HealthData@EU pilot project - Deliverable 5.1 Architecture Definition Document

The European Health Data Space (EHDS) Regulation, published on the Official Journal of the European Union on 05/03/25 aims to establish a secure and structured framework for sharing health data across Europe. Chapter IV of the regulation specifically addresses the reuse or "secondary use" of electronic health data, enabling access for research, innovation, policy-making, and other public health purposes. By fostering interoperability, privacy, and standardisation, EHDS seeks to unlock health data’s potential for advancing healthcare and public health while maintaining rigorous data protection and security standards.

The HealthData@EU pilot project is a key component in realizing this vision. Its primary objective is to build and test the infrastructure required for seamless, secure data exchange between Member States, facilitating the secondary use of health data in line with EHDS requirements. Through this pilot, the ambition is to set the stage for the Healthdata@EU infrastructure that connects National Contact Points (NCPs) to a central platform, enabling harmonised data flows.

Scope 

This Architecture Definition Document serves as the final deliverable of Work Package 5 (WP5) on IT Infrastructure within the HealthData@EU pilot project. The document presents a comprehensive vision for the HealthData@EU infrastructure, focusing specifically on the architecture of national components, selected standards, and core technological building blocks. The infrastructure detailed here supports two primary use cases: data discovery and data permit. These use cases illustrate key steps in the user journey within the EHDS framework, enabling seamless data sharing and access applications. Additionally, the document details the integration of National Contact Points with the Central Services established by the European Commission, describing the implementation of the National Connector, which acts as the key component for these interactions.

Objectives of the HealthData@EU infrastructure

The HealthData@EU IT infrastructure aims to facilitate secure, interoperable information exchange between National Contact Points (NCPs) through a unified network, supporting various use cases as outlined by the EHDS Regulation. The HealthData@EU Pilot experimented, in a Proof Of Concept, an infrastructure that supports the following two use cases:

• Data Discovery: Enables National Contact Points (NCPs) of the network to send dataset descriptions (or metadata) to the central platform which federates these received dataset descriptions into a unified European catalogue: the EU dataset catalogue.
• Data Permit: Allows NCPs to receive data access applications for the datasets they are responsible for from data applicants. The applications are filled-in in the European central portal.

The high-level design of the HealthData@EU infrastructure piloted in this project has been driven by three core principles, namely:

• Scalability: Build a distributed network that can easily onboard new contact points or host new use cases.
• Open source technologies: Leverage transparent and community-driven technologies.
• Safety: Propose a robust security-oriented solution.

The infrastructure utilizes the eDelivery protocol, an EU CEF building block, to facilitate secure, standardized digital data exchange between nodes, aligning HealthData@EU with EU CEF’s broader interoperability and security standards.

As this network is connecting information systems that could be different for each National Contact Point and for each use case, the work package designed a high-level architecture for the National Contact Points made of three core conceptual components 

• A Cross Border Gateway in charge of eDelivery communication with Contact Points and the Central Services,
• A National Connector that provides all necessary features to fulfill EHDS regulatory requirements for each step of the user journey,
• And Cross Border Engines that allow the National Contact Points to extend the functionalities of their existing information system specifically for the new use cases defined by the regulation.