Fact-checked by Grok 2 weeks ago

Data Governance Act

The Data Governance Act (DGA), formally Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on establishing a framework for the governance of data, is a European Union regulation that entered into force on 23 June 2022 and became applicable from 24 September 2023, with the primary objective of increasing trust in voluntary data sharing mechanisms to make more data available for reuse across sectors and member states, thereby fostering the creation of common European data spaces in areas such as health, environment, and mobility.^[1]^[2] The Act introduces specific tools including the reuse of certain categories of protected data held by public sector bodies under exceptional circumstances for public interest purposes, the establishment of neutral and trusted data intermediation services that operate without profit from the intermediation to connect data holders and users, and data altruism organizations that facilitate voluntary, non-remunerated sharing of personal or non-personal data for general interest causes, all while ensuring compliance with existing frameworks like the General Data Protection Regulation (GDPR).^[3]^[4] Although designed to unlock the potential of the EU data economy by addressing barriers to data flows, the DGA has raised concerns regarding potential conflicts with GDPR provisions, particularly in balancing data protection obligations against expanded reuse mandates, which could introduce legal uncertainties for public bodies and private entities involved in data sharing.^[5]^[6]

Legislative History

Proposal and Negotiation

The European Commission presented its proposal for a Regulation establishing a framework for European data governance, known as the Data Governance Act, on 25 November 2020.^[7] This initiative formed the first legislative deliverable of the broader European strategy for data, as outlined in the Commission's Communication COM(2020) 66 final published on 19 February 2020, which sought to create a single market for data by overcoming persistent barriers to sharing.^[8] The strategy highlighted empirical gaps, such as Europe's comparatively low levels of data reuse compared to competitors, attributed to trust deficits in intermediaries, technological incompatibilities including insufficient secure infrastructure and interoperability standards, and legal uncertainties from fragmented Member State rules that deterred voluntary sharing of both personal and non-personal data.^[7] Under the ordinary legislative procedure, negotiations involved the Commission, European Parliament, and Council from late 2020 onward, with the Parliament's Internal Market and Consumer Protection (IMCO) and Industry, Research and Energy (ITRE) Committees adopting a report on 22 July 2021 advocating for more prescriptive rules to enhance data availability, while the Council endorsed a general approach on 1 October 2021 favoring flexibility for public authorities and service providers to avoid overburdening innovation.^[9] Central debates centered on reconciling expanded data access—particularly for non-personal data reuse—with safeguards for intellectual property rights and privacy, including limits on exclusive reuse periods for protected public sector data (capped at 12 months in compromises) and requirements for fair compensation where intellectual property was implicated.^[9] Privacy concerns, aligned with the GDPR, emphasized consent mechanisms for data altruism while ensuring non-discrimination in sharing.^[7] Trilogue discussions in late 2021 resolved key sticking points, such as reinforcing neutrality for data intermediation services by prohibiting their use of intermediated data for competitive purposes or tying to other services, thereby building trust without mandating data surrender, and clarifying registration criteria for data altruism organizations to promote functional separation and transparency.^[9] These compromises reflected causal pressures from sectoral stakeholders, including industry calls for minimal regulatory burden to spur voluntary participation, against public interest advocates pushing for stronger enforcement to address market failures in data flows.^[9] The process underscored tensions between accelerating data-driven innovation and mitigating risks of unintended IP erosion or privacy leaks, with the Parliament securing tighter conditions on intermediaries to prevent dominance by large platforms.^[9]

Adoption and Entry into Force

The Data Governance Act was formally adopted as Regulation (EU) 2022/868 by the European Parliament and the Council on 30 May 2022.^[10] This followed trilogue negotiations concluding in early 2022, with the Council's approval on 16 May and Parliament's endorsement on 6 April.^[2] The regulation was published in the Official Journal of the European Union (L 152) on 3 June 2022.^[10] It entered into force on 23 June 2022, twenty days after publication, as stipulated under Article 34 of the regulation.^[10]^[2] Full applicability commenced on 24 September 2023, fifteen months following entry into force, triggering core obligations for entities offering data intermediation services, data altruism organizations, and reuse of protected public sector data.^[10]^[2] Phased elements included Member States' notifications of competent authorities to the Commission by the same date, while pre-existing data intermediation services gained until 24 September 2025 for compliance with Chapter III notification rules.^[10] Upon entry into force, preparatory actions initiated, such as the establishment of the European Data Innovation Board (EDIB) under Article 29 to provide strategic advice on data governance practices and interoperability standards.^[10] The Commission began developing delegated and implementing acts, including model contractual terms for data intermediation and templates for data altruism notifications, to facilitate initial rollout.^[10]

Objectives and Framework

Core Aims

The Data Governance Act establishes a framework to create a genuine single market for data in the European Union, emphasizing voluntary sharing of both personal and non-personal data to enhance availability across sectors and borders while building trust through neutral, non-profit intermediaries.^[1] This approach addresses persistent barriers to data reuse, including legal restrictions on protected public sector data—such as intellectual property protections and confidentiality obligations—and technical interoperability issues that limit cross-sectoral flows, thereby enabling data to become a key driver of innovation without undermining holders' control.^[1] The act's design prioritizes harmonized rules to make data findable, accessible, interoperable, and reusable, fostering common European data spaces tailored to domains like health and environment.^[1] Central to its goals is facilitating data altruism, where individuals and organizations voluntarily contribute data for general interest purposes, such as scientific research, policy-making, or societal challenges including healthcare advancements and environmental monitoring, without direct commercial gain to donors.^[1] By contrast with mandatory access regimes, the act avoids compelling private data holders to disclose information, instead incentivizing participation through transparent governance that preserves economic incentives and respects fundamental rights like privacy under the GDPR.^[1] This voluntary model draws from observed gaps in data mobilization during events like the COVID-19 pandemic, where ad hoc sharing highlighted the value of structured, trust-based systems for rapid response and long-term benefits.^[2] Ultimately, the legislation targets a competitive data-driven economy by increasing reuse opportunities for innovation and public welfare, projecting that enhanced availability could amplify the EU's data economy amid exponential growth in data volumes—estimated to reach zettabyte scales by the mid-2020s per broader strategy assessments—while safeguarding against misuse through oversight and certification.^[2] It underscores a first-principles commitment to data as a commons resource, contingent on mutual trust rather than coercion, to bridge empirical deficiencies in cross-border and cross-sector data flows documented in pre-act analyses.^[1]

Scope and Definitions

The Data Governance Act establishes a harmonized framework within the European Union for the reuse of certain categories of protected data held by public sector bodies, the provision and registration of data intermediation services, the voluntary practice of data altruism through recognized organizations, and the creation of the European Data Innovation Board to oversee data governance initiatives. It applies to non-personal data and anonymized personal data, without imposing any obligation on public sector bodies to allow reuse, and while fully respecting existing Union and national laws on data access, reuse, and confidentiality requirements.^[11] The regulation's territorial scope covers the EU, with provisions enabling international data transfers under appropriate safeguards, and it exerts extraterritorial effects on data processing activities targeting the EU market or involving EU residents' data.^[11] Exclusions from the scope are delineated to prevent overreach, encompassing data subject to public security, defense, or national security restrictions; classified information; and data protected by intellectual property rights, such as trade secrets, unless voluntarily shared by the data holder. Personal data remains governed by separate frameworks like Regulation (EU) 2016/679 (GDPR), with the Act applying only to anonymized forms thereof to avoid conflicts with privacy protections. It also defers to sector-specific Union laws that impose stricter access or confidentiality rules, ensuring no dilution of existing protections for commercially sensitive or statistically confidential information held by public entities.^[11] Central definitions clarify the Act's boundaries. 'Data' is defined as any digital representation of acts, facts, or information, including compilations in the form of sound, visual, or audiovisual recordings.^[11] A 'data intermediary' denotes a neutral service facilitating connections for data sharing between multiple data holders (including data subjects for personal data) and users via technical, legal, or other means, explicitly prohibited from deriving profit from the resale or verification of such data to maintain impartiality.^[11] 'Data altruism' refers to the voluntary, reward-free sharing of data—via consent for personal data or permissions for non-personal data—intended for general-interest purposes such as scientific research, environmental protection, or public health, with any compensation limited to cost recovery.^[11] These terms apply to both public and private entities operating within the EU, with 'data holders' encompassing legal persons, public bodies, or natural persons (excluding data subjects themselves) who control access rights under applicable law.^[11]

Key Provisions

Data Intermediation Services

Data intermediation services, as defined in the Data Governance Act (Regulation (EU) 2022/868), consist of platforms or mechanisms that connect data subjects and holders with potential data users to enable voluntary data sharing or processing arrangements, without the intermediary acquiring, processing, or using the data for its own commercial or other purposes.^[11] These services encompass bilateral or multilateral data-sharing facilitation, including the development of databases or platforms for joint data use, but exclude activities where the provider retains control over the data's substantive content or monetizes it directly beyond facilitation fees.^[11] The framework targets primarily business-to-business (B2B) and business-to-government (B2G) contexts, where direct negotiations often falter due to trust deficits, asymmetric bargaining power, and high transaction costs for smaller entities.^[12] To qualify for certification, providers must notify a designated competent authority in their member state of intent to offer such services, undergoing assessment for adherence to strict neutrality and transparency conditions under Article 12.^[11] Key requirements include prohibitions on reusing or transferring intermediated data without explicit consent, fee structures limited to cost recovery or fixed amounts independent of transaction values, and deployment of technical, legal, and organizational measures to prevent unauthorized access or breaches.^[11] Access procedures must remain fair, transparent, and non-discriminatory, ensuring no preferential treatment that could enable gatekeeping.^[11] Compliant providers gain entry into a public EU register maintained by the European Commission, signaling trustworthiness to participants and promoting cross-border interoperability; non-compliance risks deregistration or penalties.^[12] Services operational before the DGA's applicability date of 24 September 2023 must achieve full compliance by 24 September 2025.^[13] By enforcing these safeguards, the Act seeks to foster neutral ecosystems that lower entry barriers for data sharing, particularly for small and medium-sized enterprises lacking resources for proprietary platforms, while mitigating risks of intermediary dominance through mandated impartiality.^[6] Potential applications include sector-specific hubs, such as those for mobility data aggregation among transport firms and public authorities, where certified intermediaries could match anonymized datasets for innovation without compromising provider control.^[14] An illustrative case is the French platform DAWEX, cited by the Commission as a model for global data marketplaces that could adapt to DGA standards by prioritizing facilitation over data ownership.^[14]

Data Altruism

Data altruism under the Data Governance Act (DGA) constitutes a voluntary mechanism for individuals and organizations to share personal and non-personal data for objectives of general interest, such as scientific research, environmental monitoring, healthcare improvement, or addressing climate change, without receiving financial or other material compensation beyond the reimbursement of costs incurred.^[11] This framework, outlined in Chapter III (Articles 15-25) of Regulation (EU) 2022/868, aims to facilitate data availability for societal benefits while prohibiting commercial exploitation, distinguishing it from remunerated data intermediation services.^[11] Data subjects provide consent for personal data processing in line with GDPR requirements under Articles 6(1)(a) and 9(2)(a), ensuring an opt-in model where consent can be freely withdrawn at any time, leading to cessation of processing and, where applicable, data erasure.^[11] Recognized data altruism organizations (DAOs) serve as intermediaries to collect, process, and transmit such donated data to users for general interest purposes, operating on a not-for-profit basis without entering commercial relationships that could commodify the data.^[11] To gain recognition, organizations must be legally established in the EU or appoint an EU representative, demonstrate transparency in operations, implement robust technical, legal, and organizational safeguards for data protection, and adhere to a forthcoming rulebook specified by delegated acts from the Commission.^[11] Registration is voluntary but grants EU-wide validity; applicants submit details to national competent authorities, which forward approvals to the Commission for inclusion in a public Union register, accessible via a common logo with QR code linkage for easy verification.^[11] As of July 2025, the register is operational and lists recognized DAOs offering services across the Union, though adoption remains limited, with early examples including a single Spanish organization focused on data sharing initiatives.^[15]^[16] The DGA mandates a standardized European data altruism consent form, adopted by the Commission through implementing acts, to ensure uniform, transparent, and GDPR-compliant data donation across Member States.^[11] This modular form supports both personal and non-personal data permissions, accommodates sector-specific adaptations (e.g., for health or environmental data), and facilitates cross-border collection in electronic or paper formats, with provisions for easy withdrawal.^[11] DAOs must report annually to competent authorities on activities, volumes and types of data processed, financials, and compliance measures, enabling oversight without preempting GDPR enforcement by supervisory bodies.^[11] Incentives for participation include reputational benefits via the common EU logo, alongside potential Member State support through awareness campaigns and policy facilitation, but no direct monetary rewards to donors to preserve the non-commercial ethos.^[11] Data users receiving altruistic donations must similarly refrain from remuneration tied to the data's value, reinforcing the framework's focus on public good over market incentives.^[17]

Reuse of Protected Public Sector Data

The Data Governance Act establishes a framework in Chapter II (Articles 3–9) for the reuse of certain categories of protected data held by public sector bodies, extending beyond the scope of the Public Sector Information (PSI) Directive (EU) 2019/1024, which primarily governs non-protected data made available as open data.^[11] This provision targets data shielded due to commercial confidentiality (including trade secrets), statistical confidentiality, third-party intellectual property rights, or personal data not covered by the PSI Directive, thereby enabling limited reuse where full disclosure as open data is infeasible.^[11] Exclusions apply to data held by public undertakings, public service broadcasters, cultural or educational institutions, and information related to public security, defense, or national security.^[11] The mechanism aims to balance societal benefits, such as advancing scientific research or addressing public interest needs, against protections for data holders' rights, without mandating reuse that would impose disproportionate burdens on public bodies.^[11]^[2] Reuse conditions must be non-discriminatory, transparent, proportionate, and objectively justified, with public sector bodies required to publish procedures via a national single information point by 24 September 2023, the applicability date for this chapter.^[11] To safeguard confidentiality and third-party interests, reuse is restricted to anonymized or pseudonymized data where possible, or conducted within secure remote processing environments controlled by the public body; on-premises access is permitted only if remote methods risk compromising protections.^[11] Intellectual property rights remain intact, and reusers must adhere to confidentiality obligations, with public bodies empowered to verify compliance and prohibit outputs that could harm third-party rights.^[11] Exclusive reuse arrangements are prohibited except for limited derogations in the general interest, capped at 12 months and subject to transparency requirements under EU public procurement rules; pre-existing non-compliant agreements must terminate by 24 December 2024.^[11] The process involves reusers submitting requests through the single information point, which maintains a searchable asset list of available datasets, including metadata on conditions and limitations.^[11] Member States designate competent bodies to assist public sector entities in facilitating access, such as structuring data via APIs or managing consents from affected parties, though these bodies lack supervisory authority over data protection, reserved for national authorities.^[11] Decisions on requests must be issued within two months (extendable by 30 days for complexity), with affected third parties entitled to redress via national judicial or impartial review mechanisms.^[11] For non-personal data transfers to third countries, contractual safeguards ensuring equivalent protections and Member State jurisdiction are mandatory, unless the Commission deems the destination's level adequate via implementing acts informed by the European Data Innovation Board.^[11] Specific prohibitions include using e-health data for insurance price discrimination.^[11] Public sector bodies may impose fees for reuse, limited to marginal costs such as reproduction, anonymization, or secure environment maintenance, with transparency in calculation methods and no distortion of competition.^[11] Discounts or waivers apply to non-commercial scientific research, SMEs, startups, and educational entities, compliant with EU State aid rules, to encourage innovation without unduly burdening smaller actors.^[11] Unlike the PSI Directive's emphasis on free or low-cost open access, this framework incorporates cost recovery for handling protected data, indirectly compensating original holders through rights clearance expenses while prioritizing proportionality to avoid overreach.^[11]^[18] A European register linked to national points further streamlines cross-border discovery of reusable assets.^[11]

European Data Innovation Board

The European Data Innovation Board (EDIB) is an advisory expert group established by the European Commission pursuant to Article 29 of Regulation (EU) 2022/868, operating without executive or enforcement powers.^[1] It comprises representatives from competent authorities overseeing data intermediation services and data altruism organizations, Member States, EU bodies such as the European Data Protection Board, the European Data Protection Supervisor, the European Union Agency for Cybersecurity, and sector-specific agencies including the European Medicines Agency, the European Food Safety Authority, and the European Environment Agency, alongside stakeholders from academia, civil society, and social partners.^[19] Members are appointed by the Commission based on their expertise in data governance, serving in a personal capacity to act independently in the public interest, with the Board electing its own chair.^[19] The group's first meeting occurred on December 13, 2023.^[20] The EDIB's primary tasks, outlined in Article 30, include advising the Commission on consistent implementation practices, such as designating data of general interest, and issuing non-binding guidelines and recommendations on key technical, legal, and organizational aspects.^[21] These cover methodologies for interoperability of data spaces and services, application of technical standards and governance models, development of sector-specific data spaces (e.g., in health, energy, environment, and mobility) and cross-sectoral ones, improving data findability and accessibility via catalogues and open standards, data governance policies for altruism organizations, certification schemes for intermediaries and altruism entities, fee calculation methodologies, codes of conduct, and best practices to raise awareness of voluntary data sharing mechanisms.^[21]^[3] By providing these outputs, the EDIB aims to harmonize practices across the EU, facilitate cross-border data flows, and support the creation of common European data spaces, thereby enhancing trust and efficiency in voluntary data sharing without imposing mandatory requirements.^[3] Its advisory role complements the Data Governance Act's framework by promoting standardized approaches to data intermediation, altruism, and public sector data reuse, drawing on diverse sectoral expertise to address implementation challenges.^[3]

Implementation and Challenges

Timeline and Obligations

The Data Governance Act (Regulation (EU) 2022/868) entered into force on 23 June 2022 and became applicable throughout the European Union on 24 September 2023.^[1] Member States were required to notify the European Commission of their competent authorities for data intermediation services, data altruism organizations, and reuse of protected public sector data by the same date.^[11] Data intermediaries must notify the competent authority in their Member State of establishment prior to offering services, committing to ongoing compliance with neutrality principles, data security standards, and prohibitions on profiting directly from intermediated data.^[11] Competent authorities exercise supervisory powers, including information requests, infringement investigations, and enforcement of cessation orders, with notifications of material changes required within 14 days.^[11] Recognized data altruism organizations face specific post-registration duties, including adherence to a mandatory rulebook within 18 months of relevant delegated acts and submission of annual activity reports to competent authorities covering operations, goal attainment, and finances.^[11] The European Data Innovation Board (EDIB), tasked with advising on interoperability and governance for common European data spaces, commenced operations in alignment with the Act's applicability, holding its inaugural meeting in December 2023.^[22] The Commission monitors implementation via delegated acts on technical standards and certification schemes, with Member States laying down penalty rules notified by 24 September 2023.^[11] By 24 September 2025, the Commission must evaluate the Act's effectiveness, including progress toward data spaces, and report to the European Parliament and Council, potentially proposing amendments.^[11] This assessment occurs amid initial pilots for sector-specific data spaces, though widespread operationalization depends on further governance refinements and stakeholder adoption.^[2]

Enforcement Mechanisms

The enforcement of the Data Governance Act (Regulation (EU) 2022/868) relies primarily on competent authorities designated by EU Member States to oversee compliance across its key components. For data intermediation services and data altruism organizations, Member States must designate independent competent authorities by 24 September 2023, notifying the European Commission of their selection criteria, which emphasize expertise, impartiality, and adequate resources including legal, financial, technical, and human capacities.^[11] These authorities monitor providers of data intermediation services for adherence to notification requirements, conflict-of-interest rules, and fair data access practices (Article 14), while supervising recognized data altruism organizations to ensure compliance with registration, transparency, and data handling standards (Article 24).^[11] For the reuse of protected public sector data, Member States appoint competent bodies to assist public entities in evaluating reuse requests, with oversight integrated into national frameworks to balance confidentiality and public interest (Article 7).^[11] Competent authorities possess investigative powers, including access to documentation and premises, and can impose remedial measures such as requiring cessation of infringements, suspension of services, or financial penalties on non-compliant entities (Articles 14(4) and 24(4)).^[11] Providers of data intermediation services must notify authorities prior to operations and may seek confirmation of compliance for an optional Union-wide recognition label, involving a self-assessment of adherence to governance standards like fee transparency and data quality safeguards (Article 11(9)).^[11] Data altruism organizations undergo a similar registration process, enabling Union-wide operation upon approval, though enforcement emphasizes post-registration supervision rather than pre-emptive certification.^[11] These mechanisms aim to foster trust through accountability, but their effectiveness hinges on national implementation, with the European Data Innovation Board providing non-binding guidance to harmonize practices across Member States (Article 26).^[11] Penalties for violations, including unauthorized data transfers to third countries, failure to notify, or breaches of reuse conditions, are determined by Member States and must be effective, proportionate, and dissuasive, with rules laid down by 24 September 2023 (Article 34).^[11] Unlike the GDPR's tiered fines up to 4% of global turnover, the DGA delegates penalty specifics to national legislation without prescribing uniform caps, potentially leading to variability in deterrence strength.^[11] Authorities may also revoke recognition for data altruism organizations or intermediation labels upon repeated non-compliance, though the regulation's self-assessment approach for initial compliance raises concerns about verification rigor.^[11] Challenges to enforcement include dependence on self-assessment and notification regimes, which may insufficiently verify compliance without robust audits, as evidenced by critiques of similar labeling systems' limited impact on building trust in data sharing.690674_EN.pdf) Resource constraints at the national level further risk under-enforcement, as competent authorities require sustained funding and staffing to handle monitoring and investigations effectively, with uneven capacities across Member States potentially undermining uniform application (Articles 7(3) and 26(5)).^[11] The absence of centralized Commission-led oversight for routine supervision defers causal effectiveness to decentralized national efforts, which could delay resolution of cross-border issues despite cooperation provisions.^[11]

Impacts and Reception

Economic and Innovation Effects

As of February 2025, only a single data intermediation service had been officially registered under the Data Governance Act in the Netherlands, with the Dutch Authority for Consumers and Markets (ACM) approving the first such entity, indicating limited uptake among potential intermediaries across the EU.^[23] This slow registration pace persists into late 2025, with fewer than 10 verified intermediaries reported in public EU registries, falling short of expectations for rapid scaling to support data markets.^[12] The formation of common European data spaces, intended to facilitate sectoral data sharing in areas like health and AI, has similarly lagged, with implementation discussions emphasizing design over operational maturity as of September 2025.^[24] While the Act's data altruism mechanisms hold potential for innovation in AI training and health research by enabling voluntary, anonymized data donations, empirical evidence linking these to tangible economic gains remains scant, as the provisions only became fully applicable in September 2025.^[2] Studies on related EU data regulations, such as the GDPR, show shifts in innovation focus but no overall boost in output, suggesting regulatory frameworks may redirect rather than expand data-driven competitiveness.^[25] In contrast, U.S. data sharing relies more on voluntary market incentives without mandatory intermediation, potentially allowing faster private-sector innovation absent the EU's certification hurdles.^[6] The Act introduces compliance costs through mandatory neutrality certification, registration, and oversight for intermediaries, which analyses indicate disproportionately burden smaller entities lacking resources for ongoing audits and technical adaptations.^[6] Competent authorities may waive or discount fees for SMEs and startups, yet the overall administrative requirements risk deterring participation from these firms, potentially stifling nascent data markets rather than fostering them.^[26] Early assessments project no immediate empirical uplift in EU data economy growth—valued at approximately €630 billion in 2025—attributable to the DGA, underscoring a gap between regulatory ambitions and verifiable outcomes.^[27]^[28]

Criticisms and Controversies

Critics argue that the Data Governance Act (DGA) imposes bureaucratic mandates on data intermediation and altruism organizations, potentially stifling innovation by increasing compliance costs and favoring regulatory caution over competitive agility, much like the General Data Protection Regulation (GDPR). Empirical analyses of the GDPR, which shares the DGA's emphasis on structured data handling, indicate a 26.1% reduction in monthly venture capital deals for EU tech firms compared to the US post-implementation, alongside a 26% drop in data storage and 15% in processing activities among affected companies. Such effects, attributed to heightened administrative burdens, raise concerns that the DGA's certification requirements for recognized data-sharing entities could similarly deter startups and exacerbate Europe's lag behind US and Chinese data-driven dominance, where lighter-touch approaches enable faster scaling.^[29] The DGA's promotion of voluntary data sharing, including personal data under safeguards, has sparked privacy concerns due to tensions with GDPR's data minimization principle, which prioritizes limiting collection and retention. While the DGA defers to GDPR for personal data processing, its frameworks for reuse of protected public sector data and data altruism encourage broader access, potentially enabling mission creep where initial voluntary mechanisms evolve into de facto obligations, undermining privacy-by-design tenets. Inconsistencies between the DGA and GDPR—such as differing scopes for personal versus non-personal data—could complicate compliance, exposing firms to risks of inadvertent over-sharing or regulatory arbitrage.^[6]^[30] Doubts about the DGA's efficacy persist, evidenced by low voluntary uptake of data altruism initiatives, prompting the European Commission to abandon a planned rulebook for such organizations in May 2025 due to insufficient participation. This signals that regulatory incentives alone cannot manufacture trust in data sharing, as stakeholders remain wary of liability and enforcement uncertainties. The European Data Innovation Board, tasked with advising on implementation, has faced scrutiny for operating as a technocratic body with limited direct accountability to elected bodies, potentially prioritizing elite consensus over market-driven solutions.^[31]^[32]

Relation to Broader EU Data Strategy

The Data Governance Act (DGA) constitutes the initial legislative pillar of the European Union's 2020 strategy for data, which aims to establish a single market for data encompassing both public and private sources to drive economic growth, innovation, and societal benefits across sectors. Adopted on 25 May 2022 and applicable from 24 September 2023, the DGA facilitates voluntary data sharing by introducing mechanisms such as neutral data intermediation services, data altruism organizations, and limited reuse of protected public sector data, thereby addressing barriers to data accessibility while reinforcing trust through safeguards like certification and oversight by the European Data Innovation Board.^[2]^[33] This act integrates with complementary elements of the broader strategy, including the Data Act of September 2023, which mandates access to data generated by connected devices for users and businesses, and sector-specific common data spaces in domains such as health, environment, energy, and mobility to pool resources and enable cross-border data flows. The strategy emphasizes creating value from data without undermining the General Data Protection Regulation (GDPR) or competition rules, targeting the mobilization of non-personal data volumes estimated to generate up to €270 billion in annual economic value by 2028 through enhanced reuse.^[34]^[35] By prioritizing European data sovereignty, the DGA and overarching strategy seek to counter global data monopolies, foster cloud infrastructure development via initiatives like GAIA-X, and align with open data policies under the revised Open Data Directive, ensuring interoperability standards and governance frameworks that support research, public services, and industrial applications across the 27 member states.^[34]^[36]

References

[1]
Regulation - 2022/868 - EN - EUR-Lex
Summary of each segment:
[2]
European Data Governance Act | Shaping Europe's digital future
The European Data Governance Act aims to increase trust in data sharing, make more data available, and facilitate data sharing across sectors and EU countries.Explained · A European strategy for data · 2022/868 - EN - EUR-LexMissing: text | Show results with:text
[3]
Data Governance Act explained | Shaping Europe's digital future
Oct 11, 2024 · The Data Governance Act provides a framework to enhance trust in voluntary data sharing for the benefit of businesses and citizens.Missing: text | Show results with:text
[4]
Data Governance Act | Global law firm - Norton Rose Fulbright
The EU Data Governance Act (DGA) aims to promote sharing and re-use of public sector data and to encourage data altruism.Missing: summary | Show results with:summary
[5]
(PDF) The GDPR and the DGA Proposal: are They in Controversial ...
The interaction of the DGA with the GDPR is characterized by conflict of laws and legal uncertainty, which can jeopardize the achievement of the objectives of ...
[6]
The impact of the Data Governance Act on the EU's data economy
The Data Governance Act (“DGA”) was enacted in May 2022 and most of its provisions will become binding in September 2023. It forms part of the European ...
[7]
EUR-Lex - 52020PC0767 - EN - EUR-Lex
Summary of each segment:
[8]
https://ec.europa.eu/info/sites/info/files/communication-european-strategy-data-19feb2020_en.pdf
[9]
Data Governance Act - Carriages preview | Legislative Train Schedule
The European Parliament and Council reached a provisional agreement on 30 November 2021. Parliament adopted the final text on 6 April 2022 and Council approved ...
[10]
https://eur-lex.europa.eu/eli/reg/2022/868/oj
[11]
L_2022152EN.01000101.xml - EUR-Lex - European Union
It is necessary to improve the conditions for data sharing in the internal market, by creating a harmonised framework for data exchanges and laying down certain ...
[12]
EU register of data intermediation services
This EU register of data intermediation services has been established in the framework of the Data Governance Act (DGA), a key pillar of the European strategy ...
[13]
Mandatory registration of data intermediation service (DGA)
Data intermediation services that were active before 23 June 2022 must meet the requirements of the DGA no later than 24 September 2025. For data intermediation ...
[14]
The Data Governance Act: Breaking down the strategy for data - Eipa
May 17, 2023 · With that, the Data Governance Act (COM/2022/68) was born as the first deliverable under the European Strategy for Data. It came into force ...<|separator|>
[15]
EU register of recognised data altruism organisations
Jul 31, 2025 · The DGA creates the right conditions for individuals and companies that when they share their data voluntarily for the benefit of society, ...
[16]
Update on the Data Governance Act - Noerr
Mar 12, 2024 · In Chapter III, the DGA defines a set of rules for providers of data intermediation services (also called “data intermediaries”) to ensure that ...
[17]
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R868
[18]
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32019L1024
[19]
Article 29, European Data Innovation Board, the Data Governance ...
The final text of the Data Governance Act (DGA). Article 29, European Data Innovation Board. 1. The Commission shall establish a European Data Innovation Board ...
[20]
European Data Innovation Board
SECOND MEETING OF THE EUROPEAN DATA INNOVATION BOARD. 13/12/2023, FIRST MEETING OF THE EUROPEAN DATA INNOVATION BOARD. Previous. 1 Page 1. Next. Subgroups (1) ...
[21]
Article 30, Tasks of the European Data Innovation Board
The final text of the Data Governance Act (DGA). Article 30, Tasks of the European Data Innovation Board. The European Data Innovation Board shall have the ...
[22]
[PDF] 1st meeting of the European Data Innovation Board (EDIB)
1st meeting of the European Data Innovation Board (EDIB) 13 December. Foreword. It was the 1st meeting of the European Innovation Board (EDIB) and was held by.
[23]
first Dutch registration of a data intermediation service is now official
Feb 6, 2025 · ACM has approved the first data intermediation service under the European Data Governance Act (DGA).<|separator|>
[24]
2025: A Data Space Odyssey - European Law Blog
Sep 30, 2025 · These data spaces are designed to foster data ecosystems and create favorable conditions for data-based value creation, while also strengthening ...
[25]
The impact of the EU General data protection regulation on product ...
Oct 30, 2023 · Our empirical results reveal that the GDPR had no significant impact on firms' innovation total output, but it significantly shifted the focus ...
[26]
Article 11, Notification by data intermediation services providers
In the case of SMEs and start-ups, the competent authority for data intermediation services may charge a discounted fee or waive the fee. 12. Data ...
[27]
Data Act: Data sharing and competitiveness | Epthinktank
Sep 12, 2025 · While the Data Governance Act establishes a new data governance model, enabling voluntary data sharing across the EU, the Data Act clarifies the ...
[28]
[PDF] The Impact of EU Data Regulations on Innovation, Competitiveness ...
The Data Act will not become applicable until Sep- tember 2025. There is no empirical evidence yet on its impact. Rather than filling the regulatory gap ...
[29]
Is GDPR undermining innovation in Europe? - Silicon Continent
Sep 11, 2024 · The EU experienced a 26.1% reduction in the number of monthly venture deals compared to the USA, and a 34.2% reduction compared to the RoW. The ...
[30]
What You Should Know About the EU Data Governance Act
Oct 13, 2023 · The DGA is intended to supplement and interact with other EU laws that regulate data use, such as the General Data Protection Regulation (GDPR) ...Missing: achievements controversies
[31]
Data-altruism rulebook dropped by EU Commission due to low uptake
May 22, 2025 · The European Commission has abandoned the idea of drawing up a rulebook for registered data-altruism organizations.
[32]
Data altruism: how the EU is screwing up a good idea
Jan 27, 2022 · Another example could be people sharing their personal credit scores in order to find out whether the scoring has discriminating effects, as ...
[33]
European strategy for data: Data Governance Act becomes applicable
Sep 25, 2023 · The Regulation also establishes the European Data Innovation Board. It will issue guidelines on the development of common European data spaces ...
[34]
A European strategy for data | Shaping Europe's digital future
The strategy for data focuses on putting people first in developing technology, and defending and promoting European values and rights in the digital world.Missing: percentage | Show results with:percentage
[35]
Data Act | Shaping Europe's digital future - European Union
Oct 1, 2025 · The Data Act is a comprehensive initiative to address the challenges and unleash the opportunities presented by data in the EU, ...European Data Governance Act · European Data Act enters into...Missing: property | Show results with:property
[36]
Data governance - EUR-Lex - European Union
Data governance in the EU aims to ensure trusted data handling, build a market for data, and create a secure environment for data sharing.