Skip to main content

Data Governance Act

The Data Governance Act (DGA) is a European Union regulation that establishes a framework to facilitate re-use of certain public sector data, regulate data intermediation services, and encourage data altruism under harmonized conditions across the EU internal market.

Expanded Explanation

1. Technical Function and Core Characteristics

The DGA (Regulation (EU) 2022/868) sets legal and procedural conditions for re-use of protected public sector data, including data subject to commercial confidentiality, intellectual property rights, and personal data protection. It defines requirements for data intermediation service providers and organizations that collect data for general interest purposes, termed data altruism organizations.

The regulation introduces notification and supervision regimes for data intermediation services, voluntary registration for recognized data altruism organizations, and safeguards to prevent conflicts of interest and misuse of data. It operates in complement to the General Data Protection Regulation (GDPR) and sectoral EU laws by addressing data sharing governance rather than creating new legal bases for processing personal data.

2. Enterprise Usage and Architectural Context

Enterprises interact with the DGA in several roles, including as users of re-usable public sector data, as providers or customers of data intermediation services, and as controllers or processors that may participate in data altruism schemes. The regulation affects data-sharing architectures, contractual frameworks, and compliance controls for data access, storage, and onward transmission.

Architects and data platform owners must align technical design with requirements on neutrality of intermediation services, separation between intermediation and data-driven activities, logging and transparency of data access, and mechanisms for obtaining and managing permissions. The act also informs reference architectures for European data spaces that rely on standardized governance, interoperability, and trust mechanisms.

3. Related or Adjacent Technologies

The DGA relates to technologies that support data sharing and access control, such as data catalogs, consent and permission management tools, secure data processing environments, and identity and trust frameworks. It interacts with data protection compliance tooling because it references and operates alongside the GDPR.

The act also connects with sectoral data space infrastructures in domains such as health, mobility, and finance, where common technical standards, APIs, and interoperability frameworks implement governance requirements. It complements other EU digital and data regulations, including the Open Data Directive and the Data Act, which address separate aspects of data access and use.

4. Business and Operational Significance

For organizations, the DGA establishes legal certainty for re-use of protected public sector data and for provision of neutral data intermediation services. It introduces compliance obligations that affect business models based on data sharing and aggregation, including transparency duties and organizational and technical safeguards.

Operationally, enterprises may need governance processes, documentation, and technical controls to meet requirements if they act as data intermediation service providers or seek recognition as data altruism organizations. The regulation also informs risk assessments, procurement criteria, and participation in cross-organizational European data spaces that rely on compliant data sharing frameworks.