1. Digital Health Apps/Software
    1. 1. How is the software within digital health apps classified in your jurisdiction, and what regulation(s) apply?
    2. 2. Are there any other legal regimes that may govern digital health software? (e.g. data protection/ privacy) If yes, please indicate these.
    3. 3. If your response to Q2 is yes, please state whether it matters if, the users are residents using it within their jurisdiction and/or using it outside their jurisdiction; and/or it is a “B2B” (business to business) rather than “B2C” (business to end consumer) service. In each case, please summarise any implications (if applicable). 
    4. 4. Do any particular features, such as location tracking, or monitoring real-time information, trigger any additional consent requirement, regulatory approval, and/or other restrictions beyond the general ones applicable to Q1/Q2?
    5. 5. In the context of physicians relying on digital health apps (containing software), whether for in-person or via telemedicine consultations, are there circumstances where the physicians’ liability can be limited or transferred to the producer of the software contained in the app, or of the final product/app itself, when a fault or inaccuracy with the software (rather than the physicians’ error) occurs, leading to damage (or injury)? 
    6. 6. Please describe the enforcement mechanism for compliance with regard to the regulations discussed in Q1, Q2, and/or Q4 in your jurisdiction with regard to the software contained in digital health apps. What are the legal consequences for non-compliance?
    7. 7. Are you aware of any future legal developments in your jurisdiction with regard to digital health apps/software?
  2. Telemedicine
    1. 8. How are physicians regulated in your jurisdiction (i.e., who is their Regulator; e.g., the General Medical Council in the UK)?
    2. 9. What laws and/or regulations apply to physicians regarding telemedicine?
    3. 10. Does the law in your jurisdiction regulate under what circumstances physicians can use telemedicine in order to treat patients?
    4. 11. Do the standards of care applicable to physicians change in the context of using telemedicine?
    5. 12. Are there any restrictions on the type of medicine that can be prescribed through telemedicine?
    6. 13. Are telemedicine services reimbursable under the state’s medical insurance / subsidy / coverage? 
    7. 14. Are there specific data protection regulations covering telemedicine (outside the context of using a digital health app) in your jurisdiction? If so, please summarise what they are.
    8. 15. Are you aware of any future legal developments in your jurisdiction with regard to telemedicine?

jurisdiction

Bosnia and Herzegovina
Add jurisdiction

Digital Health Apps/Software

1. How is the software within digital health apps classified in your jurisdiction, and what regulation(s) apply?

The software in the form of a digital health application is not explicitly regulated in the jurisdiction of Bosnia and Herzegovina , so the practice on this matter is yet to be established.

Generally, the use of medical devices is regulated by the Law on Medicines and Medical Devices of BiH (“Official Gazette of BiH”, No. 58/2008).

Said law regulates medical devices, such as instruments, apparatus, materials and other products, including any software necessary for their proper application, which are used on people and do not perform their main function as set by a manufacturer on the basis of pharmacological, immunological or metabolic activities, but are used alone or in combination, for the purpose of: 

  • diagnosing, preventing, monitoring, treating or alleviating the causes or consequences of diseases;
  • diagnosing, monitoring, treating or alleviating injuries or alleviating disabilities or providing replacements or alleviating consequences caused by disabilities;
  • testing, replacing or modification of anatomical or physiological functions;
  • controlling of conception.
  • In addition, medical devices also include:
  • products intended by a manufacturer for use in combination with other medical devices that enable its use;
  • products intended for individual patients which have particular construction properties and have been made in accordance with written instructions, by a specially trained professional;
  • products intended for clinical testing.

In general, the basic requirements for medical devices require that they need to be in conformity with requirements relating to the general safety of the products and must comply with general and special requirements set by Law on Medicines and Medical Devices of BiH and other applicable regulations.

Standard liability for products is regulated by the Law on General Safety of Products (“Official gazette of BiH”, no. 102/2009), Law on Consumer Protection of BiH (“Official Gazette of BiH”, no. 25/2006 and 88/2015), Law on Consumer Protection of RS (“Official Gazette of BiH”, no. 6/2012, 63/2014, 18/2017 and 90/2021) and the general provisions of the Law on Obligations of FBiH (Official gazette of SFRJ, no. 29/1978, 39/1985, 45/1989 – Decision of Supreme Court and 57/1989, Official Gazette of RBiH, no. 2/1992, 13/1993 and 13/1994 and Official Gazette of FBiH, no. 29/2003 and 42/2011) and Law on Obligations of RS (Official gazette of SFRJ, no. 29/1978, 39/1985, 45/1989 – Decision of Supreme Court and 57/1989, Official Gazette of RS, no. 17/1993, 3/1996, 37/2001 – other law, 39/2003 and 74/2004)

Depending on the exact software and application, and the information that may be processed, the process of exchanging medical data of patients must be in accordance with the Law on Health Care of FBiH (Official Gazette of FBiH no. 46/2010 and 75/2013), the Law on Health Care of RS (Official Gazette of RS no. 57/2022), the Law on Rights, Obligations and Responsibilities of the Patients (Official Gazette of the FBiH no. 40/2010), and the Law on Personal Data Protection of BiH (Official Gazette of BiH no. 12/2025).

It is particularly important to consider that medical data of the patients, in accordance with the Law on Personal Data Protection of BiH, represents a special category of data, and such data must only be processed if the data subject has given explicit consent to the processing of these types of data. 

3. If your response to Q2 is yes, please state whether it matters if, the users are residents using it within their jurisdiction and/or using it outside their jurisdiction; and/or it is a “B2B” (business to business) rather than “B2C” (business to end consumer) service. In each case, please summarise any implications (if applicable). 

  1. This may be relevant in the case of transfer of personal data out of BiH, as there are certain restrictions and/or additional requirements related to such transfer.
  2. Regardless of whether it is B2B or B2C service, if the personal data is processed, it must be processed in accordance with the relevant laws mentioned above.

Data protection requirements and implications must be taken into account in the context of location tracking and monitoring real-time information.  These include, inter alia, obtaining consent, informing the data subjects of such collection/processing and any similar obligations.

5. In the context of physicians relying on digital health apps (containing software), whether for in-person or via telemedicine consultations, are there circumstances where the physicians’ liability can be limited or transferred to the producer of the software contained in the app, or of the final product/app itself, when a fault or inaccuracy with the software (rather than the physicians’ error) occurs, leading to damage (or injury)? 

In general, the physician who, while performing his/her activity, uses an obviously inappropriate means or clearly inappropriate method of treatment or fails to apply appropriate hygiene measures, thereby causing a deterioration in the health condition of a person, shall be (criminally) liable for his/her actions.

Also, under general rules, a producer shall be liable for damage caused by a defect in its product, whilst a trader shall be liable for defects in the goods that exist at the time of transfer of risk to a consumer, regardless of whether he/she/it is aware of this fact, in accordance with the provisions of the relevant Law on Contracts and Torts.

All medical devices must have a certificate of conformity before being placed on the market under BiH.  The Agency for Medicines and Medical Devices of BiH, the entities ministr]ies of health or Health department of BD may request clinical trials of a medical device for the purposes of protecting the health of the population.

Non-compliance with the Law on Medical Devices may result in administrative offence proceedings where fines ranging from BAM 20,000 to BAM 50,000 (approx. EUR 10,000 – EUR 25,000) may be imposed on the license holder or another legal entity, as well as a potential fine for a responsible person within a legal entity for an amount up to BAM 10,000 (approx. EUR 5,000).

If the software is not considered a medical device, but rather a product, it has to comply with the requirements for general safety of the products and regulations defining consumer rights.

  1. Under the rules governing the general safety of the products, a fine in the range of BAM 1,000 – BAM 25,000 (approx. EUR 500 – EUR 12,500) for a legal entity may be issued, a fine of BAM 500 – BAM 10,000 (approx. EUR 250 – EUR 5,000) may be issued for an entrepreneur or natural person, as well as a fine in an amount up to BAM 2,000 (approx. EUR 1,000) may be imposed on a responsible person for non-compliance.  Additional legal consequences may arise in the form of damage claims.
  2. Moreover, fines for non-compliance with the consumer protection acts (depending on applicable territory) may be imposed in the amount up to BAM 15,000 (approx. EUR 7,500) for a trader, up to BAM 7,000 (approx. EUR 3,500) for an entrepreneur, up to BAM 5,500 (approx. EUR 2,750) for a distributor and up to BAM 5,000 (approx. EUR 2,500) for a responsible person, while a trader and manufacturer will be also liable under damages claims.

Regardless of the nature of the software, non-compliance with the Law on Personal Data Protection of BiH regarding the special category of data (e.g., medical data) may result in a fine ranging between BAM 10,000 – BAM 100,000 (approx. EUR 5,000 - EUR 50,000) as well as a possible fine for a responsible person and/or employee of a controller in an amount of up to BAM 15,000 (approx. EUR 7,500). Additional legal consequences may arise in the form of damage claims.

Currently there are no draft laws or regulations related to the digital health apps/software in the procedure.

Any future legal developments are likely to follow those of the EU.

Telemedicine

8. How are physicians regulated in your jurisdiction (i.e., who is their Regulator; e.g., the General Medical Council in the UK)?

The Ministry of Health of FBiH and RS, Medical Chamber of FBiH and RS, Agency for Quality and Accreditation in Healthcare in the Federation of Bosnia and Herzegovina (in local language: Agencija za kvalitet i akreditaciju u zdravstvu u FBiH – AKAZ FBiH) and Agency for Certification, Accreditation and Quality Improvement of Healthcare of the RS (in local  language: Agencija za sertifikaciju, akreditaciju i unapredjenje kvaliteta zdravstvene zastite RS - ASKVA RS) have regulatory oversight of physicians.

9. What laws and/or regulations apply to physicians regarding telemedicine?

Telemedicine is not regulated in BiH legislation, therefore, relevant laws regulating healthcare in general would apply.

10. Does the law in your jurisdiction regulate under what circumstances physicians can use telemedicine in order to treat patients?

No. 

11. Do the standards of care applicable to physicians change in the context of using telemedicine?

Given that telemedicine is not regulated by BiH legislation, no specific regulations or practices have been introduced in this regard.

12. Are there any restrictions on the type of medicine that can be prescribed through telemedicine?

As telemedicine is not regulated, there are no instructions related to prescription of medicines through telemedicine.

In addition, the digitisation of e-prescriptions by health institutions is not fully implemented across the whole territory of BiH. 

13. Are telemedicine services reimbursable under the state’s medical insurance / subsidy / coverage? 

As there are no specific regulations regarding telemedicine services, they are not separately listed as reimbursable under the state’s medical insurance/subsidy/coverage.

14. Are there specific data protection regulations covering telemedicine (outside the context of using a digital health app) in your jurisdiction? If so, please summarise what they are.

There are no specific data protection regulations covering telemedicine except for general regulation provided in the BiH Law on Personal Data Protection.

The Law on Personal Data Protection provides that processing of health data is allowed only if it is necessary for the purposes of preventive medicine or occupational medicine, assessing the working capacity of employees, medical diagnostics, providing health or social care services, or managing health or social systems, by law or by contract with a health worker, provided the processing is performed by or under the supervision of a healthcare professional or another person who has the obligation to maintain professional secrecy prescribed by law or professional rule.

Currently there are no draft laws or regulations related to the telemedicine in the procedure.  Any future legal developments are likely to follow the ones of the EU.