Summary statistics
Overlaps: 4 · Conflicts: 1 · Gaps: 3
8 article-level crossrefs catalogued between Data Act and Data Governance Act from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.
All crossrefs between these regulations
| Article (A) | Article (B) | Type | Severity | Description |
|---|---|---|---|---|
| Data Act Art 18 | Data Governance Act Art 7 | overlap | low | [entity affected: public sector body] Both regulations require public sector bodies or competent bodies to implement technical measures for data security, including pseudonymisation and anonymisation, |
| Data Act Art 19 | Data Governance Act Art 7 | overlap | low | [entity affected: public sector body] Both regulations mandate that public sector bodies ensure the confidentiality, integrity, and security of data received or processed, including specific obligatio |
| Data Act Art 10 | Data Governance Act Art 9 | overlap | low | [entity affected: Member State] Both regulations require Member States to establish mechanisms for dispute resolution or redress, including the notification of competent bodies or authorities to the C |
| Data Act Art 20 | Data Governance Act Art 6 | overlap | medium | [entity affected: public sector body] Both regulations address the financial aspects of data access, requiring transparency in costs and limiting fees to necessary costs, though the Data Act focuses o |
| Data Act Art 14 | Data Governance Act Art 4 | conflict | medium | [entity affected: public sector body] The Data Act allows public sector bodies to request data from private holders under exceptional needs, while the DGA restricts public sector bodies from granting |
| Data Act Art ? | Data Governance Act Art ? | gap | high | [entity affected: data altruism organisations] Neither regulation clearly defines the liability framework for data altruism organisations if they mishandle data received from private holders, creating |
| Data Act Art ? | Data Governance Act Art ? | gap | medium | [entity affected: data intermediation services provider] There is no clear guidance on how data intermediation services providers should handle conflicts between the Data Act's unfair contractual term |
| Data Act Art ? | Data Governance Act Art ? | gap | high | [entity affected: third party] Neither regulation explicitly addresses the cross-border enforcement mechanisms for third parties who violate data usage restrictions under both acts, leaving a gap in r |
Conflicts explained
The 1 article-level conflicts between Data Act and Data Governance Act mean a control that satisfies one can pull the wrong way on the other:
- Data Act Art 14 vs Data Governance Act Art 4 — [entity affected: public sector body] The Data Act allows public sector bodies to request data from private holders under exceptional needs, while the DGA restricts public sector bodies from granting exclusive rights to re-use data, potentially creating tension if a public body tries to exclusively control data obtained via the Data Act.
Which regulation takes precedence
EU law does not lay down a universal precedence rule between Data Act and Data Governance Act. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.
What this means for your compliance team
Treat the 4 overlaps as design opportunities — one control, two regulatory anchors. Treat the 1 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 3 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.
Related Fontvera pages
- data act article 37 commission
- data act obligations data services
- data act vs dma comparison
- data act vs dora comparison
Check your full compliance exposure with the 5-minute Fontvera diagnostic →