Hostname: page-component-745bb68f8f-f46jp Total loading time: 0 Render date: 2025-02-11T21:18:52.734Z Has data issue: false hasContentIssue false
  • English
  • Français

Electronic Systems of Information Exchange as a Key Tool in EU Health Crisis and Disaster Management

Published online by Cambridge University Press:  10 January 2020

Patrycja DĄBROWSKA-KŁOSIŃSKA Open the ORCID record for Patrycja DĄBROWSKA-KŁOSIŃSKA [Opens in a new window]
Patrycja DĄBROWSKA-KŁOSIŃSKA*
Affiliation:
PhD, Marie Skłodowska-Curie Fellow, Health and Human Rights Unit, School of Law, Queens University Belfast; Department of Administrative Law and Public Policy, Faculty of Administration and Social Sciences, Warsaw University of Technology; email: p.dabrowska@qub.ac.uk.
Rights & Permissions [Opens in a new window]

Abstract

Decision 1082/2013 on Serious Cross-border Health Threats (Health Threats Decision) was adopted in 2013 with the aim of preparing for and responding to serious health threats. In this legislation, the European Union adopts an “all-hazards” approach which strongly relies on the exchange of information as a driver of regulatory activities. This article first demonstrates that the electronic systems of information exchange constitute a key tool in EU Health Crisis and Disaster Management (“EHCDM”). Second, it identifies the distinctive features of these mechanisms in the EU context: the reinforcement of a statutory policy shift towards securitisation of public health, the peculiarity of the EU composite administrative procedures as well as the facilitation of the quality of the sense-making activities. Finally, the article uncovers the possible problems which may affect the adequate functioning of EHCDM and argues the routes for further research. The piece links legal analysis with the interdisciplinary conceptual lens to offer an important contribution to closer characterisation of the EHCDM as a field in its own right together with a better understanding of the EU public health law and administration in the context of transboundary crisis management and health security governance.

Type
Symposium on European Union Governance of Health Crisis and Disaster Management
Information
European Journal of Risk Regulation , Volume 10 , Issue 4: Symposium on European Union Governance of Health Crisis and Disaster Management , December 2019 , pp. 652 - 676
Copyright
© Cambridge University Press 2020

I. Introduction

The EU Decision on Serious Cross-border Health Threats (“Health Threats Decision”) adopted in 2013 is a central legislative act in the EU health crises regime.Footnote 1 It strongly relies on the exchange of information as a source and driver of regulatory action in order to implement planning and operation of preparedness systems; to secure threat detection, early warning and risk assessment; and to co-ordinate EU and national responses. The Health Threats Decision replaced and restructured the previous system of control of communicable diseases within the EU policy on public health, including the existing EU mechanisms operating via various digital means and platforms.Footnote 2 Availability, accessibility, collection and transfer of relevant information to protect from potential dangers have remained a core rationale of those measures, and exchange of information has arguably become a central characteristic of the whole regime.

Communication and knowledge-sharing between responsible authorities and the public about potential perils and the assessment of their probability based on assembled epidemiological data and available risk information have long been essential for both prevention and response to disasters, especially in the area of modern public health.Footnote 3 However, the current digital era has brought about a significant change in this context: the progress of digitalisation, data assemblage and new technologies offer extraordinary means, unavailable before, for collection, analysing, and sharing of information about potential threats and already occurring disasters.Footnote 4 The importance and usefulness of such tools have been confirmed in the EU, for example, during the medical evacuation of health workers during the Ebola crisis in Africa.Footnote 5 Yet, we still know relatively little about the legal regulation and technical structure of electronic mechanisms of information exchange in the Health Threats Decision, especially from the perspective of EHCDM. Moreover, the scholarly evaluation of the qualities and functioning of some of these mechanisms appears to be fairly sceptical, but also mixed.Footnote 6

Against this background, this article has the following aims: first, to demonstrate that the electronic systems of information exchange regulated by the Health Threats Decision constitute a key tool in the EHCDM; and second, to identify the distinctive features of these mechanisms in the EU (legal) context and uncover possible obstacles which can affect the adequate functioning of EHCDM. In order to pursue these aims, the article links legal analysis with the interdisciplinary conceptual lens. By doing so, it offers a novel contribution to closer characterisation of the EHCDM as a field in its own right together with a better understanding of the EU public health law and administration; and, further, it resonates with the views expressed in the scholarship of the benefits of cross-disciplinary and more in-depth study in the area of transboundary crisis management (“TCM”) and health security governance.Footnote 7

The text is principally based on the legal methodology (analysis of statutory provisions and institutional documents, both published and internal, available on request) which has been enriched by the interdisciplinary conceptualisation and exploration of a technical build-up implementing legal provisions, based on the accessible internet-based sources of the European Commission and the European Centre for Disease Control and Prevention (“ECDC”). The content also benefited from conversations with EU and national officials (five in total).

The article is structured as follows. First, it argues that the Health Threats Decision as a public health security and crisis management legal measure requires an interdisciplinary conceptualisation for its analysis (Section II). Next, it examines both technical and legal aspects of the relevant electronic systems under the Health Threats Decision (Section III). This is done in order to provide the analytical explanation of the principal functions of these systems, demonstrating their nature as a key tool in EHCDM (integrative, regulatory, and sense-making functions); and to identify the distinctive features of these mechanisms in the EU context: the reinforcement of a statutory policy shift towards securitisation of public health, the peculiarity of the EU composite administrative procedures as well as the facilitation of the quality of the sense-making activities (Sections III and IV). Section V outlines the problems which may affect the adequate implementation of the information exchange systems and puts forward routes for further research. It is argued that more in-depth, comparative studies of national preparedness regimes and of the functioning of EU/national administration and agencies involved in EU health policy, especially with regard to the question of accountability, are needed to further unpack EHCDM. The conclusions summarise the main findings.

II. Situating the Health Threats Decision in the regulatory context: in search of conceptualisation

The conceptualisation of this article starts with the premise that, in order to unpack the tools of EHCDM, especially to argue their nature and features, and fully assess them, the scholarship of EU law (including EU administrative law and governance), risk regulation, TCM, and security studies need to be acknowledged and connected. This assumption results from the view that sole legal concepts are insufficient both to fully appraise the Health Threats Decision as a public health security and crisis management measure and its mechanisms, and to grasp the EHCDM as a field in its own right.

1. The EU Health Threats Decision as a public health security and crisis management measure

Formally, the Health Threats Decision is a public health law measure based on Article 168(5) of the Treaty on the Functioning of the European Union (“TFEU”). This provision delineates the EU’s overall competence to support, coordinate or supplement the actions of the Member States in the area of public health, and provides that it should complement national policies in monitoring, early warning and combatting serious cross-border threats to health.Footnote 8

The Decision is the newest EU act in the history of public health policy and disease prevention and control which has continued since the late 1980s and the early 1990s. This history has been characterised by several processes, namely the responsiveness to transboundary disease outbreaks requiring common solutions linked to the neoliberal aspirations to protect the integrity of the EU internal market; the gradual adoption of rules establishing tools for epidemiological surveillance, risk information, sharing and knowledge production, and the operation of early warning networks; as well as the so-called “agentification”: the gradual empowerment of several EU agencies (ECDC, European Food Safety Authority: “EFSA”; European Medicine Agency: “EMA”) with relevant competence in the field.Footnote 9 The origins of the act can be traced back not only to the claims for a better EU-wide co-ordination of preparedness systems and responses to diverse types of health threats, but also to the demands for actions against various bio-threats to health (eg pandemics, bio-terrorism) which coincided with international developments of a global health regime, especially of the International Health Regulations (“IHR”) of the World Health Organisation.Footnote 10

As a result, the nature of the Decision actually reaches beyond the area of EU public health law. It is both a disease control measure and one of the central legislative acts within a complex system of instruments in the area of EU crisis management which strengthened significantly after the Treaty of Lisbon.Footnote 11 Its objective is to support EU multi-level and horizontal cooperation and coordination, both between Union actors and national authorities, in order to improve the prevention and control of the spread of severe human diseases and to combat other serious, transboundary health threats, and, hence, to contribute to a high level of public health protection. This is implemented, to a large extent, through the transnational mechanisms of information detection, collection, analysis, and dissemination.Footnote 12 The Decisioin lays down specific provisions regulating mechanisms for information exchange, epidemic surveillance and monitoring to complement national policies and, further, clarifies powers of both EU and national bodies, including of the European Commission and the ECDC; and institutionalises the Health Security Committee (Member States’ high-level policy officials), to reinforce mutual coordination.Footnote 13 These elements of the governance system established by the Decision also respond to the requirement to effectively deal with complex crisis management, including a collaborative and joint capacity of authorities to process relevant information about various threats and their risks.Footnote 14

The Health Threats Decision is thus an exemplary illustration of a recent trend in EU TCM to increase the EU-level capacity to respond to crises: it aims to overcome fragmentation of EU capabilities in different policy-sectors, and consolidates the institutional structure for all threats that have a cross-cutting dimension of impacting on health. The Decision is also a very strong case of the “collective” securitisation of health in the EU by normative means: it is based on the “integrated approach” to health and security, and it is designed to use public health networks for disease surveillance and other measures of information exchange also for security purposes.Footnote 15 This is confirmed by the risks of threats covered by the Decision, which can be natural or man-made; and also by the special clauses to ensure the confidentiality of classified security information exchanged on the basis of the act.Footnote 16 The act reflects the EU strategic aim of enhancing its role in global health security.Footnote 17

Finally, the Decision is also an example of the “all-hazards approach” to public health security for it applies to a wide range of “serious, cross-border threats” to health.Footnote 18 The material scope of this notion encompasses: biological threats including contagious diseases, antimicrobial resistance and healthcare-associated infections, bio-toxins or other harmful biological agents, as well as threats of chemical, environmental and unknown origin.Footnote 19 In order to further implement this approach, the Decision aims to link several alert systems, which earlier operated separately, with the early warning system for health, and modifies the structure of instruments designated for information collection, transfer and analysis together with the reinforcement of powers of the relevant EU agencies (ECDC, EFSA).Footnote 20 In effect, it means connection of the earlier separate policies and instruments through the mechanisms of information exchange.

2. A need for interdisciplinary conceptualisation

Most of the transnational crises and disasters which occurred in Europe in past decades had an impact on health. However, the literature analysing the common core norms and values of the EHCDM is limited.Footnote 21 First, there is a relative shortage of pertinent legal studies of EU public health law.Footnote 22 Second, several recent volumes considering legal frameworks for disasters, crises, threats, and risk regulation of emergencies mostly, or maybe even entirely, neglect the health dimension.Footnote 23

At the same time, EU public health policy, its measures and tools have been much more extensively explored in the crisis management research, typically as one of the case studies where the EU has developed instruments and means of transboundary crisis management protecting against health threats, and has performed the role of a crisis manager at large.Footnote 24 These studies devote a lot of attention to the mechanisms of collection, transfer and dissemination of information and knowledge, as well as to their operation and functioning in the context of crises and disasters. The EU alerting and reporting systems for health have also been analysed in the health and environmental security studies, in particular from the perspective of the chemical, biological, radioactive and nuclear (CBRN) security, and in the field of international relations.Footnote 25 Specifically, several works exploring information management systems in EU health threats policy and their operation and technical aspects have recently been published in the framework of the so-called new “material” turn in new security studies.Footnote 26 For the purposes of this article, TCM and IR scholarship is helpful in unveiling the nature of tools regulated by the Health Threats Decision and EHCDM. The lens of “distributed sense-making”, which has been explored by Ansell, Boin and Keller as one of the boundary-spanning mechanisms essential for an effective response to transboundary crises, will be specifically referred to.Footnote 27

The works of Giandomenico Majone are equally useful in theorising the role of information in performing a regulatory function.Footnote 28 The policy area to which Majone’s work principally refers is risk regulation of product safety, but his claims can provide the equally applicable heuristic means to unpack EHCDM because it too is an area underpinned by deep uncertainty and risks of threats where provision of risk assessment and analysis of scientific knowledge are central to decision-making processes.Footnote 29

Finally, the multi-level governance of health in the EU has been a subject of inquiry not only in the risk regulation literature, but also in general EU administrative law, especially in the context of the role of EU agencies, and the so-called EU “integrated administration” and “composite administrative procedures”.Footnote 30 These works encompass normative and institutional analyses of EU/national networks of authorities, including their powers and decision-making procedures, often based on electronic tools of information-exchange.Footnote 31 For the case under analysis, ie the cross-border, electronic mechanisms and networks sharing information on health threats, these perspectives can offer frameworks of appraisal in light of the EU principles and fundamental rights, in addition to the criteria for the assessment of policy credibility, especially, regarding independence and reputation of institutions, transparency of decision-making processes and accountability.Footnote 32 It means that both the scholarship of EU administrative law and risk regulation can provide helpful yardsticks for the analysis of possible problems in the functioning of tools established by the Health Threats Decision.Footnote 33

In sum, it is evident from this section that it is necessary to engage with interdisciplinary conceptualisation to assess the complexity of the EU health crisis and disaster governance. Accordingly, it is important to repeat that the transdisciplinary conceptual lens contributes to the situating of the Health Threats Decision in a broader regulatory context, but, above all, it helps to uncover the nature of the mechanisms for information exchange embedded in it, and, finally, allows for their appraisal.

III. Types of systems of information exchange in the Health Threats Decision and their implementation

It is now time to examine more closely the systems of information exchange functioning within the scope of the Health Threats Decision.Footnote 34 The aim of this section is to provide an analytical description of both the legal basis and technical aspects of their implementation (information technology mechanisms and physical networks) in order to familiarise the reader with the regulatory regime, and later to explain its distinctive features.Footnote 35

It should also be mentioned here that several of the mechanisms described below had pre-existed before the Health Threats Decision was adopted, under various, fragmented pieces of EU rules, and that the Decision re-established those mechanisms, but has not normatively provided for any particular inter-temporal provisions which would regulate a transformation of old tools to function within a new legal framework.Footnote 36 That is why the current regime has been undergoing constant development since the entry into force of the Health Threats Decision, so that the technical build-up will become fully adjusted to the new rules.

From the systemic and legal perspective, the EU regime for serious, cross-border health threats is currently based on four pillars (strategic methods): preparedness planning; epidemiological surveillance; early warning; and response coordination.Footnote 37 These methods are regulated through provisions of the Heath Threats Decision and implemented through specific systems (mechanisms) of information exchange. Chapter II regulates “Planning”; chapter III concerns “Epidemiological surveillance and monitoring”, and chapter IV covers “Early warning and response” respectively. Each of the chapters of the Decision also contains provisions regulating the means of consultation between the Commission, national authorities and the ECDC, coordination of their action, and communication,Footnote 38 as well as the respective rules for the regulation of information exchange. However, as the Health Threats Decision leaves a considerable discretion to responsible EU and national authorities for “technical” implementation, each particular tool of information exchange is regulated with a varying degree of specificity. The applicable provisions also do not define the relevant logical notions of “network”, “system” and “information exchange” in that context,Footnote 39 which is why the nature of the information system under scrutiny often needs to be explored on the basis of institutional documents and online resources.Footnote 40

1. Exchange of information on national preparedness plans

The first type of mechanism of information exchange is an example of the so-called “structured information exchange” between national authorities and the Commission.Footnote 41 Pursuant to the provisions of the Health Threats Decision, the following information must be provided by Member States to the Commission: core capacity standards for preparedness and response as required by the IHR; a description of the measures (arrangements) which ensure interoperability between the health sector and other sectors identified as critical in case of an emergency (eg coordination structures for cross sectoral incidents); and business continuity plans.Footnote 42 The information on preparedness planning must be updated when the arrangements are substantially revised at the national level, and in any case every three years. The scope of information which goes beyond the IHR requirements is applicable only if such measures are part of national plans. At the same time, Member States must ensure that handling of the information provided by any person in their territory is covered by national security regulations, which offer a degree of protection at least equivalent to the respective EU/Euratom rules.Footnote 43

The format for the required information has been standardised by means of a template laid down in the implementing rules.Footnote 44 The templates ensure the quality of submitted data, ie their comparability and relevance to the objectives of the coordination of preparedness and response efforts to transnational health threats, as required by the Decision.Footnote 45 Those objectives include: sharing best practice and experience; promoting the interoperability and addressing the inter-sectoral dimension of preparedness; as well as supporting the implementation of core capacities as required by the IHR. The information based on the templates forms a basis for reports submitted to, and discussed within, the Health Security Committee, its permanent working group on preparedness and the Commission.

With regard to implementation of the provisions, the Commission reported in 2015 that the information was provided by national authorities via a dedicated “EUSurvey” website in order to allow for secure, user-friendly and coherent reporting.Footnote 46 In fact, nine Member States only submitted their replies on time through an electronic survey, and a further 17 states submitted their replies late, only after the Commission had reminded them several times.Footnote 47 Finally, despite the delays in submitting the replies, the required exchange of information on preparedness and response planning took place. Similar electronic surveys were used to gather relevant data on national preparedness to detect, identify, confirm and manage patients with suspected or confirmed Ebola virus disease, MERS-corona-virus patients and cases of new avian influenza strains.Footnote 48 The Commission had also suggested that a further development of a dedicated and shared IT platform to facilitate information flow among stakeholders would be desirable, but this plan has not yet been implemented.Footnote 49 The ECDC has developed a self-assessment tool to support states in their health emergency preparedness and has published relevant reports, but they are not interactive platforms that would be based on comparative data.Footnote 50

2. Epidemiological surveillance

The first tools of epidemiological surveillance were established in the EU in the late 1990s.Footnote 51 After the reform in the Health Threats Decision was introduced, it is now Article 6 which provides a legal basis for the establishment of a network for the epidemiological surveillance of communicable diseases and of related special health issues. Further, pursuant to the provisions of the Decision, the scope of surveillance covers all threats from biological agents, with the exception of bio-toxins which are not related to infectious diseases.

The function of the network is to ensure “permanent communication” between the Commission, the ECDC and Member States’ competent authorities. In practice, it functions on the basis of numerous IT tools, which include communication platforms of national/EU experts within different disease clusters (“Disease Programmes”) and databases accessible to EU/national designated authorities (eg National Focal Points for Surveillance and Disease Group-specific National Focal Points). The following types of IT tools operate within the network, hosted, operated and coordinated by the ECDC:Footnote 52

  • (a)TESSy (The European Surveillance System) is a database for EU/EEA communicable disease control which allows for “web-based data submission, data storage and dissemination”; it is a “fully anonymised database”.Footnote 53 Access to the database is restricted and password protected. The input comes from the reporting by national authorities of indicator-based information and statistics collected at national level.Footnote 54

  • (b)EPIS (Epidemic Intelligence Information System) is “a web-based communication platform that allows nominated public health experts” to internationally exchange epidemiological (technical) information in order “to assess whether current and emerging public health threats have a potential impact” in the EU. “It aims to ensure transparent and timely information sharing among the participating public health authorities in order to detect public health threats at an early stage and facilitate their reporting” and the coordination of response activities, as required by the Decision.Footnote 55 Access to EPIS is also restricted and it is composed of five different platforms for different groups of diseases in accordance with the ECDC specific Disease Programs (see Table 1 below).Footnote 56

    Table 1: The comparison between EPIS and EWRS (source: the ECDC Internal Procedure on Response Operation, ECDC/IP/98 and own analysis)

  • (c)Surveillance Atlas of Infectious Diseases is a further extension of EPIS. The aggregated data of the EPIS database are disseminated via this tool in a form of publically accessible reports and simulations with a geographical/temporal/disease-specific focus. It is also integrated with molecular surveillance for Food- and Waterborne Diseases. The reports are either traditional: (i) disease-specific surveillance reports; and (ii) cross-cutting annual epidemiological reports; or novel cross-sectorial reports, such as the one on antimicrobial consumption and resistance in humans and animals to secure cross-sectoral data feedback.Footnote 57

  • (d)MedISys is “a media monitoring system providing event-based surveillance to rapidly identify potential public health threats using information from media reports”.Footnote 58 The system displays the information and articles of interest to public health; it also analyses news reports and warns users with automatically generated alerts. The information processed by MEDISYS is derived from the Europe Media Monitor developed and operated by the EU Joint Research Centre.Footnote 59

The system of epidemiological surveillance and its IT tools, especially the TESSy database, and the EPIS-system of communication networks and its Atlas of Infectious Diseases, represent a “shared database” category among the information management typology.Footnote 60 It is the most advanced form of information exchange and it enables national and EU authorities to directly access information entered into the system by other authorities or experts, in particular, without a prior request to another (data controlling) authority for mutual data transmission in every single case. The advantage of these IT tools is that stored data are exchanged horizontally and directly available for a longer time. Further, they can be retrieved and re-analysed, and, moreover, data from various EPIS platforms and networks can be linked and re-considered (Figure 1).

Figure 1: ECDC Surveillance Atlas of Infectious Diseases: EU reported measles cases: 08.2018-08.2019 (source: https://atlas.ecdc.europa.eu/public/index.aspx)

In practice, it is the ECDC Response Team and every-day Round Tables of the Surveillance and Response Teams who seem to play a key and leading role in the management of the information and its cooperative evaluation. The information systems are the basis for the risk assessments produced by the ECDC (urgent, rapid, and standard).Footnote 61 The process usually includes internal and external experts (reviewers), with an expertise within a specific disease programme or health threat.Footnote 62

3. Early Warning and Response System

The Early Warning and Response System (“EWRS”) is an electronic platform with access limited to international/EU/national competent authorities because of the possible processing of either personal data or other sensitive information about public health security. The process of sending alerts and the exchange of any information is always undertaken via designed electronic means (standard and selective messaging functionalities). The origins of the EWRS trace back to 1998.Footnote 63 Now, the details of the EWRS functioning, and its operational procedures, are regulated by the Health Threats Decision, or are awaiting further regulation, in the implementing acts of the Commission.Footnote 64

EWRS is a rapid alert system and, as such, it constitutes an information management tool which is based on a duty to inform other authorities in the circumstances specified in the provisions of the Decision. It is said to be a manifestation of shared administrative responsibilities in the EU where a basic legislative act (here the Health Threats Decision) regulates the scope of powers, quality standards and form of the information to be exchanged, addressees of the process, their rights and duties, and when applicable, also all the relevant legal issues relating to data protection.Footnote 65

Thus, a key obligation of the designated EWRS competent authorities at the national level, the ECDC and the Commission, is to “notify an alert in the EWRS where the emergence or development of a serious cross-border threat to health” fulfils the legal criteria cumulatively (the statutory conditions).Footnote 66 This must be done within 24 hours once the authorities become aware of a threat.Footnote 67 They are obliged to warn the EWRS partners in case of risk to health when: (1) “more than one Member State” is concerned (geographical criterion); (2) there is a high probability of risk based on any one of four possible indicators: an unusual character of event; a level of morbidity/mortality; pace of spreading; or an overall extent (risk factor); (3) “it requires or may require” a coordinated response at the EU level (the subsidiarity principle).Footnote 68 The understanding of a “cross-border” and “serious” character of a threat is defined broadly as “a life-threatening or otherwise serious hazard to health” which spreads or entails a significant risk of spreading across the Member States, and thus requires EU level response. Article 9 alert notification constitutes a key act of national and EU authorities within the EWRS. Regarding its implementation, the EWRS has been operational and useful in many cases of the need for response to infectious disease threats in the EU.Footnote 69

Since June 2017, the EWRS has been undergoing an updating process, to be made compatible with the newest IT technologies, and to integrate features which allow the system to be used more efficiently for notification and crisis management, including a planned reform (eg connection to other, relevant EU-level alert systems).Footnote 70 To this end, the Commission (especially the Directorate General responsible for Health and Food Safety: DG SANTE) has been working closely with the ECDC and the ad hoc Health Security Committee working group on the EWRS update: the first version of the updated EWRS went live in October 2018. This included all the operable functionalities that were available in the previous platform, as well as new characteristics and functionalities, including a structured notification template, a search function, and a new tool to notify and monitor public health measures in response to serious cross-border threats to health.Footnote 71 The essence of a change related to transforming the previous “message-oriented” platform into a new, “threat-oriented” platform as well as to establishing the two new, important modules: (i) one interlinking with other EU alert and information systems; and (ii) one for maintaining a real-time overview of national public health measures taken for dealing with a serious cross-border health threat, that is, a dedicated “situation awareness” module.Footnote 72 The systems are due to be released in 2019.Footnote 73

4. No implementation yet: ad hoc monitoring

Finally, the Health Threats Decision introduced a new tool, named “ad hoc monitoring”, but so far little has been known about its application and practical operation. The regulation in the Decision is quite concise (Article 7). It says simply that it applies to health threats other than infectious diseases, that is, in case of bio-toxic, chemical, environmental or unknown danger. It is activated following the Article 9 alert notification concerning one of those health threats. Member States and the Commission are then required to inform each other about the development of those threats at the national level and on the basis of information from national, internal monitoring systems.Footnote 74 Pursuant to Article 7, para 2, the mandatory information “shall include, in particular”: change in geographical distribution, spread and severity of the threat concerned and of the means of detection, if available.

This tool is supposed to function as a means of ad hoc surveillance for the above health threats, and for this reason it requires the mutual co-operation of Member States and the Commission via the channels of EWRS or the Health Security Committee. The implementation of this system has been so far unclear, especially with reference to the exact scope of shared data, its relation to the EWRS, and the protection of exchanged personal data (if any).

IV. Electronic systems of information exchange as a key tool in EHCDM

After the systemic exploration of the electronic systems of information exchange operating on the basis of the Health Threats Decision, this Section moves to the explanation of their nature, distinct features, and, later, possible problems which can affect their adequate functioning.

1. Regulating serious, cross-border health threats through information exchange

In order to demonstrate the nature of the systems of information exchange as a key tool in the EHCDM, their principal functions are analysed below. Three of these functions are key to the present analysis: integrative, regulatory, and sense-making functions.

a. Integrative function for the EU public health law and administration

To begin with, it should be said that the information systems embedded in the Health Threats Decision aim to compensate for the abolition of limits on cross-border traffic, to assist in overcoming spatial, territorial and linguistic barriers, and, as a result, to function as an important aspect of the ongoing process of European integration.Footnote 75 At the same time, their alerting and knowledge-providing functions operate as a safety net in case of health threats.Footnote 76

Further, the IT tools described above constitute typical examples of a complex form of policy implementation by information exchange and knowledge production via administrative and expert networks in the so-called composite administrative proceedings, where a central decision to be taken is whether or not an alert should be made to all Member States and responsible EU institutions.Footnote 77 Notwithstanding the limited EU competence in the area of public health, the electronic mechanisms form a part of the shared and integrated EU administration where the Health Threats Decision (a legal text) provide for common rules. Their scope includes: joint gathering, exchange and management of information; duties to co-operate and consult between EU and national authorities; and, finally, a prescription of normative consequences of the alert which is sent in the EWRS (as regulated in Article 9 of the Health Threats Decision).Footnote 78

With regard to its legal nature, Article 9 alert notification is a sui generis electronic act and an EU transnational administrative act which can cause several legal effects both at EU and national level, although technically competent authorities send it through simply starting a new case thread of information exchange within the system.Footnote 79 In accordance with the provisions of the Decision, it can trigger a risk assessment by the ECDC (or other EU agency), an obligation to assess risks, co-ordinate actions and manage risks by national competent authorities, and, moreover, the ad hoc monitoring and individual contact tracing measures, which can also entail the exchange of personal data.Footnote 80 Further legal consequences of an EWRS alert include: an obligation for authorities to communicate relevant information (Article 9); to inform other Member States of the need for action in case of non-biological health threats and further monitoring (Article 7); mutual consultation and co-ordination of national responses and risk and crisis communication (Article 11), including coordination within the Health Security Committee (Article 17).

The scope of information which authorities are obliged to provide in an Article 9 alert notification is the widest possible, to include “any available relevant information in their possession that may be useful for coordinating the response”.Footnote 81 The Health Threats Decision provides a detailed, non-exhaustive list of information which must be provided for the full characterisation of a health threat event and an organisation of an appropriate response. That is: (i) the type and origin of a (pathogenic) agent; (ii) the date and place of the incident or outbreak; (iii) the means of transmission; (iv) the methods of detection and confirmation; (v) toxicological data; (vi) public health risk; (vii) implemented/planned public health measures; and (viii) personal data.Footnote 82

Finally, it is the ECDC who hosts and operates the information systems under the Health Threats Decision. This EU body is entrusted with a mandate of surveillance, detection and risk assessment of threats to human health of biological origin, including communicable diseases and related special health issues, as well as outbreaks of unknown origin.Footnote 83 ECDC risk assessments are stored in a database (but also made publicly available), so that they can constitute a common knowledge base and provide a further reference point in any future crisis for all EU/national authorities and stakeholders in a public health policy field.Footnote 84 The ECDC (together with the Commission and the Health Security Committee) is thus an EU agency at the centre of the integrated administration system which works to improve coordination between decision-makers, and to minimise uncertainties when detecting and managing crises. It is observed that both the EWRS threads of information exchange and the ECDC risk assessments contribute to the shared understanding of a nature of a particular health threat which is shaped in the Health Security Committee and in the Communicators’ network (see Table 2).Footnote 85

Table 2: Types of electronic systems of information exchange under Health Threats Decision

b. Regulatory function

It follows from the preceding sections that the shared administration based on the systems for information exchange established by the Health Threats Decision and the respective legal consequences of their functioning lead to the regulatory function of information exchange, and, consequently, provide for regulation-by-information in the EHCDM. As Majone explains, information can be instrumental to regulatory processes, but it can also play a constitutive role of “regulation by information” when access to reliable information about various types of risks, supply of relevant information to policy actors, obligations to produce information about risks and communicate risks can result in a change of behaviour, which means reacting and responding to crises in the present context.Footnote 86

The information circulating via EPIS and EWRS is both instrumental to institutional responses and constitutive for the constant state of “preparedness” and legal consequences of alerts. It is worth emphasising that the Health Threats Decision stipulates equally with regard to the epidemic surveillance and EWRS that all authorities are obliged to remain in “permanent communication”.Footnote 87 The structured information mechanism on national preparedness plans, shared databases and communication networks (EPIS and TESSy) and a specifically designed alert system for warning and response (EWRS) together form a complex web of systems in the IT-mediated health threats regime.Footnote 88

This argument is further reinforced by the respective powers of the ECDC in the health threats regime in light of Majone’s work. He argues that EU agencies perform key roles in such regulatory contexts, and explains that although European agencies do not have formal regulatory powers, they are nevertheless equipped with knowledge and persuasion as means of influence and tools for information-based regulation.Footnote 89 From this standpoint, the ECDC is a typical example of an EU agency entrusted with the power of information management in order to develop and distribute risk assessment, which in the present context is a “public health risk assessment”, as prescribed in the Health Threats Decision.Footnote 90 From this perspective, the ECDC is said to function as a “repository of scientific knowledge” and a source of “best practice” for states requiring assistance.Footnote 91

Similar regulatory claims can be inferred from the empirical analyses of Bengtsson, Borg and Rhinard. They argue that the IT tools operating under the Health Threats Decision, especially the surveillance and early warning mechanism, constitute a key activity of epidemic intelligence which has become “a defining knowledge regime” of the EU system for health threats.Footnote 92 They demonstrate that the role of technology and data collected online are central to the creation of new knowledge which now shapes the way in which health security issues are understood, problematised and responded to in the EU.Footnote 93 Moreover, the system of IT tools underpinning epidemic intelligence, which is also a basis for ECDC risk assessments, seems to become a self-evident and self-sustaining knowledge regime for defining and understanding health problems.Footnote 94

c. Distributed sense-making function

Thirdly, the electronic systems of information exchange established under the Health Threats Decision perform a distributed sense-making function. “Sense-making” means “a range of informational and cognitive tasks that runs from crisis detection and tracking, through interpretation and analysis, to decision-making”.Footnote 95 Respective and required institutional features include: detection and surveillance systems, the capacity to analyse incoming data, technological tools ensuring real-time communication, and decision support systems to overcome human limitations and facilitate rapid and informed decision-making.Footnote 96 Moreover, such information systems are designed to provide a “situational awareness” to responsible authorities in the circumstances of a transboundary crisis and build a picture enabling effective response.

The IT tools are critical for drawing an accurate and complete overview of the situation in case of emerging or occurring threats, and for the subsequent feeding of adequate provision of factual information into political decision-making processes. Their aim is to strengthen the knowledge base for prevention and preparedness, and to enhance inter-sectoral communication within EU institutions.Footnote 97 The mechanisms of information exchange in the Health Threats Decision respond to one of the biggest challenges of TCM for decision-makers, that is, to possess “a shared perception of what is happening” in order to effectively detect and manage the crisis.Footnote 98 The challenge results from the fact that any potential health threats crisis is usually underpinned by great uncertainty regarding knowledge on the risk of threats, their type, extent and (potential) crisis development and unfolding.Footnote 99

Boin, Ekengren and Rhinard, who extensively studied “sense-making” in the EU context, including the European Early Warning System for health threats, explain that sense-making necessarily involves detection and understanding of crises, both of which need to encompass three processes: collection, analysis and sharing of information.Footnote 100 That requires the establishment of new technological tools offering advanced opportunities of data gathering and access, but they are not sufficient as such for an effective TCM; decision-makers must also be able to quickly collect information from various sources, analyse it and transform it into strategic information and action.Footnote 101 The regulation of information exchange provided in the Health Threats Decision and of the respective IT systems speak directly to institutional conditions of distributed sense-making in all aspects: from crisis detection and tracking, through interpretation and analysis, to decision-making. In addition, the ECDC consolidates the respective sense-making responsibilities delegated to the EU level.Footnote 102

2. Distinctive features of mechanisms of information exchange within EHCDM

The analysis of the functions performed by the systems of information exchange in the EHCDM allows for the identification of their distinctive features determining their uniqueness in the present context. It can further be helpful in closer characterisation of the EHCDM as a field in its own right. They are presented below.

a. A reinforcement of a shift towards the EU public health security approach

The regulation and functioning of the electronic tools of information exchange pursuant to the provisions the Health Threat Decision and its implementing rules, reflect and reinforce a multi-dimensional policy-shift in EU health governance. Specifically, health policy has transformed from a communicable disease control system to public health security regulation of threats resulting from various origins. The electronic systems also reflect and confirm a core quality of the regime, ie the Health Threat Decision is no longer a typical disease control measure, but a “hybrid” type of regulatory measure: connecting public health, TCM and securitisation of health.

The provisions of the Health Threats Decision based on the “all-hazards approach” have also streamlined the complex web of information systems which had previously operated separately, where data had been stored and used for sector-specific purposes. This is a further sign of both expansion and integration of the EU public health security policy. There is even the potential, one might think, for the present various IT platforms to form a uniform database accessible to all actors involved in the EHCDM in the future.

b. The application of and peculiarity of the EU composite administrative procedures

The electronic systems of information exchange regulated in the Health Threats Decision form a part of the EU administration and of EU composite administrative procedures. In the event of any policy failure, it allows, in principle, for a scrutiny against EU constitutional principles, including EU fundamental rights (especially against the right of “good administration” and to effective judicial protection, and the data protection and privacy rights) through judicial review at the EU Courts.Footnote 103 At the same time, judicial enforcement can be deeply problematic due to jurisdictional questions and in view of the standing rules before the EU Courts (see also further below).

It is useful to explain in that context, that, for example, the Article 9 EWRS alert notification is a trans-territorial act of a sui generis legal nature. It is not settled whether it can be treated as reviewable act, either under EU or national jurisdictions, although it can cause clear legal effects, including duties under Article 9 of the Health Threats Decision, further exchange of information, and also sometimes of personal data. If the answer is yes, this act will generally be reviewable only in the jurisdiction which issued an act, ie notified an alert. This can be at EU level, if the alert is posted by the Commission, or, the national level, if it results from an administrative act of a Member State. It is also conceivable that it would not be treated as reviewable at all (in case of judicial proceedings), but seen rather as a preparatory act for a decision taken by another authority.Footnote 104 Likewise, the national input (information and data) to the systems of information exchange have an unclear status under EU administrative law and the precise division of respective responsibilities of national/EU authorities, regarding storage, deletion, access, transmission and use of data in the analysed systems can cause possible contention.Footnote 105

c. The normative improvement of quality of distributed sense-making

The third distinctive feature of the system of electronic tools of information exchange under the Health Threat Decisions is that their regulation and operation facilitate an improved quality in the distributed sense-making system. Several important aspects contribute to this process.

First, it is high quality data which are submitted and assembled in the relevant IT systems. It is thanks to the legal requirements of the Health Threats Decision and its implementing rules (for example on EU case definitions of diseases) that there has been some standardisation of the submitted, collected and disseminated information and soft “harmonisation” of information and knowledge sharing, and provision of standardised scientific expertise.Footnote 106

Second, it likewise applies to the quality of ECDC risk assessment and analyses.Footnote 107 It is reported that data comparability across countries and data quality have remained top priorities for the ECDC.Footnote 108 This is fostered through agreed reporting protocols, common meta-datasets, meticulous data validation, and proactive feedback during network meetings.Footnote 109 Further, together with the development of the implementation of the Health Threats Decision, there have been new initiatives, which included the systematic data quality assessment and feedback through indicators published in a restricted version of the Atlas of Infectious Diseases, a progressive reduction of variables to be reported to TESSy, and the pilot collection of detailed information on Member State surveillance systems.Footnote 110 The ECDC has also been enforcing the use of EU case definitions by rejecting non-compliant data, or by excluding them from analysis and reporting.

Finally, a long history of operation of the IT tools for epidemiological surveillance and early warning systems, as well as the institutional memory of the ECDC, improve the sense-making capacities of the whole regime. It is also closely linked to a long-established tradition of the EU networked administration in the area of health safety and co-ordination between EU and national authorities which is unique in the quality of their capacity to work together.Footnote 111

V. Possible problems affecting EHCDM and further research agenda

The preceding analysis has so far demonstrated that electronic systems of information constitute a key tool in the EHCDM. Their distinctive features determine the uniqueness of this field, but they can also lead to the consideration of possible problems which can affect the adequate implementation and functioning of those systems, and, in turn, the functioning of the EHCDM.

First, it should be noted that the previously existing system of information exchange to control communicable diseases in the EU has, since the Health Threats Decision entered into force in 2013, been transformed into a system concentrated on preparedness for catastrophes and on the sharing of strategic knowledge in order to potentially avoid and respond effectively to future catastrophic events. The “all-hazards approach” of the Health Threats Decision, the wide scope of information exchanged via IT tools, including the range of threat types to be scrutinised, and the planned connection of several, earlier separate, EU alert networks, indicate a clear focus on crisis and health threats detection. At the EU level, it can lead to a better policy co-ordination and crisis response, but it also means a more intensified and firm re-orientation of the EU policy philosophy toward security goals and promotion of a particular understanding of health as intertwined with security and crisis, together with a move away from established traditions of communicable disease control based on epidemiology and public health protection, sustainability focused on populations’ health, and long-term, environmental determinants.Footnote 112 This shift may further mean that important issues of public health, above all the combatting of non-communicable diseases (eg diabetes and cardiovascular diseases), a population’s health problems such as obesity, and the promotion of the rights-based approach to health can be overshadowed by concentration on early detection and containment of threats. Definitely worthy of further research are the consequences this will have on the quality of sense-making activities, including the quality of data and the work of experts (eg epidemiologists) within the information exchange systems; and, further, what spill-over effects the policy shift at the EU level will have on national policies, together with a careful study of national preparedness laws and approaches.

The latter claim is also linked to the second problematic issue which must be highlighted. Some empirical research studies and the reports of the Commission have already indicated that national authorities have complained about too much information being available through the EWRS, from diverse and blurred sources, which resulted in a loss of clarity regarding the quality of information, difficulties in isolating key data, and the creation of a false picture of a crisis situation.Footnote 113 It is thus claimed that IT-mediated health governance, based on massive digitalisation and aggregated data-gathering, can produce undesirable and unintended results leading to ineffectiveness of responses. Additionally, it is suggested that national surveillance systems, from which data are submitted to EU information systems, are still diverse and do not always offer comparable and useful data, which can lead to misleading and erroneous information.Footnote 114 The variation in surveillance information can impair the capacity of countries to respond to outbreaks quickly and with appropriate means. It risks leading to a counterproductive effect of the EU system, thereby incapacitating national responses instead of facilitating them. Taking care of the quality of exchanged information and the various methods used to analyse it should be linked to constant attempts to improve the quality of national surveillance mechanisms. Again, further empirical and comparative research is needed to verify these claims.

The third issue which needs to be addressed is how to ensure accountability for EU level risk assessment (based on ECDC knowledge and information exchange within the electronic systems) and its normative effects, including on national-level decision-making and applied measures (eg of individual contact-tracing) in case of a policy failure (eg a mistake). There are two possible routes which merit consideration.

First, accountability through traditional judicial enforcement should be mentioned: it means the application of the EU judicial rules and the EU administrative law. However, it can imply clear problems of enforcement in the transboundary setting. As a consequence, the following formal legal questions will probably arise, depending on the dispute: a problem of standing for affected individuals before European courts; and identifying an applicable law because of the separate jurisdictions within which national public health systems operate.Footnote 115 A separate question can arise with regard to judicial supervision and review of the acts of the ECDC which are not binding decisions, or particularly regarding its specific input into the crisis and response decision-making process in the form of public health risk assessment which, arguably, will not constitute a reviewable act under EU judicial enforcement rules because it is not binding, and not a direct basis for national measures following the operation of electronic systems of information exchange in the Health Threats Decision. The latter act provides a framework for the exchange of information and knowledge leading to coordination, consultation and indirect implementation of national public health measures, but they are adopted at national level due to the limited EU competence in the public health field.

Second, and as a possible remedy to the problems with judicial enforcement, the literature suggests that accountability can be secured through the excellence of expert advice based on independence and increased transparency. Majone argues that policy credibility depends on network reputation: it must be based on experts’ independence and transparency as basic pre-conditions for regulation by information exchange within EU decentralised administration.Footnote 116 At the same time, an empirical scrutiny of the ECDC transparency policy, as well as the comparison of EFSA and ECDC, can lead to a conclusion that these are not the sole factors which determine the credibility of an expert institution (EU agency) and its networks, but it is also its approach towards uncertainty in risk regulation.Footnote 117 EFSA is fully transparent regarding the composition of permanent scientific panels, experts’ CVs, declaration of interests and procedures, while the ECDC publishes names of consulted experts in its risk assessments and allows for access to some documents, but does not give access to either the databases with experts’ names or lists of members contributing information to its various IT tools.Footnote 118 This information is traditionally perceived as confidential in the area of ECDC work. On the other hand, the ECDC is claimed to be very uncertainty-tolerant and it is set as an example of a body providing scientific advice which also outlines uncertainties (for example, ECDC internal operating procedure explicitly specifies that “risk assessment addresses the uncertainties in the assessment … through a systematic appraisal of the available evidence”), while EFSA has often been criticised as an uncertainty-intolerant and industry-biased institution.Footnote 119 This might indicate that the ability to deal with uncertainty in relation to scientific knowledge, the subsequent ability to offer good policy recommendations to public authorities, and communicate these uncertainties to the public, can be equally important to stakeholders and the public for the agency credibility and accountability. It would be interesting both to compare the work (and credibility) of the ECDC and EFSA in light of their applicable policies on transparency and to analyse the implications of rapid risk assessments jointly produced by these agencies, if the need arises.Footnote 120

VI. Conclusions

The detailed analysis in the preceding sections allows for the conclusion that the present EU policy on serious, cross-border health threats is heavily based on systems of information exchange. The operation of these systems – involving detection, collection, analysis, and transfer of information – ensures the performance of integrative, regulatory and sense-making functions for the EU health crisis and disaster management. Detailed examination of the mechanisms has confirmed the conclusion that these information systems are indeed a key tool of EHCDM, which is actually dependent on their adequate functioning.

The exploration of the operation of the systems of information exchange in the EHCDM also allowed their distinctive features to be identified, ie those which determine their uniqueness in the present context. It has been explained that there are three such distinctive features of the electronic tools of information exchange under the regulation of the Health Threat Decision: they reflect and reinforce a multi-dimensional policy-shift in the EU from communicable disease control to public health security regulation; they improve the quality of the distributed sense-making system through data quality provisions; and lastly, they form a part of the EU composite administrative procedures. An increased awareness of these features can be helpful for a better understanding of future policy needs and contributes to a closer characterisation of the EHCDM through legal analysis and as a separate European policy field in its own right. This article also adds its contribution in view of the relative scarcity of legal analyses in the field of EU public health law.

Finally, the regulation of the systems of information exchange and their technical operation prompts the consideration of possible problems which can affect the adequate implementation and functioning of the EHCDM. These include the possible consequences of the reinforced securitisation of the EU health policy for the quality of sense-making activities, spill-over effects of the policy shift at the EU level on national preparedness laws and surveillance mechanisms, and accountability of experts and scientists responsible for risk assessment and knowledge production. This is why more in-depth, comparative studies of national public health/preparedness regimes and of the functioning of EU/national administration and agencies (ECDC, EFSA and EMA) involved in EU health policy, especially with regard to the question of accountability, are needed to further unpack EHCDM.Footnote 121 This leaves us with some unanswered questions which need to be addressed through an ambitious agenda of further research.

Footnotes

The financial support of the EU Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 746014 is hereby acknowledged. The earlier version of this text was presented at the Symposium on EHCDM, University of Amsterdam, 6 December 2018. Many thanks to the participants to the Symposium, the anonymous reviewer, and to Agnieszka Nimark for the helpful comments. Any omissions that remain are my own.

References

1 Decision 1082/2013/EU on serious cross-border threats to health [2013] OJ L 293/1 (Health Threats Decision) which repealed Decision 2119/98/EC setting up a network for the epidemiological surveillance and control of communicable diseases in the Community [1998] OJ L 268/1.

2 See Frischhut, M and Greer, S, “EU public health law and policy – communicable diseases” in Hervey, T et al (eds), Research Handbook on EU Health Law and Policy (Cheltenham, Edward Elgar 2017) at pp 318325Google Scholar.

3 See Milne, I, Stacking the Coffins Influenza, War and Revolution in Ireland, 1918–19 (Manchester, Manchester University Press 2018) at pp 85111Google Scholar, especially p 98.

4 See also SL Roberts, “Signals, Signs and Syndromes: Tracing the Digitisation of European Health Security Practices”, in this volume of EJRR.

5 See Nicholl, C, “Health and pandemics: efficient EU response by sharing knowledge” in Joint Research Center Report, The Challenge of Resilience in a Globalised World (Luxembourg, Publications Office of the European Union 2015) at pp 3839Google Scholar.

6 Compare: Frischhut and Greer, supra, note 2, at p 328; Boin, A et al, Making Sense of Sense-Making: The EU’s Role in Collecting, Analysing, and Disseminating Information in Times of Crisis (Stockholm, National Defence College 2014) at pp 4142Google Scholar; and E Versluis et al, “The Multilevel Regulation of Complex Policy Problems: Uncertainty and the Swine Flu Pandemic” (2019) 5(1) European Policy Analysis 13.

7 See C Ansell et al, “Managing transboundary crises: identifying building blocks of an effective response system” (2010) 18(4) Journal of Contingencies and Crisis Management 204; Boin, A et al, “Transboundary crisis governance” in Hegemann, H and Bossong, R (eds), EU Civil Security Governance: Diversity and Cooperation in Crisis and Disaster Management (Basingstoke, Palgrave 2014) pp 307308Google Scholar; JP Schneider, “Basic Structures of Information Management in the European Administrative Union” (2014) 20 European Public Law 89.

8 Art 2(5) in connection with Art 168(5) Consolidated Versions of Treaty on the Functioning of the European Union, [2016] OJ C 202/1; and recital 1 of the preamble, Health Threats Decision. See also the Commission Communication, Improving Health Security in the EU A One Health approach to counteracting the threat from infectious diseases, 12 March 2018, COM Ares(2018)1488883, p 2.

9 See Frischhut and Greer, supra, note 2, pp 318–325, 320.

10 Commission Green Paper on Bio-preparedness, COM(2007) 399 final. See also F Kuhlau, “Countering Bio-Threats: EU Instruments for Managing Biological Materials, Technology and Knowledge” (2007) 19 SIPRI Policy Paper 1 and Lakoff, A (ed), Disaster and the Politics of Intervention (New York, Columbia University Press 2010)Google Scholar.

11 See Nimark, A, “Post-Lisbon Developments in EU Crisis Management: The Integrated Political Crisis Response (IPCR) Arrangements” in O’Mathúna, D and de Miguel Beriain, I (eds), Ethics and Law for Chemical, Biological, Radiological, Nuclear & Explosive Crises (Cham, Springer 2019)Google Scholar.

12 Art 1(2) in connection with Arts 4 and 6–11, Health Threats Decision. Emphasis added.

13 See Art 1(1) in conjunction with Arts 6–8, 15, 17, and recitals 8, 10, 14–16, 19, Health Threats Decision.

14 Cf Nimark, A, “The EU’s Role in Crisis and Disaster Management within the Union: Post-Lisbon Developments” in Dąbrowska-Kłosińska, P (ed), Global Safety Governance: Challenges and Solutions (Warsaw, ASPRA-JP 2015) at p 162Google Scholar.

15 See L Bengtsson and M Rhinard, “Securitisation across borders: the case of ‘health security’ cooperation in the European Union” (2019) 42(2) West European Politics 346; and further P Dabrowska-Kłosińska, “Tracing Individuals under the EU Regime on Serious, Cross-border Health Threats: An Appraisal of the System of Personal Data Protection” (2017) 8(4) EJRR 700; and de Ruijter, A, “Mixing EU Security and Public Health in the Health Threats Decision” in de Ruijter, A and Weimer, M (eds), EU Risk Regulation, Expert and Executive Power (Oxford, Hart Publishing 2017)Google Scholar.

16 See point 4 of the Preamble, Art 4(4), Health Threats Decision.

17 See Commission Communication, Improving Health Security in the EU, at p 2.

18 Recital 3 of the preamble, Health Threats Decision.

19 Art 2 para. 1; Art 3 point g, Health Threats Decision.

20 Art 2(1), recital 3 and 6 of the preamble, Health Threats Decision. See also Brem, S and Dubois, S, “Different perceptions, similar reactions: Biopreparedness in the European Union” in Katona, P et al (eds), Global Biosecurity Threats and Responses (Oxford, Routledge 2010)Google Scholar.

21 See also ML Flear and A de Ruijter, “Introduction: European Governance of Health Crisis and Disaster Management”, in this volume of EJRR.

22 There are important exceptions to this claim, see the pioneering works of Vos, E, Institutional Frameworks of Community Health and Safety Legislation: Committees, Agencies and Private Bodies (Oxford, Hart 1999)Google Scholar and Hervey, TK and McHale, JV, Health Law and the European Union (Cambridge, Cambridge University Press 2004)CrossRefGoogle Scholar. See also de Ruijter, A, EU Health Law & Policy The Expansion of EU Power in Public Health and Health Care (Oxford, Oxford University Press 2019)CrossRefGoogle Scholar; Flear, ML, Governing Public Health: EU Law, Regulation and Biopolitics (Oxford, Hart Publishing 2015)Google Scholar; Frischhut and Greer, supra, note 2; Hervey, TK and McHale, JV, European Union Health Law: Themes and Implications (Cambridge, Cambridge University Press 2015)CrossRefGoogle Scholar.

23 See eg Antoniadis, A et al (eds), The European Union and Global Emergencies: A Law and Policy Analysis (Oxford, Hart Publishing 2011)Google Scholar; Alemanno, A (ed), Governing Disasters: The Challenges of Emergency Risk Regulation – Beyond the European Volcanic Ash Crisis (Cheltenham, Edward Elgar 2011)CrossRefGoogle Scholar; Govaere, I and Poli, S (eds), EU Management of Global Emergencies: Legal Framework for Combating Threats and Crises (Leiden, Boston, Brill 2014)CrossRefGoogle Scholar. Note that G Venturini, “International Disasters Response Law in Relation to other Branches of International Law”, at p 57, mentions a parallel development of global health law and international disaster response law, but M Gestri “EU Disaster Response Law”, at pp 105–128, and F Casolari, “The External Dimension of the EU Disaster Response”, at pp 129–154, do not mention health policy in the EU context, see De Guttry, A et al (eds), International Disaster Response Law (The Hague, Springer 2012)CrossRefGoogle Scholar.

24 See eg Boin, A et al, The European Union as Crisis Manager: Patterns and Prospects (Cambridge, Cambridge University Press 2013) at pp 118120CrossRefGoogle Scholar; Boin et al, supra, note 6, at pp 37–42; S Zandén Kjellén, “Rapid Alerts for Crises at the EU Level” in S Olsson (ed), Crisis Management in the European Union: Cooperation in the Face of Emergencies (Dordrecht, New York, Springer 2009).

25 O’Mathúna, D and de Miguel Beriain, I (eds), Ethics and Law for Chemical, Biological, Radiological, Nuclear & Explosive Crises (Cham, Springer 2019)CrossRefGoogle Scholar; R Orford et al, “EU alerting and reporting systems for potential chemical public health threats and hazards” (2014) 72 Environment International, Special Issue, Recent developments in assessing and managing serious health threats 15; SL Roberts, “Big Data, Algorithmic Governmentality and the Regulation of Pandemic Risk” (2019) 10(1) EJRR 94.

26 See L Bengtsson et al, “Assembling European health security: Epidemic intelligence and the hunt for cross-border health threats” (2019) 50(2) Security Dialogue 115; L Bengtsson et al, “European security and early warning systems: from risks to threats in the European Union’s health security sector” (2018) 27(1) European Security 20; Bengtsson and Rhinard, supra, note 15.

27 Ansell et al, supra, note 7; see also Boin et al, supra, note 6.

28 See Majone, G, Evidence, Argument, and Persuasion in the Policy Process (New Haven, Yale University Press 1989)Google Scholar.

29 G Majone, “The New European Agencies: Regulation by Information” (1997) 4(2) JEPP 262, at p 264.

30 See M Eliantonio, “Information Exchange in European Administrative Law: A Threat to Effective Judicial Protection?” (2016) 23(3) Maastricht Journal of European and Comparative Law 531; Versluis et al, supra, note 6.

31 See D-U Galetta et al, “Information Exchange in the European Administrative Union: An Introduction” (2014) 20(1) European Public Law 65.

32 See Majone, supra, note 29, at pp 270–271.

33 Cf Galetta et al, supra, note 31, at p 66.

34 See Table 2 below for a summary of the systems, their legal bases, users and responsible authorities.

35 See also Brem and Dubois, supra, note 20, at pp 150–152; Flear, supra, note 22, at pp 133–138 and 151–158; and the works cited in supra, note 26.

36 See also Dąbrowska-Kłosińska, supra, note 15.

37 Cf Art 1, Health Threats Decision; and European Centre for Disease Prevention and Control, Annual report of the Director – 2017 (Stockholm, ECDC 2018) at pp 12–43.

38 See eg Art 4(1)–(2), Art 6(3), Art 7(1); Art 8(1), Health Threats Decision.

39 Compare the wording of Art 6 and Art 8 of the Health Threats Decision which establish “a network for epidemiological surveillance” and “Early Warning and Response System” respectively.

40 The following internal ECDC documents, requested under the provisions of Regulation (EC) No 1049/2001 regarding public access to documents, have been referred to in the content of this section: (i) the ECDC Internal Procedure on Response Operations, ECDC/IP/98 (“ECDC IP 98”), consulted by the Senior Management Team 03.12.2015, pp 1–48; as revised by (ii) the ECDC IP 98 - SRS - Response Operations: Internal Procedure - Risk assessment workflow, first revision, October 2018 (“ECDC/IP/98 – Rev.1”), issued 24.04.2019, pp 1–16; as accompanied by the RRA [Rapid Risk Assessment] Work instructions (consistent with IP 98), pp 1–26.

41 Cf classification in Schneider, supra, note 7, at pp 91–92.

42 Art 4(2)(a)–(c), Health Threats Decision.

43 Art 4(4), Health Threats Decision. See also Flear, supra, note 22, at pp 151–153.

44 Commission Implementing Decision No 2014/504/EU implementing Decision No 1082/2013/EU of the European Parliament and of the Council with regard to the template for providing the information on preparedness and response planning in relation to serious cross-border threats to health, OJ 2014 L 223/25.

45 Art 4(1) and 4(6), Health Threats Decision. For an earlier account, see also Flear, supra, note 22, pp 151–153.

46 Report on the implementation of Decision No 1082/2013/EU of the European Parliament and of the Council of 22 October 2013 on serious cross-border threats to health and repealing Decision No 2119/98/EC, COM (2015) 617 final, p 4 (“The 2015 Report”).

47 European Court of Auditors special report no 28, Dealing with serious cross-border threats to health in the EU: important steps taken but more needs to be done (Luxembourg, Publications Office of the European Union 2016) p 19 (“The Court of Auditors 2016 Report”).

48 The 2015 Report, supra, note 46, at pp 5–6.

49 ibid, at p 5; see also the Court of Auditors 2016 Report, supra, note 47, at p 23; European Centre for Disease Prevention and Control, ECDC country preparedness activities, 2013–2017 (Stockholm, ECDC 2018) at pp 14–18.

50 See European Centre for Disease Prevention and Control, Health emergency preparedness for imported cases of high-consequence infectious diseases (Stockholm, ECDC 2019); European Centre for Disease Prevention and Control, HEPSA – health emergency preparedness self-assessment tool – user guide (Stockholm, ECDC 2018); European Centre for Disease Prevention and Control, Public health emergency preparedness – Core competencies for EU Member States (Stockholm, ECDC 2017).

51 Decision 2119/98/EC setting up a network for the epidemiological surveillance and control of communicable diseases in the Community [1998] OJ L 268/1. For a useful historical overview, see eg Frischhut and Greer, supra, note 2.

52 Art 6(1)–(2), recitals 2 and 5 of the preamble, Health Threats Decision. See also Flear, supra, note 22, at p 155 and pp 135–137, 156–158.

53 The 2015 Report, supra, note 46, at p 6.

54 See <ecdc.europa.eu/en/publications-data/european-surveillance-system-tessy>, accessed 4 December 2019.

55 The 2015 Report, supra, note 46, at p 7.

56 ECDC IP 98, supra, note 40, at p 25; and <ecdc.europa.eu/en/publications-data/epidemic-intelligence-information-system-epis>, accessed 4 December 2019.

57 The 2015 Report, supra, note 46, at p 6; see also <www.ecdc.europa.eu/en/surveillance-atlas-infectious-diseases>, accessed 4 December 2019.

58 See <ec.europa.eu/jrc/en/scientific-tool/medical-information-system>, accessed 4 December 2019.

59 See <medisys.newsbrief.eu/medisys/homeedition/pl/home.html#>, accessed 4 December 2019.

60 Schneider, supra, note 7, at pp 91–93.

61 ECDC/IP/98 – Rev.1, supra, note 40, at p 8.

62 ECDC IP 98, supra, note 40; see also Bengtsson, Borg and Rhinard, supra, note 26; and Schneider, supra, note 7, at p 103.

63 Decision 2119/98/EC setting up a network for the epidemiological surveillance and control of communicable diseases in the Community [1998] OJ L 268/1; see also Zandén Kjellén, supra, note 24.

64 See Art 8, 16 and 20, Health Threats Decision, and the EU implementing legislation available at <ec.europa.eu/health/communicable_diseases/early_warning/comm_legislation_en.htm>.

65 Schneider, supra, note 7, at pp 92 and 101.

66 Art 9, para 1, Health Threats Decision. See also Art 4, Regulation (EC) No 851/2004 establishing a European Centre for Disease Prevention and Control (ECDC Regulation) [2004] OJ L 142/1.

67 Art 2, para 1, Commission Implementing Decision (EU) 2017/253 laying down procedures for the notification of alerts as part of the early warning and response system established in relation to serious cross-border threats to health and for the information exchange, consultation and coordination of responses to such threats pursuant to Health Threats Decision [2017] OJ L 37/23.

68 Art 9, para 1, points a–c, Health Threats Decision.

69 Boin et al, supra, note 6, at pp 38–40 and the Court of Auditors 2016 Report, supra, note 47, at pp 30–34.

70 See Recital 8 and 16 of the Preamble, Art 9.4, Health Threats Decision. See also the Commission document, Structure for preparedness and response to cross-border health threats, annexed to impact assessment SEC(2011) 1519 final.

71 Flash report of the Plenary Meeting of the Health Security Committee, 5 July 2019, at p 12.

72 Flash report from the Plenary Meeting of the Health Security Committee, 9 November 2017, at p 5; the Court of Auditors 2016 Report, supra, note 47, at pp 31–33; and also Bengtsson et al, supra, note 26, at pp 30–34.

73 Flash report of the Plenary Meeting of the Health Security Committee, 5 July 2019, at p 12.

74 Art 7, para 1, Health Threats Decision.

75 Cf also Flear, supra, note 22.

76 Cf Galetta et al, supra, note 31, at pp 68–69.

77 ibid, pp 66–68. See also Hofmann, HCH, “Composite decision-making procedures in EU administrative law” in Hofmann, HCH and Türk, AH (eds), Legal Challenges in EU Administrative Law (Cheltenham, Edward Elgar 2009)CrossRefGoogle Scholar.

78 Cf Dąbrowska-Kłosińska, supra, note 15.

79 Bengtsson et al, supra, note 26, at p 30; ECDC IP 98, supra, note 40.

80 Art 8, para 2 and Art 10, para 1, ECDC Regulation 851/2004; and The 2015 Report, supra, note 46, at p 9.

81 Art 9, para 3, Health Threats Decision.

82 Art 9, para 3, points i–j.

83 Recital 5 and 16 of the preamble, Arts 2(1), 6(1) and 10(1) respectively, Health Threats Decision; ECDC Regulation 851/2004.

84 Cf Schneider, supra, note 7, at p 105; Bengtsson et al, supra, note 26; ECDC IP 98, supra, note 40.

85 Bengtsson et al, supra, note 26, at p 32.

86 Cf Majone, supra, note 29, at pp 264–267.

87 Arts 6(1) and 8(1), Health Threats Decision.

88 See documents cited supra, note 40.

89 Majone, supra, note 29.

90 Art 10(1a), Health Threats Decision; see Schneider, supra, note 7, at p 105.

91 See Boin et al, supra, note 24, at p 120.

92 Bengtsson et al, supra, note 26, at p 116.

93 ibid, at p 127.

94 ibid, at p 125. See also Bengtsson and Rhinard, supra, note 15.

95 Ansell et al, supra, note 7, at p 201.

96 ibid.

97 Cf Nimark, supra, note 14.

98 Boin et al, supra, note 6, at p 13. See also A Boin, “The Transboundary Crisis: Why we are unprepared and the road ahead” (2019) 27(1) Journal of Contingencies and Crisis Management 97.

99 Versluis et al, supra, note 6.

100 Boin et al, supra, note 6, at pp 14–15.

101 Boin, supra, note 98.

102 See ECDC/IP/98 – Rev.1, at pp 9–11.

103 Cf M Eliantonio, “Judicial Review in an Integrated Administration: the Case of “Composite Procedures” (2014) 7(2) Review of European Administrative Law 65; and Dąbrowska-Kłosinska, supra, note 15.

104 Hofmann, supra, note 77, at pp 149–163.

105 See Schneider, supra, note 7, at pp 102 and 105.

106 Art 6(3)–(5), Health Threat Decision; Commission Implementing Decision (EU) 2018/945 of 22 June 2018 on the communicable diseases and related special health issues to be covered by epidemiological surveillance as well as relevant case definitions [2018] OJ L 170/1; ECDC IP 98, supra, note 40.

107 ECDC IP 98, supra, note 40; see also Versluis et al, supra, note 6.

108 The 2015 Report, supra, note 46, at p 7.

109 See the documents, cited supra, note 40.

110 The 2015 Report, supra, note 46, at p 7, but see also the The Court of Auditors 2016 Report, supra, note 47.

111 See Ansell et al, supra, note 7, at p 203.

112 Cf Bengtsson et al, supra, note 26, at pp 120, 125–126 and 127.

113 ibid, pp 120, 123, 125. See the Report on Operation of the Early Warning and Response System (EWRS) of the Community Network for the epidemiological surveillance and control of communicable diseases during 2006 and 2007 (COM(2009) 228 final) and the weaknesses outlined in The Court of Auditors 2016 Report, supra, note 47, at pp 19–21 and 35.

114 R Rentjes, “Variation matters: Epidemiological surveillance in Europe” (2012) 37(6) Journal of Health Politics, Policy and Law 954.

115 See Eliantonio, supra, note 30, at pp 534–537.

116 See Majone, supra, note 29, at pp 263 and 270–274.

117 See Versluis et al, supra, note 6.

118 ECDC/IP/98 – Rev.1, at p 12.

119 ibid, at p 8. See MBA van Asselt and E Vos, “Wrestling with uncertain risks: EU regulation of GMOs and the uncertainty paradox” (2008) 11(1)–(2) Journal of Risk Research 281.

120 See Art 10.1, Health Threats Decision and ECDC/IP/98 – Rev.1, at p 13.

121 See also EM Speakman, “Pandemic legislation in the European Union: Fit for purpose? The need for a systemic comparison of national laws” (2017) 121 Health Policy 1021.

Figure 0

Table 1: The comparison between EPIS and EWRS (source: the ECDC Internal Procedure on Response Operation, ECDC/IP/98 and own analysis)

Figure 1

Figure 1: ECDC Surveillance Atlas of Infectious Diseases: EU reported measles cases: 08.2018-08.2019 (source: https://atlas.ecdc.europa.eu/public/index.aspx)

Figure 2

Table 2: Types of electronic systems of information exchange under Health Threats Decision