EU/EEA routine surveillance open data policy

Legal and strategic framework

The ECDC Founding Regulation and the EU Decision on serious cross-border threats to health make ECDC the coordinator of EU/EEA infectious disease surveillance to which the Member States are to report their national data in line with agreed common timelines, case definitions, indicators, standards, protocols and procedures.

The EU Open Data Directive expects public entities to make their documents and data available for re-use, where possible, by electronic means, “in accordance with the principle of ‘open by design and by default’ ”.  The Directive does not apply to documents, access to which is excluded or restricted on grounds of protection of personal data. The ambition to comply with the Open Data Directive is reflected in ECDC’s long-term surveillance framework 2021-2027[4] which commits the Centre to create the technical infrastructure for customised manual download and machine-to-machine consumption of aggregate surveillance data subsets including a link from the EU Open Data Portal by 2023.

The EU Regulation on public access to European Parliament, Council and Commission documents[5] stipulates that any EU citizen has a right of access to documents of EU institutions and defines the principles, conditions and limits of exercising this right. It also defines “document” as “any content whatever its medium (written on paper or stored in electronic form)”.

The public’s access rights have to be balanced against personal data protection rights. While generally prohibiting the processing of sensitive personal data, however, the EU General Data Protection Regulation explicitly permits it “for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health”.

Finally, this Open Data Policy complements the ECDC TESSy data access policy which mostly regulates access to case-based EU/EEA surveillance data for data providers and, upon request, third parties.


ECDC considers Open Data one of the most efficient means to broadly share EU/EEA surveillance data and maximise their public health and scientific impact. This policy aims to define the scope, objectives, principles, conditions, practicalities and limits of Open Data at ECDC.


The ECDC Open Data Policy is limited to aggregate EU/EEA epidemiological routine surveillance data. It neither applies to event-based surveillance data, such as data deriving from EpiPulse Events or the Early Warning and Response System, nor to molecular surveillance data, such as pathogen genomic sequencing data.

During public health emergencies, ECDC may decide to temporarily expand the scope of its open data to facilitate timely third-party data analysis, risk assessment and public health response.

The Open Data Policy shall not apply to personal data.

Open data objectives

Openly shared aggregate EU/EEA epidemiological routine surveillance data shall serve to:

  1. Enable third-party data analysis, tools and web applications for broader and more tailored disease prevention and control and risk communication;
  2. Facilitate third-party public health research;
  3. Minimise the workload of ECDC and external data users when sharing or requiring data, respectively.

Open Data principles

Aggregate EU/EEA epidemiological routine surveillance data shall be:

  1. As open as possible and as closed as necessary to protect personal or commercially sensitive information;
  2. Compatible with the FAIR principles, i.e. findable, accessible, interoperable and reusable;
  3. Publicly and easily accessible to any interested party regardless of their motivation;
  4. Accessible free of charge through a standardised open access license;
  5. Shared as timely as possible.

Open data implementation

Directly following their collection and validation, ECDC shall make aggregate EU/EEA epidemiological routine surveillance data available for download through:

Data shall be available in standard electronic data formats. Each dataset shall be accompanied by relevant metadata to facilitate appropriate reuse.

Data shall be shared comprehensively, unless certain variables are commercially sensitive or too poorly reported for any meaningful analysis. Strata with insufficient numbers of cases to ensure data privacy shall also be exempt.

Users of these open data shall acknowledge the sources of the data as well as ECDC in any resulting product.

Warranty and liability

The ECDC data have undergone routine validation. They are provided “as is”. Users shall be aware that level of accuracy and quality of the data also depend on the data providers. Users are solely responsible for their own re-use of the data.