Germany established uniform and transparent standards for the use of cloud-computing services for processing health data, protecting sensitive health information from unauthorized access, manipulation, or loss. This regulation can positively impact AI use and research by providing a secure and standardised framework for handling sensitive health data, fostering trust and enabling more robust, compliant AI-driven innovations in healthcare.
Name in original language
-
Initiative overview
Germany’s Digital Act introduced Section 393 of the Social Security Code (SGB V), establishing binding IT-security standards for the use of cloud services in the healthcare sector. The provision ensures that health data may only be processed in certified environments meeting strict criteria, such as the BSI’s C5 standard, and that data remain subject to EU jurisdiction. This framework aims to provide legal certainty for healthcare providers, safeguard sensitive patient information, and create clearer conditions for the deployment of digital and AI solutions in medical research and care.
Name of responsible organisation (in English)
Federal Ministry of Health
