Clinical Trial Transparency in the EU: What Must Be Published and When

PostedFebruary 21, 2025

ByIuliia Gorshkova

Clinical trial transparency in the European Union has evolved from a fragmented set of national expectations into a harmonized, data-driven obligation anchored by the Clinical Trials Regulation (EU) No 536/2014 (CTR) and its central portal, the Clinical Trial Information System (CTIS). For sponsors, investigators, and data-driven life science organizations, transparency is no longer a peripheral communications task; it is a core regulatory compliance function that intersects with data protection, intellectual property, ethics, and digital systems architecture. The central principle is straightforward: the public has a right to understand what trials are being conducted, on what basis, and with what outcomes. Yet the execution is nuanced, requiring careful handling of personal data, commercially sensitive information, and patient safety considerations. This article explains what must be published, when, and how to balance openness with confidentiality in practice.

Regulatory Foundations and the Shift to CTIS

The Clinical Trials Regulation (CTR) repealed the earlier Clinical Trials Directive and introduced a harmonized, EU-wide framework. Its most consequential operational change is the creation of the Clinical Trial Information System (CTIS), a centralized portal and database managed by the European Medicines Agency (EMA) on behalf of the EU. Under the CTR, all clinical trials conducted in the EU/EEA must be submitted via CTIS, and the regulation mandates publication of key information to ensure transparency. The legal basis for transparency is Article 81 of the CTR, supplemented by the EMA Policy on Publication of Clinical Trial Data and related guidance. Importantly, the CTR applies to interventional clinical trials of medicinal products; other types of research (e.g., non-interventional studies) are governed by separate frameworks, notably the General Data Protection Regulation (GDPR) and national research ethics laws.

CTIS is the single entry point for sponsor submissions, including the application dossier, substantial modifications, and results reporting. The transparency regime is built into this workflow: certain information is public by default, while other elements are accessible only to competent authorities and ethics committees. The system is designed to provide a public-facing view of trial status, design, and outcomes while allowing sponsors to request redactions for confidential or sensitive content. This marks a significant departure from pre-CTR practices, where disclosure was uneven and often limited to the EudraCT database.

What Is Public by Default in CTIS

CTIS publishes a structured set of data elements that are visible to the public without authentication. These elements are intended to provide a clear picture of the trial’s rationale, design, and status, enabling scrutiny by patients, researchers, and regulators. The default public dataset includes:

Trial identification: EudraCT number (where applicable), CTR application number, trial title, and unique trial identifier(s).
Sponsor and investigator information: Name of the sponsor, contact details, and the Member States and sites participating.
Trial design and population: Trial phase, therapeutic area, study design (e.g., randomized, double-blind), inclusion/exclusion criteria, and the number of subjects planned.
Status and dates: Trial status (e.g., “Recruiting,” “Ongoing,” “Completed”), key milestones, and dates of first authorization and first patient in.
Summary of the protocol: A high-level description of the interventions, comparators, and endpoints.
Results summary: A lay summary of results, posted within one year of the end of the trial (or within 6 months for pediatric trials), along with a scientific summary.
Documents: The Patient Information Sheet and Informed Consent Form (PICF) and the informed consent form itself, subject to redactions where necessary.

These elements are visible across all EU Member States in which the trial is authorized. The public can view the trial’s status and key details at any time, and CTIS provides mechanisms to track updates, such as protocol amendments or results postings.

Timelines and Triggers for Publication

Transparency under the CTR is not a one-time event; it is a lifecycle obligation tied to the trial’s regulatory milestones. The key timelines are:

At authorization: Upon the decision to authorize a trial, CTIS makes the trial’s public data visible. This includes the trial title, design, participating sites, and the initial protocol summary.
During conduct: Updates to the trial status (e.g., recruitment start/stop, temporary halt) and substantial modifications that affect public information must be reflected in CTIS. The public view is updated accordingly.
End of trial: The “end of trial” date triggers the countdown for results reporting.
Results reporting: The lay summary and scientific summary of results must be posted within one year of the end of the trial. For pediatric trials, the deadline is six months. These deadlines are strict and are monitored by regulators.
Substantial modifications: Changes that affect the trial’s public information (e.g., significant protocol amendments) must be submitted via CTIS and may result in updates to the public record.

It is important to note that CTIS publication is not optional. Sponsors cannot opt out of public disclosure for the core data elements mandated by the CTR. However, the regulation recognizes that not all information should be public and provides mechanisms for redaction and confidentiality.

Redactions and Confidential Information: What Can Be Withheld

The CTR allows sponsors to request redactions from the public view to protect confidential business information (CBI), personal data, and other sensitive content. This is where the balance between transparency and confidentiality is operationalized. The following categories are typically considered for redaction:

Commercially sensitive information: Manufacturing details of the investigational medicinal product (IMP), exact formulation or manufacturing processes, proprietary algorithms or software components used in the trial, and detailed cost structures.
Intellectual property: Information that could reveal trade secrets or patentable inventions, such as detailed molecular structures beyond what is necessary for scientific understanding, or proprietary biomarker assays.
Personal data: Any data that could identify individuals, including investigator names and contact details where these are not already public in a professional capacity, patient identifiers, or detailed site-level data that could indirectly identify participants in small cohorts.
Site-level data: In some cases, precise site locations or recruitment numbers per site may be redacted if publication could compromise patient privacy or reveal commercially sensitive operational details. However, the regulation requires that the public still have a meaningful understanding of where trials are conducted, so redactions must be justified and proportionate.
Investigational plan details: Certain elements of the protocol that, if disclosed, could undermine the integrity of the trial or reveal strategic plans (e.g., detailed go/no-go decision criteria) may be redacted, provided the scientific rationale remains understandable.

Sponsors must submit a justification for each requested redaction in CTIS. Competent authorities review these requests and decide whether the redaction is appropriate. The test is proportionality: the redaction must be necessary to protect a legitimate interest and must not unduly impair the public’s ability to understand the trial’s purpose and outcomes. Authorities may reject redaction requests that are overly broad or not sufficiently substantiated.

Data Protection and the Role of GDPR

Transparency under the CTR must be implemented in compliance with the GDPR. This is a critical intersection: while the CTR mandates publication, GDPR controls the processing of personal data and requires a lawful basis. For public-facing data in CTIS, the relevant lawful basis is often legal obligation (Article 6(1)(c) GDPR) for the sponsor and public task (Article 6(1)(e) GDPR) for the EMA and national authorities. However, this does not eliminate the need for data minimization and privacy-by-design.

Key GDPR considerations include:

Data minimization: Only publish what is required by the CTR. Avoid including unnecessary personal identifiers in public documents.
Pseudonymization: Where possible, use pseudonyms or codes for investigator identifiers and site references, especially in smaller countries or rare disease settings where direct identification could occur.
Patient privacy: The PICF and consent forms must be carefully redacted to remove personal identifiers. Any patient-facing materials that include personal data must be sanitized.
Special categories of data: Health data and genetic data are special categories under GDPR, requiring enhanced protections. While the CTR’s transparency regime is a valid legal basis, the principle of necessity still applies.
International transfers: CTIS is an EU system, but sponsors must ensure that any data feeding into public disclosures does not violate cross-border transfer rules if processed outside the EEA.

From an AI systems practitioner’s perspective, this implies that data pipelines feeding CTIS submissions should include automated checks for personal data, classification of sensitive content, and version-controlled redaction workflows. Natural language processing (NLP) tools can assist in identifying personal identifiers in protocol documents and consent forms, but human oversight remains essential to ensure accuracy and compliance.

CTIS Workflow: How Publication Happens in Practice

CTIS is not merely a repository; it is an integrated submission and publication platform. The workflow typically follows these steps:

Pre-submission: Sponsors prepare the application dossier, including the protocol, investigator brochure, and patient information materials. Data governance teams identify elements that may require redaction.
Submission: The dossier is submitted via CTIS to all concerned Member States simultaneously. The system flags which data elements will be public upon authorization.
Assessment: Member States conduct joint assessment of the dossier. During this phase, sponsors can refine redaction requests based on feedback.
Authorization: Once authorized, CTIS publishes the public dataset. The trial becomes visible to the public, and the status is tracked.
Conduct and updates: Sponsors update CTIS for status changes and substantial modifications. Public data is refreshed accordingly.
Results reporting: At the end of the trial, sponsors upload the lay summary and scientific summary. CTIS publishes these documents after review, subject to redactions.

Throughout this process, sponsors should maintain a transparency register that maps each public data element to its source document, redaction rationale, and approval status. This register supports auditability and helps respond to regulator queries about why specific information was withheld or published.

Country-Specific Nuances and National Implementations

While the CTR is an EU regulation and applies uniformly, its implementation involves national competent authorities (NCAs) and ethics committees. This creates subtle variations in practice:

Redaction scrutiny: Some NCAs are stricter than others in approving redactions. For example, Nordic authorities often emphasize patient privacy and may reject broad site-level redactions unless narrowly tailored. Southern European authorities may be more permissive regarding commercial confidentiality, but still require robust justification.
Language requirements: Public documents, including lay summaries, must be provided in a language acceptable to the Member State. While CTIS supports multiple languages, sponsors must ensure translations meet local standards for clarity and readability.
Ethics committee expectations: National ethics committees may impose additional transparency requirements beyond the CTR, particularly regarding patient engagement and public communication. In some countries, ethics committees expect proactive dissemination of trial results beyond CTIS, such as posting on hospital websites or registries.
Public access culture: Countries with strong traditions of public sector openness (e.g., Nordic countries, Netherlands) may see more proactive use of CTIS data by journalists, patient groups, and researchers. Sponsors should anticipate external scrutiny and prepare communication strategies accordingly.

From a cross-country perspective, sponsors should adopt a harmonized baseline for transparency that meets the strictest expectations across the EU, while allowing for localized adjustments. This reduces the risk of inconsistent disclosures and simplifies compliance.

Interplay with Other EU Frameworks

Clinical trial transparency does not exist in a vacuum. It intersects with several other EU frameworks:

GDPR: As discussed, GDPR governs personal data handling. The EMA has adopted a detailed policy on handling personal data in CTIS, including retention periods and access controls.
EU Clinical Trials Regulation vs. National Laws: The CTR is lex specialis for interventional trials of medicinal products. Other research (e.g., medical device studies without medicinal products) falls under national laws and the GDPR. Sponsors must correctly classify studies to determine which transparency regime applies.
Medical Device Regulation (MDR) and IVDR: Device trials may involve separate registries (e.g., EUDAMED when fully operational) and may have different transparency expectations. Coordination between CTIS and device registries is an emerging area.
Open Data and INSPIRE: While not directly applicable to CTIS, broader EU open data policies influence expectations for public access to research outputs. Funders like Horizon Europe increasingly require open access to datasets and lay summaries.
AI and algorithmic transparency: If a trial involves AI-driven diagnostics or endpoints, transparency obligations may extend to explaining the role of AI, data sources, and validation methods. This is not yet mandated by CTIS but is an emerging best practice.

Balancing Transparency with Confidentiality: Practical Strategies

Effective transparency management requires a structured approach that integrates legal, regulatory, and technical capabilities. The following strategies are recommended:

Establish a transparency governance model: Create a cross-functional team (regulatory, legal, data protection, clinical operations, and IT) responsible for reviewing all public-facing content. Define clear criteria for redactions and document decisions.
Implement privacy-by-design: Build CTIS data pipelines with automated personal data detection and redaction workflows. Use version control to track changes and maintain audit trails.
Adopt a tiered disclosure approach: Distinguish between mandatory public elements, optional redactions, and non-public data. Ensure that redactions are narrowly tailored and justified.
Prepare lay summaries early: Draft lay summaries during protocol development to ensure they are clear, accurate, and compliant. Engage patient representatives to review language and readability.
Monitor country-specific guidance: Maintain a repository of NCA and ethics committee expectations. Update templates and workflows as local guidance evolves.
Train staff: Ensure clinical, regulatory, and data teams understand CTR transparency obligations and GDPR constraints. Regular training reduces the risk of inadvertent disclosures.
Prepare for external scrutiny: Assume that CTIS data will be analyzed by third parties. Conduct internal reviews of public data for potential misinterpretations and prepare Q&A materials for internal use.

Common Pitfalls and How to Avoid Them

Transparency failures can lead to regulatory sanctions, reputational damage, and loss of public trust. Common pitfalls include:

Overbroad redactions: Requesting redactions for information that is not truly confidential. This can trigger regulatory pushback and delays. Solution: justify each redaction with specific references to CBI or privacy risks.
Missed deadlines: Failing to post results within one year (or six months for pediatric trials). Solution: implement automated reminders and integrate results reporting into trial close-out processes.
Personal data leakage: Publishing documents with unredacted identifiers. Solution: use automated PII scanning tools and manual review before submission.
Inconsistent country disclosures: Different redaction practices across Member States leading to public discrepancies. Solution: maintain a harmonized baseline and document exceptions.
Poor lay summaries: Technical language that is not understandable to patients. Solution: involve plain-language experts and patient groups in drafting.

AI and Data Systems Considerations

From an AI practitioner’s standpoint, CTIS transparency introduces opportunities and risks:

Automated redaction: NLP models can identify names, addresses, and other identifiers in documents. However, context matters; AI may miss indirect identifiers (e.g., rare disease sites). Human review is essential.
Sensitive content detection: AI can classify sections of documents as potentially confidential (e.g., manufacturing details) based on keyword patterns and embeddings. This can streamline legal review but should not replace it.
Metadata management: CTIS metadata (e.g., trial status, dates) can be ingested into internal dashboards for compliance monitoring. AI can help detect anomalies, such as delays in results posting.
Explainability: If AI is used as an endpoint or in trial operations, transparency expectations may extend to explaining the AI’s role. While not yet mandated by CTIS, documenting AI use and validation supports regulatory trust.
Security: CTIS data flows must be secured. AI systems processing CTIS data should comply with ISO 27001 and EU cybersecurity guidelines, especially for sensitive or proprietary content.

Case Example: Balancing Transparency in a Rare Disease Trial

Consider a Phase II rare disease trial across three EU countries. The trial uses a novel biomarker assay and a proprietary algorithm to stratify patients. The sponsor must publish the trial design, inclusion criteria, and results in CTIS. However

AI in Education: Fundamentals & Tools

Understanding AI Basics

Practical AI Tools for Educators

Integrating AI into Teaching

Case Studies & Success Stories

Ethical AI & Inclusive Practices

Ethical & Legal Frameworks for AI Systems

Equity & Inclusion

Transparency & Trust

Algorithmic Bias, Discrimination & Legal Risk

AI Errors, Accountability & Legal Responsibility

Institutional AI Governance & Policy Design

AI, Security & GDPR Compliance

Data Protection & Privacy

Cybersecurity in AI

EU Regulations & Policies

Engaging Parents & Guardians

Data Protection, Privacy & AI Governance

Additional Resources

Glossary of Terms

Templates & Guides

Webinars & Research

AI for Administrative & Pedagogical Support

AI for Time Management

AI in Student Performance Tracking

AI for Automated Communication

AI for Document Management

AI, Robotics & Biotech Regulation in Europe

EU AI Act Explained: Scope, Risk Levels, Obligations

AI-Enabled Products: Robots, Medical Software, Smart Devices

Machinery Regulation & Safety Standards for Intelligent Systems

AI in Healthcare & Biotech: MDR, IVDR, EMA

Liability & Responsibility for AI-Driven Systems

Compliance in Practice: From Risk Assessment to CE Marking

Country-Specific AI Regulation & Enforcement

How EU AI Law Is Applied at National Level

Different Compliance Models

National AI Sandboxes & Regulatory Experiments

Public Sector AI Rules Across Europe

Cross-Border AI Deployment Challenges

When National Law Overrides EU Guidance

Legal Cases, Enforcement & Real-World Precedents

AI Act, GDPR & Algorithmic Decision-Making Cases

Liability Disputes Involving Automated Systems

Robotics Accidents & Legal Responsibility

Medical & Biotech AI Failures: Lessons Learned

What Enforcement Trends Tell Us About Future Regulation