How new EU regulations will shape corporate transparency in the healthcare sector

Corporate transparency in healthcare is no longer just a buzzword it is becoming a legal obligation under the European Union’s latest regulatory framework. From sustainability reporting to digital health data and artificial intelligence, the EU has introduced a wave of laws that are reshaping how pharmaceutical companies, medical device manufacturers, hospitals, and digital health providers disclose information. This article explores the key EU regulations, their timelines, and their impact on healthcare sector transparency.

The corporate sustainability reporting directive (CSRD)

The Corporate Sustainability Reporting Directive (CSRD) is one of the most influential pieces of legislation. It requires large and listed companies to publish sustainability reports based on the EU Sustainability Reporting Standards (ESRS).

• Who is affected? Large healthcare providers, pharmaceutical groups, med-tech corporations, and suppliers.
• What must be disclosed? ESG (environmental, social, governance) topics such as product safety, access and affordability of medicines, supply chain labor conditions, and environmental impact of pharmaceuticals.
• When? First reports are due in 2025 for the financial year 2024.

“Transparency is not optional anymore. Healthcare companies must explain how their operations affect patients, society, and the environment.”

In Poland, the CSRD entered into force in January 2025, obliging healthcare firms to align national reports with EU requirements.

European health data space (EHDS)

The European Health Data Space (EHDS), published in 2025, is a groundbreaking regulation that governs both primary use of health data (by patients and providers) and secondary use (for research, innovation, and policymaking).

• Patient rights – individuals gain more transparent access to their own health data across EU borders.
• Data holders’ duties – hospitals, clinics, and digital health platforms must provide standardized information on how data are stored, accessed, and shared.
• Secondary use – research projects must be publicly documented, ensuring citizens know who uses their data and for what purpose.

The EHDS will be gradually implemented, with major provisions expected by March 2027.

The EU AI act and healthcare artificial intelligence

Artificial intelligence in healthcare is a fast-growing field, but it comes with trust and transparency concerns. The EU AI Act, adopted in 2024/2025, applies strict rules to high-risk AI systems, which include many medical devices powered by AI.

Key transparency obligations include:

• Preparing detailed technical documentation and performance reports.
• Informing users clearly when they interact with AI systems.
• Registering high-risk AI in a European database.
• Monitoring performance and reporting incidents.

For healthcare, this means that diagnostic AI tools, robotic surgery systems, and predictive analytics platforms will undergo a higher level of public scrutiny and documentation than ever before.

Clinical trials regulation (CTR) and the CTIS portal

Since 2022, the Clinical Trials Regulation (CTR) has required companies to submit all clinical trial information via the Clinical Trials Information System (CTIS). One of the major goals is transparency.

• What is public? Trial protocols, recruitment materials, subject information sheets, and most importantly results.
• Lay summaries: Companies must prepare patient-friendly summaries that explain trial outcomes in plain language.
• Deferrals: Limited deferrals are possible, but disclosure is now the rule, not the exception.

This is a paradigm shift. In the past, negative or inconclusive results could remain unpublished. Today, trial transparency is legally enforced.

Health technology assessment regulation (HTAR)

Starting in January 2025, the Health Technology Assessment Regulation (HTAR) requires joint clinical assessments (JCA) at the EU level. Initially, it covers oncology products and advanced therapy medicinal products (ATMPs), with expansion to orphan drugs by 2028 and all medicines by 2030.

• Transparency obligation – member States must show how they used EU-level assessments in their national reimbursement decisions.
• Impact on industry – companies will need to prepare dossiers knowing that parts of their clinical evidence and the final assessments will be publicly available.

For the healthcare sector, this means greater consistency, but also higher public visibility of clinical value judgments.

Medical devices: MDR, IVDR, and EUDAMED

The Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR) expand transparency through the EUDAMED database, which is gradually rolling out.

Public modules will reveal:

• Device registration and identification (UDI).
• Certificates and notified bodies.
• Safety and vigilance notices.
• Clinical investigation summaries.

For medical device manufacturers, transparency will become a competitive factor. Patients, doctors, and regulators can easily compare products and track safety issues.

The data act and data governance act

Another revolution is coming in digital health and connected devices. The EU Data Act, effective from September 2025, ensures users of connected products—such as wearables, implants, or health apps—know what data are generated and how they can access or share it.

Meanwhile, the Data Governance Act (DGA) introduces transparency obligations for organizations that share health data for research or innovation. They must record who accessed the data, when, and for what purpose.

For the first time, patients and healthcare providers will see exactly how their device or platform data flow across the ecosystem.

Payments to healthcare professionals

Although the EU has not introduced a single “Sunshine Act” like the United States, transparency around industry payments to healthcare professionals is growing.

• The EFPIA Disclosure Code requires annual publication of transfers of value to doctors and hospitals.
• Several Member States (e.g., France, Denmark) have mandatory centralized disclosure.
• Italy introduced its own Sunshine Act in 2022, with implementation steps continuing in 2025.

This patchwork of rules means healthcare companies must carefully manage multi-jurisdictional transparency compliance.

Other key transparency obligations

Beyond sector-specific rules, healthcare companies face additional EU requirements:

• Whistleblowing directive – mandatory internal reporting channels.
• Public country-by-country reporting (CbCR): -large corporations must publish tax data per country.
• Pay transparency directive – from 2026, companies must disclose gender pay gaps and provide candidates with salary ranges.

What this means for healthcare companies

To remain compliant and trustworthy, healthcare organizations should create a comprehensive transparency roadmap. Best practices include:

1. Maintain a “transparency register” mapping every disclosure obligation and its timeline.
2. Adapt privacy and product notices to reflect GDPR, the Data Act, and EHDS obligations.
3. Prepare plain-language trial summaries and clear communication strategies for CTIS.
4. Integrate JCA requirements into market access planning.
5. Ensure device master data is accurate before EUDAMED modules go live.
6. Audit AI systems for risk classification and transparency compliance.
7. Standardize reporting across Member States for payments to HCPs.
8. Anticipate national implementation of EU rules, such as Poland’s CSRD act.