Where do Data Governance Act and NIS2 Directive overlap?

In 3 article-level pairings recorded in the Fontvera corpus. The table above lists each pair with the specific articles and a plain-language description.

Where do Data Governance Act and NIS2 Directive conflict?

In 0 article-level conflicts. The most concrete ones are summarised in the Conflicts explained section.

Which regulation prevails in a conflict between Data Governance Act and NIS2 Directive?

Neither regulation resolves the conflict on its face. Conflicts are typically resolved by the more specific provision or by regulator guidance — a legal-judgement call, not a mechanical rule.

§ Data Governance Act · NIS2 Directive COMPARISON

Data Governance Act vs NIS2 Directive: Where They Overlap and Conflict

3 overlaps, 0 conflicts and 2 gaps mapped between Data Governance Act and NIS2 Directive in the Fontvera regulatory corpus.

Summary

Data Governance Act and NIS2 Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in the Fontvera corpus.

3 overlaps mean the same conduct triggers obligations in both regimes — design controls once, document twice. 0 conflicts mean the two regulations push in opposite directions on a specific question. 2 gaps mean one regulation leaves something on a topic the other addresses.

Who this applies to

Compliance teams who need to map a single control framework onto both Data Governance Act and NIS2 Directive.

Compliance deadline

§ Detail

In depth

Summary statistics

Overlaps: 3 · Conflicts: 0 · Gaps: 2

5 article-level crossrefs catalogued between Data Governance Act and NIS2 Directive from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.

All crossrefs between these regulations

Article (A)	Article (B)	Type	Severity	Description
Data Governance Act Art 13	NIS2 Directive Art 13	overlap	low	[entity affected: authorities in charge of cybersecurity] Both regulations require authorities in charge of cybersecurity to cooperate and exchange information with other relevant authorities to ensur
Data Governance Act Art 7	NIS2 Directive Art 10	overlap	low	[entity affected: Member States] Both regulations require Member States to designate competent bodies or CSIRTs and ensure they have adequate resources, including technical knowledge and secure infras
Data Governance Act Art 11	NIS2 Directive Art 13	overlap	low	[entity affected: Member States] Both regulations require Member States to notify the Commission of the identity of designated competent authorities or CSIRTs and any subsequent changes to their ident
Data Governance Act Art ?	NIS2 Directive Art ?	gap	high	[entity affected: data intermediation services providers] Data intermediation services providers are subject to notification under DGA but may fall under NIS2 as 'important entities' if they provide c
Data Governance Act Art ?	NIS2 Directive Art ?	gap	medium	[entity affected: public sector bodies] Public sector bodies handling high-risk data under DGA may be classified as essential or important entities under NIS2, but there is no clear guidance on how DG

Overlaps explained

No conflict-type crossrefs were catalogued for this pair, but the 3 overlaps below mean a single control can be designed to satisfy both regulations at once. Plan the controls jointly to avoid duplicate effort:

Data Governance Act Art 13 vs NIS2 Directive Art 13 (low severity) — [entity affected: authorities in charge of cybersecurity] Both regulations require authorities in charge of cybersecurity to cooperate and exchange information with other relevant authorities to ensure consistent decision-making and effective oversight.
Data Governance Act Art 7 vs NIS2 Directive Art 10 (low severity) — [entity affected: Member States] Both regulations require Member States to designate competent bodies or CSIRTs and ensure they have adequate resources, including technical knowledge and secure infrastructure, to perform their tasks.
Data Governance Act Art 11 vs NIS2 Directive Art 13 (low severity) — [entity affected: Member States] Both regulations require Member States to notify the Commission of the identity of designated competent authorities or CSIRTs and any subsequent changes to their identity.

Which regulation takes precedence

EU law does not lay down a universal precedence rule between Data Governance Act and NIS2 Directive. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.

What this means for your compliance team

Treat the 3 overlaps as design opportunities — one control, two regulatory anchors. Treat the 0 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 2 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.

Related Fontvera pages

Check your full compliance exposure with the 5-minute Fontvera diagnostic →

§ What Fontvera found

Documents in our corpus

Enforcement data is expanding. AI Act enforcement begins 2 August 2026 — this section will populate automatically as authorities and courts publish decisions citing the regulations covered on this page.

§ Cross-references

Related Fontvera intelligence

Need a cross-border briefing on this?

Search Fontvera ↵ Run the AI Act diagnostic

AI Act enforcement

63 days

until 2026-08-02, when most AI Act provisions begin to apply.