Published April 30, 2023 | Version v1
Project deliverable Open

In Silico World D9.2 In-depth analysis of legal and ethical requirements

  • 1. KU Leuven Centre for IT & IP Law


Project leader:

  • 1. KU Leuven Centre for IT & IP Law
  • 2. University of Bologna


Executive Summary

The present Deliverable, ‘D9.2In-depth analysis of legal and ethical requirements’, part of Work Package 9 ‘Ethical and Legal Framework’ (WP9) of the In Silico World project, assesses the core pieces of legislation and ethical principles identified in Deliverable ‘D9.1 – Legal and Ethical Inventory’. The report analyses the following areas of legislation – and identifies some key issues – relevant to the In Silico World project and, thus, for in silico trials:

  • Privacy and Data Protection: Data protection is a long-established legislation in the European Union (EU), which has evolved throughout the last decades, and the GDPR is the fundamental EU law to consider for in silico trials. Hence, the report introduces the principles of data processing, the notion of personal data and health data and the legal bases for data processing. In silico trials may highlight some of the common challenges for the healthcare sector in data protection. These include the legal bases and the further processing of health data. In silico trials may also raise interpretative questions. These include doctrinal discussions about the nature of synthetic data in their relationship with anonymization and pseudonymisation, and the concept of data ownership.


  • Data Governance: The legal landscape concerning health data sharing is changing due to a series of new EU legislative initiatives. These initiatives encompass the Data Governance Act, the European Health Data Space (EHDS) proposal, and the Data Act proposal. The Data Governance Act sets rules for re-using certain categories of personal data and introduces the concept of data altruism in healthcare. The EHDS proposal regulates, inter alia, the primary and secondary use of health data. The Data Act proposal proposes business-to-consumer, business-to-business and business-to-government data sharing rules. These three pieces of legislation are expected to apply simultaneously once all are approved. Nevertheless, some challenges may arise in the future, which may concern the appropriate legal basis for data sharing and data altruism, and the interaction of these with the GDPR and national legislation.


  • Clinical Trials, Medicinal Products and Medical Devices: Clinical trials, medicinal products and medical device legislation are relevant to the very essence of in silico trials. For clinical trials and medicinal products, Regulation 726/2004 provides the legal basis for the EMA to deal with novel methodologies for drug development. The Medical Device Regulation (MDR) and In Vitro Medical Device Regulation (IVDR) are the applicable laws for medical device legislation and explicitly mention modelling and simulation. However, while these laws do not prohibit in silico trials, they do not extensively address them either. There exist challenges and barriers that need to be addressed both on a regulatory and legislative perspective. On the regulatory side, guidance and standardisation efforts are needed in general (to tackle, for example, Artificial Intelligence (AI)) and in particular (on the verification and validation of in silico models). On the legislative side, there is common agreement that the current pharmaceutical legal framework lacks behind digital innovation processes. The EU Pharmaceutical Strategy promises the reform of the existing pharmaceutical framework. It is desirable that the reform will address more comprehensively the innovative aspects of the medicinal product’s lifecycle, including in silico trials.


  • Artificial Intelligence: The legal framework of AI is in the process of being established in the EU. The AI Act proposal, expected to be approved in 2023, will introduce new requirements for providers, users and all the actors involved in AI systems. These include, inter alia, adopting a risk management system, a quality management system, documentation duties, ensuring transparency, human oversight, accuracy, robustness, and cybersecurity. The AI Act will be relevant for medical devices and in vitro diagnostic medical devices, as – according to the latest available version of the proposal – they are explicitly included in the scope of the regulation. The regulation sparked several discussions that this report cannot summarise comprehensively. Therefore, the report chooses a new item currently negotiated in the latest proposal’s version may be of crucial relevance for medicine and healthcare: the potential non-application of AI rules in the context of scientific research. The preliminary conclusion is that these rules, as currently formulated, may generate legal uncertainties in the future.

The report concludes with a section on the ‘Ethics Principles’. The section is based on the Biomedical Ethics principles that were illustrated in D9.1, i.e. autonomy, justice, beneficence, and non-maleficence. The report offers some examples (patients’ self-determination for autonomy; incidental findings for beneficence; safety and security risks for non-maleficence; patients’ representativeness for justice) to show how these principles could guide stakeholders to ensure the protection and advancement of human values in the context of in silico trials.


ISW D9.2 - In-depth analysis - FINAL.pdf

Files (948.9 kB)

Name Size Download all
948.9 kB Preview Download

Additional details


ISW – In Silico World: Lowering barriers to ubiquitous adoption of In Silico Trials 101016503
European Commission


  • Anton Vedder and Daniela Spajić, 'Moral Autonomy of Patients and Legal Barriers to a Possible Duty of Health Related Data Sharing' (2023) 25 Ethics and Information Technology 23
  • Aljaaf AJ and others, 'Partially Synthesised Dataset to Improve Prediction Accuracy' in De-Shuang Huang, Vitoantonio Bevilacqua and Prashan Premaratne (eds), Intelligent Computing Theories and Application (Springer International Publishing 2016)
  • Arnaudo L and Pitruzzella G, La Cura Della Concorrenza: L'industria Farmaceutica Tra Diritti e Profitti (1. ed, Luiss University Press 2019)
  • Article 29 Data Protection Working Party, 'Opinion 4/2007 on the Concept of Personal Data'
  • Article 29 Working Party, 'Opinion 05/2014 on Anonymisation Techniques' <>
  • Assessing the Credibility of Computational Modeling through Verification and Validation: Application to Medical Devices (American Society of Mechanical Engineers 2018)
  • Avicenna Alliance, 'Modelling and Simulation as a Transformative Tool for Medical Devices: The Transatlantic Regulatory Perspective' (2018)
  • Avicenna CSA, 'In Silico Clinical Trials: How Computer Simulation Will Transform the Biomedical Industry' (2016)
  • Azizi Z and others, 'Can Synthetic Data Be a Proxy for Real Clinical Trial Data? A Validation Study' (2021) 11 BMJ Open e043497
  • Beauchamp T, 'The Principle of Beneficence in Applied Ethics' in Edward N Zalta (ed), The Stanford Encyclopedia of Philosophy (Spring 2019, Metaphysics Research Lab, Stanford University 2019) <> accessed 22 March 2023
  • Beauchamp TL and Childress JF, Principles of Biomedical Ethics / Tom L. Beauchamp, James F. Childress (4th ed, Oxford University Press 1994)
  • Becher E and Oertelt-Prigione S, 'Chapter One - History and Development of Sex- and Gender Sensitive Medicine (SGSM)' in Elena Moro and others (eds), International Review of Neurobiology, vol 164 (Academic Press 2022) <>
  • Biasin E, 'Why Accuracy Needs Further Exploration in Data Protection', Proceedings of the 1st International Conference on AI for People: Towards Sustainable AI, CAIP 2021, 20-24 November 2021, Bologna, Italy (EAI 2021) <> accessed 22 January 2023
  • Biasin E, 'In Silico World D9.1 Legal and Ethical Inventory' <> accessed 10 January 2023
  • Biasin E, Kamenjasevic, E and Ludvigsen, K R, 'Cybersecurity of AI Medical Devices: Risks, Legislation, and Challenges' (Edward Elgar 2023)
  • Biasin E and Kamenjasevic E, 'Cybersecurity of Medical Devices: Legal and Ethical Challenges' (2020) <>
  • Biasin E and Kamenjasevic E, 'Cybersecurity of Medical Devices: Legal and Ethical Challenges' (2020) <> ——, 'Cybersecurity of Medical Devices: Regulatory Challenges in the European Union' in Carmel Shachar and others (eds), The Future of Medical Device Regulation: Innovation and Protection (Cambridge University Press 2022) <
  • Cascone S, 'A Nigerian Medical Student Wondered Why His Textbooks Only Depict White Patients. So He Drew His Own Illustrations—and They Went Viral' (Artnet News, 7 December 2021) <> accessed 21 March 2023
  • Cerreta F and others, 'Digital Technologies for Medicines: Shaping a Framework for Success' (2020) 19 Nature Reviews Drug Discovery 573
  • César Augusto FL and Abdullah E, 'On the Legal Nature of Synthetic Data' (2022)
  • Clifford D and Ausloos J, 'Data Protection and the Role of Fairness' (2018) 37 Yearbook of European Law 130
  • Cockmartin L, 'Virtual Imaging Trials for Breast X-Ray Imaging' (KU Leuven iSi Health Institute Seminars, Leuven, 2023)
  • Comandè G and Schneider G, 'Differential Data Protection Regimes in Data-Driven Research: Why the GDPR Is More Research-Friendly Than You Think' (2022) 23 German Law Journal 559
  • Council of Europe, 'Recommendation CM/Rec2019(2). Protection of Health-Related Data' <>
  • Criado-Perez C, Invisible Women: Exposing Data Bias in a World Designed for Men (Vintage 2020)
  • Curreli C and others, 'A Credibility Assessment Plan for an In Silico Model That Predicts the Dose–Response Relationship of New Tuberculosis Treatments' (2023) 51 Annals of Biomedical Engineering 200
  • Dahi A and Compagnucci MC, 'Device Manufacturers as Controllers – Expanding the Concept of "Controllership" in the GDPR' (2022) 47 Computer Law & Security Review 105762
  • Dove ES, 'The EU General Data Protection Regulation: Implications for International Scientific Research in the Digital Era' (2018) 46 Journal of Law, Medicine & Ethics 1013
  • Dove ES and Chen J, 'Should Consent for Data Processing Be Privileged in Health Research? A Comparative Legal Analysis' (2020) 10 International Data Privacy Law 117
  • Ducuing C, 'An Analysis of IoT Data Regulation under the Data Act Proposal through Property Law Lenses' (2022) CiTiP Working Paper
  • Ducuing C, 'What Can We Still Learn from Data Ownership?' (ELI Digital Law SIG Seminar, 1 June 2022)
  • 'CiTiP White Paper on the Data Act Proposal' [2022] SSRN Electronic Journal <> accessed 17 November 2022
  • El Emam K, 'Seven Ways to Evaluate the Utility of Synthetic Data' (2020) 18 IEEE Security & Privacy 56
  • European Data Protection Board, 'Opinion 3/2019 Concerning the Questions and Answers on the Interplay between the Clinical Trials Regulation (CTR) and the General Data Protection Regulation (GDPR) (Art. 70.1.b))' (2019)
  • European Data Protection Board and European Data Protection Supervisor, 'EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space' <>
  • European Data Protection Supervisor, 'Mobile Health' <>
  • European Digital Rights, 'EHDS: Ignoring Patients' Privacy' (European Digital Rights (EDRi), 6 March 2023) <> accessed 27 April 2023
  • European Medicines Agency, 'Qualification of Novel Methodologies for Drug Development: Guidance to Applicants' (2009)
  • European Digital Rights, 'EHDS: Ignoring Patients' Privacy' (European Digital Rights (EDRi), 6 March 2023) <> accessed 27 April 2023
  • Fontanillo López CA and Elbi A, 'On Synthetic Data: A Brief Introduction for Data Protection Law Dummies' (2022)
  • Fortuna G, 'EU Pharma Reform Delayed Again Due to Commission's Busy Agenda – EURACTIV.Com' (EURACTIV, 22 March 2023) <> accessed 3 April 2023
  • Gartner M, 'Regulatory Acknowledgment of Individual Autonomy in European Digital Legislation: From Meta-Principle to Explicit Protection in the Data Act' (2022) 8 European Data Protection Law Review 462
  • Gemmati D and others, '"Bridging the Gap" Everything That Could Have Been Avoided If We Had Applied Gender Medicine, Pharmacogenetics and Personalized Medicine in the Gender-Omics and Sex-Omics Era' (2019) 21 International Journal of Molecular Sciences 296
  • Gonzales A, Guruswamy G and Smith SR, 'Synthetic Data in Health Care: A Narrative Review' (2023) 2 PLOS Digital Health e0000082
  • Government of Canada IAP on RE, 'How to Address Material Incidental Findings - Guidance in Applying TCPS 2 (2018) Article 3.4' (15 March 2019) <> accessed 22 March 2023
  • Grossman RI and Bernat JL, 'Incidental Research Imaging Findings: Pandora's Costly Box' (2004) 62 Neurology 849
  • Hariry RE, Barenji RV and Paradkar A, 'Towards Pharma 4.0 in Clinical Trials: A Future-Orientated Perspective' (2022) 27 Drug Discovery Today 315
  • Harrer S and others, 'Artificial Intelligence for Clinical Trial Design' (2019) 40 Trends in Pharmacological Sciences 577
  • Hildebrandt M, 'Ground-Truthing in the European Health Data Space' (SocArXiv 2023) preprint <> accessed 20 January 2023
  • Hines PA and others, 'Artificial Intelligence in European Medicines Regulation' (2023) 22 Nature Reviews Drug Discovery 81
  • 'Home - Women's Brain Project' (3 November 2021) <> accessed 21 March 2023
  • 'Is the Future of Privacy Synthetic? | European Data Protection Supervisor' (14 July 2021) <> accessed 14 March 2023
  • John Hopkins Medicine Institutional Review Board, 'Plans for Detecting and Managing Incidental Findings Associated with Research Imaging Procedures' (2016) <> accessed 22 March 2023
  • Kaminski R, 'AI in Pharma. What Does Artificial Intelligence Bring to the Pharmaceutical Industry?' (Nexocode, 2 March 2021) <> accessed 7 December 2022
  • Kennedy BS, Richeson RP and Houde AJ, 'Racial Bias in Pulse Oximetry Measurement' (2020) 383 New England Journal of Medicine 2479
  • Kokosi T and Harron K, 'Synthetic Data in Medical Research' (2022) 1 BMJ Medicine e000167
  • Kolluri S and others, 'Machine Learning and Artificial Intelligence in Pharmaceutical Research and Development: A Review' (2022) 24 The AAPS Journal 19
  • Lalova-Spinks T, 'Data Control in the European Health Data Space Proposal: Highlights' (Data Week 2022, June 2022) <>
  • Leistner M and Antoine L, 'Attention, Here Comes the EU Data Act! A Critical in-Depth Analysis of the Commission's 2022 Proposal' (2022) 13(3) Journal of Intellectual Property, Information Technology and Electronic Commerce Law 339
  • Lalova-Spinks T, 'Challenges Related to Data Protection in Clinical Research before and during the COVID-19 Pandemic: An Exploratory Study' (2022) 9 Frontiers in Medicine 995689
  • Liddell K, Simon DA and Lucassen A, 'Patient Data Ownership: Who Owns Your Health?' (2021) 8 Journal of Law and the Biosciences lsab023
  • Liguori L and Todisco C, 'Il riutilizzo dei dati personali a fini di ricerca anche alla luce dei più recenti orientamenti del Garante' (AboutPharma, 1 December 2022) <> accessed 5 April 2023
  • Loi M and others, 'Cybersecurity in Health – Disentangling Value Tensions' (2019) 17 Journal of Information, Communication and Ethics in Society 229
  • Marcus JS and others, 'The European Health Data Space' [2022] SSRN Electronic Journal <> accessed 25 January 2023
  • 'Medtronic Enables Pacemaker Monitoring by Smartphone' (Healthcare IT News, 20 November 2015) <> accessed 8 March 2023
  • Morrison TM and others, 'Advancing Regulatory Science With Computational Modeling for Medical Devices at the FDA's Office of Science and Engineering Laboratories' (2018) 5 Frontiers in Medicine 1
  • Musuamba FT and others, 'Verifying and Validating Quantitative Systems Pharmacology and In Silico Models in Drug Development: Current Needs, Gaps, and Challenges' (2020) 9 CPT: Pharmacometrics & Systems Pharmacology 195
  • Naudts L, 'Fair or Unfair Differentiation? Reconsidering the Concept of Equality for the Regulation of Algorithmically Guided Decision-Making' (2023)
  • Neuwirth RJ, 'Prohibited Artificial Intelligence Practices in the Proposed EU Artificial Intelligence Act' [2022] SSRN Electronic Journal <> accessed 3 April 2023
  • Ó Cathaoir K and others, 'EUSTANDS4PM Report. Legal and Ethical Review of in Silico Modelling' (2020)
  • Owczarek D, 'The Future of Pharmaceutical Manufacturing Process: Artificial Intelligence' (nexocode, 7 July 2021) <> accessed 8 December 2022
  • Pappalardo F and others, 'In Silico Clinical Trials: Concepts and Early Adoptions' (2019) 20 Briefings in Bioinformatics 1699
  • Rawls J, A Theory of Justice (Cambridge, Massachusetts : The Belknap Press of Harvard University Press, [1971] ©1971 1971) <>
  • Richardson HS and Belsky L, 'The Ancillary-Care Responsibilities of Medical Researchers: An Ethical Framework for Thinking about the Clinical Care That Researchers Owe Their Subjects' (2004) 34 The Hastings Center Report 25
  • Rubin DB, 'Statistical Disclosure Limitation' (1993) 2 Journal of Official Statistics 461
  • Shabani M and Yilmaz S, 'Lawfulness in Secondary Use of Health Data' [2022] Technology and Regulation 128
  • Studio Legale Stefanelli & Stefanelli, 'Databases: Legal Protection between Italian Copyright and Sui Generis Right - Lexology' (2022) <> accessed 4 April 2023
  • Surendra H and Mohan HS, 'A Review of Synthetic Data Generation Methods For Privacy Preserving Data Publishing' (2017) 6 International Journal of Scientific & Technology Research
  • Van Alsenoy B, 'Regulating Data Protection : The Allocation of Responsibility and Risk among Actors Involved in Personal Data Processing' (2016)
  • van Kessel R and others, 'The European Health Data Space Fails to Bridge Digital Divides' [2022] BMJ e071913
  • Varkey B, 'Principles of Clinical Ethics and Their Application to Practice' (2021) 30 Medical Principles and Practice 17
  • Vedder A, 'Safety, Security and Ethics', vol 7 (Intersentia; Cambridge, Antwerp, Chicago 2019)
  • Vedder A and Spajić D, 'Moral Autonomy of Patients and Legal Barriers to a Possible Duty of Health Related Data Sharing' (2023) 25 Ethics and Information Technology 23
  • erhenneman G, 'The Patient's Right to Privacy and Autonomy against a Changing Healthcare Model' (KU Leuven Faculteit Rechtsgeleerdheid 2020)
  • Verhenneman G and Vedder A, 'WITDOM D6.1 – Legal and Ethical Framework and Privacy and Security Principles'' <>
  • Weber K and Kleine N, 'Cybersecurity in Health Care' in Markus Christen, Bert Gordijn and Michele Loi (eds), The Ethics of Cybersecurity, vol 21 (Springer International Publishing 2020) <> accessed 20 March 2023
  • Weissler EH and others, 'The Role of Machine Learning in Clinical Research: Transforming the Future of Evidence Generation' (2021) 22 Trials 537
  • Wilkinson A, 'Medical Device Regulation and Litigation: A Comparative Analysis of Australia, the United Kingdom and the United States of America' (PhD, Queensland University of Technology 2021) <> accessed 14 September 2022
  • Wolf SM, Paradise J and Caga-Anan C, 'The Law of Incidental Findings in Human Subjects Research: Establishing Researchers' Duties' (2008) 36 Journal of Law, Medicine & Ethics 361
  • Zuiderveen Borgesius F, 'The Breyer Case of the Court of Justice of the European Union: IP Addresses and the Personal Data Definition' (2017) 3 European Data Protection Law Review 130