Germany: UPDATE: The German Plavix Case: Loopholes In European Data Protection?

Last Updated: 12 November 2008
Article by Christian Fulda

Originators beware: The marketing authorization granted by the German authority for a generic formulation of Plavix and the subsequent decisions of the competent courts in preliminary proceedings to allow the marketing of the drug raise questions about the protection of data under the European regulatory framework. Business plans will have to allow for generic competition earlier than previously expected, and particular attention should be paid to the publication of preclinical and clinical data.

This is an update to our Commentary from September 2008, incorporating the decision of the court of appeals. Added sections are marked "UPDATE."


In 2006, sales of Plavix, the blockbuster anticoagulant of the French pharmaceutical company Sanofi-Aventis, suffered a blow in the U.S., where it is distributed by Bristol-Myers Squibb, when the Canadian generics company Apotex launched a generic form of the drug. An injunction, upheld on appeal, subsequently barred Apotex from distributing the drug during the pending patent litigation. However, Apotex was not required to recall its significant shipments up to the injunction.

This summer, the French company had to fight for sales of the blood thinner on its own doorstep. In May 2008 the German regulatory authority granted a marketing authorization ("MA") for a blood thinner with a similar active pharmaceutical ingredient. On July 25, 2008, the administrative court of first instance granted the applicant the right to use the MA, in spite of the objections of Sanofi-Aventis and Bristol-Myers Squibb ("BMS"). The decision raises significant issues concerning the scope of the European generic marketing-authorization procedures and eventual limits on data protection with regard to bibliographic applications.

UPDATE: On September 26, 2008, the administrative court of appeals not only confirmed the decision of the court of first instance but, adding insult to injury, also ruled on the scope of data-protection rules with regard to generic applications in deviation of standing practice and European law, throwing into question established European practice.

Plavix vs. Clopidogrel YES

The anticoagulant Plavix with the active pharmaceutical ingredient ("API") clopidogrel hydrogen sulfate was granted an MA under the centralized procedure for the European Union on July 15, 1998. On the same day, the MA for Iscover was granted to BMS, which distributes the product in Europe under this name, alongside Sanofi-Aventis. As the applications for marketing authorization of Plavix and Iscover predated October 30, 2005 (the German cutoff date for the new data-protection period according to the "8+2+1" formula), they still enjoyed data protection under the old 10-year period. That is, applications for generic formulations according to European practice would not have been accepted by the national authorities until after July 15, 2008. Accordingly, taking into account the duration of the procedure for granting an MA, one would not have expected a generic version to obtain an MA in 2008—let alone before the expiration of the data-protection period.

However, on May 21, 2008, even before the expiration of the generic data-protection period, the German Federal Institute for Drugs and Medical Devices (Bundesinstitut für Arzneimittel und Medizinprodukte, "BfArM") granted three (identical) marketing authorizations for products designated "Clopidogrel YES 75 mg film-coated tablets" with the API clopidogrel besylate, i.e., a different salt than the API of Plavix. Clopidogrel YES was authorized with a limited label compared to Plavix, namely for myocardial infarction, ischemic stroke, and established peripheral arterial disease, but not for acute coronary syndrome. The applicant was the German company YES Pharmaceutical Development Services GmbH ("YES Pharmaceutical"), acting for Switzerland's Cimex AG, part of the Schweizerhall Group (now trading under the name of Acino), which, based outside the EU, was prevented from filing an application itself. Two of the MAs have subsequently been transferred to Novartis's generic division Sandoz and the German generics company ratiopharm, respectively, which according to press releases are licensees of Cimex and distribute the product in Germany.

Sanofi-Aventis and BMS both objected to these MAs. Under German administrative law, this stayed the effect of the MAs and made it impossible to use them, i.e., to place the products on the market. YES Pharmaceutical first requested the BfArM to set aside the staying effect, but in vain. It then applied to the competent court, the Cologne Administrative Court (Verwaltungsgericht Köln, the "Court"), in preliminary administrative proceedings.

The Court's Decision: Loopholes in European Data Protection?

The Court, in its decisions dated July 25, 2008 (Case Nos. 7 L 988/08 and others), granted the request for relief and set aside the staying effect. It held that the objections of Sanofi-Aventis and BMS were unfounded. It left open the question of whether the MAs had been granted legally. The Court found that no rights of Sanofi-Aventis and BMS had been violated. Therefore, they could not challenge the MAs, even if they were legally flawed.

The Court stated that YES Pharmaceutical had not filed a generic application, which requires only a bioequivalence study comparing the generic with the original product, and for the rest relies on the preclinical and clinical-trial data of the originator. Instead, it had filed a bibliographic application, in which the results of preclinical tests and clinical trials are replaced by appropriate scientific literature. The bibliographic application thus draws on data available in the public domain. This procedure is also known as the "well-established use" application under the European regulatory framework.

Under the European regulatory framework and its German equivalent, a bibliographic application is admissible if the applicant can demonstrate that the API of the medicinal product was in well-established medicinal use within the European Union for at least 10 years, with recognized efficacy and an acceptable level of safety. In that event, the preclinical and clinical-trial data normally required for an application may be replaced by appropriate scientific literature.

The Court did not discuss the first prerequisite at all, namely the identity of the API. The salt used by Clopidogrel YES differs from the salt used by Plavix (in order to circumvent the patent protection). In a strict sense, clopidogrel besylate as the API of Clopidogrel YES so far has not been in medicinal use at all in the European Community. However, there exist precedents in which different salts used for oral formulations have been treated as the same API for purposes of a bibliographic application. This approach relies on the dissolution of the salt before resorption and disregards any differences in safety profiles that may result from different salts. Still, this issue should have been discussed by the Court.

Two points in the—brief—reasoning of the Court merit particular attention.

First, the Court held that the European Public Assessment Report ("EPAR") for Plavix, to which YES Pharmaceutical had referred in its application, did not belong to the protected data, as it was not part of the proprietary data filed by Sanofi-Aventis in the course of the application for marketing authorization. The Court erred on this point, taking a formalistic approach, instead of resorting to the object and purpose of the data-protection provision.

It is true that the EPAR is not filed by an applicant. According to the centralized procedure, it is drawn up by experts of the European Medicines Agency ("EMEA"). It is based on the application data and forms the basis for the opinion of the Committee for Medicinal Products for Human Use ("CMPH") of the EMEA, recommending (or not) the granting of an MA. The opinion of the CMPH in turn forms the basis for the decision of the European Commission on the application. The EPAR is continuously updated and could be called the scientific logbook of a granted MA. Initially, the EPAR under the European regulation was available from the EMEA on request, after the deletion of any commercially confidential information. Nowadays, the EPAR for any centralized MA can be retrieved from the EMEA web site, including the EPAR for Plavix. Accordingly, the EPAR is in the public domain.

However, it cannot be considered "scientific literature" for the purposes of a bibliographic application. It draws on, summarizes, and evaluates data of the applicant. If the data-protection period prevents applicants from drawing on such data, the same must be true for the EPAR summarizing and evaluating such data. It is of note that the equivalent expert report under the national German legislation is not published and thus not available in the public domain. Had Sanofi-Aventis, at the time, chosen to apply not for a centralized MA but for the respective national MAs, including a German one, YES Pharmaceutical would not have been in the position to submit the expert report.

As the Court did not hold that the reference to the EPAR could turn the application into a generic one, the Court did not have to review whether this reference was essential, i.e., whether the further bibliographic data would have been sufficient in its own right to grant the MA. This, however, is of crucial importance. If the MA could not have been granted without the reference to the EPAR for Plavix, the application in substance relied on data of the originator, which turns the application at least partially into a generic one. A generic application, however, has been admissible only since July 15, 2008, which would have significantly delayed the granting of the MA.

The second point of interest is the Court's view on the 10-year period of well-established medicinal use required for a bibliographic application. The Court rejected the argument put forward by Sanofi-Aventis and BMS that an application might be accepted and evaluated only after the expiration of these 10 years, comparable to the data-protection period, which has to expire before the authority accepts an application for a generic formulation. The Court held that it is sufficient for the 10 years to have passed in substance, which means that the bibliographic application can be filed beforehand. It identified the beginning of this period as the granting of the MA for Plavix and Iscover—July 15, 1998, at the latest. Accordingly, the Court held that the 10-year period expired on July 15, 2008, which made it possible to use the MA for Clopidogrel YES beginning with this date.

Two comments on this view are in place. First, the date of the granting of an MA rarely coincides with the first placement of the product on the market. Not only does it take a couple of days for the decision to be served on the applicant, but although companies aim to reduce the time to market from the granting of a marketing authorization, there is usually a time lag for practical reasons; for example, the drafts for the packaging materials have to be verified against the final MA, and the MA number has to be included in all packaging materials. Therefore, the Court should have resorted to the actual date of distribution in Europe. Second, and more important, the legal question is not as clear as the Court makes it out to be. The European legislation requires the applicant to demonstrate that the API has been in well-established use in the EU for 10 years. Also, the provisions of both the generic application procedure and the bibliographic application procedure are similarly worded. However, before the decision, it had been generally accepted that the generic applications are admissible only after the expiration of the data-protection period. It is therefore not clear why a distinction should be made between these procedures. This rather points to a bibliographic application equally being admissible only after the expiration of such period. The decision of the administrative court of appeals turned on this point.

UPDATE: Sanofi-Aventis and BMS appealed the decisions. The Administrative Court of Appeals (Oberverwaltungsgericht Münster, also known as Oberverwaltungsgericht Nordrhein-Westfalen, the "Court of Appeals") confirmed the decisions of the Court on September 26, 2008 (Case Nos. 13 B 1169/08 and others).

With regard to the data protection in relation to bibliographic applications, the Court of Appeals acknowledged that such protection awards a right to the originator and is not limited to a procedural provision. However, it relied on a European amendment from 1999. It therefore not only failed to notice that the earliest proposal for data protection of the European Commission dates back to 1984, it also missed out on Article 39 TRIPS, which has provided for data protection on a global scale since 1994.

From this wrong starting point, the Court of Appeals held that bibliographic applications are admissible even before the expiration of the 10-year protection period. It first drew on the wording of the German legislation. By contrast, the wording of the European legislation, which takes precedence, clearly points to the opposite. It also referred to the introduction of the "8+2+1" formula for generic applications in 2004 and held that a similar structure could have been introduced for bibliographic applications. However, bibliographic applications, according to the European Court of Justice, are supposed to remain an exception, which is why it was not deemed necessary in 2004 to amend the existing protection period for bibliographic applications. In addition, the Court of Appeals queried the additional period that would be awarded due to the time required for the BfArM to review the application. Because such additional period depends in no small measure on the workload of the BfArM and therefore cannot be exactly determined, the court held that the originator is not entitled to an unspecified protection for this additional period. Here, the court puts the cart before the horse. It may very well be that the period is difficult to determine. However, such factual questions cannot lead to a denial of a legal right in the first place.

With regard to the data protection in relation to generic applications, the Court of Appeals first acknowledged that a reference in the application of YES Pharmaceutical to the Summary Basis of Approval of the FDA for Plavix might trigger data protection against generic applications (the decision does not discuss the reference to the EPAR, for which the same would apply). However, it again held that the old 10-year protection period did not prevent an earlier filing and review of the application. It considered the wording of the provision inconclusive, which is again surprising, since both the German and the European legislation under the old rule require the applicant to demonstrate that the data-protection period has expired. This is obviously impossible before such expiration. The Court of Appeals did not find any conclusive evidence in the drafting history, either. This is not very surprising, given that the court took the wrong starting point. Had it referred to the initial proposal of the European Commission from 1984, it would have been clear that an application is admissible only after the expiration of the protection period. While Sanofi-Aventis and BMS referred to subsequent clarifications of the European Commission, the court dismissed them as nonbinding, which casts a shadow on European integration: obviously, clarifications of the European Commission are not binding, but they reflect the object and purpose of European legislation, and they should not be dismissed lightly. Last but not least, the Court of Appeals considered the introduction of the "8+2+1" formula inconclusive as to the interpretation of the previous rule. This is all the more surprising, as the court missed the major flaw in its argument in this respect: If, under the old rule, applications are admissible before expiration of the protection period, the old rule would have allowed for filing of generic applications the moment the original MA had been granted. This obviously was never the case.

UPDATE: Outlook

While Sanofi-Aventis and BMS may still file for main proceedings, this would be futile. The clopidogrel products may now be marketed by the generic competition. It would, of course, be highly relevant for the industry to have the decision repealed, in particular regarding the data-protection period relating to generic applications, if necessary, by the Federal Administrative Court or the European Court of Justice. However, main proceedings would most likely last beyond 2015/2017, at which time the old rule on data protection will have been replaced by the "8+2+1" formula anyhow.

Originators may instead point out significant liability risks to the German authority. If, in contrast to the view of the two courts in preliminary proceedings, it violates European legislation on data protection if applications for bibliographic or generic applications are accepted and reviewed by the authority before the expiration of the protection period, this might result in a liability for according losses of the originators, which can be significant.

Lessons Learned

Originators in any case should take these decisions as a warning.

First, careful attention should be paid to the strategy of publishing regulatory data. In particular, it must be borne in mind that the bibliographic application procedure, from its wording, requires only that the API be in well-established use for a period of at least 10 years. If the original drug relates to a new indication of an API that has been in well-established use for quite some time already, a bibliographic application could be filed shortly after the original MA is granted, if the originator publishes all regulatory data on this new indication shortly after (or even before) the granting of the MA for the original product. While it is accepted that the first, i.e., original, application for a new indication may not be filed under the bibliographic application procedure, this is not necessarily true for the follow-on product. The wording of the European legislation allows for a wide interpretation. In an extreme example, if the API has already been in well-established use for 10 years and the originator's MA covers a new indication, a bibliographic application could be filed immediately afterwards, if all necessary data have been published (assuming that no patent or supplementary protection certificate still protects the original product).

Therefore, even if originators will not be able to withhold publication of preclinical and clinical data entirely, the scope of publications, and their subject matter, should be carefully evaluated. This process should start right at the beginning of product development, with regard to the publication of preclinical data, and should continue through clinical development. It is therefore of paramount importance that the regulatory department and the research and development department closely interact on this issue, as the regulatory department will have to monitor which data might open the doors to the bibliographic application of a competitor. This issue also has to be kept in mind by the marketing department when considering dissemination of medical information for the purposes of promoting the medicinal product.

UPDATE: With regard to generic competition, business plans of originators should be reviewed to identify the extent to which they include an additional protection period resulting from the processing of a generic application after the expiration of the old 10-year protection period (which, in Germany, on average amounts to 10 to 12 months, i.e., almost an additional year of protection). Originators now need to prepare for generic competition earlier than expected.

In addition, originators may want to request their industry associations to take up this issue in the context of a pending amendment to the German Drug Act, requesting clarification in line with European legislation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Christian Fulda
Events from this Firm
13 Dec 2017, Seminar, Cleveland, United States

Jones Day partners Harold Gordon and Tony Dias, and Associate Courtney Snyder will explore the significant role New York's Attorney General and its Department of Financial Services (DFS) play in the financial services industry and why these two state-level agencies will continue to exert significant power over the financial services industry, especially with federal oversight potentially shrinking.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions