EPA

European Patent Office (EPO) – Legal Foundations and Significance

The European Patent Office (EPO; in English, European Patent Office, EPO) is a central authority for granting European patents in accordance with the European Patent Convention (EPC). In legal practice and literature, the abbreviation “EPO” is often used synonymously for both the office itself as well as for the patent system managed by the EPO. Below, the legal foundations, functions, structure, as well as the significance and procedures of the EPO are described in detail.

Legal Foundations of the EPO

Historical Background and Legal Basis

The European Patent Office was established under the European Patent Convention (EPC) of 1973. This international treaty regulates cooperation among European states in the field of industrial property protection. The EPC forms the legal basis for the activities and powers of the EPO. The contracting states of the EPC are members of the European Patent Organisation (EPO), an intergovernmental institution with its own legal personality.

Legal Nature and Scope of Functions

The EPO is an intergovernmental institution vested with sovereign powers. Its main task is to conduct proceedings for granting European patents. In addition, the EPO monitors compliance with the EPC, provides information, and is involved in the further development of European patent law.

The EPC regulates all aspects of patent granting, including application procedures, examination procedures, appeal procedures, and opposition procedures, as well as the rights and obligations of patent holders and third parties.

Organizational Structure and Functions of the EPO

Organs and Main Offices

The EPO consists of several organs, each with its own responsibilities. The most important are the Presidency, Boards of Appeal, and Examination Divisions. The main administration is located in Munich, with additional offices in The Hague, Berlin, and Vienna. Each organ performs specific legal and administrative tasks:

• Presidency: Leads the EPO and is responsible for personnel, administration, and strategy
• Examination Divisions: Conduct the procedure for granting European patents
• Opposition and Boards of Appeal: Decide on oppositions and appeals against decisions of the EPO

Independence and Legal Supervision

As an independent intergovernmental organisation, the EPO is not directly subject to national or EU law, but primarily to the EPC and its associated administrative and implementing regulations.

The European Patent Grant Procedure

Filing and Formal Requirements

Patent applications may be filed with the EPO in writing or electronically. The application procedure is governed by the provisions of the EPC and its implementing regulations. In addition to the patent specification, the application must contain, among other things, information about the inventor, claims, and a summary. The legal basis is provided by Articles 75 et seq. EPC.

Examination and Grant Procedure

The EPO is required to examine whether the formal and substantive requirements of the patent application are met. In particular, the office assesses patentability (novelty, inventive step, industrial applicability) in accordance with Articles 52 to 57 EPC. As a result, the patent may be granted or refused; appeals may be lodged against the decision.

Publication, Opposition, and Appeal

Once granted, the European patent is published. Third parties can, under Article 99 EPC, file an opposition to the patent within nine months of publication. The EPO decides on oppositions through separate Opposition Divisions.

In the case of disputes or rejection of an application, the EPC provides for several appeal options. The Boards of Appeal at the EPO are functionally independent and decide according to their own procedural rules.

Effects and Legal Consequences of Granted European Patents

Legal Nature of European Patents

A granted and asserted European patent does not take effect as a unitary supranational right, but under Article 2(2) EPC as a bundle of national patents in the designated states. National laws govern the enforcement and validity of the patent after grant.

Enforcement and Challenge

Enforcement of rights from European patents and challenges (e.g., actions for nullity) are governed by the national law of the respective contracting states. After grant, the EPO no longer plays a role in national enforcement, except for European opposition and appeal proceedings, as provided for under the Convention.

The EPO in Relation to EU Law and International Agreements

Relationship to the European Union

The European Patent Office is not an institution of the European Union but is part of an independent intergovernmental organization. However, it cooperates with EU bodies under various agreements and also influences the development of unified European patent law. In particular, the introduction of the Unitary Patent and the Unified Patent Court has strengthened the role of the EPO.

International Agreements

The EPO is also involved in international patent systems, serving, for example, as a receiving office under the Patent Cooperation Treaty (PCT). It is integrated into various forms of international cooperation and harmonization of industrial property protection.

Administrative and Regulatory Framework Conditions

Fees and Cost Structure

The EPO’s fee schedule regulates all fees charged by the office, including application fees, examination fees, annual fees, and appeal fees. These fees are adjusted regularly and are essential for covering administrative costs.

Data Protection and Procedural Law

The EPO is subject to its own data protection regulations, particularly concerning the handling of personal data in patent applications and publications. The EPO’s procedural rules regulate the process, deadlines, and notifications in the course of patent application and granting.

Summary

The European Patent Office (EPO) is a central body in European and international patent law and manages the entire process for granting European patents under the European Patent Convention. Legally, the EPO is autonomous as an intergovernmental organization and possesses wide-ranging sovereign and examination powers, holding a key function in the European patent system in ensuring transparency, legal certainty, and the promotion of innovation.

See also:

• European Patent Convention (EPC)
• Unified Patent Court
• Patent Cooperation Treaty (PCT)
• Protective Rights in Industrial Property Protection
• Rights and Obligations from European Patents

Sources and Further Reading:

• European Patent Convention (EPC), consolidated version
• Catalogue of Tasks, Business Distribution Plan, and Fee Schedule of the EPO
• Guidelines for Examination in the European Patent Office
• Publications in the Official Journal of the EPO
• International Patent Agreements and WIPO Conventions

Status: June 2024

Frequently Asked Questions

Who is authorized to access data in the electronic patient record (ePA), and what legal regulations apply?

Access to data in the electronic patient record (ePA) is strictly regulated by law. In principle, the primary right of access lies with the insured person, who can access their record using appropriate authentication means, such as the electronic health card (eGK) with PIN. Under §§ 341 ff. SGB V, authorized healthcare providers, e.g., physicians, dentists, psychotherapists, pharmacists, or members of other health professions, may also access the ePA, but always only on the basis of the insured person’s explicit consent. Consent may apply to individual documents or the entire record, and may be limited by time or by professional group (“fine-grained access management” according to § 342 para. 2 SGB V). Without existing consent or outside the limits permitted by the insured person, access is legally inadmissible. Exceptions exist only in medical emergencies, if emergency data are stored on the health card, but not for the ePA itself. All access is logged and is verifiable according to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

What are the retention and deletion obligations for health data stored in the ePA?

Health data stored in the ePA is subject to strict retention and deletion requirements under § 341 SGB V and supplementary provisions of the GDPR. In principle, the insured person independently decides on the duration of storage for individual documents in their ePA. They may delete health data themselves at any time without any special justification. Deletion by the insured person is irrevocable, meaning the data cannot be restored by the health insurance fund or the ePA provider. Furthermore, health insurers are obligated to delete the ePA entirely if the insurance relationship ends, but at the latest three years after the last use, as required by § 341 para. 3 SGB V. If data is stored to fulfill legal obligations (e.g., for evidentiary purposes), special retention periods according to the relevant sectoral laws apply.

How is data protection legally ensured when using the ePA?

Data protection for the use of the ePA is ensured by a multilayered system of specific Social Code provisions and general data protection regulations. Under § 342 SGB V, the ePA is considered a particularly sensitive system. For all stored and transmitted data, the data protection level of the GDPR applies, in particular the principles of purpose limitation, transparency, integrity, and confidentiality. Personal health data may only be processed with the insured person’s explicit consent. From an IT perspective, mechanisms such as end-to-end encryption, logging, and secure authentication must be implemented; these are regulated in the Patient Data Regulation (PAtV) and the technical guidelines of gematik. Remote access or processing from outside Germany is also subject to strict data transfer requirements (§ 343 SGB V). The competent supervisory authorities (in particular, the Federal Commissioner for Data Protection and Freedom of Information, BfDI) monitor compliance with these data protection requirements.

What obligations do healthcare providers have when handling the ePA from a legal perspective?

Healthcare providers are required to maintain data protection and data security in compliance with SGB V and the GDPR. They may only enter, read, or modify health data in the ePA with the explicit and documented consent of the insured person. When processing and viewing data, the principle of data minimization applies: only such information necessary for the respective treatment may be used (§ 342 para. 2 SGB V). They must also fulfill any information obligations, such as informing patients about entries and accesses in the ePA. Every access must be logged in the record, and the insured person must be given access to these logs upon request. Violations of these obligations may result in professional, civil, and, where applicable, criminal consequences. Furthermore, technical integration into the telematics infrastructure is required to use the ePA.

What happens in the event of misuse or unauthorized access to the ePA?

Misuse or unauthorized access to the data of the ePA constitutes a serious data protection breach and may lead to both criminal and civil consequences. Under § 203 StGB, the unauthorized disclosure of secrets, especially health data, is a criminal offense; healthcare providers are also subject to a special duty of confidentiality. Violations under the GDPR may be sanctioned by the data protection supervisory authorities with substantial fines, depending on the severity of the breach (up to EUR 20 million or 4% of the global annual turnover). Insured persons are also entitled to compensation for damages if unlawful use of their ePA data has caused them material or non-material harm. The affected health insurance fund or the ePA operator is obliged to immediately report such incidents to the relevant data protection authorities and inform the insured person.

What legal provisions exist regarding interoperability and the transfer of data between different ePA systems?

The legal basis for the interoperability of ePA systems is mainly set out in § 355 SGB V, the Patient Data Regulation, and the technical standards of gematik. The systems must be technically and semantically compatible to ensure seamless transfer (migration/portability) of patient data when changing health insurers or when several healthcare providers are used simultaneously. Upon request, the insured person has the right to receive all data stored so far in the current ePA within 30 days free of charge and in a generally recognized machine-readable format. Technical standards, such as HL7 FHIR, govern data exchange; legally, it must be ensured that all data protection requirements are strictly observed during the transfer. Responsibility for a secure and complete data transfer lies with the health insurers and service providers involved. Misuse or data loss during transfer may result in liability consequences.

How is liability regulated by law in cases of errors, data loss, or failures of the ePA?

In principle, those responsible for the operation and security of the electronic patient record (ePA) are liable for errors, data losses, or system failures – often the health insurance funds as providers, as well as technical service providers in accordance with legal requirements. Liability is governed by general principles of civil law, in particular contractual and tort liability (§§ 823 et seq. BGB). The health insurance funds are obliged to compensate insured persons for any damages – such as those caused by incorrectly deleted or incomplete health information – provided that fault (e.g., due to insufficient security measures) can be proven. Service providers are only liable if they themselves have violated regulations relating to the handling of the ePA. Furthermore, § 341 SGB V stipulates that technical failures or maintenance of the ePA must be reported without delay to the insured person or the treating physician. In serious cases, liability under the Product Liability Act may also become relevant, provided that a system error can be traced back to a defective technical product.