About the Code of Conduct

The EUCROF GDPR Code of Conduct for Service Providers in Clinical Research (the Code) is the first transnational code of conduct in the area of health, applicable in all 27 EU Member States.

The lead supervisory data protection authority for the Code is the French Data Protection Authority (CNIL - https://www.cnil.fr/en).

The Code has been approved the 12 September 2024:

- See EDPB opinion published June 18th, 2024 [here]

- See CNIL's decision nb 2024-064 published 12 September 2024 [here]

The Code is now public and can be obtained by filling a request form [here]

This Code is a tool to foster transparency towards patients, investigational sites, pharma, biotechs, medtechs, ethics committees, authorities ...

Who is covered?

• • Service Providers for clinical research acting as a Data Processor for the research/study sponsor in the frame of a Service Contract
  • Service Providers are full-service CROs and specialised single-service vendors e.g., IT

The adhering companies are listed in a Public Registry - Click here to access the public registry

What is covered?

• • 23 classes of services that a CRO can deliver. Click here to access the description of the 23 classes of services

Whose data are covered?

• • Patients & healthcare professionals

What geographical area?

• • 27 European Union Member States

Learn more about the Code: click here to download a short introduction to the Code.

What is the current status?

• EUCROF is now establishing the monitoring body that needs to be accredited by the lead supervisory authority before it starts operations

Send a request to This email address is being protected from spambots. You need JavaScript enabled to view it. and the EUCROF Team will guide you on this process.

We expect the first adherence decisions to be taken in the course of Q1 2025