Dedalus S.p.A.
Dedalus Group is a leading international healthcare software solutions provider, working at scale to enable multiple local healthcare models and ecosystems to transform care digitally.
ID: 810154494287-18
Lobbying Activity
Response to Report on the review of the Digital Decade Policy Programme
9 Jan 2026
In the attached working paper Dedalus Group responds to the European Commissions consultation on the Digital Decade Policy Programme (DDPP) 2030, offering our perspective as a leading innovator in digital healthcare. It outlines our vision for a resilient and inclusive digital ecosystem, focusing on three strategic pillars: modernizing public procurement to strengthen European competitiveness; advancing trustworthy Artificial Intelligence in healthcare through robust governance and compliance; and unlocking the full potential of health data via the European Health Data Space (EHDS). By aligning these priorities with sustainability and interoperability goals, Dedalus aims to contribute to a future where digital transformation enhances care quality, efficiency, and equity across Europe. Dedalus would also welcome the opportunity to be heard and to further elaborate on the topics covered in the paper and the objectives of this public initiative.
Read full responseResponse to EU quantum Act
11 Dec 2025
1. Quantum-safe protection of sensitive health data. The Act should explicitly support the transition to post-quantum cryptography (PQC) for electronic health records, communications, digital signatures, and authentication systems, in coordination with ENISA, ETSI, EuroQCI and national cybersecurity authorities. 2. Quantum-ready interoperability and standards. We recommend supporting interoperable testbeds and standards for secure health-data exchange (HL7/FHIR/DICOM, EHDS). 3. Resilience of the digital health supply chain. We recommend including health-data infrastructures within the European framework for monitoring quantum-related critical dependencies and supporting secure EU-based cloud solutions. 4. Skills and involvement of regulated sectors. Short training programmes for professionals responsible for the design, operation and security of essential digital infrastructures should complement the European Degree in Quantum Technologies. Conclusion: Integrating quantum-safe and quantum-ready measures into essential healthcare services will contribute to strengthening Europes digital sovereignty and trust in its health-data infrastructures. For more details, please refer to the working paper attached.
Read full responseResponse to Terms and conditions for delaying dissemination of notifications
13 Nov 2025
While the draft delegated act is comprehensive, a few improvements in legal drafting and clarity could further ensure its effectiveness and prevent misunderstandings. These recommendations aim to bolster transparency, consistency, and trust in how the exceptions are applied, thereby reinforcing both the legal soundness and practical utility of the regulation: (i) 4.1. Clarify the Criteria for Inadequate Capabilities (Article 4(b)); (ii) Ensure the Excluded CSIRT is Informed and Remediated Promptly; (iii) Introduce Periodic Review of Ongoing Delays ; (iv) 4.4. Address National Security Exceptions Explicitly; (v) Emphasize Back-up Communication Channels in Event of Platform Failure; (vi) Recognize Situations of Redundant Information; (vii) 4.7. Fine-tune Timeframes; (viii) 4.8. Expanding Recital Guidance on Proportional Use of Delays; (ix) Review of the delegated act by ENISA. For further details, please refer to the attached Working Paper.
Read full responseResponse to Digital package – digital omnibus
14 Oct 2025
Dedalus, a European medical software manufacturer, welcomes the Digital Omnibus initiative and urges the EU to simplify and harmonize digital regulations. The current landscape (GDPR, MDR, IVDR, NIS2, CRA, AI Act, etc.) is complex, with overlapping and sometimes conflicting requirements that increase compliance risks and administrative burden. Dedalus recommends a centralized EU-level incident reporting portal and a standardized incident identifier to streamline reporting. Dedalus calls for clear separation of objectives and obligations between different laws (Data Act, GDPR, AI Act) to avoid contradictions and support legal certainty. Data portability rules should be harmonized, and duplicate international data transfer requirements removed. AI Act requirements should be aligned with GDPR, especially for sensitive data, and comprehensive guidance should clarify regulatory overlaps. For medical device AI, Dedalus supports moving AI systems regulated under MDR/IVDR to sector-specific rules, reducing redundant compliance. AI Act requirements should be integrated into existing medical device standards and conformity assessment processes. Implementation timelines should depend on readiness, such as the designation of notified bodies and availability of standards, not on fixed dates. Clear rules are needed for legacy systems and modifications, with reasonable grace periods and no retrospective compliance for minor changes. On data governance and intellectual property, Dedalus calls for careful handling of IP exposure in AI systems and supports voluntary data sharing under the Data Act, with protection for trade secrets. Legacy devices should be excluded from new data sharing obligations, and product development cycles should be considered in regulations. Dedalus supports phased implementation, with EU-wide roadmaps and toolkits, recognizing differences in technical capacity across Member States. A clear governance model is needed to clarify responsibilities between horizontal and sector-specific regulations and to avoid fragmentation. Dedalus stresses the need for broad alignment and clear guidance to prevent regulatory fragmentation. Existing medical device standards should be referenced for the European Health Data Space, and technical implementation rules should be developed proactively. In conclusion, Dedalus urges the EU to focus on simplification, coherence, and sector-specific approaches in the Digital Omnibus, to support innovation, patient safety, and competitiveness. Dedalus is ready to support the Commission in building a secure, interoperable, and innovative digital health ecosystem in Europe.
Read full responseResponse to Targeted revision of the EU rules for medical devices and in vitro diagnostics
6 Oct 2025
Dedalus is a well-established European-based medical software manufacturer regulated under MDR and IVDR. Our portfolio spans primary care, hospital systems, diagnostics, emergency care, and population health management. A significant share of our product range consists of clinical information systems that support healthcare professionals in managing clinical workflows and documentation, while providing evidence-based tools to assist in clinical decision-making. These systems generally present low- to moderate-risk, highlighting the need for a proportionate regulatory approach for medical software. Drawing on extensive MDR compliance experience, this submission provides evidence and recommendations for a more risk-based framework. Dedalus is prepared to actively engage and provide insightful examples and relevant data in the forthcoming targeted consultation activities, fostering safe and effective innovation in Europe for Europe. [[Key Challenges and Recommendations]] [Disproportionate Classification of Software under MDR Rule 11:] Rule 11 has nearly eliminated Class I software; most is now Class IIa or higher, regardless of risk. This creates a sudden regulatory burden without a matching increase in patient safety. This differs from international frameworks (e.g., IMDRF), which use a risk-based model considering the softwares role in clinical decisions. The EUs strict interpretation prevents software from being recognized as low-risk, defaulting to higher classes without clear evidence or consensus. Essential classification criteria should be in the regulation, not left to non-binding MDCG guidance, which causes uncertainty. Recommendation: Refine rules to consider human oversight, allow exemptions for well-established low-risk functions (e.g., simple calculations), and ensure risk classification is truly risk-based and internationally aligned. [Risk-based approach falling short:] There is little differentiation in compliance requirements between low- and high-risk devices; the framework is oriented toward high-risk products. Flexibilities for low-risk devices are rarely applied, as they require Notified Body (NB) endorsement, introducing liability without incentive. MDR/IVDR legal texts have few explicit risk-based provisions. In practice, classification has limited influence on scrutiny or effort required. NBs often require clinical data and PMCF activities even for low-risk devices, mainly to satisfy regulatory expectations. Recommendation: Limit specific requirements in the regulation to the relevant risk class. [Inefficient and unpredictable Notified Body interactions:] For Class IIa/IIb software, NB interactions are inefficient and unpredictable: limited dialogue, prolonged reviews, inconsistent expectations, unpredictable timelines, and excessive documentation. These issues stem from risk aversion and unclear structured dialogue. Manufacturer responses often have to be based on best-guess interpretations, leading to delays and increased costs. Recommendation: Establish harmonized, transparent dialogue mechanisms; require NB software expertise; encourage proportionate evidence requirements; mandate clear NB rationales and allow challenges; set review time limits; allow minor nonconformities to be resolved post-review. [Lack of Harmonized Oversight of Notified Bodies:] No unified EU authority for NBs leads to inconsistent MDR interpretation and enforcement, causing divergent standards, unpredictable outcomes, and redundant audits. Reliance on non-binding guidance increases uncertainty. Recommendation: Create a central EU authority or empower an independent body to oversee and guide NBs, enforce harmonized protocols, and ensure consistent MDR interpretation. This would reduce inefficiencies, costs, and uncertainty. (consult attached report for full details and proper formatting)
Read full responseResponse to European Data Union Strategy
17 Jul 2025
This consultation seeks input on shaping a Data Union Strategy that simplifies data regulations, enhances data availability, and promotes secure, large-scale data sharing across sectors. Dedalus is a global leader in the digital transformation of healthcare, with a presence in 38 countries and solutions that support over 540 million people. The company integrates advanced technologies such as AI and predictive analytics to enhance the entire care pathway, from prevention to rehabilitation. Dedalus also stands out for its strong commitment to sustainability, aiming to achieve carbon neutrality by 2030. As a Company developing and distributing medical software within the European Union, we would like to express our statement about this consultation as follow. According to us, its important to incentivise companies (in particular Startups and SMEs), through the use of European public funding, to: (i) proactively take the lead in collecting datasets containing personal data in a secure and legally compliant manner, with the aim of developing safe and trustworthy proprietary European foundational models that reinforce individuals control over their personal data; and (ii) strengthen internal teams and/or engage specialised advisory services to ensure compliance with applicable data protection regulations and cybersecurity requirements. We kindly request to be invited to an oral hearing in order to present our position and provide any necessary clarifications in person.
Read full responseResponse to Apply AI Strategy
29 May 2025
The 'Apply AI' Strategy, appropriately focused and resourced, can be a powerful catalyst. Dedalus offers its extensive expertise, technological capabilities, and European footprint to contribute to its success. A successful 'Apply AI' strategy will create practical conditions for key European industries and companies to achieve ambitious goals. We welcome continued dialogue and collaboration to build a healthier, AI-enabled future for all European citizens.
Read full responseResponse to Cloud and AI Development Act
29 May 2025
Dedalus is committed to Europe's digital healthcare transformation and collaborative work with the EU Commission and stakeholders. By addressing data protection, fostering interoperability, and establishing ethical AI governance, Europe can unlock cloud technology's potential. Strategic recommendations on harmonized standards, secure data collaboration, and digital skills development are key to more efficient, effective, patient-centric care. Dedaluss experience, and proactive approach to challenges like GDPR in projects such as PERSIST, position us as a knowledgeable partner. Dedalus believes a well-architected European Health Cloud strategy, through public-private partnership, will enhance healthcare for all European citizens. We offer our expertise and collaborative spirit to this vital undertaking.
Read full responseResponse to Technical description of important and critical products with digital elements
15 Apr 2025
Dedalus S.p.A., as a group developing and distributing medical software within the European Union, would like to express our sincere appreciation for the European Commission's efforts in advancing cybersecurity through the Cyber Resilience Act (CRA). We welcome the orientation, clarity, and strategic foresight demonstrated by the CRA. It is a significant and necessary step toward establishing a harmonized baseline for cybersecurity across digital products in the internal market. The CRA provides invaluable guidance to software manufacturers, particularly in the health sector, by offering a structured framework for secure-by-design and secure-by-default development. This contributes meaningfully to productsecurity, patient safety and trust in digital health innovation. We are particularly pleased with the Commission's inclusive and transparent approach in launching this consultation. The opportunity to contribute to the technical specification of categories listed in Annex III and IVespecially those related to critical digital elementsis a clear signal that the voices of industry experts and practitioners are being heard. It underscores the importance of collaboration between regulators and those who implement security in real-world environments. We are confident that the CRA, once fully implemented, will not only elevate the security posture of European digital infrastructure but also promote a culture of continuous improvement, responsibility, and resilience among manufacturers. We look forward to contributing to the ongoing dialogue and aligning our internal processes with the evolving regulatory landscape, and we are committed to supporting the Commissions goals in enhancing the cybersecurity of critical digital products and services.
Read full response