Life Sciences News in Italy: February 2026

Regulatory

New AIFA guidelines on the classification of OTC and SOP medicines

On 23 February 2026, the Italian Medicines Agency (AIFA) published the new Guidelines for defining and classifying non‑prescription medicines as OTC or SOP. This document describes the legal framework and sets detailed classification criteria covering composition, therapeutic indications, route of administration, posology, treatment duration, and risk assessment (including misuse, interactions, and vulnerable populations). The guidelines also describe procedural pathways and documentation required to obtain or change supply status, depending on the authorisation route (national, mutual recognition, decentralised, or centralised). They also specify when variations of marketing authorisations are required.

HTA Coordination Group publishes 2025 Annual Report

On 16 February 2026, the Member State Coordination Group on Health Technology Assessment (HTACG) published its 2025 Annual Report, providing an overview of the first year of application of the EU Health Technology Assessment Regulation (Regulation (EU) 2021/2282). The report presents the key achievements of the HTACG and its four subgroups in 2025, covering joint clinical assessments, joint scientific consultations, and the involvement of experts in these cases. In 2025, the HTACG started 13 joint clinical assessments on new oncology products and advanced therapy medicinal products. The report outlines the preparatory work undertaken to start the joint clinical assessment of medical devices and in vitro diagnostic medical devices beginning in 2026. 

EC launches “BE READY” European Partnership to strengthen pandemic preparedness

On 17 February 2026, the European Commission (EC) launched BE READY, a new European Partnership for pandemic preparedness. Through BE READY, the EU will strengthen its capacity to anticipate, prevent and respond rapidly to epidemics and pandemics. BE READY focuses on advancing research on emerging and re-emerging pathogens and accelerating the development of diagnostics, treatments and vaccines.

 

Data, Privacy and Cybersecurity

EDPB and EDPS issue Joint Opinion on the Digital Omnibus

On 10 February 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a Joint Opinion on the Proposal for a Regulation as regards the simplification of the digital legislative framework (Digital Omnibus). The Joint Opinion supports the Commission’s objective of simplifying EU digital rules and strengthening competitiveness. The EDPB and EDPS welcome targeted reforms aimed at reducing administrative burdens, including adjustments to data breach notification rules, clarifications on Data Protection Impact Assessments (DPIAs), provisions facilitating processing for scientific research, to reduce cookie banner fatigue under the ePrivacy Directive. However, the supervisory authorities oppose the proposed amendment to the definition of personal data under the GDPR and against empowering the Commission to determine, through implementing acts, when pseudonymised data would no longer qualify as personal data.

CJEU confirms that EDPB binding decisions can be directly challenged

On 10 February 2026, the Court of Justice of the European Union (CJEU) ruled in Case C-97/23 P, confirming that binding decisions adopted by the European Data Protection Board (EDPB) under Article 65 of the GDPR can be challenged directly before the CJEU by organisations subject to enforcement measures imposed by national supervisory authorities, pursuant to Article 263 TFEU. The CJEU reached this conclusion on the basis that EDPB decisions are binding on national supervisory authorities and leave them no margin of discretion. As a result, such decisions directly affect the legal position of the organisations concerned by the supervisory authorities’ final measures.

EDPB publishes report on coordinated enforcement action on the right to erasure

On 18 February 2026, the European Data Protection Board (EDPB) adopted a report on its Coordinated Enforcement Framework (CEF) action on the right to be forgotten (Art.17 GDPR). The main objectives of this coordinated action are to ensure that the right to erasure is effectively exercised by individuals in Europe and understand how controllers comply with this right in practice. In addition, the EDPB identified good practices and the most important related challenges, with the aim of providing further guidance on this topic. The report identifies several recurring challenges, including insufficient internal procedures for handling requests, limited information provided to individuals, reliance on ineffective anonymisation techniques instead of deletion, and difficulties determining retention periods or deleting data from back-ups. The EDPB indicates that the findings will support further guidance and coordinated follow-up at both national and EU level.

Italian DPA issues favourable opinion on AgID guidelines on the accessibility of public and private services

On 20 February 2026, the Italian Data Protection Authority (Italian DPA) published a favourable opinion on the draft Guidelines of the Italian Digital Agency (Agenzia per l'Italia Digitale or AgID) on the accessibility of public and private services, issued pursuant to Article 21 of Legislative Decree 82/2022. The initiative aims to ensure that services and information are accessible to people with disabilities without discrimination. The draft Guidelines incorporate the Italian DPA's recommendations to ensure compliance with the GDPR. In particular, service providers will have to, in line with the principles of privacy by design and privacy by default, adopt measures preventing the tracking of tools or settings used by people with disabilities to access digital services. Service providers will also have to declare that they do not use web tracking techniques capable of revealing a user’s disability.

Italian DPA approves use of SMS reminders for cancer screening campaigns

On 12 February 2026, the Italian Data Protection Authority (Italian DPA) issued Guidelines on the use of patients’ telephone numbers already stored in healthcare providers’ archives for sending informational SMS messages about national or regional screening campaigns. The Guidelines were provided following requests from regional and local health authorities regarding the use of personal data for public health communication. The Italian DPA confirmed that SMS reminders are permitted, provided specific safeguards are respected. Messages must be sent only to individuals already registered in screening programs, contain strictly relevant information, and be used exclusively for public health purposes without commercial intent. The Italian DPA also stressed the need for transparency, clear information about the campaign, and the possibility for recipients to request further information or opt out of the service.

 

Antitrust

Commission closes antitrust probe following withdrawal by the company of a disputed policy

On 16 February 2026, the European Commission (EC) closed its antitrust investigation into a possible abuse of dominant position by a medical device manufacturer active in the cardiovascular sector. The probe was to ascertain whether its Global Unilateral Pro Innovation Policy had restricted physicians’ participation in clinical trials or scientific and educational activities sponsored by competing TAVI device manufacturers, potentially limiting competition in the EEA. Following the full withdrawal of the policy by the manufacturer, the EC concluded that its competition concerns had been resolved and closed the investigation without ascertaining any infringement.