In brief
The European Health Data Space (EHDS) Regulation marks a structural shift in how health data is accessed, shared and reused across the European Union. While much of the public discussion has focused on patient empowerment, research facilitation and interoperability, the EHDS also raises fundamental questions for the protection of trade secrets and commercially sensitive information held by companies operating in the health and life sciences ecosystem.
For organisations whose competitive edge lies in proprietary datasets, methodologies, algorithms, or know how derived from health data, the EHDS is not merely a data governance reform, it is a potential reallocation of informational power.
This article focuses exclusively on that intersection: how the EHDS impacts trade secrets, where the legal fault lines lie, and why early preparation is critical.
Under EU law, trade secrets are protected where information:
- Is secret,
- Has commercial value because it is secret, and
- Has been subject to reasonable steps to keep it secret
In the health sector, these criteria are often met not only by formulas or manufacturing processes, but increasingly by curated datasets, data cleaning and enrichment methodologies, annotation strategies, proprietary research inputs, and AI training corpora.
The EHDS adopts a deliberately broad definition of ‘electronic health data’, covering both personal and non‑personal data related to health, without introducing any temporal limitation as to when such data was generated or collected. This breadth means that datasets long treated as protected business assets may now fall within the scope of mandatory access requests.
This gives rise to a structural tension: data that qualifies as a trade secret under EU law may simultaneously qualify as electronic health data subject to mandatory access under the EHDS.
Mandatory secondary use: access rights vs exclusivity
The EHDS requires health data holders to make in scope electronic health data available, through Health Data Access Bodies, to authorised health data users for a closed list of permitted secondary uses, including scientific research, innovation and the training, testing and validation of algorithms.
From a trade secrets perspective, this is unprecedented.
Unlike voluntary data sharing frameworks, EHDS access: (i) may be requested by third parties with competing commercial interests; (ii) is channelled through health data access bodies rather than negotiated bilaterally; and (iii) limits the data holder’s ability to refuse access outright.
Although the Regulation recognises the need to protect intellectual property and trade secrets, it does so primarily through protective conditions, not through a general right to withhold data. This shifts the legal battleground from “whether data must be shared” to “under what safeguards, and at what level of abstraction”.
Trade secret protection under EHDS: safeguards, not immunity
The EHDS does not abolish trade secret protection. However, it reframes it. Organisations that cannot demonstrate why specific datasets are sensitive, how disclosure would erode competitive advantage, and what concrete protections are required, will be poorly positioned to argue for heightened safeguards or to challenge access decisions. As advanced, while the EHDS explicitly recognises the need to protect intellectual property and trade secrets, it does not grant data holders a general right to refuse access; protection is ensured through conditions and proportionate organisational and technical measures (including, where appropriate, contractual terms), and access is refused only where a serious risk of infringement cannot be adequately mitigated.
The preparedness gap: why many organisations are exposed
One of the most underestimated risks of the EHDS is therefore organisational unpreparedness. In practice, many companies: (i) have not mapped which datasets qualify as trade secrets; (ii) cannot distinguish between raw data and value added layers; (iii) rely on legacy contracts that do not anticipate mandatory disclosure; and (iv) lack internal governance to respond within EHDS timelines.
When access requests arrive, the absence of prior classification and documentation will make it difficult to argue that certain data merits special protection, limit disclosure to less sensitive subsets and/or challenge overly broad access requests.
Preparing now: trade secrets as a strategic compliance pillar
Preparation for the EHDS should not be framed solely as data compliance but also as a trade secrets readiness exercise. Key steps include:
(i) Trade secret mapping within EHDS datasets: identifying which specific elements of in scope data qualify as trade secrets, derive their value from curation, enrichment or processing, and/or embed proprietary methodologies or know how.
(ii) Evidence of “reasonable steps”: updating internal policies, access controls, and documentation to demonstrate active protection, which is a prerequisite under trade secret law.
(iii) Contractual alignment: revisiting data sharing agreements, R&D contracts and platform and vendor terms, to ensure they support EHDS driven disclosures without undermining trade secret claims.
(iv) Enforcement ready positioning: preparing arguments and specific documentation to request enhanced safeguards from access bodies, challenge excessive access scopes and preserve enforcement options in case of misuse.
From compliance to competitive strategy
While the EHDS undoubtedly introduces risk, it also reshapes competitive dynamics. Organisations that prepare early can influence how access safeguards are applied, position themselves as demonstrably prepared and cooperative data partners and retain control over the most sensitive layers of value.
Those that do not may find that their most valuable informational assets are shared under conditions they did not help shape.
Final thought
The EHDS forces companies to actively defend trade secrets and operationalise them. In this new landscape, trade secret protection must be designed, documented and deployed.
While the EHDS Regulation will formally apply from 26 March 2027, the core framework governing the secondary use of electronic health data, including the obligations imposed on health data holders and the safeguards applicable to trade secrets, will become applicable from 26 March 2029, when Chapter IV of the Regulation takes effect. In practical terms, this creates a two‑year implementation window during which organisations are expected to prepare for a regime that will fundamentally reshape the conditions under which proprietary health data may be accessed, shared and protected.
Our trade secrets specialists are available to provide tailored advice on how the EHDS may affect your data assets and disclosure obligations, and to support your organization in building a robust, defensible trade secret strategy aligned with the EHDS framework.