Research & Development Compliance

We help organisations meet legal and regulatory requirements in research and development (R&D).

Legal support for R&D projects

We provide specialised legal support throughout the full lifecycle of a research or innovation project - from planning and approvals to documentation, reporting and post-project obligations.

Key areas of expertise:

  • Medical research and clinical trials

  • Secondary use of health and research data

  • AI and machine learning in R&D

  • Medical devices (testing, validation, procurement)

  • Semiconductor and emerging technology development

  • Data protection and GDPR in research

Our support ensures that your R&D activities are lawful, ethically grounded and aligned with strategic goals.

Request support

Why R&D Compliance matters?

Challenges

Research and development activities are subject to extensive and complex regulation. The broad and fragmented regulatory landscape can be difficult to apply in practice. A single research project may be subject to several overlapping laws, for example, the EU Clinical Trials Regulation alongside national legislation. This complexity can delay research activities and slow down innovation.

Benefits of Compliance

Strong research and development compliance is a competitive advantage. It helps manage legal and operational risks, builds trust with partners and authorities, and most importantly, enables research projects to proceed on schedule.

Consequences of Non-Compliance

Failure to comply with regulatory requirements can lead to administrative fines, claims for damages and significant reputational harm. Inadequate compliance or documentation may also prevent patents from being granted, approvals from being issued or innovations from receiving regulatory acceptance.

New and Emerging Regulation

Research and development activities are also affected by new EU and national legislation. The EU Artificial Intelligence Act applies to many research and innovation use cases, and its research exemption is limited to narrowly defined situations.

In Finland, amendments have been proposed to the Act on the Secondary Use of Health and Social Data and to the Data Protection Act, including the possibility of administrative fines for data protection violations also for the public sector.

See more insights on R&D Compliance from Regulyn Knowledge Centre.

Our R&D Legal Services

  • Research agreements

    Drafting, reviewing and negotiating research agreements to ensure legal compliance and clearly defined responsibilities.

    Examples include:

    -clinical trial agreements (CTAs)

    -data and material transfer agreements (DSA, DTA, MTA)

    - collaboration agreements (e.g., DESCA model agreements and other EU consortium agreements)

  • Data and Materials Use

    Advisory support for the lawful use of data and biological materials.

    Examples include:

    -planning the secondary use of health data or other research data

    -assessing the lawful use of research data

    -guidance on international transfers of data or samples

  • Tailored Training

    Custom training and supporting materials for leadership, governance bodies and research teams.

    Examples include:

    -tailored training sessions on research-related regulatory topics

    -training material packages (e.g., “Research Agreements 101” or “AI in Clinical Research”)

  • Specialised Support

    Specialised legal support for complex issues arising in research and development activities.

    Examples include:

    -assistance in preparing responses to regulatory authorities

    -assessment of applicable legislation for a research project

    -guidance on the use of AI or machine learning in research

Request Advisory Support

Frequently Asked Questions (FAQ)

  • Compliance covers the ethical and regulatory obligations that apply to R&D projects. This includes, for example, data protection (e.g. GDPR), regulation governing clinical research (such as the CTR and MDR), and adherence to ethical standards.

    Research agreements are a key practical tool for ensuring regulatory compliance. In some cases, a written agreement is mandatory under applicable legislation or funding conditions.

  • The General Data Protection Regulation (GDPR) provides certain flexibilities for processing personal data in scientific research, often referred to as the research exemption.

    In practice, this allows existing data to be reused for scientific research without necessarily obtaining new consent, as scientific research is considered compatible with the original purpose of collection. In specific circumstances, certain data subject rights (such as the right to erasure) may also be restricted for research purposes.

    However, these exemptions can only be relied upon when:

    • appropriate safeguards are implemented, such as pseudonymisation; and

    • the activity qualifies as genuine scientific research (based on a research plan and not merely market research).

    National legislation may also impose additional requirements on the processing of personal data in research.

  • he EU Artificial Intelligence Act includes a specific research exemption. The AI Act does not apply to AI systems or models (or their outputs) that are developed and used solely for the purposes of scientific research and development.

    This exemption may apply, for example, to academic prototype development or the training of a model intended solely for research use. However, the exemption no longer applies once an AI system is placed on the market or when it is no longer used exclusively for research or development purposes. Real-world testing is also subject to additional requirements.

    The AI Act further supports innovation through mechanisms such as national regulatory sandboxes.

    Importantly, even when the AI Act does not apply, other legislation continues to apply. For example, data protection requirements and clinical research safety obligations must still be observed.

  • In research projects, it is essential to document key terms in a written agreement. Core areas to address include the project implementation, data protection, confidentiality, intellectual property rights and liability.

    The appropriate agreement depends on the scope of the collaboration, the parties involved and the applicable legislation. Some funders also require the use of their own contract templates.

    Common types of research agreements include:

    • Non-Disclosure Agreement (NDA): used before initiating collaboration, unless confidentiality is covered elsewhere

    • Consortium Agreement: particularly common in academic and EU-funded collaborative research

    • Material Transfer Agreement (MTA): required when biological materials or other samples are transferred between parties

    • Clinical Trial Agreement (CTA): required for clinical drug or medical device studies

    • Data Transfer Agreement (DTA): used when datasets are transferred as part of the collaboration

“The collaboration is exceptionally smooth. It feels like working with an in-house lawyer rather than an external consultant.”

— R&D Director, Healthcare Sector

(Confidential Reference)