On 14 May 2026, the Member State Coordination Group on Health Technology Assessment (HTA Coordination Group) adopted Guiding Principles on Data Transparency under Article 3(7), points (c) and (h), of Regulation (EU) 2021/2282. The document opens with a disclaimer of legal force; its operational architecture, a self-authored definition of ‘commercially confidential information’, a categorical declaration that broad classes of clinical data are in general non-confidential, and a recourse procedure run by the same family of actors that produced the rule, has consequences that the disclaimer cannot dissolve. We argue that the Guiding Principles sit uneasily with EU lex specialis on commercial confidentiality and with case-by-case jurisprudence on disclosure; that, in producing them, the HTA Coordination Group has concentrated rulemaking, executive and quasi-judicial functions in a manner that engages the principle of conferred powers, the Meroni doctrine, and Articles 41 and 47 of the Charter; and that the corrective is institutional rather than substantive: the problem lies in how the rules were made and by whom, not only in their content.