Er is een nieuwe versie van de technische fiche die de M2-criteria beschrijft gepubliceerd
De volgende tekst dient ter verduidelijking van criterium 6:
The providers of category 3 apps confirm that they have carried out a data protection impact assessment according to articles 35 and 36 of the General Data Protection Regulation (GDPR) and have made it publicly available, indicating the url where it is available.
In case the communication of personal data by the application requires an authorization from the Information Security Committee according to Chapter VII of the Act of December 13, 2006 containing various provisions concerning health, this communication only takes place after such authorization has been obtained and in accordance with the provisions of this authorization.