The European Data Governance Act (DGA)



What is the European Data Governance Act (DGA)?

The European Data Governance Act facilitates data sharing across sectors and EU countries, in order to leverage the potential of data for the benefit of EU citizens and businesses. It makes many sectors of the economy more efficient and sustainable, and leads to more transparent governance and more efficient public services.

The EU will boost the development of trustworthy data-sharing systems through 4 broad sets of measures:

1. Mechanisms to facilitate the reuse of certain public sector data that cannot be made available as open data. For example, the reuse of health data could advance research to find cures for rare or chronic diseases.

2. Measures to ensure that data intermediaries will function as trustworthy organisers of data sharing or pooling within the common European data spaces.

3. Measures to make it easier for citizens and businesses to make their data available for the benefit of society.

4. Measures to facilitate data sharing, in particular to make it possible for data to be used across sectors and borders, and to enable the right data to be found for the right purpose.

The European Data Governance Act is a key pillar of the "European strategy for data" (European Commission, 19.2.2020). The aim is to create a single European data space, – a single market for data, where personal as well as non-personal data, including sensitive business data, are secure, and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint.

It should be a space where EU law can be enforced effectively, and where all data-driven products and services comply with the relevant norms of the EU’s single market. To this end, the EU should combine fit-for-purpose legislation and governance to ensure availability of data, with investments in standards, tools and infrastructures as well as competences for handling data. This favourable context, promoting incentives and choice, will lead to more data being stored and processed in the EU.


Understanding the European Data Governance Act.

The European Commission has proposed a Regulation on European data governance as part of its data strategy. This new Regulation will play a vital role in ensuring the EU’s leadership in the global data economy.

On 23 February 2022, the European Commission proposed a Regulation on harmonised rules on fair access to and use of data (Data Act). The Data Act is also a key pillar of the European strategy for data. Its main objective is to make Europe a leader in the data economy by harnessing the potential of the ever-increasing amount of industrial data, in order to benefit the European economy and society.

Over the last few years, digital technologies have transformed the economy and society, affecting all sectors of activity and daily life. Data is at the centre of this transformation: data-driven innovation will bring enormous benefits for citizens, for example through improved personalised medicine, new mobility, and its contribution to the European Green Deal.

In its Data Strategy, the Commission described the vision of a common European data space, a Single Market for data in which data could be used irrespective of its physical location of storage in the Union in compliance with applicable law. It also called for the free and safe flow of data with third countries, subject to exceptions and restrictions for public security, public order and other legitimate public policy objectives of the European Union, in line with international obligations.

In order to turn that vision into reality, it proposes to establish domain-specific common European data spaces, as the concrete arrangements in which data sharing and data pooling can happen. As foreseen in that strategy, such common European data spaces can cover areas such as health, mobility, manufacturing, financial services, energy, or agriculture or thematic areas, such as the European green deal or European data spaces for public administration or skills.

Providers of data sharing services (data intermediaries) are expected to play a key role in the data economy, as a tool to facilitate the aggregation and exchange of substantial amounts of relevant data. Data intermediaries offering services that connect the different actors have the potential to contribute to the efficient pooling of data as well as to the facilitation of bilateral data sharing.

Specialised data intermediaries that are independent from both data holders and data users can have a facilitating role in the emergence of new data-driven ecosystems independent from any player with a significant degree of market power. This Regulation should only cover providers of data sharing services that have as a main objective the establishment of a business, a legal and potentially also technical relation between data holders, including data subjects, on the one hand, and potential users on the other hand, and assist both parties in a transaction of data assets between the two. It should only cover services aiming at intermediating between an indefinite number of data holders and data users, excluding data sharing services that are meant to be used by a closed group of data holders and users.

Providers of cloud services should be excluded, as well as service providers that obtain data from data holders, aggregate, enrich or transform the data and licence the use of the resulting data to data users, without establishing a direct relationship between data holders and data users, for example advertisement or data brokers, data consultancies, providers of data products resulting from value added to the data by the service provider.

At the same time, data sharing service providers should be allowed to make adaptations to the data exchanged, to the extent that this improves the usability of the data by the data user, where the data user desires this, such as to convert it into specific formats. In addition, services that focus on the intermediation of content, in particular on copyright-protected content, should not be covered by this Regulation. Data exchange platforms that are exclusively used by one data holder in order to enable the use of data they hold as well as platforms developed in the context of objects and devices connected to the Internet-of-Things that have as their main objective to ensure functionalities of the connected object or device and allow value added services, should not be covered by this Regulation.


According to Article 1, Subject matter and scope:

(1) This Regulation lays down:

(a) conditions for the re-use, within the Union, of certain categories of data held by public sector bodies;

(b) a notification and supervisory framework for the provision of data sharing services;

(c) a framework for voluntary registration of entities which collect and process data made available for altruistic purposes.

(2) This Regulation is without prejudice to specific provisions in other Union legal acts regarding access to or re-use of certain categories of data, or requirements related to processing of personal or non-personal data. Where a sector-specific Union legal act requires public sector bodies, providers of data sharing services or registered entities providing data altruism services to comply with specific additional technical, administrative or organisational requirements, including through an authorisation or certification regime, those provisions of that sector-specific Union legal act shall also apply.


According to Article 11, Conditions for providing data sharing services:

The provision of data sharing services shall be subject to the following conditions:

(1) the provider may not use the data for which it provides services for other purposes than to put them at the disposal of data users and data sharing services shall be placed in a separate legal entity;

(2) the metadata collected from the provision of the data sharing service may be used only for the development of that service;

(3) the provider shall ensure that the procedure for access to its service is fair, transparent and non-discriminatory for both data holders and data users, including as regards prices;

(4) the provider shall facilitate the exchange of the data in the format in which it receives it from the data holder and shall convert the data into specific formats only to enhance interoperability within and across sectors or if requested by the data user or where mandated by Union law or to ensure harmonisation with international or European data standards;

(5) the provider shall have procedures in place to prevent fraudulent or abusive practices in relation to access to data from parties seeking access through their services;

(6) the provider shall ensure a reasonable continuity of provision of its services and, in the case of services which ensure storage of data, shall have sufficient guarantees in place that allow data holders and data users to obtain access to their data in case of insolvency;

(7) the provider shall put in place adequate technical, legal and organisational measures in order to prevent transfer or access to non-personal data that is unlawful under Union law;

(8) the provider shall take measures to ensure a high level of security for the storage and transmission of non-personal data;

(9) the provider shall have procedures in place to ensure compliance with the Union and national rules on competition;

(10) the provider offering services to data subjects shall act in the data subjects’ best interest when facilitating the exercise of their rights, in particular by advising data subjects on potential data uses and standard terms and conditions attached to such uses;

(11) where a provider provides tools for obtaining consent from data subjects or permissions to process data made available by legal persons, it shall specify the jurisdiction or jurisdictions in which the data use is intended to take place.


Understanding the European strategy for data.

The creation of sector-specific and domain-specific data spaces has been announced:

1. Common European industrial (manufacturing) data space.

Europe has a strong industrial base, and manufacturing in particular is an area where the generation of and use of data can make a significant difference to the performance and competitiveness of European industry. In order to unleash this potential, the Commission will:

a. Address issues related to the usage rights on co-generated industrial data (IoT data created in industrial settings), as part of a wider Data Act.

b. Gather key players from the manufacturing sector to agree – in a manner compliant with competition rules as well as principles of fair contracts – the conditions under which they would be ready to share their data and how to further boost data generation, notably via smart connected products (Q2 2020 onwards). Where data generated by individuals are concerned, their interests should be fully taken into account in such a process and compliance with data protection rules must be ensured.


2. Common European Green Deal data space.

Europe’s Green Deal has set out the ambitious goal for Europe to become the world's first climate-neutral continent by 2050. The Commission’s Communication clearly underlines the importance of data for achieving this goal. A European green data space can exploit the major potential of data in support of the Green Deal priority actions on climate change, circular economy, zero-pollution, biodiversity, deforestation and compliance assurance.


3. Common European mobility data space.

Transport and mobility are at the forefront of the debate on data sharing, an area where the EU has many assets. This concerns the automotive sector, where connected cars critically depend on data, as well as other transport modes. Digitisation and data in all modes of transport and in logistics will be an essential component of further work on the ‘European Transport System’ and in particular in the upcoming ‘Smart and Sustainable Transport Strategy’ (Q4 2020). This will include actions in all transport sectors as well as for cross-modal data sharing logistics and passengers ecosystems.


4. Common European health data space.

The current regulatory and research models rely on access to health data, including individual level data from patients. Strengthening and extending the use and re-use of health data is critical for innovation in the healthcare sector. It also helps healthcare authorities to take evidence-based decisions to improve the accessibility, effectiveness and sustainability of the healthcare systems. It also contributes to the competitiveness of the EU’s industry. Better access to health data can significantly support the work of regulatory bodies in the healthcare system, the assessment of medical products and demonstration of their safety and efficacy.

Citizens have the right in particular to access and control their personal health data and to request their portability, but implementation of this right is fragmented. Working towards making sure that every citizen has secure access to their Electronic Health Record (EHR) and can ensure the portability of his/her data – within and across borders – will improve access to and quality of care, cost effectiveness of care delivery and contribute to the modernisation of health systems.

Citizens also need to be reassured that, once they have given consent for their data to be shared, the healthcare systems uses such data in an ethical manner and ensure that the given consent can be withdrawn at any time.

Health is an area where the EU can benefit from the data revolution, increasing the quality of healthcare, while decreasing costs. Progress will often depend on the willingness of Member States and healthcare providers to join forces and find ways to use and combine data, in a manner compliant with the GDPR, under which health data merit specific protection. While the GDPR has created a level playing field for the use of health personal data, fragmentation remains within and between Member States and the governance models for accessing data are diverse. The landscape of digital health services remains fragmented, especially when provided cross-border.


5. Common European financial data space.

In the financial sector, EU legislation requires financial institutions to disclose a significant amount of data products, transactions and financial results. Moreover, the revised Payment Services Directive marks an important step towards open banking, where innovative payment services can be offered to consumers and businesses on the basis of the access to their bank account data. Going forward, enhancing data sharing would contribute to stimulating innovation as well as achieving other important policy objectives at EU level.


6. Common European energy data space.

In the energy sector, several Directives establish customer access to and portability of their meter and energy consumption data on a transparent, non-discriminatory basis and in compliance with data protection law. The specific governance frameworks are to be defined at the national level. Legislation also introduced data-sharing obligations for electricity network operators. Regarding cybersecurity, work is ongoing to address energy-specific challenges, notably: real-time requirements, cascading effects and the mix of legacy technologies with smart/state-of-the-art technology.

The availability and cross-sector sharing of data, in a secure and trustworthy manner can facilitate innovative solutions and support the decarbonisation of the energy system. The Commission will address these issues as part of the smart sector integration strategy to be adopted in the second quarter of this year as announced in the Communication on the European Green Deal.


7. Common European agricultural data space.

Data is one key element to enhance the sustainability performance and competitiveness of the agricultural sector. Processing and analysing production data, especially in combination with other data on the supply chain and other types of data, such as earth observation or meteorological data, allows for precise and tailored application of production approaches at farm level. A code of conduct for sharing of agricultural data by contractual agreement was developed in 2018 by EU stakeholders, involving – among others – the farming as well as the machinery sector.

A common data space for agricultural data based on existing approaches towards data sharing could lead to a neutral platform for sharing and pooling agricultural data, including both private and public data. This could support the emergence of an innovative data-driven ecosystem based on fair contractual relations as well as strengthen the capacities for monitoring and implementing common policies and reducing administrative burden for government and beneficiaries. In 2019, Member States have joined forces and signed a declaration of cooperation ‘A smart and sustainable digital future for European agriculture and rural areas’ 67 , which recognises the potential of digital technologies for the agricultural sector and rural areas and supports the setting up of data spaces.


8. Common European data spaces for public administrations.

Public administrations are big producers and also users of data in different areas. The data spaces for public administrations will reflect this. Actions in this areas will focus on law and public procurement data and other areas of public interest such as data use for improving law enforcement in the EU in line with EU law, including the principle of proportionality and data protection rules.

Public procurement data are essential to improve transparency and accountability of public spending, fighting corruption and improving spending quality. Public procurement data is spread over several systems in the Member States, made available in different formats and is not easily possible to use for policy purposes in real-time. In many cases, the data quality needs to be improved.

Similarly, seamless access to and easy reuse of EU and Member State legislation, jurisprudence as well as information on e-justice services is critical not only for the effective application of EU law but also enables innovative ‘legal tech’ applications supporting practitioners (judges, public officials, corporate counsel and lawyers in private practice).


9. Common European skills data space.

The skills of its people are Europe’s strongest asset. In a global race for talent, the European education and training systems and labour markets need to quickly adapt to new and emerging skills needs. This requires high-quality data on qualifications, learning opportunities, jobs and the skill sets of people. Over the past years, the Commission has put in place a range of open standards, reference frameworks and semantic assets to increase data quality and interoperability. As announced in the Digital Education Action Plan, the Commission also developed the Europass Digital Credentials framework to issue credentials to learners in a secure and interoperable digital format.


10. European Open Science Cloud.

In addition to the creation of nine Common European data spaces, work will continue on the European Open Science Cloud, which provides seamless access and reliable re-use of research data to European researchers, innovators, companies and citizens through a trusted and open distributed data environment and related services. The European Open Science Cloud is therefore the basis for a science, research and innovation data space that will bring together data resulting from research and deployment programmes and will be connected and fully articulated with the sectoral data spaces.


Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com








Web: https://www.cyber-risk-gmbh.com









We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.


Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. European Data Governance Act (DGA)

11. The Artificial Intelligence Act

12. The European ePrivacy Regulation

13. The European Cyber Defence Policy

14. The Strategic Compass of the European Union

15. The EU Cyber Diplomacy Toolbox