The European Health Data Space and the Geopolitics of EU Sovereignty
Introduction
The European Health Data Space (EHDS) is geopolitically important because it translates the European Union’s abstract ambition for “digital sovereignty” into a concrete institutional, legal, and technical system for one of the most sensitive categories of data: health data. Regulation (EU) 2025/327 formally establishes the EHDS as an EU-wide framework for the primary and secondary use of electronic health data; it entered into force on 26 March 2025, applies from 26 March 2027, and will be implemented in phases through 2029, 2031, and 2035 (Regulation (EU) 2025/327, 2025). (EUR-Lex) Its importance lies not only in improving healthcare delivery or research efficiency, but in determining whether the EU is capable to govern, standardise, secure, and exploit strategic data infrastructures according to its own constitutional values rather than by defaulting to foreign platforms, fragmented national systems, or private-sector gatekeepers.
In this essay I want to argue that the EHDS is a strategic sovereignty instrument in five senses: it strengthens regulatory sovereignty, infrastructural sovereignty, innovation sovereignty, health-security sovereignty, and normative power. Conversely, a failure to implement the EHDS would weaken the EU’s geopolitical position by entrenching fragmentation, increasing dependence on non-EU cloud and AI infrastructures, reducing Europe’s competitiveness in biomedical innovation, damaging the credibility of the “Brussels effect,” and impairing crisis resilience. The failure scenario discussed here is not merely a delay in technical deployment; it refers to a sustained inability to create standardised, computable, secure, and enforceable health-data flows across EU Member States.
EHDS as a sovereignty instrument
At the legal level, the EHDS is designed to overcome the limits of coordination among Member States. The Regulation states that its objectives include empowering natural persons with control over electronic health data, supporting free movement by ensuring that health data follow citizens, fostering an internal market for digital health services and products, and creating a consistent framework for reusing health data for research, innovation, policy-making, and regulatory activities (Regulation (EU) 2025/327, 2025). (EUR-Lex) This is a classic sovereignty move in the EU sense: it transfers a fragmented field into a harmonised legal order, using internal-market competence and data-protection competence to create scale.
The EHDS also operationalises the EU’s broader European strategy for data. The Commission’s 2020 data strategy identified health as a strategic sectoral data space and argued that a genuine single market for data requires secure, interoperable, enforceable, and value-based data governance (European Commission, 2020). (EUR-Lex) In this sense, the EHDS is the health-sector embodiment of a broader geopolitical project: the creation of European data spaces that can support innovation while keeping governance aligned with EU law, especially the General Data Protection Regulation (GDPR), cybersecurity rules, competition law, and fundamental rights (EUR-Lex).
The concept of digital sovereignty is not autarky. Recent EU Joint Research Centre work defines EU digital sovereignty as the capacity to exercise strategic independence in the digital domain while remaining open and connected to global networks; it emphasises the ability to decide, invest, innovate, and govern according to European values (European Commission Joint Research Centre, 2026). (publications.jrc.ec.europa.eu) The EHDS fits this model because it does not require all health data or all technology vendors to be European. Rather, it seeks to ensure that whoever participates in the European health-data ecosystem must comply with European rules on interoperability, security, privacy, access, auditability, and public-interest reuse.
Note: From a political theory perspective, digital sovereignty through a republican lens frames the digital realm as a public space (res publica) where freedom is defined as the total absence of arbitrary control or domination. Digital autarky from a republican perspective focuses on eliminating "digital domination" - the arbitrary, unaccountable power that external tech monopolies, algorithmic systems, and foreign states hold over (EU) citizens and institutions.
Regulatory and normative power
The EHDS reinforces the EU’s geopolitical identity as a regulatory power. Scholars of digital sovereignty distinguish between sovereignty as regulatory capacity and sovereignty as strategic autonomy from external dependencies (Christakis, 2020). (SSRN) The EHDS combines both. First, it extends the EU’s rights-based regulatory model into the health-data economy. Second, it creates the technical and institutional conditions for EU actors to act collectively at scale.
The global dimension is significant. The EU has already shaped digital governance internationally through the GDPR, and the “Brussels effect” describes how EU rules may influence corporate practices and foreign legislation beyond EU borders (Bradford, 2012; European Parliamentary Research Service, 2024). (European Parliament) If successfully implemented, the EHDS could become the health-data equivalent of the GDPR: a global reference model for combining sensitive-data reuse, individual control, secure processing environments, and cross-border interoperability. The Regulation’s future possibility for third countries and international organisations to join HealthData@EU under specific conditions from 2035 further illustrates its potential external projection (Regulation (EU) 2025/327, 2025). (EUR-Lex)
The geopolitical stakes are therefore not limited to Europe’s internal healthcare systems. Health data are increasingly central to pharmaceutical research, AI model development, genomics, rare-disease research, pharmacovigilance, health-technology assessment (HTA), and pandemic preparedness. A European framework that sets legally enforceable conditions for such data use allows the EU to project a rights-preserving model of digital health governance in competition with more market-driven approaches associated with the United States of America (USA) and more state-centric approaches associated with the People's Republic of China (PRC).
Infrastructural sovereignty and dependence on foreign technology providers
A second geopolitical pillar is infrastructural sovereignty. The EU’s 2020 data strategy explicitly warned that Europe needed to reduce technological dependencies in strategic data-processing infrastructures such as cloud and edge computing (European Commission, 2020). (EUR-Lex) The EHDS is directly implicated in this issue because secure health-data processing requires cloud infrastructure, identity management, access-control systems, logging, interoperability services, and potentially AI-ready computing environments.
The Regulation addresses this through institutional and technical design. For primary use, Member States must participate in MyHealth@EU, a common infrastructure intended to support secure and interoperable cross-border healthcare data exchange (Regulation (EU) 2025/327, 2025). (EUR-Lex) For secondary use, Member States and the Commission must set up HealthData@EU to facilitate cross-border access to electronic health data, with the Commission operating a central platform and implementing technical specifications for security, confidentiality, data protection, and interoperability (Regulation (EU) 2025/327, 2025). (EUR-Lex)
The EHDS also mandates secure processing environments for secondary use. These environments must restrict access to authorised users, minimise unauthorised reading or copying, keep identifiable logs, and ensure that users can download only non-personal outputs such as anonymised statistical results (Regulation (EU) 2025/327, 2025). (EUR-Lex) This is geopolitically important because it seeks to prevent a simple extraction model in which sensitive European health data become raw material for external platforms without adequate European control. In the ideal EHDS model, data access occurs under permits, in auditable environments, under European legal authority.
This issue has become more salient as the EU has recently proposed a Cloud and AI Development Act to strengthen Europe’s sovereignty and competitiveness in cloud and AI ecosystems (European Commission, 2026). (Digital Strategy Europe) The EHDS should be understood as part of that same sovereignty agenda: without trusted European or EU-compliant cloud and AI infrastructures, health-data governance remains legally ambitious but operationally dependent.
Interoperability as geopolitical capacity
Interoperability is often treated as a technical matter, but in the EHDS it is geopolitical. Fragmented health-record systems prevent the EU from acting as a single data jurisdiction. The Regulation therefore requires a European electronic health record exchange format that is machine-readable and capable of transmitting personal electronic health data between software applications, devices, and healthcare providers (Regulation (EU) 2025/327, 2025). (EUR-Lex) It also identifies priority categories for primary use, including patient summaries, e-prescriptions, e-dispensations, medical imaging, laboratory results, and discharge reports (Regulation (EU) 2025/327, 2025). (EUR-Lex)
This is crucial because sovereignty in digital systems depends on (open international) standards. Whoever controls standards often controls market entry, compliance costs, data portability, and the future direction of innovation. The EHDS attempts to shift Europe from a patchwork of national EHR systems to a common legal, semantic, and technical architecture. The Regulation explicitly situates EHDS interoperability within the European Interoperability Framework, covering legal, organisational, semantic, and technical interoperability (Regulation (EU) 2025/327, 2025). (EUR-Lex)
Academic literature confirms the difficulty of this task. Terzis and Santamaria Echeverria (2023) describe the EHDS as not merely a legal instrument but a framework requiring institutional and technical-infrastructural transformation across primary and secondary health-data uses. (Erasmus University Rotterdam) Hussein et al. (2025) similarly emphasise that EHDS secondary-use interoperability must be built through standards, governance, and practical compliance tools, drawing lessons from multiple European cancer and AI-driven research projects. (jmir.org) In geopolitical terms, this means that the EU’s ability to compete in health AI and life sciences depends on whether interoperability becomes real at the level of computable data, not merely aspirational at the level of legislation.
Note: In regulatory and trade contexts, "gold-plating" and "sugarcoating" are strategies (European) governments use to implicitly protect local markets. Gold-plating occurs when a member state imposes stricter national requirements than absolutely required when translating broader (e.g., EU) laws into domestic law. Sugarcoating involves presenting domestic, protectionist trade barriers as purely consumer-safety or public interest measures to avoid formal penalties.
Research, innovation, and biomedical competitiveness
The EHDS is also a competitiveness instrument. The European Commission argues that secondary use of health data can support research, innovation, public health, policy-making, regulatory activity, and personalised medicine (European Commission, 2022). Health data are indispensable for AI-driven diagnostics, drug discovery, post-market surveillance, precision medicine, medical-device regulation, and health-system performance analysis. The EU’s competitive disadvantage vis-à-vis the United States and China is not only a matter of venture capital or industrial policy; it is also a matter of whether researchers and firms can access high-quality, interoperable, legally usable health datasets at scale.
The EHDS seeks to create such scale while preserving privacy. It does so through Health Data Access Bodies (HDABs), data permits, secure processing environments, data-quality labels, and common access procedures. The Regulation requires Member States to provide HDABs with human, financial, technical, and infrastructural resources, and to ensure their independence and capacity to perform supervisory and access functions (Regulation (EU) 2025/327, 2025). (EUR-Lex)
The need for this harmonisation is well documented. A Commission-sponsored assessment of Member State health-data rules found wide variation in legal bases for healthcare data processing and sharing, fragmented access for public-health purposes, and substantial stakeholder support for EU-level regulatory and organisational intervention (Hansen et al., 2021). Vukovic et al. (2022) found that the GDPR functions both as an enabler and a barrier for secondary use of health data: it supports trust and transparency but creates obstacles where national interpretations differ or individual-level identifiable data are required. (Springer) Becker et al. (2024) similarly argue that divergent Member State implementation of GDPR legal bases creates major hurdles for cross-border secondary use of health and genetic data.
The geopolitical point is that fragmentation imposes opportunity costs. If EU researchers cannot lawfully and efficiently combine datasets across borders, AI and biomedical innovation may migrate toward more efficient and more effective jurisdictions or corporations with easier access to large datasets. That would weaken Europe’s position in biotechnology, pharmaceuticals, medical AI, and regulatory science.
Crisis resilience and the European Health Union
The EHDS also supports health-security sovereignty. The COVID-19 pandemic revealed that health data are strategic assets in crisis management: they enable surveillance, modelling, clinical research, vaccine monitoring, supply-chain coordination, and rapid public-health decision-making. The Commission presents the EHDS as a key pillar of the European Health Union, which aims to improve crisis preparedness, health-system resilience, and coordinated EU responses (European Commission, 2022). The European Health Union framework also emphasises pandemic preparedness, cross-border health-threat response, and stronger EU-level coordination (European Commission, 2026). (European Commission)
In geopolitical terms, crisis resilience is sovereignty under stress. A European Union that cannot rapidly mobilise health data during a pandemic, antimicrobial-resistance crisis, bioterrorism threat, or medical-supply shock is less autonomous. It must rely more heavily on external intelligence, foreign platforms, private datasets, or delayed national reporting. Conversely, an operational EHDS would make Europe more capable of identifying threats, evaluating countermeasures, supporting Health Emergency Preparedness and Response (HERA) and European Medicines Agency (EMA) functions, and coordinating policy across borders.
The geopolitical impact of failure
If the EU fails to implement the EHDS, the first geopolitical consequence would be the persistence of internal fragmentation. The EU would remain formally committed to a single market for health data but practically divided into national and regional data silos. The Commission’s data strategy warned that fragmentation among Member States is a major risk to a genuine single market for data (European Commission, 2020). (EUR-Lex) In health, this fragmentation is especially damaging because data are sensitive, institutionally dispersed, and clinically heterogeneous. Failure would therefore weaken one of the EU’s core geopolitical advantages: its ability to convert market size into regulatory and economic power.
Second, failure would deepen technological dependence. If EU health systems cannot rely on interoperable European governance mechanisms, national authorities and healthcare providers may increasingly turn to large non-EU cloud, AI, and platform providers that can offer integrated services. That would not automatically be unlawful or undesirable, but it would reduce Europe’s control over the health-data value chain. The EU’s own digital-sovereignty analysis stresses that sovereignty requires capacity across infrastructures, standards, software, and data governance, not regulation alone (European Commission Joint Research Centre, 2026). (publications.jrc.ec.europa.eu) A failed EHDS would leave Europe with (nice) rules but insufficient operational capacity (implementation deficit).
Third, failure would damage EU innovation sovereignty. Fragmented legal bases, inconsistent access procedures, poor data quality, and non-interoperable EHR systems would make pan-European biomedical research slower and more expensive. Researchers already report that access to health data is difficult, with national rules, cost, and time as major barriers (Hansen et al., 2021). If the EHDS does not solve this, the EU’s life-science and medical-AI sectors would face a structural disadvantage against competitors that can train, validate, and regulate technologies using larger and more coherent datasets.
Fourth, failure would weaken the EU’s global standard-setting authority. The Brussels effect depends not only on adopting ambitious laws, but on demonstrating that those laws are implementable and commercially viable. If the EHDS becomes a symbol of over-complex regulation without operational delivery, it could further reinforce international criticism that the EU regulates more effectively than it builds. The geopolitical loss would be reputational as well as economic: the EU’s rights-based model of health-data governance would be less persuasive to third countries, international organisations, and global firms.
Fifth, failure would undermine health-security sovereignty. Without interoperable, cross-border health-data infrastructure, the European Health Union would remain partially incomplete. Crisis surveillance, pharmacovigilance, clinical-trial coordination, and public-health modelling would continue to rely on fragmented national systems. The pandemic demonstrated the strategic importance of coordinated health preparedness, and EU health-security reforms have sought to improve prevention, preparedness, surveillance, early warning, and response (European Commission, 2026). (European Commission) A failed EHDS would leave a gap between the EU’s crisis-preparedness ambitions and its data capabilities.
Finally, failure would harm citizen trust. The EHDS depends on a delicate bargain: European citizens permit broader structured use of health data because the system promises control, transparency, privacy, cybersecurity, and public value. If implementation is inconsistent, citizens may experience the system either as ineffective bureaucracy or as unsafe data extraction. Both outcomes would be politically corrosive. Trust is not merely a social variable; it is geopolitical infrastructure. Without trust, citizens resist data sharing, researchers lose access, and European institutions lose legitimacy.
Note: An implementation deficit (also known as an implementation gap) is the failure to execute agreed-upon (EU) policies, laws, or strategic plans into actual, real-world practice. It represents a disconnect where a governing body or organization successfully designs and passes an ambitious framework, but the final results on the ground are either missing, delayed, or merely symbolic.
Conclusion
The EHDS is geopolitically important because it is a test of whether the EU can convert legal authority, market size, and values-based regulation into operational sovereignty over a strategic data domain. If implemented successfully, it will strengthen Europe’s autonomy in digital health, support biomedical innovation, reduce fragmentation, reinforce the European Health Union, and project a global model of trustworthy health-data governance. It will not make Europe technologically self-sufficient, nor should that be the goal. Rather, it will give the EU greater capacity to govern health data under European democratic, legal, and ethical conditions.
If the EHDS fails, the consequences would extend far beyond health administration. The EU would lose strategic ground in digital sovereignty, health security, AI competitiveness, pharmaceutical innovation, and global standard-setting. It would remain dependent on fragmented national systems and powerful external technology providers, while its claim to be a global regulatory leader would become less credible. The EHDS is therefore not simply a data-sharing regulation; it is a geopolitical infrastructure for European sovereignty in the age of health data, AI, and platform power.
References
Becker, R., Thorogood, A., Ordish, J., & Dove, E. S. (2024). Legal bases for effective secondary use of health and genetic data in the European Union. International Data Privacy Law, 14(3), 223–238.
Bradford, A. (2012). The Brussels effect. Northwestern University Law Review, 107(1), 1–68. Cited in European Parliamentary Research Service briefing. (European Parliament)
Christakis, T. (2020). European digital sovereignty: Successfully navigating between the “Brussels effect” and Europe’s quest for strategic autonomy. SSRN. (SSRN)
European Commission. (2020). A European strategy for data (COM/2020/66 final). EUR-Lex. (EUR-Lex)
European Commission. (2022). Communication on a European Health Data Space. Directorate-General for Health and Food Safety.
European Commission. (2026). Cloud and AI Development Act. Shaping Europe’s Digital Future. (Digital Strategy Europe)
European Commission. (2026). European Health Union. (European Commission)
European Commission Joint Research Centre. (2026). Open but not powerless: Towards a common understanding of EU digital sovereignty. (publications.jrc.ec.europa.eu)
European Parliamentary Research Service. (2024). The global reach of EU’s vision to digital transformation. European Parliament. (European Parliament)
Hansen, J., Wilson, P., Verhoeven, E., Kroneman, M., Kirwan, M., Verheij, R., & van Veen, E.-B. (2021). Assessment of the EU Member States’ rules on health data in the light of GDPR. European Commission.
Hussein, R., Gyrard, A., Abedian, S., Gribbon, P., & Martínez, S. A. (2025). Interoperability framework of the European Health Data Space for the secondary use of data: Interactive European Interoperability Framework–based standards compliance toolkit for AI-driven projects. Journal of Medical Internet Research, 27, e69813. (jmir.org)
Regulation (EU) 2025/327 of the European Parliament and of the Council of 11 February 2025 on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847. (2025). Official Journal of the European Union. (EUR-Lex)
Terzis, P., & Santamaria Echeverria, O. E. (2023). Interoperability and governance in the European Health Data Space regulation. Medical Law International, 23(4), 368–376. (Erasmus University Rotterdam)
Vukovic, J., Ivankovic, D., Habl, C., & Dimnjakovic, J. (2022). Enablers and barriers to the secondary use of health data in Europe: General Data Protection Regulation perspective. Archives of Public Health, 80, 115. (Springer)
Peter van Osta. An essay concerning a new Healthcare.