chief, said on Monday.  While terms still need to be ironed out — along with most details of the transatlantic trade deal — the alliance is part of broader plans to “join forces in addressing sources of non-market overcapacity so that we work together to address global overcapacity,” according to one senior EU official, who was granted anonymity to discuss the closed-door talks.  LOOKING EAST? LOOKING WEST Initially, after Trump’s return to the White House, hopes were high for a diplomatic reset of the bloc’s relations with China, or at least a gradual détente. In a speech to EU ambassadors in February, von der Leyen said the EU needed to “engage constructively with China,” adding that “we can find agreements that could even expand our trade and investment ties.” The unusual openness was welcomed by Beijing, which seemed keen to build ties with the EU when Washington later hiked tariffs to 145 percent. But when China hit back by imposing strict controls on exports of rare earths, Europe was caught in the crossfire — and von der Leyen’s conciliatory tone didn’t last.  At a summit of G7 leaders in June, von der Leyen accused China of “weaponizing” its leading position in producing and refining critical raw materials. And, speaking to European lawmakers shortly before the EU-China summit, she took aim at China’s industrial overproduction, export restrictions and its support for Russia’s war against Ukraine. In the end, von der Leyen’s hawkish stance on Beijing may have helped her seal a deal with Trump. But it’s a strategy that risks backfiring and being less effective than the Commission hopes.  “The current U.S. leadership seems more interested in striking a bilateral deal with China than in collaborating with allies and partners to deal with the challenges posed to the U.S. and the world,” said Francesca Ghiretti, director of the China Europe Initiative at the RAND think tank. Ghiretti added that the EU’s alignment with the U.S. on China “does not give any immediate advantage or relief in the tensions between the U.S. and the EU.”  The EU, she said, should “carry on with an approach to China that is about the EU and China, rather than the role China may play in the EU’s relation with the U.S.”

LONDON — Much like cricket, trade talks with India have been a long game, with plenty of sticky wickets along the way. As India’s cricket team goes head-to-head with England at Old Trafford on Thursday, Prime Minister Keir Starmer and his Indian counterpart Narendra Modi flaunted their newly inked free trade agreement at Chequers, Starmer’s country residence. The parallel did not go unnoticed by the two leaders. “For both of us cricket is not just a game but a passion — and also a great metaphor for our partnership,” Modi told reporters shortly after the deal was signed. “There may be a swing and a miss at times, but we always play with a straight bat. We are committed to building a high-scoring, solid partnership.” The ceremony marked the symbolic end to three years of sometimes fraught head-to-head negotiations between India and Britain’s trade teams. While far from what British negotiators envisaged when they began the talks, the U.K. has managed to chalk up a fair few wins, with some stand-out sectors emerging triumphant. Indian negotiators can also boast of a few victories. From Scotch whisky to business mobility, we’ve set out the biggest wins on either side in our FTA scoreboard. UK WINNERS Scotch whisky producers One of the biggest wins on the U.K. side is reduced tariffs for Scotch whisky. Under the FTA, Indian tariffs on the tipple will be slashed in half, from 150 percent to 75 percent, then dropped even further to 40 percent over the next decade.  India is the world’s biggest whisky market by volume and the tariff reduction has been described as a “game changer” by the industry. Announcing the deal, Starmer said it would give U.K. whisky producers “an advantage over international competitors in reaching the Indian market.” India is the world’s biggest whisky market by volume and the tariff reduction has been described as a “game changer” by the industry. | Neil Hall/EPA “The deal will support long term investment and jobs in our distilleries in Speyside and our bottling plant at Kilmalid and help deliver growth in both Scotland and India over the next decade,” said Jean-Etienne Gourgues, CEO at Chivas Brothers.  Automakers There’s also good news for British automakers — which have had quite a ride over the past few months thanks to U.S. President Donald Trump’s punitive tariff regime. Tariffs of up to 110 percent on British cars will drop to 10 percent after five or ten years depending on the type of car. As a result, the government expects exports of U.K. motor vehicles to increase by 310 percent — or £890 million — in the long run.  Mike Hawes, chief executive of the Society of Motor Manufacturers & Traders (SMMT), which represents the British automotive industry, said the deal represented a “significant achievement, partially liberalising the Indian automotive market for the first time.”   He called for rapid ratification of the deal and renewed efforts to agree “fair and workable solutions” on the administration of the tariff rate quotas. Lawyers Just days after the deal was first struck on May 6, India’s legal regulator approved new rules permitting foreign legal firms and lawyers to practise there on a reciprocal basis. It was seen by the sector as a key win coming in parallel with the deal.  The Bar Council of India first signaled the move in 2023, but received fierce opposition from domestic legal firms. “This is an important development for our two professions,” said Richard Atkinson, president of the U.K.’s Law Society at the time, although some strict conditions still apply.  Services firms  The deal’s financial services chapter is a first for India. New Delhi promises that Britain’s financial and business services firms can’t be treated differently to Indian companies. It guarantees India cannot impose limitations on investment or the number of British financial services firms that can operate in the country. India’s penchant for data localization — meaning services firms like banks and consultancies need to set up servers in India if they’re processing Indian nationals’ info — isn’t addressed in the deal since the country’s parliament is still working through new data privacy and security laws. Yet there are provisions to allow further negotiations with the U.K. if India moves to liberalize the flow of data in the future. INDIAN WINNERS Workers on secondment to the UK One of the most contentious areas of the trade deal — and most sought after on the Indian side — are new provisions on business mobility. The U.K. has promised that an existing visa route for some temporary workers that’s not currently available to India — and capped at 1,800 people — will now be open to Indian employees (although the cap won’t be lifted). Most controversially for some, the U.K. and India have separately agreed to negotiate a Double Contributions Convention, which means that neither Indian nor British workers will be required to pay national insurance contributions in both their home country and the one they are working in. Details of the agreement are still being ironed out but both sides have agreed to strike the deal in side letters. In promotional material published alongside the deal, the U.K. government insists the measures will have no impact on immigration. “All visa routes that have been locked in through the agreement are only available for temporary stays, and none of the routes provide a path to permanent settlement,” it notes. Farmers The U.K. has agreed to remove tariffs on imports of Indian food, with the exception of sugar, milled rice, pork, chicken and eggs, which will continue to be subject to the current duties in place. In its impact assessment, the government notes that food imports will still have to comply with U.K. food and animal welfare standards. The U.K. has agreed to remove tariffs on imports of Indian food, with the exception of sugar, milled rice, pork, chicken and eggs, which will continue to be subject to the current duties in place. | Farooq Khan/EPA Meanwhile, campaigners welcomed the absence of any intellectual property clause in the agreement that would have limited Indian farmers’ ability to save and exchange their seeds.  Patented, genetically modified seeds and restrictions on their use have been identified as a one of several factors contributing to the high level of farmer suicides in the country. “We hope that following this deal, the U.K. government will commit to safeguarding farmers’ rights in all future trade agreements, as farmer seed systems are vital for smallholder farmers in India and in many other countries across the world,” said Hannah Conway, trade and agriculture policy adviser at Transform Trade. Drugmakers Under the deal, Indian generic medicines and medical devices can be exported duty free to the U.K., in a move welcomed by the country’s officials. Last year the U.K. imported medicinal and pharmaceutical products worth around £667.4 million from India. “Given the U.K.’s shift away from reliance on Chinese imports post-Brexit and Covid-19, Indian manufacturers are poised to emerge as a favoured, cost-effective alternative, especially with zero-duty pricing for medical devices,” a commerce ministry official told the Indian news agency PTI. Meanwhile, India will also welcome the absence of any data exclusivity clauses related to pharmaceuticals in the deal’s intellectual property chapter, which could have posed a threat to the country’s generic drugs sector, the world’s largest by volume. Textiles manufacturers The trade deal removes tariffs on Indian textiles exported to the U.K., with imports expected to rise by around 85 percent to £2.9 billion, according to the government’s impact assessment. The U.K. imported Indian clothing worth £877.3 million last year. As a result, the government projects that the U.K. textiles, apparel and leather goods industry is expected to lose £114 million — the biggest projected decline of any industry. “This in turn is projected to lead to resources shifting away from adversely affected sectors to other sectors that exhibit a larger increase in exports,” it said. 

It was supposed to be a celebration. But ahead of a meeting of European and Chinese leaders in Beijing on Thursday, expectations could hardly be lower.  After Donald Trump’s return to the White House, hopes were high that Beijing and Brussels could reach a gradual détente. And this year’s EU-China summit, marking the 50th anniversary of diplomatic relations, was meant to reflect that. Fast-forward six months and relations have hit a new low.  “The EU-China relationship has been an increasingly tense relationship for the past six to seven years, and it’s not getting any better,” said Noah Barkin, senior fellow at the German Marshall Fund think tank. “The summit is likely to underscore that both as far as the economic relationship goes and as far as China’s support for Russia goes, there has been very little progress between Brussels and Beijing.” As she tries to smooth ties with Washington, European Commission President Ursula von der Leyen’s tone toward Beijing has turned increasingly hawkish. In reply, China has warned against sealing any transatlantic trade deal that would harm its interests.  The elephant in the room, in addition to the long-running trade disputes: Russia’s war on Ukraine. And, right on cue before the summit, the EU listed two Chinese banks in its latest sanctions against Russia, leading Beijing to vent its “strong dissatisfaction and resolute opposition” at a step that it called “egregious.” Despite the harsher tone, Dutch Member of the European Parliament Bart Groothuis still thinks “the EU is handling China too carefully.” China’s crackdown on exports of critical raw materials are a case in point, he told POLITICO, and demand a tough response: “You’ll have to hit back with market access,” said Groothuis, who sits on the Parliament’s trade committee. The irritants are multiplying: Earlier this month, Beijing banned government purchases of EU medical devices, in retaliation against Brussels putting up rules for Chinese medical equipment. That comes on top of a lingering dispute over the EU’s imposition of duties on Chinese-made electric vehicles last year and Beijing’s retaliatory duties on European liquor. The setup of the summit reflects just how tense ties between the two economic superpowers have become. First, Chinese President Xi Jinping snubbed von der Leyen and European Council President António Costa earlier this year by declining an invitation to come to Brussels. Then, the summit — originally planned to run for two days — was shortened to one day only.  Now, von der Leyen and Costa are expected to meet with Xi for a more general discussion on EU-China relations in the morning, according to an EU official. Leaders will discuss geopolitics over lunch, while a meeting with Premier Li Qiang will focus on economy and trade issues.  As at previous summits, there won’t be a joint statement. The Chinese foreign ministry only officially confirmed Xi’s attendance on Monday.  STUCK IN THE MIDDLE Earlier this year, von der Leyen had struck an unusually conciliatory tone toward Beijing, prompting cautious hopes for a diplomatic reset of the bloc’s relations with the Middle Kingdom. In a speech to EU ambassadors in February, she said the EU needed to “engage constructively with China,” adding that “we can find agreements that could even expand our trade and investment ties.” Chinese President Xi Jinping snubbed Ursula von der Leyen and European Council President António Costa earlier this year by declining an invitation to come to Brussels. | Pool photo by Kirill Kudryavtsev/EPA That openness was welcomed by Beijing, which looked to build ties with Europe when Trump later hiked tariffs to 145 percent. When China hit back by imposing strict controls on exports of rare earths, Europe was caught in the crossfire. Although EU trade chief Maroš Šefčovič negotiated faster permitting procedures, Beijing has refused to lift the controls for EU companies — which continue to sound the alarm about disruptions to critical industry supply chains.  “Why aren’t we in Europe getting any gallium, if the goal is to hit the U.S.?” asked Groothuis. Gallium is used in military applications and many other high-tech products. He said the Chinese authorities were subjecting EU companies that request permission to buy gallium and other materials to heavy questioning: “How much gallium goes in which product? Who is your customer? How much stock do you have? They are just mapping out where they can squeeze us in the future.” Groothuis, a member of Renew, has called in the Parliament for the EU to “do squeezing of its own” on market access, visas, migration issues and public procurement. If the bloc isn’t willing to make use of that leverage, he said, “it’s like someone is pissing in your boot and you’re like: ‘Ah, that’s nice and warm’.” LITTLE TO OFFER That’s unlikely to cut much ice with China’s supreme leader. “China has little incentive to offer anything beyond the usual low-effort, easy wins to the EU,” said Francesca Ghiretti, director of the China Europe Initiative at the RAND think tank. “Beijing believes it is in a position of strength, having secured a temporary truce with the U.S. more quickly and easily than anticipated, while the EU remains engaged in challenging negotiations.” Before heading to Beijing, von der Leyen and Costa will land in Tokyo for the official launch of an EU-Japan alliance that links the two economies’ industrial policy more closely in the face of Chinese overcapacity and U.S. tariffs — a signal that Brussels hopes Beijing won’t miss. Among the scant summit deliverables is a rumored order for Airbus passenger jets. With a lack of announcements on trade and security, the two sides had hoped to sign a joint communiqué on climate, but that’s unlikely to happen.  An EU official said they would consider the China summit a success “if our counterparts acknowledge and understand our concerns,” for instance around overproduction and fair competition globally. “Then it would be up to them to react.”

Simon Meier, a trauma and orthopedic surgeon, was off duty when a colleague called one evening. University Hospital Frankfurt was the target of a massive cyberattack which required an urgent response. The next morning, Meier, who was also the hospital’s emergency planner, sat in a crisis meeting with hospital leadership. IT teams had worked through the night without success, and now, a critical decision loomed. “We had to cut off the whole hospital network from the internet,” Meier recalled. “We didn’t want to give anyone the chance to tamper with the IT systems anymore.” Internet access was severed, databases were frozen and hospital staff had to switch to pen and paper, as well as phone calls, to deliver care. “It severely impaired the communication between our electronic systems,” Meier said. Accessing lab results or data from mobile X-ray machines became a headache, with systems unable to report to the hospital database. “We had to reschedule appointments just to be able to have a look into the patient’s files and postpone some planned surgeries,” he said. Now, over one-and-a-half years later, the system is not yet back to “normal,” Meier said. Internet and database access remain restricted, and a costly infrastructure rebuild is underway to plug long-exploited vulnerabilities. This attack is just one of 309 cybersecurity incidents targeting the health care sector in the EU in 2023 alone — more than any other critical sector. The cost of a major incident typically reaches some €300,000. Beyond the financial impact, cyberattacks pose a threat to patients’ lives. The stakes became clear in a recent case in the U.K., where the death of a patient was linked — among other contributing factors — to a delayed blood test result caused by a cyberattack that disrupted pathology services last summer.  World Health Organization (WHO) chief Tedros Adhanom Ghebreyesus called cyberattacks on health care “issues of life and death.”  While health care has become the primary target for cybercriminals in recent years, putting lives at risk, the sector paradoxically invests less in cybersecurity than any other industry, leaving high-value data vulnerable to attack. PERFECT TARGET For cybercriminals, targeting health data “is a perfect business plan,” said Christos Xenakis, professor at the department of digital systems at the University of Piraeus, Greece. “It’s easy to steal data, and what you steal, you can sell it at a high price.” Ransomware attacks — where hackers lock data and demand a ransom — dominate the sector, an EU Agency for Cybersecurity (ENISA) report showed. “They achieve two targets: One is to get the data and sell (it), and the other is to encrypt the whole system, disrupt the whole system, and ask for money,” Xenakis said.  While health care has become the primary target for cybercriminals in recent years, putting lives at risk, the sector paradoxically invests less in cybersecurity than any other industry, leaving high-value data vulnerable to attack. | Andreas Arnold/Picture Alliance via Getty Images Stolen data can be sold on the dark web to criminals who use it to commit identity theft, insurance fraud or blackmail. To restore disrupted systems, criminals can demand millions of euros — hackers, for instance, wanted $4.5 million for the return of the stolen data after a cyberattack on Hospital Clínic in Barcelona. The hospital refused to pay.  However, other types of cyberattacks are also on the rise, including those by pro-Russian hacktivists aiming to disrupt health care operations, rather than for profit. Despite the risks, only 27 percent of health care organizations have a dedicated ransomware defense program, and 40 percent don’t offer any security awareness training for non-IT staff, a separate ENISA report found. CREATING CYBERSECURITY CULTURE Xenakis believes that the health care sector sees cybersecurity as “out of their business” scope and as a “luxury” rather than an essential. Health care staff are unaware of the risks, he believes, resulting in poor “cyber hygiene.” He recalls being left alone in a doctor’s office with unsecured computers — an easy target for hackers. “If I wanted to do something, it [would have been] easy for me,” he said. At the same time, he doubts that he would have been left in a room with critical medicines. Hospitals understand the risks if medicines got into the wrong hands, he said, “but they cannot understand cybersecurity.”  The task is to create a culture of good cybersecurity practices to protect data and the systems, Xenakis said. “Technology awareness education is … extremely low.” Findings from the Finnish Innovation Fund Sitra back this up. While many health care organizations have cybersecurity policies in place, they are often not “clearly communicated or consistently understood by their staff.” High personnel turnover — not just among medics but also cybersecurity officers — further “exacerbates training gaps and the ability to enforce cybersecurity policies.” Sabina Magalini, a former professor of surgery at the Catholic University of the Sacred Heart in Rome, who coordinated an EU-funded project PANACEA to improve hospital cybersecurity, believes that current laws overlook hospital-specific challenges. “Hospitals have different problems,” she said, listing high staff turnover, lack of training and overwork. “The hospital is not a nuclear power plant … It’s like a port … with a harbor: people coming in, going out, and everything is open,” Magalini said.  She argued that hospitals need continuous cybersecurity drills and streamlined systems that don’t slow down care. Health care staff “don’t want to pass half of the day logging in and logging out,” she said. BLAME THE SYSTEM, NOT THE STAFF However, training hospital personnel, while beneficial, is insufficient to address security threats. “If you have a hospital with 2,000 people working, the probability for someone to click the button (for a phishing link)” is unavoidable, Xenakis said. Especially as artificial intelligence is increasingly used by cybercriminals for automating attacks, such as phishing and deepfake-driven fraud, making the attacks “very sophisticated, very targeted,” Xenakis said.  Germany is backing sector-specific cybersecurity standards and also requires hospitals to invest at least 15 percent of cybersecurity funding received through a program on future-proofing hospitals under its recovery and resilience plan. | Andreas Arnold/Picture Alliance via Getty Images “You cannot blame the people,” Xenakis said. There must be intelligent detection tools “to eliminate the damage … or counteract the attack,” he said. Magalini also pointed out another shortcoming: cybersecurity consultancies that assist hospitals often originate from outside Europe. “They are either from the United States or Canada … also from Russia,” she said, adding that there should be a “European way of doing cybersecurity.” INVESTMENT GAPS While the risks are clear, national governments are skimping on prevention, Xenakis believes, saying that he has no good example of a country “that has invested a lot in cybersecurity in the health sector.”  In Germany, for example, “they are used to just putting new regulations in place, but invest nothing in the cybersecurity of hospitals,” Meier said. He believes his Frankfurt hospital would have found the attack earlier if it had an intrusion detection system. They were “very lucky” to discover the attack before it destroyed the entire database, Meier said. “It could have resulted in a complete shutdown of the hospital.” “Cybersecurity threats pose enormous challenges for the health care sector by endangering the availability of essential health care services,” a spokesperson from the German health ministry told POLITICO in a written response. Germany is backing sector-specific cybersecurity standards and also requires hospitals to invest at least 15 percent of cybersecurity funding received through a program on future-proofing hospitals under its recovery and resilience plan. Europe’s Health Commissioner Olivér Várhelyi has also made it clear that investment must come from national governments. “If you go to a hospital, you always see a guard in the door. There is money for that, so there should be money for protecting the data as well,” he said in January.  But with the health sector often suffering from underinvestment, how much governments can spend on cybersecurity “is a question,” Magalini said. “There are so many other (health care) problems which are not cybersecurity … so I don’t know how they can make the investments.” The cost of inaction can be hundreds of millions of euros, as it was with an attack on Ireland’s Health Service Executive in May 2021 that shut down IT systems of the country’s publicly funded health care system. The attack’s cost was estimated at least €101 million, with a further €657 million to be spent safeguarding against future attacks.  “Why did it cost so much? Not because of the damage but [because] then someone intelligent thought, ‘no, we have to rebuild the system in a secure way,’” Magalini said.  Ray Walley, general practitioner from Ireland, saw firsthand how the attack severed ties with the hospital system.“We couldn’t refer stuff in. It affected outflow from the hospital system. We weren’t getting the results of blood tests. We weren’t getting the results of X-rays and scans,” he said. Walley believes that “cybersecurity is just another form of health care.” “We need to invest in this,” he said. “We need to be proactive. We need to spend the money.” EU’S ACTION: GOOD, BUT COULD BE BETTER The increasing number of cyberattacks on health care systems triggered a response from the EU this year. The European Commission unveiled in January an “action plan” on cybersecurity for hospitals and the health care sector. The plan proposes setting up a European Cybersecurity Support Center for the health care sector within ENISA and a specific rapid response service. The plan also introduces “cybersecurity vouchers,” which will enable EU countries to provide financial support to smaller health care providers for enhancing their cyber resilience.  “It’s good,” said Markus Kalliola, Sitra’s program director. But it “could be stronger.” He is one of the authors of the Commission’s evaluation report by Sitra, which points to murky EU governance, a lack of clear targets or budgets and a missed opportunity to build a functioning single market for cybersecurity solutions.  Sitra calls for going beyond the EU’s plan by considering cybersecurity as a matter of national security; setting up mandatory cybersecurity readiness for health care organizations; incorporating cybersecurity skills into health professionals’ basic training; and organizing more pan-European cybersecurity exercises. With the changing geopolitical situation, “it’s also a matter of national security,” Kalliola said. “EU member states should focus on … what is the national strategy in securing these critical health care services,” he added. Whether or not Europe’s security will feature in the Commission’s final hospital cybersecurity plan remains to be seen; the EU executive has just concluded a consultation and promised to put forward a refined plan by the end of the year. Other pieces of EU legislation — including the NIS2 Directive, Cyber Resilience Act, AI Act and medical devices rules — also raise the bar for cybersecurity across different sectors, including health care.  However, “despite advancements in regulatory efforts and technical solutions, implementation remains inconsistent. There is no time to lose in turning regulations into reality,” Kalliola said.

BRUSSELS — The European Union is looking at targeting €72 billion in U.S. goods in a second round of trade countermeasures, including aircraft, cars and car parts, according to a list seen by POLITICO on Monday. The bulk of those exports targeted are industrial goods, totaling €65.7 billion, while €6.4 billion in agricultural products would also be hit if EU countries back the new retaliatory tariffs. The list includes bourbon whiskey, despite intense lobbying from France and Ireland to shield the drinks sector from U.S. President Donald Trump’s reprisals.  The biggest line item in the 200-page list is aircraft and aircraft parts, with tariffs set to target almost €11 billion of U.S. exports — potentially dealing a heavy blow to plane maker Boeing.  Then comes machinery, followed by cars and car parts; chemicals and plastics; medical devices and equipment; electrical equipment; and industrial goods — all of which fall into multibillion-euro categories. The total figure is down from an earlier proposal to impose retaliatory tariffs on €95 billion of U.S. goods. The European Commission presented the new hit list on Monday after Trump dramatically raised the trade stakes last weekend by threatening to impose a 30 percent blanket tariff on EU exports from Aug. 1 if no trade deal is reached. The Commission also explains to EU countries that its rationale for targeting U.S. products is based on several criteria, according to the document. First, it states, there is a “need to rebalance/level the playing field in light of the U.S. tariffs affecting EU exports to the U.S.” It then takes into account whether there is “availability of alternative sources of supply from outside or inside the EU.” Finally, it includes “products where the risk of relocation is high.” EU member countries would have to formally approve the measures for them to take effect. A vote hasn’t yet been called after the bloc’s trade ministers met earlier on Monday and backed the Commission’s negotiating strategy. The European Union is meanwhile trying to strike a careful balance between folding and fighting back against Trump’s latest tariff threats. It has postponed a first round of measures, covering €21 billion in U.S. goods, until Aug. 6 to allow time to negotiate a trade agreement. This story has been updated.