EU Data Governance Act

Framework for data intermediaries, data sharing, and the reuse of public sector data across the EU.

Applicable since 24 September 2023, the Data Governance Act is one of the first legislative pillars of the European Strategy for Data, establishing the institutional and regulatory framework for trustworthy data sharing across the EU. Rather than creating direct data access rights like the Data Act, the DGA focuses on the conditions and mechanisms through which data can be shared and reused, particularly data held by public sector bodies and data shared through intermediaries and for altruistic purposes.

The DGA affects public sector organisations that hold protected data, data intermediation service providers (data brokers and exchanges that facilitate sharing between data holders and data users), organisations engaging in data altruism (making data available for purposes of general interest), and any business or research entity seeking to reuse public sector data. The regulation applies across all sectors and Member States, creating a harmonised framework for data governance structures and trusted data sharing environments.

Key provisions include rules for the reuse of certain categories of data held by public sector bodies, such as commercially confidential data, statistically confidential data, and data protected by intellectual property rights. Public sector bodies must ensure that reuse conditions preserve protections for individuals and businesses while enabling access for research, innovation, and public interest purposes. The Act also establishes a notification and registration framework for data intermediation services, requiring these providers to remain neutral (they cannot use the data they intermediate for their own purposes) and to meet specific transparency and security requirements.

Data altruism is another pillar of the DGA, encouraging organisations and individuals to make data available for the common good, such as scientific research or public health. Data altruism organisations can seek registration in a European registry, gaining a recognised trustmark that signals compliance with transparency, accountability, and data protection standards. A European Data Innovation Board has been established to advise the Commission on best practices and facilitate cross-border data sharing.

The DGA lays the groundwork for the broader EU data regulatory architecture, complementing GDPR for personal data protection and the Data Act for data access rights. For businesses, understanding the DGA is important for navigating the emerging EU data sharing landscape, identifying opportunities to access public sector and intermediated data, and ensuring that their data sharing practices meet the governance standards that the EU is building as the foundation of its digital single market strategy.

Select your company type for tailored compliance guidance.