§ Data Governance Act · Article 31
Data Governance Act Article 31: Obligations, Deadlines & Penalties
At a glance
Article 31 of the Data Governance Act imposes 5 obligations on data intermediation services provider, natural or legal person granted right to re-use data, public sector body and 1 other entity type(s). At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 31
Obligation 1
Take all reasonable technical, legal and organisational measures, including contractual arrangements, to prevent international transfer or governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or national law.
Regulation (EU) 2022/868, Article 31, Article 31
- Obligated entity
-
public sector body, natural or legal person granted right to re-use data, data intermediation services provider, recognised data altruism organisation
- Action required
-
prevent
- Deadline
-
—
- Penalty
-
—
Obligation 2
Recognise or enforce decisions or judgments of third-country courts or administrative authorities requiring transfer or access to non-personal data only if based on an international agreement in force between the requesting third country and the Union or a Member State.
Regulation (EU) 2022/868, Article 31, Article 31
- Obligated entity
-
public sector body, natural or legal person granted right to re-use data, data intermediation services provider, recognised data altruism organisation
- Action required
-
recognise
- Deadline
-
—
- Penalty
-
—
Obligation 3
Ensure that transfer to or access to data by a third-country authority takes place only where specific conditions regarding specificity, reviewability, and consideration of legal interests are met, in the absence of an international agreement.
Regulation (EU) 2022/868, Article 31, Article 31
- Obligated entity
-
public sector body, natural or legal person granted right to re-use data, data intermediation services provider, recognised data altruism organisation
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 4
Provide the minimum amount of data permissible in response to a request, based on a reasonable interpretation of the request, if the conditions laid down in paragraph 2 or 3 are met.
Regulation (EU) 2022/868, Article 31, Article 31
- Obligated entity
-
public sector body, natural or legal person granted right to re-use data, data intermediation services provider, recognised data altruism organisation
- Action required
-
provide
- Deadline
-
—
- Penalty
-
—
Obligation 5
Inform the data holder about the existence of a request of a third-country administrative authority to access its data before complying with that request.
Regulation (EU) 2022/868, Article 31, Article 31
- Obligated entity
-
public sector body, natural or legal person granted right to re-use data, data intermediation services provider, recognised data altruism organisation
- Action required
-
inform
- Deadline
-
before complying with that request
- Penalty
-
—
- Exemptions
- where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity
§ Frequently asked
Questions about Article 31
Who must comply with Article 31 of the Data Governance Act?
+
data intermediation services provider, natural or legal person granted right to re-use data, public sector body, recognised data altruism organisation.
What does Article 31 of the Data Governance Act require?
+
prevent recognise ensure
What is the compliance deadline for Data Governance Act Article 31?
+
before complying with that request