EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

European data governance



Regulation (EU) 2022/868 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act)


The Data Governance Act (DGA) aims to make more data* available for reuse and facilitate data sharing across areas such as health, environment, energy, agriculture, mobility, finance, manufacturing, public administration and skills for the benefit of European Union (EU) citizens and businesses, creating jobs and stimulating innovation.


The regulation sets out:

  • conditions for reusing certain protected data held by public sector bodies;
  • rules for companies providing data intermediation services;
  • a framework for data altruism (the sharing of data voluntarily and for no reward);
  • a framework for the European Data Innovation Board (EDIB); and
  • measures to permit the secure flow of non-personal data outside the EU.
  • 1.

    Reuse of certain categories of publicly held data

    Public sector bodies hold vast amounts of data protected by third-party rights (such as trade secrets, personal data or intellectual property) that cannot be used as open data but that could be reused under specific EU or national rules. Whenever such reuse is allowed, public sector bodies will have to comply with the reuse conditions laid down by the DGA. Notably, the reuse conditions should be non-discriminatory, transparent, proportionate, justified and made publicly available.

    Data transfer to non-EU countries

    A reuser intending to transfer protected, non-personal data to a non-EU country will have to comply with the specific rules in the DGA.


    Fees for reuse should be transparent, proportionate, non-discriminatory and objectively justified. Public sector bodies granting reuse permits can apply reduced or zero fees, for example, for small and medium-sized enterprises, start-ups, civil society organisations and educational establishments.

    Single information point

    To ensure data can be found (‘findability’), EU Member States will have to ensure that all relevant information on conditions for reuse and on charges is available and easily accessible through a single information point. The European Commission will, in turn, collate this information at

  • 2.

    Data intermediation services

    The DGA regulates the providers of data intermediation services, which are neutral third parties that connect individuals and companies that hold data with others that want to use data. The requirements for such services aim to ensure that such data intermediaries will function as trustworthy organisers of data sharing. To increase trust in data sharing, this approach lays down a model based on the neutrality and transparency of data intermediaries while putting individuals and companies in control of their data.

    Entities wishing to provide data intermediation services must:

    • comply with strict requirements to ensure neutrality and avoid conflicts of interest;
    • have structural separation from any other value-added services provided;
    • have price terms independent of whether a potential data holder* or data user* is using other services; and
    • register with a competent authority.
  • 3.

    Data altruism

    Data altruism arises when individuals and companies give their consent or permission to make data that they generate available for use in the public interest, voluntarily and without reward. Such data have enormous potential to advance research and to develop better products and services, including in the fields of health, climate action and mobility. Member States may develop national policies to encourage data altruism and an entity engaged in data altruism can apply to be registered as a ‘data altruism organisation recognised in the Union’. The Commission will maintain an EU-level register of these organisations.

  • 4.

    European Data Innovation Board

    The Commission will set up the EDIB, which will consist of representatives of:

    The EDIB’s tasks include advising and assisting the Commission in:

    • developing consistent practice in processing requests for data reuse;
    • enhancing the interoperability of data and data-sharing services;
    • developing consistent practice of competent authorities in enforcing requirements applicable to data intermediation service* providers.
  • 5.

    International data flows

    As non-personal data may be of considerable economic value, the DGA introduces safeguards to protect such data from unlawful access by non-EU countries’ authorities.


It will apply from 24 September 2023.


The DGA also amends Regulation (EU) 2018/1724 on the single digital gateway.

For further information, see:


Data. Any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of a sound, visual or audiovisual recording.
Data holder. A legal person, including public sector bodies and international organisations, or a natural person who is not a data subject with respect to the specific data in question, who, in accordance with applicable EU or national law, has the right to grant access to or share certain personal or non-personal data.
Data user. A natural or legal person who has lawful access to certain personal or non-personal data and has the right, including under Regulation (EU) 2016/679 (see summary) in the case of personal data, to use that data for commercial or non-commercial purposes.
Data intermediation service. A service that aims to establish commercial relationships for the purposes of data sharing between an undetermined number of data subjects and data holders on the one hand and data users on the other, through technical, legal or other means, including for the purpose of exercising the rights of data subjects in relation to personal data.


Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (OJ L 152, 3.6.2022, pp. 1–44).


Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, pp. 15–69).

Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, pp. 1–38).

Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, pp. 39–98).

last update 20.07.2022