---
title: "EU Data Act vs Data Governance Act"
canonical_url: "https://www.sorena.io/artifacts/eu/data-act/data-act-vs-data-governance-act"
source_url: "https://www.sorena.io/artifacts/eu/data-act/data-act-vs-data-governance-act"
author: "Sorena AI"
description: "Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement."
published_at: "2026-05-06"
updated_at: "2026-05-07"
keywords:
  - "EU Data Act"
  - "Data Governance Act"
  - "DGA"
  - "Regulation (EU) 2023/2854"
  - "Regulation (EU) 2022/868"
  - "data intermediaries"
  - "data altruism"
  - "data sharing"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# EU Data Act vs Data Governance Act

Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement.

*Comparison Guide* *EU data sharing law* *Data Act and DGA*

## EU Data Act vs Data Governance Act Access rights vs trusted sharing frameworks

Use this comparison to separate mandatory Data Act access, contract, B2G, and cloud-switching duties from Data Governance Act rules for protected public-sector data reuse, neutral data intermediation, and data altruism.

Grounded in the Data Act text, European Commission Data Act and Data Governance Act explanations, EUR-Lex summaries, and data.europa.eu implementation material. It is practical research support, supporting implementation planning and should be validated against jurisdiction-specific legal, contractual, and policy requirements before implementation.

The EU Data Act and the Data Governance Act both sit inside the EU data strategy, but they solve different operational problems. The Data Act creates rights and obligations around access to and use of data from connected products, related services, business contracts, public-sector exceptional-need requests, and switching between data processing services. The Data Governance Act builds trust infrastructure for voluntary and public-sector data sharing, including protected public-sector data reuse, data intermediation services, data altruism, single information points, and the European Data Innovation Board.

## EU Data Act vs Data Governance Act: what changes in practice

Use this matrix to decide whether the work is a Data Act access, contract, B2G, or cloud-switching obligation, a Data Governance Act reuse, intermediary, or altruism governance issue, or both.

- **EU Data Act**: Mandatory rights and obligations for access to and use of data, especially connected-product data, third-party sharing, B2B fairness, B2G exceptional need, cloud switching, and interoperability.
- **Data Governance Act**: Trust and governance framework for protected public-sector data reuse, neutral data intermediation, data altruism, single information points, registers, and EDIB coordination.

| Dimension | EU Data Act | Data Governance Act | Operational implication | Sources |
| --- | --- | --- | --- | --- |
| Scope boundary | Covers fair access to and use of data, including connected products and related services, user and third-party access, B2B data-sharing terms, B2G exceptional-need requests, switching between data processing services, and interoperability for data spaces and smart contracts. | Covers reuse of certain protected data held by public-sector bodies, data intermediation services, data altruism organisations, single information points, European registers, and EDIB work on best practices and cross-sectoral interoperability. | Use Data Act controls when a covered product, related service, contract, public-sector request, cloud service, or interoperability duty drives the work. Use DGA controls when the issue is protected public-sector reuse, neutral intermediation, altruistic data sharing, or DGA governance infrastructure. | [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports the Data Act scope column for access, B2B, B2G, cloud switching, interoperability, and enforcement chapters.<br>[European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports the DGA scope column for protected public-sector data, intermediaries, altruism, single information points, and EDIB. |
| Covered actors | Key roles include users, data holders, data recipients, third parties, manufacturers, related-service providers, public-sector bodies, Union bodies, providers of data processing services, competent authorities, data coordinators, and EDIB for consistent application. | Key roles include public-sector bodies, reusers, data intermediation service providers, recognised data altruism organisations, data holders, data users, competent authorities for intermediation and altruism, the Commission, and EDIB. | Create two role maps when a project touches both regimes. The same organisation can be a Data Act data holder, a DGA data holder, a reuser, a cloud customer, or an intermediary participant depending on the exact service and dataset. | [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Supports Data Act role categories across connected products, third-party sharing, B2G requests, cloud switching, and enforcement.<br>[European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA role categories for intermediaries, altruism organisations, competent authorities, registers, and EDIB membership. |
| Trigger | Creates duties around making product and related-service data accessible, sharing with users or third parties under conditions, protecting trade secrets proportionately, preventing unfair B2B terms, responding to valid B2G requests, enabling data processing service switching, and meeting interoperability requirements. | Creates governance conditions for protected public-sector data reuse, neutrality and structural separation for data intermediaries, notification to competent authorities, recognised labels and registers, not-for-profit and safeguard expectations for data altruism, and common consent-form support. | Do not merge the obligation lists. Data Act work usually changes product, API, contract, support, procurement, or cloud-exit operations. DGA work usually changes reuse conditions, intermediary structure, transparency, registration, consent, or public-sector metadata operations. | [EUR-Lex - Data Act summary](https://eur-lex.europa.eu/EN/legal-content/summary/rules-on-fair-access-to-and-use-of-data-data-act.html?ref=sorena.io) - Supports the Data Act obligation list in plain language, including access, third-party sharing, trade secrets, unfair terms, B2G access, and switching.<br>[European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports the DGA obligation list for reuse safeguards, neutral intermediaries, notification, recognised labels, data altruism, and consent forms. |
| Core obligations | Does not create the DGA intermediary or altruism model. It can still affect reuse projects where connected-product data, B2B access terms, public-sector exceptional-need requests, data-space interoperability, or cloud-switching rights are part of the same project. | Directly regulates reuse of protected public-sector data, neutral data intermediation services, and data altruism where individuals or companies voluntarily make data available without reward for general-interest objectives. | If the project is a marketplace, data trust, data donation, research reuse, public-sector data room, or single-information-point workflow, start with the DGA. Add Data Act controls only for the connected-product, contract, B2G, switching, or interoperability layer that actually exists. | [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports the Data Act overlap with data spaces, B2G requests, cloud switching, and EDIB-guided interoperability without turning those into DGA intermediary or altruism rules.<br>[European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA treatment of protected public-sector reuse, neutral intermediation, and voluntary data altruism for general-interest objectives. |
| Evidence record | Keep the Data Act source article or chapter, product or service facts, data category, access request or delivery record, recipient terms, trade-secret safeguards, contract review, B2G request file, switching plan, interoperability note, complaint record, or authority correspondence. | Keep the DGA basis, protected-data category, reuse decision, secure-processing or confidentiality safeguards, intermediary notification and neutrality evidence, altruism transparency and consent materials, register entry, single-information-point metadata, and competent-authority correspondence. | A combined EU data-sharing file should contain two labeled evidence indexes. One proves Data Act access, contract, B2G, switching, or interoperability handling; the other proves DGA reuse, intermediation, altruism, register, or EDIB-related governance handling. | [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports Data Act evidence categories tied to access, sharing, trade-secret handling, switching, complaints, cooperation, and authority requests for information.<br>[European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA evidence categories for protected reuse safeguards, intermediary notification, neutrality, recognised registers, altruism, and consent forms. |
| Timing and deadlines | Product teams may need access-by-design, user instructions, access methods, recipient processes, and trade-secret safeguards. Cloud and procurement teams may need switching clauses, exportable-data registers, open interfaces, functional-equivalence planning, and charge withdrawal tracking. Contract teams may need unfair-term review and model-term alignment. | DGA work is less about redesigning connected products or cloud exits and more about reuse permissions, secure processing, confidentiality, intermediary legal separation, transparent terms, recognised logos or registers, altruism consent, and national single-information-point implementation. | Route product and cloud engineering work to the Data Act owner. Route protected-data reuse, intermediary structure, altruism, and ERPD or single-information-point work to the DGA owner. In data spaces, bring both owners into the same review only when both technical and governance layers are present. | [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Supports Data Act product, B2B, B2G, cloud switching, interoperability, and enforcement consequences for implementation teams.<br>[data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Supports DGA implementation references to national single information points and ERPD harvesting requirements. |
| Enforcement | Member States designate competent authorities and, where relevant, data coordinators. The Data Act includes complaint rights, judicial remedies, information requests, cooperation between authorities, and Member State penalty rules that must be effective, proportionate, and dissuasive. | DGA supervision is tied to the relevant DGA activity: competent-authority notification and monitoring for data intermediation services, recognised status and registers for data altruism organisations, reuse conditions for protected public-sector data, and EDIB best-practice coordination. | Escalate through the enforcement route for the activity at issue. Do not quote a single fine threshold for this comparison unless a specific Member State penalty source is added; the Data Act grounding here supports national penalty-setting, not a universal penalty table. | [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports the Data Act enforcement row for competent authorities, data coordinators, complaints, judicial remedies, information requests, cooperation, and national penalties.<br>[European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports the DGA enforcement row for intermediary notification, competent-authority monitoring, recognised labels, central registers, and EDIB coordination. |
| Overlap and reuse | Choose the Data Act analysis when the next action is to give or refuse access, provide data to a third party, protect trade secrets, review a B2B term, answer an exceptional-need public-sector request, switch a data processing service, or meet interoperability duties. | Choose the DGA analysis when the next action is to permit protected public-sector data reuse, run a neutral data intermediation service, register or operate a data altruism organisation, prepare single-information-point metadata, or rely on DGA governance structures. | If the answer affects product design, access delivery, cloud exit, or contract terms, Data Act owners should lead. If the answer affects reuse safeguards, intermediation neutrality, altruism safeguards, registers, or information points, DGA owners should lead. If both are true, keep two cited conclusions. | [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Supports the Data Act decision rule across product access, B2B, B2G, cloud switching, interoperability, and enforcement chapters.<br>[European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports the DGA decision rule across protected public-sector reuse, intermediaries, altruism, registers, and EDIB governance. |
| Practical decision rule | The Data Act includes interoperability requirements for common European data spaces and support from EDIB on standards, common specifications, smart contracts, and data processing service interoperability. | The DGA created EDIB to share best practices on data intermediation, data altruism, protected public-sector data use, and prioritisation of cross-sectoral interoperability standards. | For a common European data space, distinguish technical interoperability and access duties from the governance trust model. EDIB appears in both laws, but its role does not collapse Data Act access rights and DGA trust structures into one obligation. | [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports Data Act interoperability and EDIB references for common European data spaces, data processing services, and standards work.<br>[European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA EDIB role in best practices and cross-sectoral interoperability standards. |

Sources for Scope boundary:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports the Data Act scope column for access, B2B, B2G, cloud switching, interoperability, and enforcement chapters.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports the DGA scope column for protected public-sector data, intermediaries, altruism, single information points, and EDIB.

Sources for Covered actors:

- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Supports Data Act role categories across connected products, third-party sharing, B2G requests, cloud switching, and enforcement.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA role categories for intermediaries, altruism organisations, competent authorities, registers, and EDIB membership.

Sources for Trigger:

- [EUR-Lex - Data Act summary](https://eur-lex.europa.eu/EN/legal-content/summary/rules-on-fair-access-to-and-use-of-data-data-act.html?ref=sorena.io) - Supports the Data Act obligation list in plain language, including access, third-party sharing, trade secrets, unfair terms, B2G access, and switching.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports the DGA obligation list for reuse safeguards, neutral intermediaries, notification, recognised labels, data altruism, and consent forms.

Sources for Core obligations:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports the Data Act overlap with data spaces, B2G requests, cloud switching, and EDIB-guided interoperability without turning those into DGA intermediary or altruism rules.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA treatment of protected public-sector reuse, neutral intermediation, and voluntary data altruism for general-interest objectives.

Sources for Evidence record:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports Data Act evidence categories tied to access, sharing, trade-secret handling, switching, complaints, cooperation, and authority requests for information.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA evidence categories for protected reuse safeguards, intermediary notification, neutrality, recognised registers, altruism, and consent forms.

Sources for Timing and deadlines:

- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Supports Data Act product, B2B, B2G, cloud switching, interoperability, and enforcement consequences for implementation teams.
- [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Supports DGA implementation references to national single information points and ERPD harvesting requirements.

Sources for Enforcement:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports the Data Act enforcement row for competent authorities, data coordinators, complaints, judicial remedies, information requests, cooperation, and national penalties.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports the DGA enforcement row for intermediary notification, competent-authority monitoring, recognised labels, central registers, and EDIB coordination.

Sources for Overlap and reuse:

- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Supports the Data Act decision rule across product access, B2B, B2G, cloud switching, interoperability, and enforcement chapters.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports the DGA decision rule across protected public-sector reuse, intermediaries, altruism, registers, and EDIB governance.

Sources for Practical decision rule:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports Data Act interoperability and EDIB references for common European data spaces, data processing services, and standards work.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA EDIB role in best practices and cross-sectoral interoperability standards.

### Practical decision rule

- Use EU Data Act when the facts match the left-side scope, trigger, and evidence rows.
- Use Data Governance Act when the facts match the right-side scope, trigger, and evidence rows.
- Reuse controls only where the comparison rows show the same actor, obligation, timing, and evidence basis.

## Data Act Start with the legal trigger, not the word data sharing

A connected-device access request, a cloud exit, and a neutral data marketplace are not the same compliance question. The Data Act asks whether a user, data holder, third-party recipient, public-sector body, or data processing service provider has a specific access, use, contract, or switching obligation. The Data Governance Act asks whether a protected public-sector reuse process, data intermediation service, or data altruism structure needs DGA safeguards.

This distinction prevents two common mistakes: treating a Data Act access right as if it were only a voluntary governance programme, or treating a DGA intermediary or altruism model as if it automatically creates a Data Act right to product-generated data.

- Use the Data Act path for connected-product data, related-service data, user and third-party access, B2B unfair terms, B2G exceptional-need requests, data processing service switching, and interoperability duties.
- Use the Data Governance Act path for protected public-sector data reuse, data intermediation services, recognised data altruism organisations, national single information points, and DGA governance bodies.
- Run both analyses only when the same project actually contains both fact patterns, such as a data space that also needs Data Act product-data access or cloud-switching terms.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Grounds the Data Act scope: fair access to and use of data, connected-product and related-service data, B2B and B2G sharing, data processing service switching, interoperability, enforcement, and EDIB support.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Grounds the DGA scope: voluntary data sharing, protected public-sector data reuse, data intermediation services, data altruism, single information points, and EDIB governance.

## Data Act Map actors before assigning obligations for implementation evidence and owner review

Under the Data Act, the actor map usually starts with the user of a connected product or related service, the data holder, any third-party recipient, a product manufacturer or related-service provider, a public-sector requester, or a provider of data processing services. Under the Data Governance Act, the actor map usually starts with the public-sector body holding protected data, the reuser, a data intermediation service provider, a recognised data altruism organisation, a competent authority, or the European Data Innovation Board.

Some names overlap, especially user, data holder, and competent authority. Do not assume the same organisation has the same legal role in both regimes; a company can be a Data Act data holder for connected-product data and separately use a DGA intermediary or participate in a data altruism project.

- For Data Act work, record the product or service, the user, the data holder, the requested data, the recipient, the use purpose, trade-secret concerns, and any cloud or B2G context.
- For DGA work, record whether the project is public-sector protected-data reuse, intermediation, altruism, or data-space governance, and identify the competent authority or register interaction.
- Keep a separate role line where GDPR, sector law, trade-secret protection, public-sector confidentiality, or cloud-contract obligations affect the same dataset.

Sources for this answer:

- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains Data Act roles and practical chapters for connected products, related services, third-party sharing, B2G requests, cloud switching, and enforcement.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Explains DGA actor categories, including public-sector bodies, data intermediaries, data altruism organisations, competent authorities, and EDIB representatives.

*Recommended next step*

*Placement: after comparison section*

## Compare your Data Act and DGA workstreams

Turn this comparison into a working issue list for product data access, cloud switching, protected public-sector reuse, intermediary services, data altruism, and data-space participation.

- [Open Research Copilot](/solutions/research-copilot.md): Research Data Act and DGA questions with cited source packets.
- [Talk through implementation](/contact.md): Review your product, cloud, contract, public-sector reuse, intermediary, or altruism scenario.

## Data Act Separate mandatory access from trusted sharing infrastructure

The Data Act is operationally intrusive for covered products, services, contracts, and cloud relationships because it can require data to be designed for access, made available to users or third parties, shared with public bodies in exceptional need, or made portable during switching. The Data Governance Act is more about conditions for trust: how protected public-sector data may be reused, how intermediaries stay neutral, and how altruistic data sharing is organised.

That means the practical output differs. A Data Act project may need product data inventories, access interfaces, user notices, recipient terms, trade-secret safeguards, contract remediation, B2G request files, or switching documentation. A DGA project may need reuse conditions, secure processing arrangements, confidentiality terms, intermediary notification analysis, structural-separation controls, altruism registration materials, or single-information-point metadata.

- Do not use a DGA data intermediary label to bypass Data Act access, trade-secret, or recipient checks for product-generated data.
- Do not use Data Act language to overstate rights to protected public-sector data; the DGA reuse framework depends on safeguards and the underlying legal basis for reuse.
- For data spaces, document both the Data Act interoperability or access issue and the DGA governance mechanism if both are present.

Sources for this answer:

- [EUR-Lex - Data Act summary](https://eur-lex.europa.eu/EN/legal-content/summary/rules-on-fair-access-to-and-use-of-data-data-act.html?ref=sorena.io) - Summarises Data Act measures on connected-product access, third-party sharing, trade secrets, unfair terms, public-sector access, cloud switching, and data-processing service interoperability.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Explains DGA safeguards for protected public-sector data, including anonymisation, pseudonymisation, secure processing environments, confidentiality agreements, reasonable fees, and single information points.

## Data Act Use different evidence for contracts, reuse, intermediaries, and altruism

A useful evidence file shows which regime was used and why. For the Data Act, the file should connect the data flow to a covered product, related service, data holder, recipient, contract term, public-sector request, or data processing service switching obligation. For the Data Governance Act, it should connect the data flow to protected public-sector data, an intermediary service, an altruism organisation, or a single-information-point process.

The strongest evidence is not a generic compliance memo. It is a short, source-linked packet that product, legal, security, procurement, and data-governance teams can use when they approve an access response, contract clause, reuse condition, intermediary model, or altruism workflow.

- Data Act evidence: dataset inventory, access method, user instructions, recipient terms, trade-secret safeguards, refusal or suspension basis, compensation or contract review, B2G request record, and switching plan.
- DGA evidence: protected-data category, reuse basis, public-sector decision record, secure processing or confidentiality conditions, intermediary notification and neutrality controls, altruism transparency safeguards, and register correspondence.
- Shared evidence: GDPR assessment, sector-rule note, data-space participation terms, interoperability references, and competent-authority correspondence where those issues apply.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports Data Act evidence categories for access, third-party sharing, trade-secret handling, B2G exceptional-need requests, data processing service switching, complaints, and enforcement cooperation.
- [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Supports DGA implementation evidence for national single information points and the European Register for Protected Data held by the Public Sector.

## Data Act Understand enforcement without inventing penalty numbers

The Data Act requires Member States to designate competent authorities, handle complaints, cooperate across borders, and set effective, proportionate, and dissuasive penalties. It also gives affected natural and legal persons complaint and judicial-remedy routes. The published grounding used for this page does not provide a single EU-wide Data Act fine table, so this comparison should not state unsupported fixed penalty amounts.

For the Data Governance Act, the Commission explanation focuses on competent-authority supervision of data intermediation notification, monitoring of intermediary requirements, recognised labels and registers, data altruism safeguards, and EDIB best-practice work. Enforcement analysis should therefore identify the DGA supervisory or register touchpoint rather than importing Data Act access penalties.

- Escalate Data Act disputes through the competent authority, complaint, judicial remedy, contract, or dispute-settlement route that matches the affected chapter.
- Escalate DGA issues through the competent-authority, register, reuse-condition, intermediary-notification, or altruism-recognition process that matches the activity.
- Avoid penalty thresholds or guaranteed outcomes unless the exact Member State rule and source are available.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Grounds the Data Act enforcement discussion: competent authorities, complaints, judicial remedies, Member State penalties, legal representatives, data coordinators, and EDIB support.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Grounds the DGA enforcement and governance discussion for intermediary notification, competent-authority confirmation, monitoring, central registers, and recognised labels.

## Data Act Practical consequences for product, cloud, public-sector, and data-space teams

Product and IoT teams should treat the Data Act as the primary source for user access, related-service data, third-party sharing, trade-secret handling, and access-by-design changes. Cloud, SaaS, and procurement teams should treat the Data Act as the primary source for switching, exportable data, contractual transparency, and international governmental access safeguards for non-personal data held in the Union.

Public-sector, research, data-space, and data-platform teams should use the Data Governance Act when they are designing protected public-sector reuse, single information points, neutral intermediation, or altruistic data sharing. Where these projects also involve connected products, data processing services, or B2B data contracts, add a separate Data Act workstream instead of blending the regimes into one generic policy.

- For connected products, ask what data the user can access, how it is delivered, whether a third party receives it, and what trade-secret safeguards are proportionate.
- For cloud and data processing services, ask what switching, export, interface, transparency, charge, and functional-equivalence duties apply.
- For public-sector and data-space projects, ask whether the activity is protected-data reuse, neutral intermediation, altruism, common European data-space participation, or a separate Data Act access case.

Sources for this answer:

- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Supports practical Data Act consequences for connected products, related services, B2B access, B2G requests, cloud switching, interoperability, and enforcement.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports practical DGA consequences for protected public-sector reuse, intermediaries, altruism, EDIB, and cross-sectoral interoperability standards.

## Primary sources

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports Data Act interoperability and EDIB references for common European data spaces, data processing services, and standards work.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Supports the Data Act decision rule across product access, B2B, B2G, cloud switching, interoperability, and enforcement chapters.
- [EUR-Lex - Data Act summary](https://eur-lex.europa.eu/EN/legal-content/summary/rules-on-fair-access-to-and-use-of-data-data-act.html?ref=sorena.io) - Supports the Data Act obligation list in plain language, including access, third-party sharing, trade secrets, unfair terms, B2G access, and switching.
- [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Supports DGA EDIB role in best practices and cross-sectoral interoperability standards.
- [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Supports DGA implementation references to national single information points and ERPD harvesting requirements.

## Related Topic Guides

- [Data Act and Common European Data Spaces](/artifacts/eu/data-act/data-act-and-common-european-data-spaces.md): How Data Act Article 33 connects data-space participation with metadata, vocabularies, APIs, access terms, data quality, governance, and standards monitoring.
- [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md): FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows.
- [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md): FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing.
- [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md): FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries.
- [Data Act B2B Data-Sharing Contract Clauses](/artifacts/eu/data-act/b2b-data-sharing-contract-clauses.md): Clause guide for EU Data Act B2B data sharing: FRAND terms, compensation, trade secret safeguards, recipient limits, termination, logs, and GDPR boundaries.
- [Data Act B2B Data-Sharing Contract Template](/artifacts/eu/data-act/b2b-data-sharing-contract-template.md): A usable EU Data Act B2B data-sharing template outline covering access requests, data schedules, permitted use, trade secrets, security, compensation, GDPR boundaries, audit records, and termination.
- [Data Act B2G Exceptional-Need Requests](/artifacts/eu/data-act/b2g-exceptional-need-requests.md): A grounded guide to EU Data Act Chapter V requests from public bodies: exceptional need, public emergencies, request contents, limits, safeguards, costs, and records.
- [Data Act Cloud Switching Compliance Checklist](/artifacts/eu/data-act/cloud-switching-compliance-checklist.md): A grounded EU Data Act checklist for cloud and data processing service providers covering switching clauses, notices, export formats, charges, interoperability, and evidence.
- [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md): FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records.
- [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md): FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records.
- [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md): FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records.
- [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md): FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded.
- [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md): FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services.
- [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md): FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence.
- [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md): FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited.
- [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md): FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers.
- [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md): FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614.
- [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md): FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence.
- [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md): FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records.
- [Data Act Smart Contracts for Data Sharing](/artifacts/eu/data-act/smart-contracts-for-data-sharing.md): Data Act Article 36 smart contract guide for data-sharing agreements: scope, robustness, access control, termination, interruption, archiving, standards status, and conformity evidence.
- [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md): FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms.
- [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md): FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence.
- [Data Act Trade Secrets and Protection Measures](/artifacts/eu/data-act/trade-secrets-and-protection.md): Data Act guide for protecting trade secrets during access and sharing: classification, safeguards, refusal thresholds, notices, evidence records, and reviews.
- [Data Act Unfair Contractual Terms | Article 13 B2B Contract Review](/artifacts/eu/data-act/unfair-contractual-terms.md): Review B2B data-sharing clauses under EU Data Act Article 13: unilateral terms, always unfair examples, presumed unfair terms, model clauses, evidence, and remediation.
- [Data Act Vehicle Data Guidance](/artifacts/eu/data-act/vehicle-data-guidance.md): Commission-grounded guide to Data Act vehicle data access: connected vehicles, vehicle-related services, raw and pre-processed data, aftermarket use cases, access routes, safeguards, and GDPR boundaries.
- [Data Act vs GDPR: connected-product data access](/artifacts/eu/data-act/data-act-vs-gdpr.md): Compare EU Data Act connected-product access duties with GDPR personal-data rules: scope, roles, lawful basis, data subject rights, third-party sharing, trade secrets, and conflicts.
- [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md): FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation.
- [EU Data Act Applicability Test](/artifacts/eu/data-act/applicability-test.md): Check whether a product, related service, data holder, cloud service, data-space role, smart contract, or B2G request is in scope of the EU Data Act.
- [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md): FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain.
- [EU Data Act Article 3 Pre-Contract Information](/artifacts/eu/data-act/pre-contractual-information-obligations.md): What Article 3 of the EU Data Act requires before connected-product purchase, rent, lease, or related-service contracting: data categories, access, data holder identity, third-party sharing, complaints, and evidence.
- [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md): FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires.
- [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md): FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards.
- [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md): FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep.
- [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md): When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence.
- [EU Data Act Checklist for Product, Cloud, and Contract Teams](/artifacts/eu/data-act/checklist.md): A grounded EU Data Act checklist for connected-product data access, third-party sharing, B2G requests, cloud switching, unfair terms, smart contracts, personal data boundaries, evidence, and owners.
- [EU Data Act Cloud Switching and Exit Plans](/artifacts/eu/data-act/cloud-switching-and-exit-plans.md): A grounded EU Data Act guide for data processing service exit plans: switching contracts, exportable data, assistance, charges, interoperability, retrieval, erasure, and records.
- [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md): Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence.
- [EU Data Act Compliance Program](/artifacts/eu/data-act/compliance.md): Build a Data Act compliance program for connected-product data access, contracts, B2G requests, cloud switching, smart contracts, GDPR boundaries, records, and ownership.
- [EU Data Act Connected Product Scope and Data Types](/artifacts/eu/data-act/scope-connected-products-and-data-types.md): Classify EU Data Act connected products, related services, product data, related-service data, readily available data, metadata, and excluded derived outputs.
- [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md): FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope.
- [EU Data Act Data Processing Service Switching](/artifacts/eu/data-act/data-processing-services-switching.md): A grounded EU Data Act guide for provider and customer switching duties: exit assistance, exportable data, contract clauses, charges, interoperability, retrieval, and erasure.
- [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md): FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence.
- [EU Data Act deadlines and compliance calendar](/artifacts/eu/data-act/deadlines-and-compliance-calendar.md): A source-linked calendar for EU Data Act application dates, product design timing, contract remediation, cloud switching charges, response periods, standards work, and evidence records.
- [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md): FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act.
- [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md): FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible.
- [EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates](/artifacts/eu/data-act/faq.md): Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates.
- [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md): FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence.
- [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md): FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records.
- [EU Data Act Penalties and Enforcement](/artifacts/eu/data-act/penalties-and-fines.md): Grounded guide to Data Act penalties under Article 40, Member State enforcement, penalty factors, complaints, judicial remedies, and the GDPR enforcement boundary.
- [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md): FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries.
- [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md): FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs.
- [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md): FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics.
- [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md): FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply.
- [EU Data Act requirements](/artifacts/eu/data-act/requirements.md): Source-grounded EU Data Act requirements for connected-product data access, B2B sharing terms, B2G exceptional needs, cloud switching, smart contracts, interoperability, GDPR boundaries, and records.
- [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md): Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status.
- [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md): FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers.
- [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md): FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records.
- [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md): FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence.
- [EU Data Act User Access and Portability Rights](/artifacts/eu/data-act/access-rights-and-portability.md): Practical guide to EU Data Act user access, connected-product data portability, third-party sharing, trade secret safeguards, and the GDPR boundary.
- [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md): FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries.
- [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md): FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/data-act/data-act-vs-data-governance-act