What legislation and standards apply to healthcare?

18. 7. 2025

Healthcare is one of the most strictly regulated sectors—both in terms of handling sensitive data and the operation and safety of systems and devices. Regulations and standards affect not only care providers but also their suppliers, IT developers, and medical device manufacturers.

Legislation:

Cybersecurity Act (ZoKB) – Effective from November 1, 2025; implements NIS2. Applies to hospitals, healthcare facilities, public institutions, and IT vendors.
GDPR – Protection of personal data for patients, staff, and users of healthcare systems.
MDR (EU 2017/745) – Regulation of medical devices, including software with diagnostic or therapeutic functions.
MDSG 2019/16 – European Commission recommendation on cybersecurity for medical devices, especially networked ones.
Cyber Resilience Act (CRA) – Will apply to all products with digital elements, including medical software. Incident reporting will be required starting September 2026.

Standards:

ISO/IEC 27001 – Information Security Management System (ISMS)
ISO 13485 – Quality management system for medical device manufacturers
ISO 27799 – Protection of personal health data within an ISMS
IEC 81001-5-1 – Cybersecurity for medical software and IT systems in healthcare
IEC 62443 – Cybersecurity for industrial control systems; also applicable in hospitals/labs using OT technologies (e.g., lab automation, connected diagnostics)
ISO/IEC 62304-1 – Lifecycle management of medical software (development, maintenance, changes)
ISO/IEC 82304-1 – Quality and safety of health software products
ISO/IEC 42001 – Management of AI systems (recommended for organizations developing or operating AI in clinical or operational settings)

Name	Domain	Purpose	Expiry	Type
pll_language	it.ezu.cz	The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.	1 year	HTTP
elementor	it.ezu.cz	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.	never	HTTP

Name	Domain	Purpose	Expiry	Type
_ga	it.ezu.cz	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.	2 years	HTTP
_gid	it.ezu.cz	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.	1 day	HTTP
_gat_UA-88740921-10	it.ezu.cz	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.	1 minute	HTTP

What legislation and standards apply to healthcare?

Menu

Useful information