EHDS Q&A: Understanding the basics – Part 2

Part 2 of 2: Will you be ready on time?

Executive summary

The European Health Data Space (EHDS) introduces strict new obligations for healthcare organizations across the EU. While enforcement starts in 2029, the scale of change required means action is needed now. This two-part Q&A series explains EHDS in practical terms. Part 2 focuses on readiness and implementation, outlining what healthcare organizations must put in place to meet requirements on time.

Read Part 1: What’s the urgency?

The deadlines for connecting to the EHDS are closer than they look, and you have three months once a health data request comes through to make your data available. Act now to avoid paying fines of up to €10 million or 2% of your organization’s worldwide turnover if you miss any milestones. 

Why do I need to worry? 2029 is very far away! 

It’s worth noting that EHDS implementation comes with staggered milestones, which means that some of the deadlines are closer than you might first expect. A few Member States may also choose to introduce earlier national milestones.

March 2029 remains the pivotal moment when the EHDS truly starts to take effect—but waiting until then is just not an option. 

Health data holders— EU healthcare organizations that have the right or obligation to process health data—will need to submit descriptions of the datasets they hold to the relevant Health Data Access Bodies (HDABs) by March 2029 or 2031, depending on which categories each dataset falls under. With the timelines split like this, it’s easy to underestimate how soon the first wave hits, so getting ahead of the mapping now will make those deadlines far less painful. 

In preparation, health data holders should already be actively rolling out their EHDS-readiness plans. It’s a fundamental shift in IT infrastructure that calls for strong leadership and deliberate change management. 

Changing existing IT infrastructure, particularly complex and legacy infrastructure, requires time for: 

1. Discovery (12 months) 
2. Implementation (18 months) 
3. Buffer (6 months) 
4. Legal and compliance reviews (3 months) 

Altogether, you’re looking at a minimum of roughly three years, making the long runway to EHDS compliance feel a lot shorter than it appears on paper.

It’s critical to actively prepare for EHDS now. Health data holders will soon have to track and report the secondary data use with far more precision, requiring substantial changes to IT infrastructure while ensuring day-to-day operations run smoothly and maintaining strict health data security. 

Significant changes required for IT infrastructure include: 

How can our organization safeguard day-to-day operations during this change? 

Several core pieces of today’s IT infrastructure will undergo significant changes. 

To keep everything running smoothly, your organization needs teams with deep technical expertise in: 

Key risks that can break continuity and derail EHDS readiness include:

How can BC Platforms support us? 

Our trusted research environments (TREs) are already EHDS-ready, although organizations still have substantial work ahead. Getting secondary-use compliance in place takes time, which is why beginning the process now is critical, not optional. 

We deliver EHDS-compatible modular and scalable solutions—whether for a single hospital or an entire nation. 

Our EHDS-ready TRE, for example, can run on the Cloud, on national clouds or on-premises for localized deployments. It supports federated cross-EU connections by automating and streamlining complex workflows that typically slow data access down. 

As part of its efforts in supporting organizations’ transition to be EHDS-compliant, we’re proud to be actively involved in the TEHDAS2 consortium, which is developing guidelines and technical specifications for the full implementation of secondary healthcare data use across the EU.