Cybersecurity 2025

BELGIUM Law and Practice Contributed by: Wim Nauwelaerts, Alston & Bird LLP

(EC) 1223/2009 and repealing Council Direc - tives 90/385/EEC and 93/42/EEC (the “Medical Devices Regulation”), requires that, for devices that incorporate software or for software pack - ages that are medical devices in themselves, the software must be developed and manufactured in accordance with the state-of-the-art, includ - ing in regard to information security standards and verification invalidation. Manufacturers of such medical devices must set out minimum requirements concerning hardware, IT networks characteristics and IT security measures, includ - ing any protection against unauthorised access.

Incidents involving the security of medical devices that include or constitute software may require notification to the national competent authority, if certain conditions are met. This will be the case, for example, where the medical device is suspected to be a contributory cause of the incident and the incident has (or might have) led to the death or serious deterioration in the state of health of a patient or other person. For incidents that occur on the Belgian territory, the national competent authority is the Federal Agency for Pharmaceuticals and Health Prod - ucts (FAGG).

52

CHAMBERS.COM

Powered by