§ Data Governance Act · Article 5

Data Governance Act Article 5: Obligations, Deadlines & Penalties

Regulation (EU) 2022/868, Article 5 · All obligations · Data Governance Act
At a glance
Article 5 of the Data Governance Act imposes 19 obligations on Member State, public sector body, re-user. At least one obligation carries an explicit compliance deadline.
§ Obligations

All obligations under Article 5

Obligation 1
Public sector bodies shall make publicly available the conditions for allowing re-use and the procedure to request re-use via the single information point. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
publish
Deadline
Penalty
Obligation 2
Member States shall ensure that public sector bodies are equipped with the necessary resources to comply with this Article. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
Member State
Action required
ensure
Deadline
Penalty
Obligation 3
Conditions for re-use shall be non-discriminatory, transparent, proportionate and objectively justified, and shall not be used to restrict competition. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
ensure
Deadline
Penalty
Obligation 4
Public sector bodies shall ensure that the protected nature of data is preserved in accordance with Union and national law. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
ensure
Deadline
Penalty
Obligation 5
Public sector bodies may require that personal data has been anonymised before granting access for re-use. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
require
Deadline
Penalty
Obligation 6
Public sector bodies may require that commercially confidential information has been modified, aggregated or treated by any other method of disclosure control before granting access for re-use. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
require
Deadline
Penalty
Obligation 7
Public sector bodies may require re-users to access and re-use data remotely within a secure processing environment provided or controlled by the public sector body. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
require
Deadline
Penalty
Obligation 8
Public sector bodies may require re-users to access and re-use data within physical premises in accordance with high security standards if remote access jeopardises third-party rights. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
require
Deadline
Penalty
Obligation 9
Public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
impose
Deadline
Penalty
Obligation 10
The public sector body shall reserve the right to verify the process, means and results of data processing to preserve data protection integrity. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
reserve right
Deadline
Penalty
Obligation 11
The public sector body shall reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third parties. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
reserve right
Deadline
Penalty
Obligation 12
The decision to prohibit the use of results shall be comprehensible and transparent to the re-user. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
ensure
Deadline
Penalty
Obligation 13
Unless national law provides specific safeguards, the public sector body shall make re-use conditional on the re-user's adherence to a confidentiality obligation prohibiting disclosure of information jeopardising third-party rights. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
condition
Deadline
Penalty
Exemptions
national law provides specific safeguards
Obligation 14
Re-users shall be prohibited from re-identifying any data subject to whom the data relates. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
re-user
Action required
prohibit
Deadline
Penalty
Obligation 15
Re-users shall take technical and operational measures to prevent re-identification. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
re-user
Action required
take measures
Deadline
Penalty
Obligation 16
Re-users shall notify any data breach resulting in the re-identification of data subjects to the public sector body. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
re-user
Action required
notify
Deadline
Penalty
Obligation 17
In the event of unauthorised re-use of non-personal data, the re-user shall, without delay, inform the legal persons whose rights and interests may be affected. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
re-user
Action required
inform
Deadline
without delay
Penalty
Obligation 18
Where re-use cannot be allowed under paragraphs 3 and 4 and there is no legal basis for transmission, the public sector body shall make best efforts to provide assistance to potential re-users in seeking consent or permission. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
assist
Deadline
Penalty
Exemptions
where it is feasible without a disproportionate burden
Obligation 19
Re-use of data shall be allowed only in compliance with intellectual property rights. Regulation (EU) 2022/868, Article 5, Article 5
Obligated entity
public sector body
Action required
ensure
Deadline
Penalty
§ Frequently asked

Questions about Article 5

Who must comply with Article 5 of the Data Governance Act? +
Member State, public sector body, re-user.
What does Article 5 of the Data Governance Act require? +
publish ensure require
What is the compliance deadline for Data Governance Act Article 5? +
without delay
Need a cross-border briefing on Data Governance Act Article 5?
Search Fontvera ↵
All EU obligation pages  ·  All Data Governance Act articles