Information Centre

← to overview

What is the legal basis for the service?

The legal basis for operating the data intermediary is the EU Data Governance Act (DGA) (Regulation (EU) 2022/868), which has been applicable across the European Union since September 2023.

The Data Governance Act establishes a harmonised European legal framework for data intermediation services and defines the conditions under which data may be shared in a legally secure, transparent, and trustworthy manner between data holders and data users.

Further information on the Data Governance Act is available on the official EU website: https://digital-strategy.ec.europa.eu/en/policies/data-governance-act

Key requirements under the Data Governance Act

Under the DGA, data intermediaries are required in particular to ensure:
- Neutrality and independence
The data intermediary must not use the mediated data for its own purposes.

- Transparency towards users
Conditions, processes, pricing models, and access rules must be clearly and comprehensibly disclosed.

- Purpose limitation and user control
Data may only be used in accordance with the agreed purposes and conditions.

- Separation of roles
Data intermediation activities must be organisationally separated from other business activities.

- Compliance with data protection and security requirements
In particular, compliance with the GDPR and appropriate technical and organisational measures is mandatory.

National supervision

The registration and supervision of data intermediaries is carried out at national level. In Austria, the competent authority is responsible for matters relating to digitalisation and e-government.

Relationship to the GDPR

The Data Governance Act complements the General Data Protection Regulation (GDPR) but does not replace it. All personal data continue to be processed exclusively in accordance with the GDPR. The DGA primarily governs the organisational, contractual, and governance-related aspects of data intermediation.

Objective of the legal framework

The objective of the Data Governance Act is to build trust in data-driven ecosystems and to enable fair, secure, and innovation-friendly access to data across the European Union.