Vital Signs: Regulatory Coherence, Interplay, and Alignment for Medical Device Cybersecurity

  • Panel
  • Orangerie
  • Wednesday 20.05 — 17:20 - 18:40

Organising Institution

Health & Ageing Law Lab (HALL), Vrije Universiteit Brussel (VUB), Belgium

Belgium

The Health & Ageing Law Lab (HALL) is an interdisciplinary research group, comprising part of the internationally renowned Research Group on Law, Science, Technology & Society (LSTS) at the Faculty of Law and Criminology of Vrije Universiteit Brussel (VUB). HALL brings together international legal scholars, established researchers, and senior practitioners working at the intersection of health, law and technology. The research group investigates legal and regulatory frameworks on data protection and the rights of data subjects in healthcare contexts, analysing policies and current trends in health data governance, and exploring legal and ethical dimensions in the use of advanced technologies and AI-enhanced interventions for patients and elderly care. The research group is actively involved in a number of research projects, offering expertise in all areas of EU law and policy development, legal and regulatory compliance, ethics and data management. HALL has an excellent track record of delivering high-quality outputs and contributing substantially to the successful implementation of a broad range of research projects funded in the scope of Horizon 2020 and Horizon Europe. HALL is the organiser of the annual symposium on Health, Law and Technology (HELT), a multidisciplinary event providing a unique platform for insightful and stimulating exchanges on the latest trends and future of health and technology, through the lens of regulatory responses and relevant policy initiatives. In 2024, HALL also introduced HELT Talks, a year-round monthly events fostering open dialogue and extended discussions around controversial issues in the domains of health, law, and technology. As an interdisciplinary group, HALL enjoys collaboration with healthcare professionals (including at the University Hospital Brussels - UZ Brussel), research scientists, software engineers and a range of societal actors in Brussels, the Flanders region, and internationally across Europe.
  • Academic 3
  • Business 1
  • Policy 2
The increasing integration of AI and software into healthcare outpaces traditional regulatory boundaries, creating an intricate landscape of legal requirements. This panel explores the purpose of medical device cybersecurity and the complex interplay between sector-specific rules (e.g. MDR, IVDR, EHDS) and horizontal frameworks (e.g. GDPR, Cybersecurity Act, Cyber Resilience Act, NIS2, AI Act). From the latest legislative omnibus packages to the “grey areas” of wellness apps and Large Language Models, this panel aims to examine whether current efforts at regulatory coherence actually simplify compliance or create new vulnerabilities. By mapping friction points between legal requirements, the panellists seek to discuss how the current regulatory landscape could be further optimised. Can the EU achieve true coherence for medical device cybersecurity, or will the alignment gap continue to burden innovation and compromise patient safety?

Questions to be answered

  1. What is cybersecurity of medical devices for? What is the applicable EU legal framework?
  2. How to ensure regulatory coherence when a single medical device is subject to multiple horizontal and vertical digital frameworks?
  3. What are the primary cybersecurity grey areas for health-related technologies that do not fit neatly into traditional medical device definition and classifications?
  4. What do recent legislative omnibus efforts bring in terms of cybersecurity for medical devices? How can regulation of cybersecurity for medical devices be further optimised?

Moderator

Paul Quinn

Health & Ageing Law Lab (HALL), Vrije Universiteit Brussel (VUB), Belgium - Belgium

Paul is a Law Professor at the Vrije Universiteit Brussel (VUB – Free University of Brussels). He is an expert in legal and ethical issues related to the use of health data. His expertise includes data protection, privacy issues, AI, and the secondary use of health data. He also completed his PhD on issues related to stigmatization and discrimination. At the VUB, he founded the Health and Ageing Law Lab (HALL). He coordinates research on such issues through a range of international and national consortia. He has successfully secured participation in numerous research projects as an expert on legal and ethical issues related to privacy and data protection. Paul is also a member of the University’s Ethics Board for Research in the Social Sciences and the University Hospital Medical Ethics Commission. Before entering academia, Paul worked in the legal industry in the UK. He trained as a Barrister (Bar of England and Wales) and is a member of Gray’s Inn. He holds degrees in European and International Law (LLM, Institute of European Studies, Brussels), Law (MA, University of Sheffield), and Biochemistry (University of Sheffield). Paul is an Irish citizen and has lived in Ireland, the UK, and Belgium.

Speaker

Federica Casarosa

Sant’Anna School of Advanced Studies - Italy

Since graduating in Private Law (University of Pisa, 2001) and subsequently obtaining a PhD in Law (European University Institute, 2008), Federica has focused on the intersection between law and technology, analysing the role of information in consumer contracts, protection of personal data of consumers and Internet users in general, and the impact of cybersecurity regulation on private law. She has experience as a trainer of legal professionals in her role as scientific coordinator in various training projects led by the Centre for Judicial Cooperation (EUI).

Speaker

Jarosław Greser

Uniwersytet Wrocławski - Poland

Jarosław Greser is an assistant professor at the Research Center for Legal and Economic Issues of Electronic Communication at the University of Wrocław (CBKE) and a research fellow at the Centre for IT & IP Law (CITIP), KU Leuven. His work focuses on the intersection between law and technology in the medical sector, in particular with respect to cybersecurity and privacy. Recently, he led the research project “Cybersecurity of the Medical Internet of Things — A Legal Perspective” and completed research stays at the University of Oslo (2022) and the Institute for Comparative Public Law and International Law in Heidelberg (2019).

Speaker

Oguzhan Yesiltuna

Health & Ageing Law Lab (HALL), Vrije Universiteit Brussel (VUB) - Belgium

Oguzhan is a PhD researcher at the Law, Science, Technology and Society Research Group (LSTS) and a member of the Health and Ageing Law Lab (HALL). Before joining VUB, Oguzhan worked as a lawyer in Istanbul, mainly practising data protection and privacy. He also worked as a research and teaching assistant at Bahcesehir University. He holds a Bachelor of Laws (LL.B., 2018), and a Master of Laws (LL.M., 2023) in Public Law from Galatarasay University. His thesis focusing on tackling online disinformation without violating freedom of expression standards was published as a book in 2023. His current research interests mainly include the regulation of cybersecurity for medical devices, legal and ethical issues related to health data. He actively contributes to the CYMEDSEC project on enhanced cybersecurity for networked medical devices.

Speaker

Elisabetta Biasin

KU Leuven Centre for IT & IP Law (CiTiP) - International

Elisabetta Biasin is an Associate Researcher at the KU Leuven Centre for IT & IP Law (CiTiP), where she conducts research on data, AI and cybersecurity law in healthcare. She is currently a member of the European Commission’s Healthcare Cybersecurity Advisory Board. Elisabetta has conducted extensive research in the field of medical device cybersecurity. As Research Fellow at the  Stanford Law School’s Transatlantic Technology Law Forum (TTLF), she led with Erik Kamenjasevic, a research project on ‘Transatlantic Perspectives on AI-based Medical Device Cybersecurity’. Elisabetta has also been an Academic Visitor at the Centre for Health, Law and Emerging Technologies (HeLEX) at the University of Oxford's Faculty of Law, a Visiting Researcher at the Harvard MIT Center for Regulatory Science, an External Collaborating Expert on Data Protection of Big Data and Real-World Data at the European Medicines Agency (EMA), and expert to the World Health Organisation’s (WHO) Strategic Partnership on Digital Health. Prior to joining academia, Elisabetta worked at the Bolzano Criminal Court (Assistant), European Digital Rights (Policy Intern), Array and Deloitte Legal Italy (Legal Advisor). Her works on cybersecurity law have been published in several outlets, including the International Cybersecurity Law Review, the European Journal of Risk Regulation, Law, Technology and Humans, Edward Elgar and Cambridge University Press.