Review of Taiwan's Existing Regulations on the Access to Bioloical Resources

Strengthening Taiwan’s Pharmaceutical Resilience: Legal Reflections from the European Union’s Critical Medicines Act 2025/11/15 Introduction: From Vulnerability to Vision For Taiwan, an island state positioned at the crossroads of geopolitical tension and globalized medical trade, the question of pharmaceutical resilience is no longer a technical concern but a constitutional one. A nation’s ability to secure the continuous availability of essential medicines defines not only its public health capacity but the very credibility of its governance. In this light, the European Union’s (hereunder, the “EU”) proposed Critical Medicines Act (hereunder, “EU CMA”) offers Taiwan an illuminating case of how law can move beyond crisis management toward systemic foresight[1]. Resilience in the pharmaceutical sector is not merely about supply stability; it embodies a triple constitutional function—protecting life and health as fundamental rights, safeguarding national security through stable access to critical goods, and reinforcing trust in regulatory governance. Law thus becomes the medium through which uncertainty is rendered governable. The global pandemic revealed that the absence of legal foresight can paralyze even the most advanced health systems, exposing the structural fragility behind administrative efficiency. While Taiwan’s current pharmaceutical regulatory framework remains largely event-driven, reactive, and post-facto, the EU CMA exemplifies an industry-oriented, anticipatory, and pre-emptive model. The contrast underscores a jurisprudential lesson: resilience cannot be legislated through emergency decrees alone; it must be architected through a continuous, legally structured process that anticipates vulnerabilities before they materialize. This article identifies three foundational principles embedded in the EU CMA—visibility, diversification, and agility—and explores how these principles could guide Taiwan in constructing a forward-looking pharmaceutical resilience regime. The goal is not imitation, but inspiration—extracting from the EU experience a conceptual framework for a resilient Taiwanese pharmaceutical order. The EU CMA as a Law of Foresight The EU CMA represents a paradigm shift in pharmaceutical governance. Instead of fragmented national reactions to shortages, the Act establishes a Union-wide framework “to strengthen the availability and security of supply of critical medicinal products” through coordinated information systems, joint vulnerability assessments, and strategic industrial actions[2]. Its architecture reflects a policy-cycle logic: identification of critical medicines (Union list), assessment of vulnerabilities (harmonized monitoring), and action to strengthen capacity (strategic projects, coordinated procurement). Each stage is legally codified and procedurally transparent. The EU CMA thus transforms resilience from a policy aspiration into a governance architecture mandated by law. This approach reveals a fundamental evolution in regulatory philosophy: from law as reaction to law as anticipation. The EU does not merely respond to pharmaceutical disruptions; it legislates the ability to foresee them. This transformation elevates resilience from a managerial tool to a juridical principle that guides administrative behavior and industrial coordination. In this sense, the EU CMA operates as a constitutional statute of preparedness—one that embeds strategic vigilance within the ordinary operations of the market. Moreover, the Act’s systemic design demonstrates a rare synthesis of industrial, health, and competition policies under a unified legal grammar. By integrating economic instruments (such as incentives for local production) with public health imperatives (such as the availability of essential drugs), the EU CMA transforms siloed policy domains into a coherent resilience regime. It institutionalizes coordination not as an afterthought but as a binding legal discipline. Crucially, the EU’s approach embodies what might be called the legality of anticipation: law as an instrument that compels foresight. Resilience here is treated as a public good, transcending national borders but rooted in legal coordination. For Taiwan—whose pharmaceutical imports are geographically concentrated and whose market size limits domestic leverage—the lesson is profound: foresight must be institutional, not intuitive. Visibility: Law as an Instrument of Anticipation At the heart of the EU CMA lies the principle of visibility—the legalization of information as a tool of preparedness. The Act mandates the creation of a Union list of critical medicines[3] and a continuous monitoring system for supply vulnerabilities, coordinated through the Critical Medicines Coordination Group[4]. By institutionalizing information flows, the EU transforms data into a public good and transparency into an act of resilience. Visibility performs a dual function. On one hand, it is technocratic, enabling states to detect early signals of supply risk. On the other, it is constitutional, embedding accountability within knowledge. Uncertainty, when unregulated, leads to discretion; when structured, it becomes a risk, which law can govern. The EU CMA thus converts chaos into cognition—an epistemic transformation at the heart of modern administrative law. For Taiwan, this implies a shift from episodic crisis reporting toward permanent, cross-sectoral data governance. Information duties should not be seen as bureaucratic burdens but as civic infrastructures that permit collective foresight. Visibility, therefore, is not simply about surveillance but about legally enabling knowledge—the first step toward prevention rather than post-hoc management. Diversification: Embedding Resilience into Market Rationality The second principle, diversification, redefines efficiency itself. The EU CMA promotes manufacturing capacity within Europe under the doctrine of “open strategic autonomy”[5]. It supports Strategic Projects that enhance production, encourages cooperation with like-minded countries, and authorizes procurement methods that reward resilience factors alongside price—what EU law calls “MEAT” (Most Economically Advantageous Tender)[6]. This reframes the very idea of market rationality: security and competition are not opposites but complements. Law functions here as a corrective to market myopia, ensuring that the invisible hand does not ignore visible fragility. By quantifying resilience as a measurable value, the EU transforms precaution into an economic variable. For Taiwan—whose procurement and reimbursement systems have historically emphasized price containment—this perspective opens conceptual space. Resilience should not be perceived as inefficiency, but as intertemporal justice: a society’s investment in its future continuity. A diversified system—of suppliers, regions, and regulatory instruments—creates not redundancy but adaptability. In this sense, diversification is law’s expression of prudence in an interconnected economy. Agility: From Administrative Response to Legal Readiness The third principle, agility, captures the law’s capacity to act swiftly yet lawfully. The EU CMA institutionalizes flexibility through accelerated procedures for strategic projects, coordinated procurement frameworks, and crisis response mechanisms[7]. These powers are accompanied by procedural safeguards and sunset clauses, ensuring proportionality and reversibility. Agility thus represents legality in motion: action without arbitrariness. It reconciles speed with scrutiny by embedding emergency measures within predefined legal channels. The lesson for Taiwan is both institutional and philosophical—true readiness is not improvisation, but preparation that preserves legitimacy. In Taiwan’s current system, regulatory energy peaks during emergencies and dissipates thereafter. A mature resilience framework would instead cultivate continuous readiness—administrative structures that learn, anticipate, and adapt. Agility, understood legally, means codifying responsiveness as a standing competence of governance. It is the hinge connecting foresight and execution, legality and flexibility. Taiwan’s Legal Trajectory: From Event-Driven to Industry-Oriented Regulation Comparatively, Taiwan’s Pharmaceutical Affairs Act—even with its proposed amendments—remains largely event-driven and post-crisis in design[8]. Regulatory intervention often follows episodes of shortage or disruption. While recently introduced draft revisions strengthening supply chain obligations[9], these proposed revisions still operate primarily within a reactive paradigm. By contrast, the EU CMA envisions an industry-oriented, anticipatory, and system-based model. It embeds resilience into the legal DNA of pharmaceutical policy—linking regulation, industrial strategy, and public health. For Taiwan, this means evolving from regulatory firefighting to regulatory design: from curing failures to cultivating foresight. To achieve this, Taiwan’s legal development must transcend compliance formalism and embrace a culture of legal learning—where rules are not static commands but adaptive instruments of governance. The transition from event-driven to foresight-driven lawmaking will not only strengthen national health security but also elevate Taiwan’s position in the network of like-minded economies pursuing resilient supply systems. Conclusion: Toward a Resilient Legal Modernity The EU Critical Medicines Act demonstrates that law can be an architecture of anticipation. Its three pillars—visibility, diversification, and agility—form a grammar of resilience that integrates market mechanisms, administrative capacity, and democratic legitimacy. For Taiwan, the value of this model lies not in replication but in reflection. Visibility teaches that knowledge must be institutionalized. Diversification reminds us that resilience can coexist with efficiency. Agility shows that speed and legality are not mutually exclusive. Together, they suggest a new philosophy of governance: one that replaces reaction with design, and uncertainty with structured foresight. Yet the deeper lesson of the EU CMA is that resilience is not simply a functional attribute of a regulatory system—it is a constitutional virtue of modern states. To build resilience is to affirm the social contract anew: to promise citizens not that crises will never occur, but that when they do, institutions will stand ready, transparent, and just. This transforms law from a mirror of disorder into an instrument of collective composure. For Taiwan, embracing resilience as a constitutional principle means reimagining the relationship between law, science, and sovereignty. In a world where disruption is perpetual—whether by pandemics, trade shocks, or technological change—resilience becomes the language through which legality and modernity converge. It marks the transition from governing by reaction to governing by imagination. While the EU CMA relies on the Union’s vast market power to incentivize and coordinate pharmaceutical resilience, Taiwan faces a distinct structural challenge: its market size, though dynamic, cannot generate comparable leverage on a global scale. This asymmetry compels Taiwan to craft a dual strategy—anchoring its domestic resilience through legal foresight, while simultaneously aligning with international frameworks that promote secure and diversified supply chains. How Taiwan can reconcile these two imperatives—maintaining openness and integration with global partners, yet safeguarding autonomous resilience at home—will define the next frontier of its pharmaceutical governance. It is within this strategic and normative intersection that the Institute for Information Industry’s Science and Technology Law Institute (STLI) will continue its research efforts, exploring legal architectures capable of linking Taiwan’s national resilience with the broader ecosystem of global health security. Ultimately, resilience is not merely a regulatory principle but a moral commitment to time—a covenant between generations that law will foresee, prepare, and preserve. As Taiwan refines its pharmaceutical governance, the lesson from the EU CMA is both institutional and existential: to govern resilience is to govern the future itself, and to govern the future is to affirm the dignity of foresight as the highest form of rule of law. [1] EUROPEAN COMMISSION, Proposal for a Regulation of the European Parliament and of the Council laying down a framework for strengthening the availability and security of supply of critical medicinal products as well as for improving the availability of, and access to, medicinal products of common interest (Critical Medicines Act), COM(2025) 102 final (Mar. 11, 2025), https://health.ec.europa.eu/document/download/2abe4fc8-059e-47d9-a20a-d9e3bfc5dc2c_en?filename=mp_com2025_102_act_en.pdf (last visited Nov. 2, 2025). [2] id. at Page 17. [3] id. at Page 27. [4] id. at Page 35. [5] CRITICAL MEDICINES ALLIANCE, STRATEGIC REPORT OF THE CRITICAL MEDICINES ALLIANCE (Feb. 28, 2025), https://health.ec.europa.eu/document/download/3da9dfc0-c5e0-4583-a0f1-1652c7c18c3c_en?filename=hera_cma_strat-report_en.pdf (last visited Nov. 2, 2025). [6] EUROPEAN COMMISSION, Proposal for a Regulation of the European Parliament and of the Council laying down a framework for strengthening the availability and security of supply of critical medicinal products as well as for improving the availability of, and access to, medicinal products of common interest (Critical Medicines Act), COM(2025) 102 final (Mar. 11, 2025), https://health.ec.europa.eu/document/download/2abe4fc8-059e-47d9-a20a-d9e3bfc5dc2c_en?filename=mp_com2025_102_act_en.pdf (last visited Nov. 2, 2025). [7] id. at Page 7. [8] Pharmaceutical Affairs Act (Taiwan), Ministry of Justice, https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=L0030001 (last visited Nov. 2, 2025). [9] 〈衛生福利部公告「藥事法」部分條文修正草案〉，法源法律網，https://www.lawbank.com.tw/news/NewsContent.aspx?NID=206187.00（最後瀏覽日：2025/11/03）。

3.Commission of Technology and Innovation (CTI) 　　The CTI is also an institution dedicated to boosting innovation in Switzerland. Established in 1943, it was known as the Commission for the Promotion of Scientific Research[1]. It was initially established for the purpose of boosting economy and raising the employment rate, and renamed after 1996. The CTI and SNSF are two major entities dedicated to funding scientific research in Switzerland, and the difference between both resides in that the CTI is dedicated to funding R&D of the application technology and industrial technology helpful to Switzerland’s economic development. 　　Upon enforcement of the amended RIPA 2011, the CTI was officially independent from the Federal Office for Professional Education and Technology (OEPT) and became an independent entity entitled to making decisions and subordinated to the Federal Department of Economic Affairs (FDEA) directly[2]. The CTI is subject to the council system, consisting of 65 professional members delegated from industrial, academic and research sectors. The members assume the office as a part time job. CTI members are entitled to making decisions on funding, utilization of resources and granting of CTI Start-up Label independently[3]. 　　The CTI primarily carries out the mission including promotion of R&D of industrial technology, enhancement of the market-orientation innovation process and delivery of R&D energy into the market to boost industrial innovation. For innovation, the CTI's core mission is categorized into[4]: (1)Funding technology R&D activities with market potential 　　The CTI invests considerable funds and resources in boosting the R&D of application technology and industrial technology. The CTI R&D Project is intended to fund private enterprises (particularly small-sized and medium-sized enterprises) to engage in R&D of innovation technology or product. The enterprises may propose their innovative ideas freely, and the CTI will decide whether the funds should be granted after assessing whether the ideas are innovative and potentially marketable[5]. 　　CTI’s funding is conditioned on the industrial and academic cooperation. Therefore, the enterprises must work with at least one research institution (including a university, university of science and technology, or ETH) in the R&D. Considering that small-sized and medium-sized enterprises usually do not own enough working funds, technology and human resources to commercialize creative ideas, the CTI R&D Project is intended to resolve the problem about insufficient R&D energy and funds of small- and medium-sized enterprises by delivering the research institutions’ plentiful research energy and granting the private enterprises which work with research institutions (including university, university of science and technology, or ETH) the fund. Notably, CTI’s funding is applicable to R&D expenses only, e.g., research personnel’s salary and expenditure in equipment & materials, and allocated to the research institutions directly. Meanwhile, in order to enhance private enterprises' launch into R&D projects and make them liable for the R&D success or failure, CTI’s funding will be no more than 50% of the total R&D budget and, therefore, the enterprises are entitled to a high degree of control right in the process of R&D. 　　The industrial types which the CTI R&D Project may apply to are not limited. Any innovative ideas with commercial potential may be proposed. For the time being, the key areas funded by CTI include the life science, engineering science, Nano technology and enabling sciences, etc.[6] It intends to keep Switzerland in the lead in these areas. As of 2011, in order to mitigate the impact of drastic CHF revaluation to the industries, the CTI launched its new R&D project, the CTI Voucher[7]. Given this, the CTI is not only an entity dedicated to funding but also plays an intermediary role in the industrial and academic sectors. Enterprises may submit proposals before finding any academic research institution partner. Upon preliminary examination of the proposals, the CTI will introduce competent academic research institutions to work with the enterprises in R&D, subject to the enterprises' R&D needs. After the cooperative partner is confirmed, CTI will grant the fund amounting to no more than CHF3,500,000 per application[8], provided that the funding shall be no more than 50% of the R&D project expenditure. 　　The CTI R&D Project not only boosts innovation but also raises private enterprises’ willingness to participate in the academic and industrial cooperation, thereby narrowing the gap between the supply & demand of innovation R&D in the industrial and academic sectors. Notably, the Project has achieved remarkable effect in driving private enterprises’ investment in technology R&D. According to statistical data, in 2011, the CTI solicited additional investment of CHF1.3 from a private enterprise by investing each CHF1[9]. This is also one of the important reasons why the Swiss innovation system always acts vigorously. Table 1 　2005-2011 Passing rate of application for R&D funding Year 2011 2010 2009 2008 2007 2006 2005 Quantity of applications 590 780 637 444 493 407 522 Quantity of funded applications 293 343 319 250 277 227 251 Pass rate 56% 44% 50% 56% 56% 56% 48% Data source: Prepared by the Study (2)Guiding high-tech start-up 　　Switzerland has learnt that high-tech start-ups are critical to the creation of high-quality employment and boosting of economic growth, and start-ups were able to commercialize the R&D results. Therefore, as of 2001, Switzerland successively launched the CTI Entrepreneurship and CTI Startup to promote entrepreneurship and cultivate high-tech start-ups. 1.CTI Entrepreneurship 　　The CTI Entrepreneurship was primarily implemented by the Venture Lab founded by CTI investment. The Venture Lab launched a series of entrepreneurship promotion and training courses, covering day workshops, five-day entrepreneurship intensive courses, and entrepreneurship courses available in universities. Each training course was reviewed by experts, and the experts would provide positive advice to attendants about innovative ideas and business models. Data source: Venture Lab Site Fig. 3 　Venture Lab Startup Program 2.CTI Startup 　　The CTI is dedicated to driving the economy by virtue of innovation as its priority mission. In order to cultivate the domestic start-ups with high growth potential in Switzerland, the CTI Startup project was launched in 1996[10] in order to provide entrepreneurs with the relevant guidance services. The project selected young entrepreneurs who provided innovative ideas, and guided them in the process of business start to work their innovative ideas and incorporate competitive start-ups. 　　In order to enable the funding and resources to be utilized effectively, the CTI Startup project enrolled entrepreneurs under very strict procedure, which may be categorized into four stages[11]: Data source: CTI Startup Site Fig. 4 　Startup Plan Flow Chart 　　In the first stage, the CTI would preliminarily examine whether the applicant’s idea was innovative and whether it was technologically feasible, and help the applicant register with the CTI Startup project. Upon registration, a more concrete professional examination would be conducted at the second stage. The scope of examination included the technology, market, feasibility and management team’s competence. After that, at the stage of professional guidance, each team would be assigned a professional “entrepreneurship mentor”, who would help the team develop further and optimize the enterprise’s strategy, flow and business model in the process of business start, and provide guidance and advice on the concrete business issues encountered by the start-up. The stage of professional guidance was intended to guide start-ups to acquire the CTI Startup Label, as the CTI Startup Label was granted subject to very strict examination procedure. For example, in 2012, the CTI Startup project accepted 78 applications for entrepreneurship guidance, but finally the CTI Startup Label was granted to 27 applications only[12]. Since 1996, a total of 296 start-ups have acquired the CTI Startup Label, and more than 86% thereof are still operating now[13]. Apparently, the CTI Startup Label represents the certification for innovation and on-going development competence; therefore, it is more favored by investors at the stage of fund raising. Table 2 　Execution of start-up plans for the latest three years Quantity of application Quantity of accepted application Quantity of CTI Label granted 2012 177 78 27 2011 160 80 26 2010 141 61 24 Data source: CTI Annual Report, prepared by the Study 　　Meanwhile, the “CTI Invest” platform was established to help start-up raise funds at the very beginning to help commercialize R&D results and cross the valley in the process of R&D innovation. The platform is a private non-business-making organization, a high-tech start-up fund raising platform co-established by CTI and Swiss investors[14]. It is engaged in increasing exposure of the start-ups and contact with investors by organizing activities, in order to help the start-ups acquire investment funds. (3)Facilitating transfer of knowledge and technology between the academic sector and industrial sector 　　KTT Support (Knowledge & Technology Transfer (KTT Support) is identified as another policy instrument dedicated to boosting innovation by the CTI. It is intended to facilitate the exchange of knowledge and technology between academic research institutions and private enterprises, in order to transfer and expand the innovation energy. 　　As of 2013, the CTI has launched a brand new KTT Support project targeting at small-sized and medium-sized enterprises. The new KTT Support project consisted of three factors, including National Thematic Networks (NTNs), Innovation Mentors, and Physical and web-based platforms. Upon the CTI’s strict evaluation and consideration, a total of 8 cooperative innovation subjects were identified in 2012, namely, carbon fiber composite materials, design idea innovation, surface innovation, food study, Swiss biotechnology, wood innovation, photonics and logistics network, etc.[15] One NTN would be established per subject. The CTI would fund these NTNs to support the establishment of liaison channels and cooperative relations between academic research institutions and industries and provide small- and medium-sized enterprises in Switzerland with more rapid and easy channel to access technologies to promote the exchange of knowledge and technology between both parties. Innovation Mentors were professionals retained by the CTI, primarily responsible for evaluating the small-sized and medium-sized enterprises’ need and chance for innovation R&D and helping the enterprises solicit competent academic research partners to engage in the transfer of technology. The third factor of KTT Support, Physical and web-based platforms, is intended to help academic research institutions and private enterprises establish physical liaison channels through organization of activities and installation of network communication platforms, to enable the information about knowledge and technology transfer to be more transparent and communicable widely. 　　In conclusion, the CTI has been dedicated to enhancing the link between scientific research and the industries and urging the industrial sector to involve and boost the R&D projects with market potential. The CTI’s business lines are all equipped with corresponding policy instruments to achieve the industrial-academic cooperation target and mitigate the gap between the industry and academic sectors in the innovation chain. The various CTI policy instruments may be applied in the following manner as identified in the following figure. Data source: CTI Annual Report 2011 Fig. 5 　Application of CTI Policy Instrument to Innovation Chain III. Swiss Technology R&D Budget Management and Allocation 　　The Swiss Federal Government has invested considerable expenditures in technology R&D. According to statistic data provided by Swiss Federal Statistical Office (FSO) and OECD, the Swiss research expenditures accounted for 2.37% of the Federal Government’s total expenditures, following the U.S.A. and South Korea (see Fig. 6). Meanwhile, the research expenditures of the Swiss Government grew from CHF2.777 billion in 2000 to CHF4.639 billion in 2010, an average yearly growth rate of 5.9% (see Fig. 7). It is clear that Switzerland highly values its technology R&D. Data source: FSO and OECD Fig. 6 Percentage of Research Expenditures in Various Country Governments’ Total Expenditures (2008) Data source: FSO and OECD Fig. 7 　Swiss Government Research Expenditures 2000-2010 1.Management of Swiss Technology R&D Budget 　　Swiss research expenditures are primarily allocated to the education, R&D and innovation areas, and play an important role in the Swiss innovation system. Therefore, a large part of the Swiss research expenditures are allocated to institutions of higher education, including ETH, universities, and UASs. The Swiss research expenditures are utilized by three hierarchies[16] (see Fig. 8): Government R&D funding agencies: The Swiss research budget is primarily executed by three agencies, including SERI, Federal Department of Economic Affairs, Education and Research, and Swiss Agency for Development and Cooperation (SDC). Intermediary R&D funding agencies: Including SNSC and CTI. Funding of R&D performing institutions: Including private enterprises, institutions of higher education and private non-profit-making business, et al. 　　Therefore, the Swiss Government research expenditures may be utilized by the Federal Government directly, or assigned to intermediary agencies, which will allocate the same to the R&D performing institutions. SERI will allocate the research expenditures to institutions of higher education and also hand a lot of the expenditures over to SNSF for consolidated funding to the basic science of R&D. Data source: FSO Fig. 8 　Swiss Research Fund Utilization Mechanism ~to be continued~ [1] ORGANIZATION FOR ECONNOMIC CO-OPERATION AND DEVELOPMENT [OECD], OECD Reviews of Innovation Policy: Switzerland 27 (2006). [2] As of January 1, 2013, the Federal Ministry of Economic Affairs was reorganized, and renamed into Federal Department of Economic Affairs, Education and Research (EAER). [3] The Commission for Technology and Innovation CTI, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.kti.admin.ch/org/00079/index.html?lang=en (last visited Jun. 3, 2013). [4] Id. [5] CTI INVEST, Swiss Venture Guide 2012 (2012), at 44, http://www.cti-invest.ch/getattachment/7f901c03-0fe6-43b5-be47-6d05b6b84133/Full-Version.aspx (last visited Jun. 4, 2013). [6] CTI, CTI Activity Report 2012 14 (2013), available at http://www.kti.admin.ch/dokumentation/00077/index.html?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDen16fmym162epYbg2c_JjKbNoKSn6A-- (last visited Jun. 3, 2013). [7] CTI Voucher, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.kti.admin.ch/projektfoerderung/00025/00135/index.html?lang=en (last visited Jun. 3, 2013). [8] Id. [9] CTI, CTI Activity Report 2011 20 (2012), available at http://www.kti.admin.ch/dokumentation/00077/index.html?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDeYR,gWym162epYbg2c_JjKbNoKSn6A--(last visited Jun. 3, 2013). [10] CTI Start-up Brings Science to Market, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.ctistartup.ch/en/about/cti-start-/cti-start-up/ (last visited Jun. 5, 2013). [11] Id. [12] Supra note 8, at 45. [13] Id. [14] CTI Invest, http://www.cti-invest.ch/About/CTI-Invest.aspx (last visited Jun. 5, 2013). [15] KTT Support, CTI, http://www.kti.admin.ch/netzwerke/index.html?lang=en (last visited Jun.5, 2013). [16] Swiss Federal Statistics Office (SFO), Public Funding of Research in Switzerland 2000–2010 (2012), available at http://www.bfs.admin.ch/bfs/portal/en/index/themen/04/22/publ.Document.163273.pdf (last visited Jun. 20, 2013).

Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022 2022/11/24 I.Introduction 　　In 2012, the Taiwan Human Rights Promotion Association and other civil groups believe that the National Health Insurance Administration released the national health insurance database and other health insurance data for scholars to do research without consent, which may be unconstitutional and petitioned for constitutional interpretation. 　　Taiwan Human Rights Promotion Association believes that the state collects, processes, and utilizes personal data on a large scale with the "Personal Data Protection Law", but does not set up another law of conduct to control the exercise of state power, which has violated the principle of legal retention; the data is provided to third-party academic research for use, and the parties involved later Excessive restrictions on the right to withdraw go against the principle of proportionality. 　　The claimant criticized that depriving citizens of their prior consent and post-control rights to medical data is like forcing all citizens to unconditionally contribute data for use outside the purpose before they can use health insurance. The personal data law was originally established to "avoid the infringement of personality rights and promote the rational use of data", but in the insufficient and outdated design of the regulations, it cannot protect the privacy of citizens' information from infringement, and it is easy to open the door to the use of data for other purposes. 　　In addition, even if the health insurance data is de-identified, it is still "individual data" that can distinguish individuals, not "overall data." Health insurance data can be connected with other data of the Ministry of Health and Welfare, such as: physical and mental disability files, sexual assault notification files, etc., and you can also apply for bringing in external data or connecting with other agency data. Although Taiwan prohibits the export of original data, the risk of re-identification may also increase as the number of sources and types of data concatenated increases, as well as unspecified research purposes. 　　The constitutional court of Taiwan has made its judgment on the constitutionality of the personal data usage of National Health Insurance research database. The judgment, released on August 12, 2022, states that Article 6 of Personal Data Protection Act(PDPA), which asks“data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records shall not be collected, processed or used unless where it is necessary for statistics gathering or academic research by a government agency or an academic institution for the purpose of healthcare, public health, or crime prevention, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject”does not violate Intelligible principle and Principle of proportionality. Therefore, PDPA does not invade people’s right to privacy and remains constitutional. 　　However, the judgment finds the absence of independent supervisory authority responsible for ensuring Taiwan institutions and bodies comply with data protection law, can be unconstitutional, putting personal data protection system on the borderline to failure. Accordingly, laws and regulations must be amended to protect people’s information privacy guaranteed by Article 22 of Constitution of the Republic of China (Taiwan). 　　In addition, the judgment also states it is unconstitutional that Articles 79 and 80 of National Health Insurance Law and other relevant laws lack clear provisions in terms of store, process, external transmission of Personal health insurance data held by Central Health Insurance Administration of the Ministry of Health and Welfare. 　　Finally, the Central Health Insurance Administration of the Ministry of Health and Welfare provides public agencies or academic research institutions with personal health insurance data for use outside the original purpose of collection. According to the overall observation of the relevant regulations, there is no relevant provision that the parties can request to “opt-out”; within this scope, it violates the intention of Article 22 of the Constitution to protect people's right to information privacy. II.Independent supervisory authority 　　According to Article 3 of Central Regulations and Standards Act, government agencies can be divided into independent agencies that can independently exercise their powers and operate autonomously, and non- independent agencies that must obey orders from their superiors. In Taiwan, the so-called "dedicated agency"(專責機關) does not fall into any type of agency defined by the Central Regulations and Standards Act. Dedicated agency should be interpreted as an agency that is responsible for a specific business and here is no other agency to share the business. 　　The European Union requires member states to set up independent regulatory agencies (refer to Articles 51 and 52 of General Data Protection Regulation (GDPR)). In General Data Protection Regulation and the adequacy reference guidelines, the specific requirements for personal data supervisory agencies are as follows: the country concerned should have one or more independent supervisory agencies; they should perform their duties completely independently and cannot seek or accept instructions; the supervisory agencies should have necessary and practicable powers, including the power of investigation; it should be considered whether its staff and budget can effectively assist its implementation. Therefore, in order to pass the EU's adequacy certification and implement the protection of people's privacy and information autonomy, major countries have set up independent supervisory agencies for personal data protection based on the GDPR standards. 　　According to this research, most countries have 5 to 10 commissioners that independently exercise their powers to supervise data exchange and personal data protection. In order to implement the powers and avoid unnecessary conflicts of interests among personnel, most of the commissioners are full-time professionals. Article 3 of Basic Code Governing Central Administrative Agencies Organizations defines independent agency as "A commission-type collegial organization that exercises its powers and functions independently without the supervision of other agencies, and operates autonomously unless otherwise stipulated." It is similar to Japan, South Korea, and the United States. III.Right to Opt-out 　　The judgment pointed out that the parties still have the right to control afterwards the personal information that is allowed to be collected, processed and used without the consent of the parties or that meets certain requirements. Although Article 11 of PDPA provides for certain parties to exercise the right to control afterwards, it does not cover all situations in which personal data is used, such as: legally collecting, processing or using correct personal data, and its specific purpose has not disappeared, In the event that the time limit has not yet expired, so the information autonomy of the party cannot be fully protected, the subject, cause, procedure, effect, etc. of the request for suspension of use should be clearly stipulated in the revised law, and exceptions are not allowed. 　　The United Kingdom is of great reference. In 2017, after the British Information Commissioner's Office (ICO) determined that the data sharing agreement between Google's artificial intelligence DeepMind and the British National Health Service (NHS) violated the British data protection law, the British Department of Health and Social Care proposed National data opt-out Directive in May, 2018. British health and social care-related institutions may refer to the National Data Opt-out Operational Policy Guidance Document published by the National Health Service in October to plan the mechanism for exercising patient's opt-out right. The guidance document mainly explains the overall policy on the exercise of the right to opt-out, as well as the specific implementation of suggested practices, such as opt-out response measures, methods of exercising the opt-out right, etc. 　　National Data Opt-out Operational Policy Guidance Document also includes exceptions and restrictions on the right to opt-out. The Document stipulates that exceptions may limit the right to Opt-out, including: the sharing of patient data, if it is based on the consent of the parties (consent), the prevention and control of infectious diseases (communicable disease and risks to public health), major public interests (overriding) Public interest), statutory obligations, or cooperation with judicial investigations (information required by law or court order), health and social care-related institutions may exceptionally restrict the exercise of the patient's right to withdraw. 　　What needs to be distinguished from the situation in Taiwan is that when the UK first collected public information and entered it into the NHS database, there was already a law authorizing the NHS to search and use personal information of the public. The right to choose to enter or not for the first time; and after their personal data has entered the NHS database, the law gives the public the right to opt-out. Therefore, the UK has given the public two opportunities to choose through the enactment of special laws to protect public's right to information autonomy. 　　At present, the secondary use of data in the health insurance database does not have a complete legal basis in Taiwan. At the beginning, the data was automatically sent in without asking for everyone’s consent, and there was no way to withdraw when it was used for other purposes, therefore it was s unconstitutional. Hence, in addition to thinking about what kind of provisions to add to the PDPA as a condition for "exception and non-request for cessation of use", whether to formulate a special law on secondary use is also worthy of consideration by the Taiwan government. IV.De-identification 　　According to the relevant regulations of PDPA, there is no definition of "de-identification", resulting in a conceptual gap in the connotation. In other words, what angle or standard should be used to judge that the processed data has reached the point where it is impossible to identify a specific person. In judicial practice, it has been pointed out that for "data recipients", if the data has been de-identified, the data will no longer be regulated by PDPA due to the loss of personal attributes, and it is even further believed that de-identification is not necessary. 　　However, the Judgment No. 13 of Constitutional Court, pointed out that through de-identification measures, ordinary people cannot identify a specific party without using additional information, which can be regarded as personal data of de-identification data. Therefore, the judge did not give an objective standard for de-identification, but believed that the purpose of data utilization and the risk of re-identification should be measured on a case-by-case basis, and a strict review of the constitutional principle of proportionality should be carried out. So far, it should be considered that the interpretation of the de-identification standard has been roughly finalized. V.Conclusions 　　The judge first explained that if personal information is processed, the type and nature of the data can still be objectively restored to indirectly identify the parties, no matter how simple or difficult the restoration process is, if the data is restored in a specific way, the parties can still be identified. personal information. Therefore, the independent control rights of the parties to such data are still protected by Article 22 of the Constitution. 　　Conversely, when the processed data objectively has no possibility to restore the identification of individuals, it loses the essence of personal data, and the parties concerned are no longer protected by Article 22 of the Constitution. 　　Based on this, the judge declared that according to Article 6, Item 1, Proviso, Clause 4 of the PDPA, the health insurance database has been processed so that the specific party cannot be identified, and it is used by public agencies or academic research institutions for medical and health purposes. Doing necessary statistical or academic research complies with the principles of legal clarity and proportionality, and does not violate the Constitution. 　　However, the judge believes that the current personal data law or other relevant regulations still lack an independent supervision mechanism for personal data protection, and the protection of personal information privacy is insufficient. In addition, important matters such as personal health insurance data can be stored, processed, and transmitted externally by the National Health Insurance Administration in a database; the subject, purpose, requirements, scope, and method of providing external use; and organizational and procedural supervision and protection mechanisms, etc. Articles 79 and 80 of the Health Insurance Law and other relevant laws lack clear provisions, so they are determined to be unconstitutional. 　　In the end, the judge found that the relevant laws and regulations lacked the provisions that the parties can request to stop using the data, whether it is the right of the parties to request to stop, or the procedures to be followed to stop the use, there is no relevant clear text, obviously the protection of information privacy is insufficient. Therefore, regarding unconstitutional issues, the Constitutional Court ordered the relevant agencies to amend the Health Insurance Law and related laws within 3 years, or formulate specific laws.

Draft of AI Product and System Evaluation Guidelines Released by the Administration for Digital Industries to Enhance AI Governance 2024/08/15 I. AI Taiwan Action Plan 2.0 In 2018, the Executive Yuan launched the “AI Taiwan Action Plan” to ensure that the country keeps pace with AI developments. This strategic initiative focuses on attracting top talent, advancing research and development, and integrating AI into critical sectors such as smart manufacturing and healthcare. The action plan has sparked growing discussion on AI regulation. Through these efforts, Taiwan aims to position itself as a frontrunner in the global smart technology landscape. Later in 2023, the Executive Yuan updated the action plan, releasing “AI Taiwan Action Plan 2.0” to further strengthen AI development. “AI Taiwan Action Plan 2.0” outlines five main pillars: 1. Talent Development: Enhancing the quality and quantity of AI expertise, while improving public AI literacy through targeted education and training initiatives. 2. Technological and Industrial Advancement: Focusing on critical AI technologies and applications to foster industrial growth; and creating the Trustworthy AI Dialogue Engine (TAIDE) that communicates in Traditional Chinese. 3. Enhancing work environments: Establishing robust AI governance infrastructure to facilitate industry and governmental regulation, and to foster compliance with international standards. 4. International Collaboration: Expanding Taiwan's role in international AI forums, such as the Global Partnership on AI, to collaborate on developing trustworthy AI practices. 5. Societal and Humanitarian Engagement: Utilizing AI to tackle pressing societal challenges such as labor shortages, an aging population, and environmental sustainability. II. AI Product and System Evaluation Guidelines: A Risk-based Approach to AI Governance To support infrastructure, in March 2024, the Administration for Digital Industries issued the draft AI Product and System Evaluation Guidelines. The Guidelines are intended to serve as a reference for industry when developing and using AI products and systems, thus laying a crucial foundation for advancing AI-related policies in Taiwan. The Guidelines outline several potential risks associated with AI: 1. Third-Party Software and Hardware: While third-party software, hardware, and datasets can accelerate development, they may also introduce risks into AI products and systems. Therefore, effective risk management policies are crucial. 2. System Transparency: The lack of transparency in AI products and systems makes risk assessment relatively challenging. Inadequate transparency in AI models and datasets also pose risks for development and deployment. 3. Differences in Risk Perception: Developers of AI products and systems may overlook risks specific to different application scenarios. Moreover, risks may gradually emerge as the product or system is used and trained over time. 4. Application Domain Risks: Variations between testing results and actual operational performance can lead to differing risk assessments for evaluated products and systems. 5. Deviation from Human Behavioral Norms: If AI products and systems behave unexpectedly compared to human operations, this can indicate a drift in the product, system, or model, thereby introducing risks. The Guidelines also specify that businesses have to categorize risks when developing or using AI products and systems, and manage them in accordance with these classifications. In alignment with the EU AI Act, risks are classified into four levels: unacceptable, high, limited, and minimal. 1. Unacceptable Risk: If AI systems used by public or private entities provide social scoring of individuals, this could lead to discriminatory outcomes and the exclusion of certain groups. Furthermore, if AI systems are employed to manipulate the cognitive behavior of individuals or vulnerable populations, causing physical or psychological harm, such systems are deemed unacceptable and prohibited. 2. High risk: AI systems are classified as high-risk in several situations. These include applications used in critical infrastructure, such as transportation, where there is potential risk to citizens' safety and health. These situations also encompass AI systems involved in educational or vocational training (such as exam scoring), which can determine access to education or professional paths. AI used as safety-critical product components, such as robot-assisted surgery, also falls into this category. In the employment sector, AI systems used for managing recruitment processes, including CV-sorting software, are considered high-risk. Essential private and public services, such as credit scoring systems that impact loan eligibility, also fall under high-risk. AI used in law enforcement in ways that it may affect fundamental rights, such as evaluating the reliability of evidence, is also included. AI systems involved in migration, asylum, and border control, such as automated visa application examinations, are categorized as high-risk. Finally, AI solutions used in the administration of justice and democratic processes, such as court ruling searches, are also classified as high-risk. If an AI system is classified as high risk, it must be evaluated across ten criteria—Safety, Explainability, Resilience, Fairness, Accuracy, Transparency, Accountability, Reliability, Privacy, and Security—to ensure the AI system’s quality. 3. Limited risk: When an AI product or system is classified as having limited risk, it is up to the enterprise to determine whether an evaluation is required. The Guidelines also introduce specific transparency obligations to ensure that humans are informed when necessary, thus fostering trust. For instance, when using AI systems such as chatbots or systems for generating deepfake content, humans must be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. 4. Minimal or no risk: The Guidelines allow the free use of minimal-risk AI. This includes applications such as AI-enabled video games and spam filters. Ⅲ. Conclusion The AI Product and System Evaluation Guidelines represent a significant step forward in establishing a robust, risk-based framework for AI governance in Taiwan. By aligning with international standards like the EU AI Act, these Guidelines ensure that AI products and systems are rigorously assessed and categorized into four distinct risk levels: unacceptable, high, limited, and minimal. This structured approach allows businesses to manage AI-related risks more effectively, ensuring that systems are safe, transparent, and accountable. The emphasis on evaluating AI systems across ten critical criteria—including safety, explainability, and fairness—reflects a comprehensive strategy to mitigate potential risks. This proactive approach not only safeguards the public but also fosters trust in AI technologies. By setting clear expectations and responsibilities for businesses, the Guidelines promote responsible development and deployment of AI, ultimately contributing to Taiwan's goal of becoming a leader in the global AI landscape.