From 2026, Hungarian legislation will allow access to health-related data stored in its National eHealth Infrastructure (EESZT) for AI development on a case-by-case basis. With this change, Hungary could capitalise on its investments into launching the EESZT platform in 2017 and standardising the health data collected by healthcare providers using the platform in the past years. In this article, we highlight the key differences compared to the EU’s European Health Data Space (EHDS) proposal and the information currently known regarding future access to the EESZT platform.
In more detail
From 1 January 2026, the EESZT platform’s operator may give access to the collected health data for the purpose of training, testing and development of artificial intelligence (AI) algorithms, as well as the evaluation and development of medical devices and digital health applications. The law refers to these purposes collectively as “AI development,” even if the medical device or digital health application does not include any AI algorithm.
If this type of secondary use sounds familiar, it may be because this solution is in fact similar to the EU’s proposal for an EHDS, covered in our Firm’s series on EHDS. However, there are several key differences compared to the EHDS, as follows:
- The European Council and European Parliament have yet to adopt the final text of the EHDS, and its implementation is expected to take four to six years after entry into effect. In contrast, the EESZT platform may be accessed starting from 2026.
- The EESZT platform collects health data primarily from healthcare providers, unlike the broad “data holder” definition in the EHDS proposal also covering manufacturers and distributors in the industry.
- Access to the EESZT platform may only be granted for limited purposes (covered under AI development). By comparison, the EHDS proposal intends to define permitted purposes as broadly as possible (for example, scientific research in general, improving care, education and training in the sector, etc.).
Overall, although the similarities could suggest that the Hungarian amendment may have been inspired by the EHDS proposal, the two are not directly related and the Hungarian legislator did not officially acknowledge the amendment as an attempt to anticipate the EHDS implementation.
Having clarified the key distinguishing features, let’s see what is currently known of the Hungarian amendment. Upon request by an applicant, the EESZT platform’s operator grants access to the health data, if the applicant fulfils the following conditions:
- Obtains an authorisation to conduct scientific research issued by the relevant professional ethics committee of the Medical Research Council
- Ensures that the data obtained in the course of the AI development will be used exclusively for the purpose of AI development
- Guarantees that the AI development will be carried out using only anonymised data (AI development may be carried out using pseudonymised data if the applicant demonstrates that the development cannot be achieved by other means, provided that the applicant ensures that the pseudonymised data is not reidentified.)
- Provides appropriate safeguards to prevent the data from being used for purposes other than those specified in the authorisation and to protect the rights and interests of natural persons
- Conducts a data protection impact assessment (DPIA) in accordance with the GDPR before starting the AI development
While 2026 is still some time away, interested companies can already start preparing by ensuring that they meet the above conditions. For example, companies can assess whether their project will require pseudonymised data and prepare an adequate justification, identify and implement appropriate safeguards, conduct the relevant DPIA or even align with the Medical Research Council regarding a potential authorisation for scientific research.