Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Clinical trials


What is the authorisation procedure for conducting clinical trials in your jurisdiction?

The EU Clinical Trials Directive (2001/20/EC) provides the main rules governing the authorisation of clinical trials in the European Union. Before commencing a clinical trial, the sponsor must obtain:

  • the favourable opinion the clinical trial by the relevant ethics committee (an independent body) in the EU member state in which the sponsor plans to conduct the clinical trial; ethics committees comprise healthcare professionals and non-medical members whose responsibility is to protect clinical trial subjects; and
  • authorisation from the competent authority of the EU member state in which the sponsor plans to conduct the clinical trial. Consideration of a valid request for authorisation by the competent authority may not exceed 60 days.

The application must include administrative information and the data necessary to demonstrate the quality, safety and efficacy of the investigation medicinal product.

Clinical practices

How robust are the standard good clinical practices followed in your jurisdiction?

The Clinical Trials Directive, the EU Good Clinical Practices Directive (2005/28/EC) and the guidance documents contained in EudraLex Volume 10 provide the standard good clinical practices to be followed during the conduct clinical trials in the European Union. Competent authorities in the EU member states conduct inspections for compliance with existing EU good clinical practices. Inspections can be conducted on facilities, records, quality assurance arrangements and any other resources that are deemed by the competent authority to be related to the clinical trial. Inspections can be conducted at the site of the trial, at the sponsor and clinical research organisation’s facilities, or at other establishments which the competent authority sees fit to inspect.

In addition, the manufacture of investigational medicinal products must comply with good manufacturing practices. To verify compliance of investigational medicinal products with good manufacturing practices, inspections must be conducted by the competent authority of the relevant EU member state.

Reporting, disclosure and consent

What are the reporting and disclosure requirements for the results of clinical trials?

Reporting requirements

In accordance with EudraLex Volume 10 on clinical trials guidelines, the sponsor of a clinical trial must submit a summary of the clinical trial report to the competent authority and the ethics committee in the EU member states where the clinical trial was conducted within one year after completion of the trial.

Disclosure requirements

All clinical trials of investigational medicinal products in the European Union must be registered on the European Clinical Trials Database (EudraCT). It is mandatory for clinical trial summary results to be posted in EudraCT within six to 12 months following the end of the trial, depending on the type of clinical trial. It is the sponsor’s responsibility to ensure that clinical trial summary results are posted in EudraCT.

What are the informed consent obligations with respect to clinical trial subjects?

The Clinical Trials Directive provides that informed consent to take part in a clinical trial must be given freely by the trial subject after having been duly informed of the nature, significance, implications and risks related to the clinical trial. Where the trial subject is incapable of giving consent, consent must be given on his or her behalf by his or her legal representative. A trial subject may, without any resulting detriment, withdraw from the clinical trial at any time by revoking his or her informed consent.


What are the insurance requirements for clinical trials?

The Clinical Trials Directive provides that a clinical trial may be conducted only if provision is made for insurance or indemnity to cover the liability of both the sponsor and the investigator.

Data protection

What data protection issues should be considered when conducting clinical trials?

At present, the collection, processing and transfer of personal data of study subjects must be conducted in accordance with the requirements provided in the Data Protection Directive (95/46/EC) and the related implementing provisions of the EU member states. However, the General Data Protection Regulation (2016/679), commonly referred as the ‘GDPR’, will enter into application on May 25 2018. Sponsors conducting clinical trials in the European Union must therefore adopt appropriate measures to ensure that activities concerning the processing of study subjects' personal data comply with the GDPR from May 25 2018. Sponsors must also document how these procedures, including related interactions with third-party processors, function in practice.

Sponsors and investigators must take into account the fact that the processing of health data can be conducted only in specific circumstances. These circumstances include the study subject having provided his or her explicit consent to the processing of his or her health data.

The GDPR defines the ‘data controller’ as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data carried out in the European Union. The sponsor of a clinical trial is commonly considered to be the data 'controller. Sponsors of clinical trials which are not established in the European Union and wish to transfer trial subjects' data outside the European Union must take into account the following issues:

  • When the sponsor is not established in the European Union, it must designate a data protection representative in each EU member state in which a trial site is located and where, consequently, study subject personal data is processed.
  • The transfer of personal data to third countries which does not ensure an adequate level of protection of personal data is permitted only through the authorised means described in the GDPR.

Click here to view the full article.