The strategic encounter between health innovation and DMA/DSA regulation


Digital & Data Governance

Picture of Sandro Mendonça
Sandro Mendonça

Professor at the Iscte Business School – University Institute of Lisbon, advisor for digital and connectivity at the Brazilian telecom regulator (Anatel), advisor at the Portuguese Cybersecurity Centre (CNCS) and 2015-2016 European Young Leader (EYL40)

A spectre is encroaching on all sectors: digital transformation. In medicine and care, the information revolution is acknowledged to be an inescapable, although maturing, megatrend. From doctor-patient interaction, through hospital management, to the development of new pharmaceuticals, the foundations of healthcare are being unsettled. Old ways increasingly suffer attrition, but new ones have not yet gained full shape.

Wave after wave, the key characteristics of our time are being experienced in the world of health: electronification, computerisation, ‘internetisation’, cloudification, ‘platformisation’, ‘virtualisation’ and ‘inteligentisation’. All of these overlapping layers of creative solutions revolve around the connectivity of processed data, the paramount core input of the new era.

In the European context, […] a momentous policy counter-offensive came in 2023 with the Digital Services Act (DSA) and Digital Markets Act (DMA) package

Information and communication technologies (ICTs) allow for the separation of service from material sources. Data is isolated from patients, from organisations and from vegetable compounds. It is derived, codified, filtered, synthesised, re-assembled, transmitted and used in a flexible way in time and space. In a sense, data becomes alive with dynamics of its own. Fresh therapeutical approaches become possible, the equilibrium among competitors and complementors is disrupted, and the whole system enters a turbulent state of flux.

One consequence is that established bodies of knowledge, business models and quality criteria tremble at the subversive power of structural change. It is high time that participants from every corner of the sector should face what this really means in terms of governance.

Novel technological opportunities often run ahead of the institutional framework. However, historically, moments of mismatch have in past experiences been corrected by the construction of countervailing legislation and norms. This means that formal rules, unspoken conventions and common standards cannot simply be dismissed as drags and constraints on entrepreneurial initiative and intent. In former ages, railways could only expand once a common gauge was established and passenger jets overcame demand doubts after safety requirements were finally raised, for instance. Indeed, development is an uneven and contested process but is surely made of combinations between ‘hard’ technology and ‘soft’ frameworks.

In the European context, which we are told inspires other geographies through the so-called ‘Brussels effect’, a momentous policy counter-offensive came in 2023 with the Digital Services Act (DSA) and Digital Markets Act (DMA) package. Curiously, it came decades after the rollout of the inexorable North American tech titan march; this year, Google turns 25 years old, while Amazon will be 30 and Facebook 20 in 2024.

The ‘strategic encounter’ between innovation and regulation can enhance healthcare for the common good. When digital healthcare has been much touted by many actors and operators, the question can be flagged: what interplay is there between the DSA/DMA compact and healthcare?

The first regulatory component to enter the landscape was the DMA, which focuses on Big Tech. The aim is to prevent large digital companies from abusing market power through their entrenched positions while fostering new firms arriving on the playing field. The second component is the DSA, which focuses on the conduct of businesses in the digital realm. The aim is to bring about a more controlled and accountable online environment for connected customers, including patients and health-seekers.

Real-time awareness about the evolving healthcare sectoral system in a time of digital and institutional transition is needed

Ubiquitous, immersive and digital-by-default are modern features that carry risks, both for individual citizens and for the non-digital specialist industry actors, including healthcare professionals and their collective outfits.

In particular, for digitally driven performers, the internalisation of the uses of their services will start to be important. A number of implications for digitally powered operators may be grasped:

  • illegal content and goods that can be amplified in their online and physical networks will have to be curbed in the spaces under their responsibility;
  • players should welcome the articulation, deployment and enforcement of principles upholding accountability, transparency and user empowerment;
  • platform-based modes of creating and acquiring medical content are to be subject to clearer and uniform dispositions regarding auditing and reporting; and
  • consumer experience is not the measure of success, so requirements about the safety and integrity of systems and algorithms are to move centre-place.

These dispositions cut across the healthcare field as rights pertaining to private life, the right to non-discrimination and economic activities resulting in threats to public health are covered.

However, this comprehensive package is by no means the end of the story. Actually, it is not even the beginning. As early as the turn of the century, the EU put in place the E-Commerce Directive (2000) and the Copyright (InfoSoc) Directive (2001). Then, in 2016, came the landmark General Data Protection Regulation (GDPR). A number of other legal pieces of the puzzle should also be considered: the Data Act, the Data Governance Act, the Artificial Intelligence Act (AIA), the European Accessibility Act (EEA), Cyber Resilience Act (CRA) or even the European Media Freedom Act (EMFA). Thus, European lawmakers have increasingly busied themselves with responses to the risks and harms stemming from reliance on ICT. In particular areas, even where sectoral regulators exist, there have been extra safeguards gaining momentum, such as the case of finance with the Digital Operational Resilience Act (DORA), the SME segment in the case of the platform-to-business relations (P2B Regulation) or the Network and Information Directive (NIS 2).

The ‘jury is still out’ regarding the impact of these landmark instalments on the internet dimension of healthcare. Knowledge of the lessons learned must be compiled and made available to the people and polity at the national level. Real-time awareness about the evolving healthcare sectoral system in a time of digital and institutional transition is needed. Matching technology with fitting regulatory set-ups is one step. But ‘walking the talk’ will require ongoing matching efforts, namely sustained learning among citizens, individual professionals and organised healthcare providers.

The views expressed in this #CriticalThinking article reflect those of the author(s) and not of Friends of Europe.

Related activities

view all
view all
view all
Track title


Stop playback
Video title


Africa initiative logo