Sign in Subscribe
4 min read

Data Governance Act vs. Data Act

The Data Governance Act and Data Act reshape Europe’s data economy for AI. This article explains their differences, compliance implications and opportunities for trustworthy data sharing, IoT data access, public-sector reuse and AI innovation.
Share
Data Governance Act vs. Data Act
Foto by Brett Sayles: pexels.com

Key Differences and Implications for AI Systems

By Eckhart Mehler for CISOsCISO — a perspective on cybersecurity leadership, governance and the decisions that determine whether organizations retain control.

In the rapidly evolving digital landscape, the European Union has introduced pivotal legislation to regulate data management and utilization. Among these, the Data Governance Act (DGA) and the Data Act (DA) stand out for their significant impact on organizations, particularly those developing and deploying Artificial Intelligence (AI) systems. Understanding the distinctions between these acts and their relevance to AI is crucial for businesses aiming to navigate the complex regulatory environment effectively.

🌐 1. Overview of the Data Governance Act (DGA)

The DGA, which came into force on June 23, 2022, and became applicable in September 2023, establishes a framework to facilitate trustworthy data sharing across the EU. Its primary objectives include:

  • Enhancing Data Availability: Encouraging the reuse of certain public sector data that cannot be made available as open data, such as health records, to advance research and innovation.
  • Promoting Data Altruism: Enabling individuals and organizations to voluntarily share data for the common good, fostering societal benefits through initiatives like medical research.
  • Establishing Data Intermediaries: Creating trusted entities that act as neutral facilitators in data sharing, ensuring compliance with EU regulations and building trust among data providers and users.

Implications for AI Systems:

For AI developers, the DGA opens avenues to access high-quality public sector data, which can be instrumental in training robust AI models. For instance, healthcare AI applications can leverage anonymized patient data to improve diagnostic tools, provided they adhere to stringent data protection standards.

📄 2. Overview of the Data Act (DA)

The DA, proposed in February 2022 and expected to be fully applicable by September 2025, aims to ensure fair access to and use of data generated by connected devices and related services. Key provisions include:

  • User Access to IoT Data: Granting users rights to access data generated by their Internet of Things (IoT) devices and share it with third parties.
  • Fairness in Data Sharing Contracts: Protecting small and medium-sized enterprises (SMEs) from unfair contractual terms imposed by more powerful parties in data-sharing agreements.
  • Business-to-Government (B2G) Data Sharing: Mandating businesses to share data with public sector bodies under specific circumstances, such as during public emergencies.

Implications for AI Systems:

The DA facilitates the availability of IoT-generated data, which is invaluable for AI applications. For example, a startup developing predictive maintenance solutions can access data from industrial machinery to train their AI models, leading to more accurate predictions and reduced downtime.

🔍 3. Key Differences Between DGA and DA

  • Data Governance Act (DGA)

Primary Focus: Establishing frameworks for trustworthy data sharing and governance

Scope: Public sector data reuse, data altruism, and data intermediaries

Impact on AI Development: Provides access to valuable public sector data for AI model training

Compliance Requirements: Involves setting up compliant data-sharing frameworks and engaging with data intermediaries

  • Data Act (DA)

Primary Focus: Ensuring fair access to and use of data generated by connected devices

Scope: User rights to IoT data, fair contractual terms, and B2G data sharing

Impact on AI Development: Enhances availability of IoT data, fostering innovation in AI applications

Compliance Requirements: Necessitates fair data access policies and adherence to contractual fairness in data sharing

🤖 4. Practical Implications for AI Systems

Access to Diverse Data Sources:

  • Public Sector Data: Under the DGA, AI developers can access anonymized public sector data, such as traffic patterns, to enhance smart city solutions.
  • IoT Data: The DA empowers users to share data from their devices, enabling AI companies to develop personalized services. For instance, fitness app developers can utilize data from wearable devices to offer tailored health recommendations.

Compliance Considerations:

Organizations must implement robust data governance frameworks to ensure compliance with both acts. This includes establishing transparent data-sharing agreements, ensuring data quality and integrity, and protecting individual privacy rights.

🛡️ 5. Strategies for Incorporating DGA and DA into Compliance Frameworks

To align with the DGA and DA, companies should:

  1. Conduct Data Audits: Identify data sources within the organization that fall under the purview of the DGA and DA.
  2. Develop Data Sharing Policies: Create clear policies outlining how data is shared, with whom, and under what conditions, ensuring adherence to legal requirements.
  3. Engage with Data Intermediaries: Partner with authorized data intermediaries to facilitate compliant data sharing.
  4. Implement Data Access Controls: Establish mechanisms to manage and monitor access to data, ensuring only authorized use.
  5. Stay Informed on Regulatory Updates: Regularly review updates from EU regulatory bodies to remain compliant with evolving data legislation.

🚀 Conclusion: Navigating the Data Legislation Landscape for AI Innovation

The DGA and DA represent significant strides in the EU’s effort to create a fair and innovative data economy. For AI practitioners, these acts not only impose compliance obligations but also offer opportunities to access diverse data sources essential for developing cutting-edge AI solutions. By understanding and integrating the requirements of the DGA and DA into their operations, organizations can drive innovation while maintaining trust and compliance in the digital ecosystem.

For a comprehensive understanding of the DGA and DA, refer to the official publications:

• Data Governance Act: EUR-Lex

• Data Act Explained: Data Act explained

Publication Note & Disclaimer
This article was originally published on LinkedIn on January 29, 2025 and may have been edited or updated for publication on this site.

It reflects my personal professional perspective and does not represent the official policy or position of my employer. Drafting and editorial refinement may have been supported by commercially available AI-assisted tools. The analysis, conclusions and final curation are entirely my own.

For information regarding image credits, copyrights, trademarks and other intellectual property rights, please refer to the Imprint.

Published by:

Eckhart Mehler

Member discussion