Simont Braun authors ICLG Belgian Chapter on Designs

What are the key principles of Benelux Design law?

Fernand de Visscher and Julie Kever authored the Belgian chapter on Designs in the International Comparative Legal Guide 2021 (ICLG): a pragmatic and comprehensive overview for all IP practitioners.

The guide is available here.

Should you have any question, please contact the authors:
+32 (0)2 543 70 80

Customs seizures | EORI number

Since 15 September 2020, the EORI number has become mandatory to obtain customs measures: the seizure request forms have been modified to impose the mention of the EORI number.

What is the EORI number?

The “EORI” number (“Economic Operator Registration and Identification”) is unique to each economic operator (or representative of economic operators) for the entire European Union (“EU”) and is issued by a customs authority of a Member State. It is used to identify economic operators and other parties involved in all their dealings with customs authorities (in particular for the import and export of goods). It is intended to simplify the administrative tasks of economic operators.

Secure access

This identification number will allow secure access to the European Union Customs Trader Portal. It allows economic operators and their representatives to electronically submit application forms requesting customs action with respect to goods suspected of infringing an intellectual property right, as well as application forms for an extension of the period during which a customs action is to be taken.

And in practice?

Each economic operator established in the customs territory of the EU must obtain its EORI number from the customs authorities of the Member State in which it is established. Economic operators not established in the customs territory of the EU must also be in possession of an EORI number to import or export goods. Such operators will have to apply for this purpose to the customs authority of the place where they intend to carry out their first customs activities, and the authority will grant them an EORI number. This procedure will also have to be followed by UK companies for which the UK EORI number will no longer be valid for customs activities in the EU after the end of the Brexit transition period (currently scheduled to end on 31 December 2020).

The procedure in Belgium

The companies or persons established in Belgium must, before submitting an application, verify whether or not they have already been assigned an EORI number. To do so, they must consult the EORI database (here) and enter their enterprise number preceded by “BE”. A message will then indicate whether their EORI number already exists. If this is not the case, an application form must be sent to the FPS Finance (Customs and Excise), which is available here.

Therefore, we recommend that all right holders make sure, as of today, that they are in possession of a valid EORI number (EORI online database available here), even if they do not usually carry out an activity involving contact with the customs authorities. In fact, in addition to the import and export, this number makes it possible to act quickly and have goods infringing intellectual property rights blocked by customs.


For any question or assistance, please contact the authors:

Charlotte Behets Wydemans
+32 (0)2 533 17 76

Fernand de Visscher
+32 (0)2 533 17 18

Simont Braun recognised again for its patent expertise by iAM 1000

Our IP team has again been highly recognised in Silver Band for its expertise in patents by iAM Patent. The department is ranked in Silver with the following mention:

“Complex global patent litigation is meat and drink to the lawyers at Simont Braun, who conjure up ingenious solutions to contentious challenges in the life sciences, medical device, electronics sectors. Fernand de Visscher recently played a hand in a high-profile matter for weapons manufacturer FN Herstal, ensuring that his client could keep its key product on the international market. He also teamed up with colleague Eric De Gryse to represent OGI Systems, a diamond and gemstone manufacturer, in parallel infringement proceedings which are also ongoing in Israel and India. They both possess significant trial strength and an intuitive feel for the intricacies of each brief, giving every angle the attention it deserves to cover all bases and construct bulletproof arguments.”

Fernand de Visscher and Eric De Gryse are also individually ranked in Silver for their experience and capabilities.

Thank you to our clients and peers for your trust!

Restrictions of cross-border sales under EU competition rules

Companies are in principle free to establish in Europe the distribution system that best serves their interests, including selective distribution where their products are put on the market through qualified distributors only.

However, recent fines imposed by the European Commission confirm that licensing and distribution systems must nevertheless comply with Article 101 and 102 TFEU which respectively prohibit anti-competitive agreements and abuses of dominant position.

Under Article 101 TFEU, agreements whose object or effect is to restrict cross-border sales in Europe, are in principle not allowed. In conformity with some EU regulations and case law, such agreements may benefit from an exemption under Article 101, § 3 TFEU in well-defined hypotheses only.

Under Article 102 TFEU, unilateral measures by which a dominant company restricts cross-border sales in Europe, are in principle not allowed either. Such restrictions may only be considered legal if the company is in fact not in a dominant position, or is in a dominant position but can objectively evidence that these restrictions are justified by, and proportionate to, a legitimate business behaviour, a legitimate public interest or efficiency considerations.

Nike and Sanrio: agreements restricting cross-border sales in Europe

Early 2019, Nike and Sanrio were both fined by the Commission under Article 101 TFEU, which prohibits agreements between companies that may affect trade between Member States and whose object or effect is to prevent, restrict or distort competition.

During more than ten years, licences had been granted in Europe by Nike for the manufacture and distribution of products featuring the brands of football clubs and federations, and by Sanrio for the distribution of products featuring Hello Kitty characters.

In both cases, the Commission found that the agreements concluded by Nike and Sanrio were in breach of EU competition rules because they imposed restrictions on cross-border sales by licensees in the form of direct measures (such as clauses prohibiting these sales) and indirect or additional measures (such as audits to ensure compliance with these restrictions).

These recent decisions confirm that, after having paid less attention to them for some years, the Commission has decided to focus increasingly on vertical agreements in particular to fight illegal restrictions of cross-border sales in Europe. Such restrictions are regarded as “by object” and cannot enjoy the de minimis regime.

Regarding selective distribution systems, the Commission considers that the appointed distributors should be free to sell actively and passively to all end-users, everywhere, offline or online. Therefore, such vertical agreements restricting (active or passive) sales by members of a selective distribution system cannot benefit from an exemption under Article 101, § 3 TFEU.

More generally, in conformity with the CJEU case law, the Commission considers that the licensing of IP rights in the context of a distribution agreement cannot justify the imposition on licensees of restrictions to sell the licensed merchandise across borders (see, in particular, CJEU, judgment of 6 October 2009, C‑501/06 P, C-513/06 P, C-515/06 P and C‑519/06 P, GSK, para. 59 to 61).

Based on these elements, it appears increasingly difficult for agreements restricting cross-border sales in Europe to benefit from an exemption under Article 101, § 3 TFEU.

In general, and in conformity with Article 4, b), of the (block exemption) Regulation n°330/2010 (applicable to vertical agreements), there are only four hypotheses where vertical agreements (distribution systems) containing cross-border sales restrictions may still benefit from an exemption, namely when (further to complying with the other exemption requisites in the Regulation):

  • the agreement restricts active sales into the exclusive territory of an appointed distributor, without restricting the sales by the customers of the distributor concerned;
  • the agreement restricts sales by a wholesaler to end-users, in order to keep the wholesale and retail level separate;
  • the agreement restricts sales by an appointed distributor (selective distribution) to an unauthorised distributor in a selective distribution territory;
  • the agreement restricts sales of components by an appointed distributor to a competitor of the supplier.

Furthermore, in selective distribution systems, territorial restrictions are not allowed at the end-users level and between appointed distributors either (letters c) and d) of said Article 4).

Based on the above, companies are advised to refrain from concluding agreements whose object or effect is to restrict cross-border sales in Europe, except in the cases where they may benefit from an exemption based on Regulation n°330/2010.

Under Regulation n°316/2014 (applicable to technology transfer agreements), a vertical technology transfer agreement imposing some territorial restrictions on sales may also benefit from an exemption in this respect, provided the other exemption requisites are complied with, but only in well-defined hypotheses, and depending on whether the parties are competing undertakings or not. It is a complex regime requiring a detailed analysis of the market situation and the contractual provisions or practices at stake.

One can simply note here that also under this regulation, in selective distribution systems, a vertical technology transfer agreement may not restrict sales (active or passive) to end-users by a non-competing licensee operating at the retail level (letter c) of Article 4, § 2).

AB InBev: unilateral measures restricting cross-border sales in Europe

Early 2019, AB InBev was fined by the Commission under Article 102 TFEU, which prohibits abuses of a dominant position that may affect trade and prevent or restrict competition.

During approximately eight years, the market strategy of AB InBev had consisted in restricting the possibility for Belgian retailers to buy Jupiler beer at lower prices in the Netherlands in order to maintain higher prices in Belgium.

After finding that AB InBev was in a dominant position on the Belgian beer market, the Commission concluded that it had abused its market power by taking unjustified unilateral measures, such as the modification of the packaging of its products supplied in the Netherlands to make them harder to sell in Belgium.

In that context, the Commission underlined that such restrictions of cross-border sales would also qualify as an infringement under Article 101 TFEU if they resulted from an agreement between independent companies irrespective the supplier was dominant or not.

This decision confirms the scrutiny of the Commission as regards restrictions of cross-border sales, be it on the basis of Article 101 or 102 TFEU, as well as the difficulty for dominant companies to justify the imposition of such restrictions.

In that regard, the Commission and the CJEU have gradually recognised that companies can rely on three categories of “objective justifications” to establish that their behaviour is, in fact, not abusive, namely:

  • a legitimate business behaviour, such as the protection of one’s own commercial interests (see CJEU, judgment of 14 February 1987, C-27/76, United Brands, para. 189);
  • a legitimate public interest objective, such as environmental concerns (see Commission, decision of 21 October 1997, 97/745/EC, Port of Genoa, para. 21);
  • efficiency considerations, showing that the exclusionary effect may be counterbalanced by advantages in terms of efficiency which also benefit the consumer (see CJEU, judgment of 15 March 2007, C-95/04, British Airways, para. 86).

These justifications are, however, very uneasy to invoke in practice. The proportionality test is of the essence. For example, regarding cross-border sales, the CJEU found that a pharmaceutical company had abused its dominant position by refusing to supply patented medicines in order to impede parallel trade, and took the view that the company had not adopted a “legitimate business behaviour” even in the presence of a State intervention in fixing the prices for pharmaceuticals (see CJEU, judgment of 16 September 2008, C-468/06 to C-478/6, Sot. Lélos kai Sia, para. 70 to 77).

Based on the above, dominant companies should be extremely cautious in imposing unilateral measures aiming – or having as an effect – to restrict cross-border sales in Europe, except in the very few cases where they may rely on the doctrine of “objective justifications”.


Fernand de Visscher and Romain Meys



The information presented in this site is not a legal advice or opinion. You should seek the advice of a legal counsel of your choice before acting upon any of the information in this site.

Simont Braun assisted Rewe in one of the largest mergers in the European retail sector

Simont Braun has advised Rewe, the second largest German supermarket chain, on the Belgian legal aspects of the purchase of Lekkerland/Conway, a major wholesaler specialised in consumption on the go, supplying gas stations, kiosks, convenience stores, etc. The transaction was signed on 28 May 2019 and the parties are now waiting for clearance by the competition authorities.

As both Rewe Group and Lekkerland are active in several European countries, their merger implied substantial cross-border aspects and the active cooperation of several top tier law firms, principally in Germany (lead), Belgium, Switzerland, the Netherlands and Spain.

Simont Braun’s Corporate M&A team advised Rewe on the Belgian legal aspects of the transaction, in particular by carrying out a legal due diligence on the Belgian target companies and assisted on the related legal and regulatory questions surrounding the transaction.

Our team is delighted to have contributed to such a landmark European cross-border transaction, in close cooperation with Taylor Wessing Germany (lead firm). Our demonstrated capabilities to act in the framework of international transactions make us a go-to law firm for such matters on the Belgian market. Our integrated multidisciplinary structure and strong linguistic skills were clearly a plus,” highlights Axel Maeterlinck, partner in Simont Braun’s Corporate M&A department.

The Rewe Group generated a turnover over € 61 billion last year, courtesy of its 360,000 employees in 22 European countries. With the merger with Lekkerland, a new European powerhouse is born in the convenience segment. Lekkerland has about 4,900 employees in Europe and generated a turnover of € 12.4 billion euro last financial year. In Belgium, the group operates under the name Conway and its 400 people generate a turnover of € 1.5 billion (source:

The Simont Braun team was led by partner Axel Maeterlinck, together with partners Fernand de Visscher, Steven Callens and the assistance of counsel Pierre Van Achter and associates Tine Bauwens, Laura Grauer, Julie Kever and Peter Blomme.

New Copyright Directive approved by the EU Parliament

On 26 March 2019, a fierce battle took place in the arena of the EU Parliament. Arguments flowing back and forward resulted in a close majority in favour of the supporters of the new Directive (EU) 2019 of the European Parliament and of the Council on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC (hereinafter: the New Copyright Directive). You may find the debate here and the final text as adopted here.

The fact that the European Commission launched the proposal back in September 2016 with a legislative process lasting nearly two and a half years and only 348 Members of the European Parliament (hereinafter: MEP) voting in favour, while 274 MEP voted against and 36 MEP abstained, illustrates the controversial nature of the New Copyright Directive. This led to the adoption of the current text containing merely 32 articles to be accompanied with almost three times that amount of recitals, i.e. 86.

Closing the value gap

The biggest battle was fought over the new obligations and the personal scope of Online Content-Sharing Service Providers (hereinafter: OCSSP). When reading between the lines of the personal scope, the thresholds and the exemptions, it seems that the new rules on the internet are tailored towards big information society service providers such as YouTube, Facebook and similar platforms. The goal of the New Copyright Directive is clear: the EU only intends to regulate the internet to the extent necessary to tackle the famous “value gap” and ensure appropriate remuneration for rightholders for the use of their protected works on the internet.

Under the New Copyright Directive, an OCSSP means “a provider of information society service of which the main or one of the main purposes is to store and give the public access to a large amount of copyright-protected works or other protected subject matter uploaded by its users, which it organises and promotes for profit-making purposes”.

Despite clear indications, the New Copyright Directive still leaves room for interpretation of this new key concept. It will be interesting to see how courts will define the boundaries and interpret the open notions like “main” and “large”. What is certain, is that activities of providers of services like Wikipedia (online encyclopaedia), Dropbox (online storage), eBay (online marketplace) and Telenet or Belgacom (electronic communication services) are not included in the scope as they are explicitly excluded for the reason that they do not have as their main purpose to give to the public access to a large amount of copyright-protected works.

The new obligations on OCSSP flowing from the New Copyright Directive include amongst others that OCSSP must now obtain an authorisation in exchange for an appropriate remuneration from the rightholders in order to communicate the protected works to the public. In the event that they cannot obtain such authorisation, they must demonstrate best efforts to obtain it, demonstrate best efforts to make unavailable unauthorised content for which relevant and necessary information was provided and organise an expeditious notice, take down and stay down mechanism for unauthorised content. The latter must include an effective and expeditious complaint and redress mechanism with a human review in the event of disputes. At the same time, the OCSSP must refrain from general monitoring and over-blocking.

Other key features of the New Copyright Directive

Besides the above-mentioned, other key features of the New Copyright Directive include:

  • New exceptions and limitations covering text and datamining, the use of works in digital and cross-border teaching activities and copies made for the preservation of cultural heritage
  • Measures to ensure wider access to out-of commerce works by providing the grant of non-exclusive licences to cultural heritage institutions for non-commercial purposes, together with measures to ensure transparency and stakeholder dialogue
  • Measures to facilitate collective licensing and rules governing collective management organisations offering such collective licenses
  • Negotiation mechanism to assist parties facing difficulties related to the licensing of rights for the purpose of making available audiovisual works on VOD platforms
  • New publisher’s rights with regard to online uses of their press publications
  • A right for authors and performers to receive information as well as appropriate and proportionate remuneration when they license or transfer their exclusive rights
  • A right of revocation for authors and performers in case of a lack of exploitation after transferring or licensing their rights on an exclusive basis


The journey is far from over. The Council of Ministers still has to give its final opinion over the New Copyright Directive and it is expected that it will accept the final text on 9 April 2019. After that, the text will be published in the Official Journal and the Member States will have 2 years after the date of entry into force of the directive to transpose it into their national laws.

The rules laid down in this new directive aim at creating a fair balance between access to creative works and appropriate remuneration for the rightholders. It would be in the interest of all stakeholders that users and rightholders come to a mutual understanding and conclude the necessary licenses to keep contents available while at the same time ensuring appropriate remuneration of the rightholders, and ultimately prove the sceptics wrong.

We will keep monitoring the progress of the New Copyright Directive and its implementation and keep you updated.

*     *     *

For any question, do not hesitate to contact our IP team.

Two Partners appointed in the Industrial property Section of the Council for Intellectual Property

The FPS Economy has just appointed, for their legal expertise, Fernand de Visscher as President and Emmanuel Cornu as a member of the Industrial Property section of the Council for Intellectual Property.

The Council for Intellectual Property is an advisory body made up of experts and representatives of various sectors concerned with the intellectual property. Its main mission is to provide the Minister responsible for intellectual property with advice on any matter relating to intellectual property, in particular in the law-making process.

Its president and members are appointed for a term of four years.


GDPR – Are you ready?

On 10 January 2018, the law of 3 December 2017 concerning the establishment of the Data Protection Authority was published in the Belgian’s official Gazette. This law, reforming the current Commission for the protection of privacy, is one of the necessary legislative efforts to anticipate the entry into force of the European Union’s General Regulation on the protection of natural persons with regard to the processing of personal data and of the free movement of such data (GDPR). As of 25 May 2018 all natural or legal persons, public authorities, agencies or other bodies which process personal data or organise such processing will have to comply with these new rules. What does this mean in practice?

This news aims at providing the reader with an overview of the changes entailed by the GDPR and to give some insight on the necessary measures to be taken to comply with the new legislation.

Will I be affected by the GDPR?

The GDPR applies to the processing of personal data by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. Certain exceptions and limited alterations set aside, the GDPR’s material scope of application is identical to the scope of the act of 8 December 1992 on the protection of privacy in relation to the processing of personal data. The latter is currently the must-go-to legislative act in Belgium. In practice, this legislation is important for nearly all undertakings, if only for the management of personnel, clients and suppliers.

The territorial scope of the GDPR includes all undertakings established within the EU, as well as, in specific circumstances, all foreign undertakings that process personal data of individuals located in the EU. The fact that your business is established outside the EU does not necessarily entail that the GDPR does not apply to it.

The major changes brought by the GDPR do not relate to the scope of application of the rules, but to the obligations imposed on data controllers and their processors, as well as to the sanctions for non-compliance with this regulation.

Key changes and what to do in practice?

1)  Currently, processing personal data is frequently based on the consent of the individual concerned (hereinafter: the data subject). However, this consent is not always obtained under conditions that guarantee a consent of acceptable quality. Therefore, the GDPR provides for more stringent requirements to obtain an individual’s consent. In the future, any company that bases processing of personal data on the individual’s consent will have to check whether:

  • the consent is obtained by a statement or a clear affirmative action (which precludes, for example, the use of pre-ticked boxes);
  • the consent is freely given, specific, clear and unambiguous (meaning that the data subject was duly informed of the scope of his/her consent before giving it);
  • the consent refers to a processing for one or several specific lawful purposes (general and broad phrasing is not allowed);
  • where consent is given in a written statement which relates to multiple subject-matters (such as the acceptation of general terms and conditions or terms of use), the request for consent should be presented in an intelligible and accessible form, in a clear and plain language, and in a way that is clearly distinguishable from the other matters;
  • it can easily demonstrate that it obtained the data subject’s consent (the data processor should, therefore, keep records of the consents).

The GDPR will also apply to personal data collected before its entry into force. Hence, all processing of personal data that was consented in a way that is not satisfactory to the new GDPR requirements should be regularised – meaning that the consent should be renewed in a way that meets the GDPR requirements.

The GDPR also provides for enhanced obligations of information for data controllers. In practice, it is necessary to verify whether the documents currently used by your company (e.g. charter for the protection of privacy or privacy policy) comply with the GDPR, and ensure that they include, amongst others, the following information:

  • the lawful purposes and legal basis for the processing of personal data;
  • the legitimate interests pursued by the data controller or by a third party when processing is based on such legitimate interests;
  • as the case may be, the fact that the data controller intends to transfer the personal data to a country that is not an EU Member State, and the existence or absence of an adequacy decision from the Commission or, where applicable, a reference to the appropriate safeguards that are put into place to protect the data subjects;
  • where processing is based on a data subject’s consent, the right to withdraw their consent at any time;
  • the data subject’s right to lodge a complaint with the national supervisory authority;
  • the period during which the personal data will be stored or, if not possible, the criteria used to determine the period of conservation;
  • whether the provision of personal data is a statutory or contractual requirement, or necessary to enter into a contract, as well as whether the data subject is obliged to provide his/her personal data and the possible consequences of failure to provide it;
  • the existence of automated decision-making, including profiling, and useful information about the underlying logic, as well as the importance and the foreseen consequences of such processing for the data subject.

The GDPR explicitly mentions the “right to be forgotten” from which all data subjects will benefit. This right will empower the data subject to ask for a complete erasure of his/her personal data under certain conditions. Although this right of erasure inchoately existed under directive 95/46/CE and was confirmed by the ECJ’s ruling in the Google Spain-case, this right is given prominent placing in the GDPR. All data controllers will have to implement a procedure to be able to respond in practice to a request of erasure “without undue delay”.

Every data controller shall set up a procedure to notify every recipient of personal data of all requests of rectification or erasure of such data, as well as of every limitation of processing, unless the provision of such information is impossible or gives rise to disproportionate efforts.

Regarding the data subjects’ rights, the creation of a right of data portability – which aims at the independence of customers in the online environment – is the GDPR’s most innovative addition. It gives a data subject, under certain conditions, the right to receive the personal data that he or she has provided to a controller in a structured, commonly used and machine-readable format, to transmit these data to another controller. Data controllers will have to take all appropriate technical measures to be able to act upon such requests.

The GDPR also establishes the foundations of data protection by design and by default. To respect these principles, the data controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data protection principles, such as data minimisation. These technical and organisational measures should also ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed. These principles will not only affect the content of products, websites or mobile applications that collect personal data, but also undertakings’ general business strategy. Therefore, this requires in-depth thinking by all data controllers.

Data controllers and processors established outside the EU which must comply with the GDPR requirements (because they offer products and services to data subjects within the EU or monitor individuals that reside within the EU) should designate a representative in the EU as a point of contact for national supervisory authorities and data subjects.

Another element of attention is the relationship between the data controller and the data processor. The GDPR defines the data processor as a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller. It provides for specific requirements that both future and existing outsourcing agreements for the processing of personal data will have to satisfy. These agreements should notably:

  • define the subject-matter, duration, nature and purpose of the processing;
  • define the type of personal data and categories of data subjects;
  • mention that the processor ensures that the persons authorised to process the personal data have committed to respect the confidentiality of such data;
  • include the appropriate technical and organisational measures that the processor shall take to ensure a proper level of security in light of the risk at hand;
  • compel the processor to make sure that any subsequent processor implements the same technical and organisational measures;
  • compel the processor that he/she deletes or returns the personal data to the controller at the end of the provision of services relating to the processing;
  • make available to the controller all information necessary to demonstrate its compliance with the obligations laid down in the GDPR.

Every data controller should also keep track of the processing activities in a record containing the following information: the name and contact details of the controller; the purposes of the processing; a description of the categories of data subjects and of personal data; the categories of recipients to whom the personal data have been or will be disclosed, including transfers to third countries; the envisaged time limits for erasure of the different categories of data; a general description of the technical and organisational security measures.

In case of personal data breach, the data controller must, on some occasions, notify the breach to the national supervisory authority. When the breach is likely to result in a high risk for the rights and freedoms of natural persons, the data controller must also notify the data subject. Therefore, the data controller has to set up procedures ensuring that such notification is made within the mandatory terms of the GDPR (in principle, notification to the supervisory authority should be done within 72 hours of the personal data breach).

Where a type of processing is likely to result in a high risk for the rights and freedoms of natural persons, the controller shall, prior to the processing, assess the impact of the envisaged processing operations on the protection of personal data. When the assessment identifies a high risk for a certain type of processing, the data controller shall, prior to the processing, ask the national supervisory authority for advice.

Last but not least, under specific circumstances, undertakings will have to designate a data protection officer. This obligations applies when processing is carried out by a public authority or body, but also when the core activities of the controller or the processor consist of (i) processing which, by nature or because of its scope and/or purposes, requires regular and systematic monitoring of data subjects on a large scale or (ii) processing sensitive data on a large scale (sensitive data are, for example, data related to health, sexual orientation, political opinions, ethnic origin or data related to criminal convictions or offences).


The GDPR substantially changes the powers granted to the national supervisory authorities and the sanctions applicable. Administrative fines can be inflicted upon infringers of data protection regulations by the Data Protection Authority. Their amount varies depending on the gravity of the infringement. For the most severe infringements, the administrative fines can reach up to EUR 20,000,000 or, in the case of an undertaking, 4% of the total worldwide total annual turnover of the preceding financial year, whichever is higher. Moreover, the Data Protection Authority is mandated to propose settlement agreements, give warnings and reprimands, command to act upon a data subject’s request to exercise his/her rights, incur changes to the processing of data or temporarily or permanently prohibit the processing of personal data.


For further contact or specific assistance, do not hesitate to contact us.
Pierre Van Achter
Fernand de Visscher
Philippe De Prez

A drug prescription assistance software can be a medical device

In its judgment dated 7 December 2017 (case C-329/16), the Court of Justice of the European Union (CJEU) considered that software, of which at least one of the functions makes it possible to use patient-specific data for the purposes, inter alia, of detecting contraindications, drug interactions and excessive doses, is, in respect of that function, a medical device within the meaning of the Directive 93/42/EEC concerning medical devices (MDD).

According to the CJEU, software that cross-references patient-specific data with the drugs that the doctor is contemplating prescribing, and is thus able to provide the doctor, in an automated manner, with an analysis intended to detect, in particular, possible contraindications, drug interactions and excessive dosages, is used for the purpose of prevention, monitoring, treatment or alleviation of a disease, and therefore pursues a specifically medical objective, making it a medical device within the meaning of the MDD.

On the contrary, software that, while intended for use in a medical context, has the sole purpose of archiving, collecting and transmitting data, like patient medical data storage software, the function of which is limited to indicating to the doctor providing treatment the name of the generic drug associated with the one he plans to prescribe, or software intended to indicate the contraindications mentioned by the manufacturer of that drug in its instructions for use, does not fall within the scope of the MDD.

The CJEU adds that to assess whether a software is a medical device in the meaning of the MDD, it does not matter whether software acts directly or indirectly on the human body. The essential criterion is that its purpose is specifically one of those set out in the definition of a medical device (such as the diagnosis, prevention, monitoring, treatment or alleviation of disease).

The stakes of the qualification are clear. Any medical device, including software, must compulsorily bear a CE marking of conformity when it is placed on the market. Such marking indicates that the product has been subject to an assessment of its conformity with the requirements of the MDD. As a consequence of such marking, Member States may not create obstacles to the placing of the device on the market. In the case at stake, France imposed an additional national certification obligation on a drug prescription assistance software bearing the CE marking. As a consequence of the CJEU’s judgment, such an obligation must be considered as contrary to the MDD.

The CJEU also clarified that if medical software comprises both modules that meet the definition of the term ‘medical device’ and others that do not meet it and that are not accessories to a medical device, only the former falls within the scope of the MDD and must be marked CE. The manufacturer of such mixed software is required to identify which of the modules constitute medical devices so that the CE marking can be affixed to those modules only.

There is no doubt that this judgment of the CJEU will remain valid under the future legislation, namely the Regulation 2017/745/EU on medical devices (applicable as from 26 May 2020). This Regulation explicitly states that software in its own right, when specifically intended by the manufacturer to be used for one or more of the medical purposes set out in the definition of a medical device (such as the diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease), qualifies as a medical device.

For more information on this future legislation, you can contact us or have a look at our previous news: The new legal framework applicable to medical devices


For any question, please contact Fernand de Visscher or Eric De Gryse