Data Governance Act

European Parliament and the Council

Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the center of this transformation and brings numerous benefits to society, for example through the improvement of personalised medicine or new mobility, and its contribution to the European Green Deal, among others. In this regard, in November 2020 the European Commission (EC) published the Proposal for a Data Governance Act for approval by the European Parliament and Council, and in May 2022, they have approved the final document. This Act establishes robust mechanisms to promote the availability of data and build a trustworthy environment to facilitate their use for research and the creation of innovative new services and products.


Data Governance Act

Watch video

Executive summary

In May 2022, the European Parliament and the Council have adopted the Data Governance Act, with the aim of facilitating the reuse of certain categories of protected public-sector data, increase trust in data intermediation services and foster data altruism across the EU. With this new regulation substantial rights on access and use of data are not amended or removed but complements the Directive on open data and re-use of public sector information.

Main content

This Technical Note summarizes the main aspects of the Regulation:

  • Re-use of categories of protected data held by public sector bodies. Applies to data held by public sector bodies which are protected on grounds of: i) commercial confidentiality; ii) statistical confidentiality; iii) protection of intellectual property rights of third parties; and iv) protection of personal data excluded from the scope of the Open Data Directive.
    • Prohibition of exclusive agreements. An exclusive right to re-use data may only be granted to the extent necessary for the provision of a service or product of general interest and for a maximum period of 12 months.
    • Conditions for re-use. Confidentiality obligations, intellectual property rights and specific obligations in case of transmission of data to a third country.
    • Single information point. Member States shall establish a new body or designate an existing body as a single information point. Requests for re-use will be sent here.
    • Procedure for requests for re-use. A period of two months from the date of receipt of the request is established for adopting decisions on the re-use of the data.
  • Requirements applicable to data sharing services.
    • Conditions for providing data intermediation services. Any data intermediation service provider must comply with a number of conditions in order to be able to provide these services.
    • Competent authorities. Each Member State shall designate one or more competent authorities in its territory, which will control and supervise compliance with the conditions
  • European Data Innovation Board. The EC will establish a European Data Innovation Board consisting of a group of experts, who will assist the EC in facilitating cooperation between national competent authorities.
  • Data altruism. Each designated competent authority shall maintain a register of altruistic data management organisations that have been recognised as such and monitor compliance with the requirements to be met by these organisations.

Next Steps

  • This Regulation entered into force on 23 June 2022 and is applicable in September 2023.
  • Entities providing the data intermediation services shall comply with the obligations set out in the Regulation by in September 2025.

Download the technical note by clicking here (also available in Spanish).