§ Data Governance Act · Article 5
Data Governance Act Article 5: Obligations, Deadlines & Penalties
At a glance
Article 5 of the Data Governance Act imposes 19 obligations on Member State, public sector body, re-user. At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 5
Obligation 1
Public sector bodies shall make publicly available the conditions for allowing re-use and the procedure to request re-use via the single information point.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
publish
- Deadline
-
—
- Penalty
-
—
Obligation 2
Member States shall ensure that public sector bodies are equipped with the necessary resources to comply with this Article.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
Member State
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 3
Conditions for re-use shall be non-discriminatory, transparent, proportionate and objectively justified, and shall not be used to restrict competition.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 4
Public sector bodies shall ensure that the protected nature of data is preserved in accordance with Union and national law.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 5
Public sector bodies may require that personal data has been anonymised before granting access for re-use.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
require
- Deadline
-
—
- Penalty
-
—
Obligation 6
Public sector bodies may require that commercially confidential information has been modified, aggregated or treated by any other method of disclosure control before granting access for re-use.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
require
- Deadline
-
—
- Penalty
-
—
Obligation 7
Public sector bodies may require re-users to access and re-use data remotely within a secure processing environment provided or controlled by the public sector body.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
require
- Deadline
-
—
- Penalty
-
—
Obligation 8
Public sector bodies may require re-users to access and re-use data within physical premises in accordance with high security standards if remote access jeopardises third-party rights.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
require
- Deadline
-
—
- Penalty
-
—
Obligation 9
Public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
impose
- Deadline
-
—
- Penalty
-
—
Obligation 10
The public sector body shall reserve the right to verify the process, means and results of data processing to preserve data protection integrity.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
reserve right
- Deadline
-
—
- Penalty
-
—
Obligation 11
The public sector body shall reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third parties.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
reserve right
- Deadline
-
—
- Penalty
-
—
Obligation 12
The decision to prohibit the use of results shall be comprehensible and transparent to the re-user.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 13
Unless national law provides specific safeguards, the public sector body shall make re-use conditional on the re-user's adherence to a confidentiality obligation prohibiting disclosure of information jeopardising third-party rights.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
condition
- Deadline
-
—
- Penalty
-
—
- Exemptions
- national law provides specific safeguards
Obligation 14
Re-users shall be prohibited from re-identifying any data subject to whom the data relates.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
re-user
- Action required
-
prohibit
- Deadline
-
—
- Penalty
-
—
Obligation 15
Re-users shall take technical and operational measures to prevent re-identification.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
re-user
- Action required
-
take measures
- Deadline
-
—
- Penalty
-
—
Obligation 16
Re-users shall notify any data breach resulting in the re-identification of data subjects to the public sector body.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
re-user
- Action required
-
notify
- Deadline
-
—
- Penalty
-
—
Obligation 17
In the event of unauthorised re-use of non-personal data, the re-user shall, without delay, inform the legal persons whose rights and interests may be affected.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
re-user
- Action required
-
inform
- Deadline
-
without delay
- Penalty
-
—
Obligation 18
Where re-use cannot be allowed under paragraphs 3 and 4 and there is no legal basis for transmission, the public sector body shall make best efforts to provide assistance to potential re-users in seeking consent or permission.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
assist
- Deadline
-
—
- Penalty
-
—
- Exemptions
- where it is feasible without a disproportionate burden
Obligation 19
Re-use of data shall be allowed only in compliance with intellectual property rights.
Regulation (EU) 2022/868, Article 5, Article 5
- Obligated entity
-
public sector body
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 5
Who must comply with Article 5 of the Data Governance Act?
+
Member State, public sector body, re-user.
What does Article 5 of the Data Governance Act require?
+
publish ensure require
What is the compliance deadline for Data Governance Act Article 5?
+
without delay