A Privacy-Preserving Federated Learning Framework
for the European Health Data Space
IEEE 2nd International Conference on Federated Learning and Intelligent Computing Systems - FLICS2026
(Valencia, Spain — June 9–12, 2026)
FL-EHDS represents the meeting point between federated artificial intelligence and European health data governance:
a framework that translates the regulatory complexity of the EHDS into an operational, federated, and secure computational architecture.
By bridging the gap between regulation and technology, FL-EHDS demonstrates that data sovereignty is not an obstacle to collaborative research, but its strongest foundation.
Figure 1. FL-EHDS composite architecture. (a) Three-layer compliance framework — Layer 1 (Governance) manages HDAB integration, data permit authorisation, and Article 71 opt-out registries; Layer 2 (FL Orchestration) operates within the Secure Processing Environment with gradient aggregation, differential privacy, and GDPR-compliant audit logging; Layer 3 (Data Holders) implements local model computation with raw health data never leaving institutional boundaries. (b) EHDS interoperability pipeline — heterogeneous sources across 27 Member States flow through terminology harmonisation (SNOMED CT, ICD-10, LOINC, ATC, UCUM), interoperability standards (FHIR R4, OMOP CDM, IHE profiles), and security/compliance layers before reaching the FL training engine.
FL-EHDS is a three-layer compliance framework that bridges the technology–governance divide for cross-border health analytics under the European Health Data Space (EHDS), Regulation (EU) 2025/327. The framework integrates 17 federated learning algorithms (2017–2025, including ICML 2024 Spotlight and ICLR 2025 advances) with EHDS governance mechanisms — Health Data Access Bodies (HDABs), data permits, citizen opt-out registries — and data holder components for adaptive training with FHIR R4 preprocessing and OMOP-CDM harmonisation.
Experimental validation across 6,004+ experiments on 8 tabular clinical and medical imaging datasets (569–101K samples) demonstrates that personalised FL achieves up to 26.8 pp accuracy gains over FedAvg, is hyperparameter-insensitive (≤1.44 pp across 100× lambda variation), and model-architecture invariant (MLP and TabNet, 2.9K–701K parameters). Under compound EHDS stress (data minimisation + opt-out + differential privacy), personalised methods outperform FedAvg in 81% of conditions (+9.6 pp mean), while full EHDS governance compliance costs only −0.7 pp (p < 0.001). Our evidence synthesis of 47 PRISMA documents reveals that unresolved regulatory questions — gradient data classification under GDPR, cross-border privacy budget harmonisation — constitute the critical adoption blocker, not technical limitations.
The EHDS mandates cross-border secondary use of health data across 27 EU Member States by 2029, yet fewer than one in four FL implementations achieve sustained production deployment in healthcare (Fröhlich et al., JMIR 2025). The dominant barriers are not purely technical: unresolved legal questions — gradient data classification under GDPR, cross-border privacy budget harmonisation, controller/processor allocation — create compliance uncertainties that no engineering solution alone can resolve.
Existing FL frameworks provide robust distributed training but lack EHDS-specific governance. Legal analyses examine GDPR constraints but abstract from implementation feasibility. Policy documents assess Member State readiness but do not integrate FL technical considerations.
No existing work provides an integrated framework addressing all three dimensions: systematic barrier evidence, technical implementation with state-of-the-art algorithms, and EHDS governance operationalisation — a gap confirmed by recent systematic reviews of FL frameworks for biomedical research (Chavero-Diez et al., NAR Genomics 2026).
| Dimension | FL-EHDS | Flower | NVIDIA FLARE | TFF |
|---|---|---|---|---|
| FL Algorithms | 17 built-in | 12+ strategies | 5 built-in | 3 built-in |
| Byzantine Resilience | 6 methods | 4 methods | — | — |
| Differential Privacy | Central + Local | Central + Local | Built-in | Adaptive clip. |
| Secure Aggregation | Pairwise + HE | SecAgg+ | Built-in + HE | Mask-based |
| EHDS Governance | Full | — | — | — |
| HDAB Integration | Yes | — | — | — |
| Data Permits (Art. 53) | Yes | — | — | — |
| Opt-out (Art. 71) | Yes | — | — | — |
| Healthcare Standards | FHIR R4 + OMOP | MONAI | MONAI | — |
| C1 | Barrier Taxonomy. Systematic evidence synthesis of 47 documents (847 screened; PRISMA methodology, GRADE-CERQual confidence assessment) identifying legal uncertainties as the critical adoption blocker. |
| C2 | FL-EHDS Framework. Three-layer reference architecture mapping identified barriers to governance-aware mitigation strategies, designed for incremental deployment during the 2025–2031 EHDS transition. |
| C3 | Reference Implementation. Open-source Python codebase (~40K lines, 159 modules) with 17 FL algorithms, EHDS governance modules, and an interactive deployment dashboard. |
| C4 | Experimental Validation. 6,004+ experiments across tabular clinical and medical imaging datasets with differential privacy ablation (ε ∈ {1, 5, 10, 50}), Article 71 opt-out simulation, 720 governance hypothesis tests, compound EHDS stress evaluation, and 10-seed statistical validation. |
FL-EHDS is organised into three layers following the EHDS data flow. Raw health data never leaves institutional boundaries — only encrypted model gradients are exchanged within the Secure Processing Environment.
| Layer | Scope | Key Components |
|---|---|---|
| L1 — Governance | HDAB integration, regulatory compliance | Data Permit Manager (Art. 53), Opt-Out Registry (Art. 71), Cross-Border Coordinator (Arts. 46, 50), GDPR Art. 30 audit trail |
| L2 — FL Orchestration | Secure Processing Environment (SPE) | 17 aggregation algorithms, DP-SGD with RDP accounting, secure aggregation (pairwise masking, ECDH), 6 Byzantine resilience methods, compliance module |
| L3 — Data Holders | Institutional computation | Adaptive local training engine, FHIR R4 preprocessing (6 resource types), OMOP-CDM harmonisation (SNOMED CT, ICD-10, LOINC, ATC, UCUM), secure gradient communication (AES-256-GCM, mTLS) |
The governance layer includes a fully functional simulation backend (OAuth2/mTLS authentication, permit CRUD, LRU-cached registry lookups) that requires only endpoint configuration — not architectural changes — for production binding to HDAB services (expected 2027–2029).
| EHDS Article | Requirement | Framework Component |
|---|---|---|
| Art. 33 | Secondary use authorisation | HDAB API + Permit validation |
| Art. 46 | Cross-border processing | Multi-HDAB coordinator (10 EU country profiles) |
| Art. 50 | Secure Processing Environment | All aggregation executed within SPE boundary |
| Art. 53 | Permitted purposes | Purpose limitation module with permit lifecycle |
| Art. 71 | Citizen opt-out mechanism | Registry filtering (record / patient / dataset level) |
| GDPR Art. 30 | Records of processing activities | Immutable audit trail (7-year retention) |
17 FL algorithms spanning six categories, from foundational methods to ICML 2024 and ICLR 2025 advances:
| Algorithm | Venue | Category | Key Mechanism |
|---|---|---|---|
| FedAvg | AISTATS 2017 | Baseline | Weighted model averaging |
| FedProx | MLSys 2020 | Non-IID | Proximal regularisation (μ) |
| SCAFFOLD | ICML 2020 | Non-IID | Control variates for drift correction |
| FedNova | NeurIPS 2020 | Non-IID | Normalised averaging for unequal local steps |
| FedDyn | ICLR 2021 | Non-IID | Dynamic regularisation |
| FedAdam | ICLR 2021 | Adaptive | Server-side Adam momentum |
| FedYogi | ICLR 2021 | Adaptive | Controlled adaptive learning rate |
| FedAdagrad | ICLR 2021 | Adaptive | Server-side gradient accumulation |
| Per-FedAvg | NeurIPS 2020 | Personalisation | MAML-based meta-learning |
| Ditto | ICML 2021 | Personalisation | L2-regularised personal models |
| FedLC | ICML 2022 | Label skew | Logit calibration |
| FedSAM | ICML 2022 | Generalisation | Sharpness-aware flat minima |
| FedDecorr | ICLR 2023 | Representation | Decorrelation against dimensional collapse |
| FedSpeed | ICLR 2023 | Efficiency | Fewer communication rounds |
| FedExP | ICLR 2023 | Server-side | POCS-based step size |
| FedLESAM | ICML 2024 Spotlight | Generalisation | Globally-guided sharpness-aware optimisation |
| HPFL | ICLR 2025 | Personalisation | Shared backbone + personalised classifiers |
Byzantine resilience (6 methods): Krum, Multi-Krum, Trimmed Mean, Coordinate-wise Median, Bulyan, FLTrust — defending against up to f < n/3 adversarial clients.
Algorithm Selection Guide for EHDS Deployments
| EHDS Scenario | Recommended | Rationale |
|---|---|---|
| Homogeneous Member States | FedAvg | Simplicity, well-studied convergence bounds |
| Heterogeneous Member States | SCAFFOLD | Variance reduction under client drift |
| Resource-limited institutions | FedAdam | Fast convergence, fewer rounds needed |
| Privacy-critical studies | FedAvg + DP | Well-studied DP composition bounds |
| Sparse participation / dropout | FedProx | Proximal term provides dropout resilience |
| Label-imbalanced populations | FedLC | Class-frequency logit calibration |
| Communication-constrained | FedSpeed | Optimised for fewer communication rounds |
| Per-hospital personalisation | HPFL | Shared backbone + local decision boundaries |
The framework supports 19 healthcare datasets across four modalities. Eight are experimentally evaluated in the paper:
| Dataset | Samples | Type | Classes | FL Partition | EHDS Category |
|---|---|---|---|---|---|
| PTB-XL ECG | 21,799 | Tabular | 5 | Natural (52 EU sites) | SCP-ECG diagnostics |
| Cardiovascular Disease | 70,000 | Tabular | 2 | Dirichlet (α = 0.5) | Vitals, lab, risk factors |
| Diabetes 130-US | 101,766 | Tabular | 2 | Dirichlet (α = 0.5) | EHR, ICD-9, medications |
| Heart Disease UCI | 920 | Tabular | 2 | Natural (4 hospitals) | Vitals, ECG, lab results |
| Breast Cancer Wisconsin | 569 | Tabular | 2 | Dirichlet (α = 0.5) | Pathology (FNA cytology) |
| Chest X-ray | 5,856 | Imaging | 2 | Dirichlet (α = 0.5) | Radiology (DICOM) |
| Brain Tumor MRI | 7,023 | Imaging | 4 | Dirichlet (α = 0.5) | Neuro-imaging (DICOM) |
| Skin Cancer | 3,297 | Imaging | 2 | Dirichlet (α = 0.5) | Dermatology (DICOM) |
Additional Supported Datasets (11)
Stroke Prediction (5,110), CDC Diabetes BRFSS (253,680), CKD UCI (400), Cirrhosis Mayo (418), Synthea FHIR R4 (1,180), SMART Bulk FHIR (120), FHIR R4 Synthetic (configurable), OMOP-CDM Harmonized (configurable), Diabetic Retinopathy (35,126 images, 5-class), Brain Tumor MRI alt. (3,264 images, 4-class), ISIC Skin Lesions (2,357 images, 9-class). These are integrated in the framework but not evaluated in the current paper. Full details in Supplementary Material, Table S-I.
Results from 6,004+ experiments: 7-algorithm primary benchmark, 17-algorithm non-IID sweep (210 exp.), DP ablation, opt-out simulation, 720 governance hypothesis tests, compound EHDS stress evaluation, 516 thesis robustness experiments, and 10-seed statistical validation.
| Finding | Evidence |
|---|---|
| Personalisation gains up to 26.8 pp | Breast Cancer: Ditto 79.1% vs. FedAvg 52.3%; Brain Tumor: Ditto +23.5 pp |
| Best-FL gap to centralised ≤ 2.4 pp | PTB-XL: HPFL 92.5% vs. centralised 92.6%; CV: Ditto 82.5% vs. 73.5% |
| HPFL outperforms FedAvg on all 3 tabular datasets | p = 0.004, 0.002, 0.031 (Wilcoxon, 10-seed); pooled p < 0.001 |
| DP at ε = 10 imposes negligible cost | < 2 pp accuracy cost across PTB-XL and Cardiovascular |
| DP noise as regularisation | FedAvg ε = 5 → 78.7% vs. 52.3% without DP on Breast Cancer (+26.4 pp) |
| Art. 71 opt-out at 30% is negligible | < 1 pp drop on adequately sized datasets (225 + 90 dynamic exp.) |
| Full EHDS compliance costs −0.7 pp | Ditto under simultaneous data minimisation + opt-out + DP (p < 0.001) |
| Compound stress: personalisation wins 81% | Ditto outperforms FedAvg in 81% of conditions (+9.6 pp mean, 216 exp.) |
| Cross-border heterogeneous DP: −0.9 pp | Per-client privacy budgets vs. no-DP; mixed > strictest-wins (+3.8 pp) |
| Hyperparameter-insensitive: ≤1.44 pp | Lambda 100× variation (75 exp.); model-invariant across MLP and TabNet |
| Governance overhead < 1.1% per round | 18 experiments; Ditto +1.0%, HPFL −0.3% (within noise) |
| PTB-XL validates European FL | 92.5% accuracy (HPFL), 5-class ECG, 52 sites, Jain fairness 0.999 |
Best accuracy per dataset in bold. Mean ± std over 5 seeds. PX = PTB-XL ECG (5 clients, site-based), CV = Cardiovascular (5 clients, α = 0.5), BC = Breast Cancer (3 clients, α = 0.5).
| Algorithm | PX Acc (%) | PX Jain | CV Acc (%) | CV Jain | BC Acc (%) | BC Jain |
|---|---|---|---|---|---|---|
| FedAvg | 91.9 ± 0.5 | 0.999 | 71.1 ± 1.8 | 0.981 | 52.3 ± 17.9 | 0.608 |
| FedProx | 91.6 ± 0.7 | 0.999 | 71.5 ± 1.2 | 0.986 | 52.3 ± 17.9 | 0.608 |
| Ditto | 91.8 ± 0.3 | 0.999 | 82.5 ± 4.7 | 0.980 | 79.1 ± 12.5 | 0.606 |
| FedLC | 91.9 ± 0.5 | 0.999 | 71.1 ± 1.6 | 0.982 | 52.1 ± 18.1 | 0.606 |
| FedExP | 92.0 ± 0.2 | 0.999 | 71.1 ± 1.8 | 0.981 | 52.3 ± 17.9 | 0.608 |
| FedLESAM | 91.9 ± 0.5 | 0.999 | 71.1 ± 1.8 | 0.981 | 52.3 ± 17.9 | 0.608 |
| HPFL | 92.5 ± 0.3 | 0.999 | 82.3 ± 4.5 | 0.984 | 74.1 ± 20.9 | 0.867 |
4 hospitals, natural non-IID. Centralised: 60 epochs, Adam (lr = 0.01). FL: 20 rounds × 3 local epochs. Mean ± std, 5 seeds.
| Approach | Accuracy | F1 | AUC | Gap |
|---|---|---|---|---|
| Centralised (upper bound) | 79.6 ± 5.0% | .789 | .873 | — |
| Local-Only | 78.6 ± 2.9% | .582 | — | −1.0 pp |
| FL — Ditto | 76.0 ± 2.3% | .772 | .819 | −3.6 pp |
| FL — HPFL | 75.0 ± 2.8% | .756 | .810 | −4.6 pp |
| FL — FedAvg | 64.8 ± 7.9% | .753 | .846 | −14.8 pp |
ResNet-18 with GroupNorm + FedBN. K = 5 clients, Dirichlet α = 0.5. Mean over 3 seeds.
| Algorithm | Chest X-ray | Brain Tumor | Skin Cancer |
|---|---|---|---|
| FedAvg | 87.3% | 53.8% | 65.0% |
| Ditto | 80.0% | 77.3% (+23.5 pp) | 90.5% (+25.5 pp) |
| FedLESAM | 87.8% | — | — |
| HPFL | 69.1% | 50.0% | 60.9% |
Accuracy (%) under central DP. Gaussian mechanism, C = 1.0, δ = 10⁻⁵. Mean over 5 seeds.
| Algorithm | ε = 1 | ε = 5 | ε = 10 | No DP |
|---|---|---|---|---|
| FedAvg | 52.3 | — | 92.4 | 91.9 |
| Ditto | 89.2 | — | 91.6 | 91.8 |
| HPFL | 87.1 | — | 92.4 | 92.5 |
Key insight. Personalised methods are remarkably DP-robust. At ε = 1, FedAvg collapses (−39.6 pp) while Ditto and HPFL retain > 87% accuracy. At ε = 10, privacy imposes negligible utility cost for all algorithms.
Wilcoxon signed-rank test. HPFL is the only algorithm significantly outperforming FedAvg on all three datasets individually.
| Algorithm | vs. FedAvg (PX) | vs. FedAvg (CV) | vs. FedAvg (BC) | Pooled |
|---|---|---|---|---|
| Ditto | p = 0.492 | p = 0.002 | p = 0.016 | p < 0.001 |
| HPFL | p = 0.004 | p = 0.002 | p = 0.031 | p < 0.001 |
The framework implements Rényi Differential Privacy (RDP) accounting with 5–6× tighter bounds than naive composition:
| Mechanism | Gaussian noise with L2 gradient clipping (max norm = 1.0) |
| Accounting | RDP → (ε, δ)-DP conversion with optimal order selection |
| Budget | Configurable per data permit (default ε = 1.0, δ = 10⁻⁵) |
| Enforcement | BudgetExhaustedError terminates training at HDAB-approved threshold |
| Tracking | Per-round cumulative expenditure with audit logging |
Pairwise masking protocol with ECDH key exchange (SECP384R1 curve), Shamir secret sharing with threshold reconstruction, homomorphic encryption support (CKKS scheme via TenSEAL). Dropout threshold: 50% client participation required.
| Adversary | Capability | Defence |
|---|---|---|
| A1 — Honest-but-curious server | Follows protocol, infers from gradients | Central DP + Secure aggregation |
| A2 — Malicious clients (< n/3) | Arbitrary protocol deviation | 6 Byzantine-resilient aggregation rules |
| A3 — External attacker | Black-box model access | Art. 71 output filtering + HDAB permit control |
Six defence methods: Krum, Multi-Krum, Trimmed Mean, Coordinate-wise Median, Bulyan, FLTrust. Attack simulation: label flipping, gradient scaling, additive noise, sign flipping, model replacement.
- Python ≥ 3.10 · PyTorch ≥ 2.0 · CUDA-capable GPU (optional; CPU and Apple Silicon MPS supported)
git clone https://github.com/FabioLiberti/FL-EHDS-FLICS2026.git
cd FL-EHDS-FLICS2026/fl-ehds-framework
pip install -e .git clone https://github.com/FabioLiberti/FL-EHDS-FLICS2026.git
cd FL-EHDS-FLICS2026/fl-ehds-framework
conda create -n flehds python=3.11 -y
conda activate flehds
pip install -e .Dependencies
Core: torch, numpy, scipy, scikit-learn, pydantic, cryptography, structlog, fhir.resources
CLI: questionary, tqdm · Dashboard: streamlit, plotly · Healthcare: hl7apy
cd fl-ehds-framework
python -m terminalThe terminal interface provides full access through 11 specialised screens:
| Screen | Function |
|---|---|
| Training | Single algorithm training with dataset selection |
| Comparison | Multi-algorithm benchmark (up to 17 algorithms) |
| Guided Comparison | Pre-configured clinical scenarios |
| Algorithm Explorer | Detailed documentation and selection guidance |
| Dataset Management | Browse, preview, and analyse 19 datasets |
| Privacy Dashboard | DP budget analysis, RDP accounting, ε-allocation |
| Benchmark Suite | Reproducible experiment configurations |
| Byzantine Resilience | Adversarial robustness testing (6 attack types) |
| EHDS Governance | Permit lifecycle, opt-out registry, compliance status |
| Monitoring | Real-time convergence, communication cost |
| Cross-Border | Multi-HDAB coordination across EU country profiles |
streamlit run dashboard/app.pyfrom fl_ehds.orchestration import FederatedTrainer
trainer = FederatedTrainer(
dataset="ptb_xl",
num_clients=5,
algorithm="HPFL",
num_rounds=30,
local_epochs=3,
privacy={"epsilon": 10.0, "delta": 1e-5, "clip_norm": 1.0},
partition="site_based",
permit_id="HDAB-DE-2026-042",
device="cuda"
)
results = trainer.train()
# → accuracy, f1, auc, loss, jain_fairness, privacy_spent per roundAll experiments reported in the paper are fully reproducible. Results, checkpoints, and analysis outputs are auto-saved to benchmarks/paper_results_tabular/, benchmarks/paper_results_delta/, and benchmarks/paper_results/. All scripts support SIGINT-safe interruption with atomic checkpointing.
# Phase 1 — Baseline comparison (105 experiments, ~45 min)
python -m benchmarks.run_tabular_optimized
# Phase 2 — Multi-phase sweep: heterogeneity, client scaling, lr (1,125 experiments, ~4.5h)
python -m benchmarks.run_tabular_sweep --phase all
# Phase 3 — Differential privacy ablation (180 experiments, ~1.5h)
python -m benchmarks.run_tabular_dp
# Phase 4 — 10-seed statistical validation (105 experiments, ~40 min)
python -m benchmarks.run_tabular_seeds10
# Phase 5 — Article 71 opt-out impact (225 experiments, ~1.5h)
python -m benchmarks.run_tabular_optout
# Phase 6 — Deep MLP differentiation (70 experiments, ~1.5h)
python -m benchmarks.run_tabular_deep_mlp
# Analysis — Generates all tables, figures, and statistical tests
python -m benchmarks.analyze_tabular_extended# Full run (7 algorithms × 5 datasets × 3 seeds)
python -m benchmarks.run_full_experiments
# Extended imaging (Chest X-ray, Brain Tumor, Skin Cancer)
python -m benchmarks.run_imaging_extended
python -m benchmarks.run_imaging_multi
# Resume after interruption
python -m benchmarks.run_full_experiments --resume# Governance hypothesis testing — H1, H2, H3 (720 experiments)
python -m benchmarks.run_governance_hypotheses
python -m benchmarks.run_governance_hypotheses_cv
# Governance overhead benchmarking (18 experiments)
python -m benchmarks.run_governance_validation
# Extended governance validation
python -m benchmarks.run_governance_extended# Thesis robustness validation (516 experiments)
python -m benchmarks.run_thesis_robustness
# Cascading analysis phases (Cascades 2–10)
python -m benchmarks.run_analysis_cascade2 # through cascade10| Dataset | lr | Batch | Rounds | K | Partition | Model |
|---|---|---|---|---|---|---|
| PTB-XL ECG | 0.005 | 64 | 30 | 5 | Site-based | HealthcareMLP (~10K params) |
| Cardiovascular | 0.01 | 64 | 25 | 5 | Dirichlet α = 0.5 | HealthcareMLP (~10K params) |
| Breast Cancer | 0.001 | 16 | 40 | 3 | Dirichlet α = 0.5 | HealthcareMLP (~10K params) |
| Chest X-ray | 0.001 | 32 | 25 | 5 | Dirichlet α = 0.5 | ResNet-18 (~11.2M params) |
| Brain Tumor MRI | 0.001 | 32 | 25 | 5 | Dirichlet α = 0.5 | ResNet-18 (~11.2M params) |
| Skin Cancer | 0.001 | 32 | 25 | 5 | Dirichlet α = 0.5 | ResNet-18 (~11.2M params) |
All tabular experiments: Adam optimiser, early stopping (patience = 6). Imaging: GroupNorm (replacing BatchNorm for FL stability), FedBN.
Reproducibility Outputs
Each experiment run auto-generates:
| Output | Format | Description |
|---|---|---|
results.json |
JSON | Complete results, training histories, full configuration |
summary_results.csv |
CSV | Final metrics with standard deviations |
history_all_metrics.csv |
CSV | Per-round Acc, Loss, F1, Precision, Recall, AUC |
table_results.tex |
LaTeX | Publication-ready table |
plot_convergence_*.png |
PNG | Convergence curves for all metrics |
plot_metrics_comparison.png |
PNG | Bar chart of final metric comparison |
FL-EHDS-FLICS2026/
│
├── paper/ # Conference paper and figures
│ └── paper2rel/
│ ├── flics_fl_ehds_v11.tex # Main paper (9 pages, IEEE format)
│ ├── flics_fl_ehds_supplementary_v11.tex # Supplementary (98 pages)
│ ├── figures/ # 40+ figures (architecture, convergence, DP)
│ └── scripts/ # Figure generation scripts
│
├── paper_submitted/ # Submitted versions (FLICS 2026)
│ ├── flics_fl_ehds_v11.{tex,pdf}
│ └── flics_fl_ehds_supplementary_v11.{tex,pdf}
│
├── fl-ehds-framework/ # Framework source (~40K lines)
│ │
│ ├── core/ # ── Core FL Engine (31 modules) ──
│ │ ├── fl_algorithms.py # 17 FL algorithms (FedAvg → HPFL)
│ │ ├── personalized_fl.py # Ditto, Per-FedAvg, HPFL
│ │ ├── byzantine_resilience.py # 6 defence methods + attack simulation
│ │ ├── secure_aggregation.py # Pairwise masking, ECDH, Shamir
│ │ ├── gradient_compression.py # Top-k sparsification
│ │ ├── vertical_fl.py # Vertical (split) FL
│ │ ├── continual_fl.py # Continual learning + EWC
│ │ ├── fairness_fl.py # q-FedAvg, FedMinMax
│ │ └── ... # (+22 modules: async, hierarchical, etc.)
│ │
│ ├── governance/ # ── Layer 1: EHDS Governance (18 modules) ──
│ │ ├── hdab_integration.py # OAuth2/mTLS, HDAB API
│ │ ├── data_permits.py # Art. 53 lifecycle (PENDING→ACTIVE→EXPIRED)
│ │ ├── optout_registry.py # Art. 71 filtering (record/patient/dataset)
│ │ ├── data_minimization.py # GDPR data minimisation enforcement
│ │ ├── jurisdiction_privacy.py # Cross-border DP budget coordination
│ │ └── ... # (+13 modules: compliance, fees, routing)
│ │
│ ├── orchestration/ # ── Layer 2: FL Orchestration (SPE) ──
│ │ ├── aggregation/ # FedAvg, FedProx base implementations
│ │ ├── privacy/ # DP-SGD, RDP accounting, secure aggregation
│ │ └── compliance/ # Purpose limitation (Art. 53)
│ │
│ ├── data_holders/ # ── Layer 3: Data Holders ──
│ │ ├── training_engine.py # Adaptive local training (CUDA/MPS/CPU)
│ │ ├── fhir_preprocessing.py # HL7 FHIR R4 transformation pipeline
│ │ └── secure_communication.py # E2E encrypted gradients (AES-256-GCM)
│ │
│ ├── models/ # Model architectures
│ │ ├── model_zoo.py # HealthcareMLP, DeepMLP, TabNet, CNN, ResNet-18
│ │ └── cnn_fl_trainer.py # Imaging FL trainer (GroupNorm + FedBN)
│ │
│ ├── data/ # Dataset loaders (13 loaders, 19 datasets)
│ │ ├── real_datasets.py # Unified loader interface
│ │ ├── ptbxl_loader.py # PTB-XL ECG (21,799 samples)
│ │ ├── cardiovascular_loader.py # Cardiovascular Disease (70,000)
│ │ └── ... # (+10 loaders: diabetes, breast cancer, etc.)
│ │
│ ├── terminal/ # Terminal CLI (15 screens)
│ │ ├── screens/ # Training, Byzantine, Privacy, Governance, ...
│ │ └── training/ # Federated + centralised training backends
│ │
│ ├── dashboard/ # Streamlit web interface (14 modules)
│ │ └── app_v4.py # Main dashboard application
│ │
│ ├── benchmarks/ # Reproducible experiment suite (83 scripts)
│ │ ├── run_tabular_*.py # Tabular experiments (8 scripts)
│ │ ├── run_imaging_*.py # Imaging experiments (14 scripts)
│ │ ├── run_governance_*.py # EHDS governance validation (4 scripts)
│ │ ├── run_analysis_cascade*.py # Cascading analysis phases (10 scripts)
│ │ ├── run_cascade2_*.py # Cascade 2 experiments (4 scripts)
│ │ ├── analyze_tabular_extended.py # Tables, figures, statistical tests
│ │ ├── paper_results_tabular/ # Tabular checkpoints (247 files)
│ │ ├── paper_results_delta/ # DP/delta checkpoints (26 files)
│ │ ├── paper_results/ # Imaging checkpoints (16 files)
│ │ └── results_optout/ # Opt-out experiment results
│ │
│ ├── notebooks/ # Jupyter/Colab notebooks (9)
│ ├── experiments/ # Centralised vs. federated comparison
│ ├── tests/ # Unit test suite (pytest)
│ ├── docs/ # Framework documentation + PRISMA
│ ├── config/ # YAML configuration
│ └── setup.py
│
├── VERSION_HISTORY.md
├── EXPERIMENT_STATUS.md
├── LICENSE
└── README.md
@inproceedings{liberti2026flehds,
title = {{FL-EHDS}: A Privacy-Preserving Federated Learning Framework
for the {European Health Data Space}},
author = {Liberti, Fabio},
booktitle = {Proceedings of the IEEE International Conference on
Federated Learning in Integrated Computing and Services (FLICS)},
year = {2026},
address = {Valencia, Spain}
}- European Commission. "Regulation (EU) 2025/327 on the European Health Data Space." Official Journal of the EU, 2025.
- McMahan, B. et al. "Communication-Efficient Learning of Deep Networks from Decentralized Data." AISTATS, 2017.
- Li, T. et al. "Federated Optimization in Heterogeneous Networks." MLSys, 2020.
- Karimireddy, S.P. et al. "SCAFFOLD: Stochastic Controlled Averaging for Federated Learning." ICML, 2020.
- Li, T. et al. "Ditto: Fair and Robust Federated Learning Through Personalization." ICML, 2021.
- Reddi, S. et al. "Adaptive Federated Optimization." ICLR, 2021.
- Qu, Z. et al. "FedLESAM: Federated Learning with Locally Estimated Sharpness-Aware Minimization." ICML, 2024. (Spotlight)
- Chen, Y. et al. "HPFL: Hot-Pluggable Federated Learning." ICLR, 2025.
- Fröhlich, H. et al. "Reality Check: The Aspirations of the EHDS." JMIR, 2025.
- Dwork, C. and Roth, A. "The Algorithmic Foundations of Differential Privacy." Found. Trends Theor. Comput. Sci., 2014.
This project is released under the MIT License.
The author thanks Prof. Sadi Alawadi for supervision and guidance.
Fabio Liberti
Department of Computer Science, Universitas Mercatorum, Rome, Italy
fabio.liberti@studenti.unimercatorum.it · ORCID 0000-0003-3019-5411