keyboard_tab Digital Governance Act 2022/0868 EN

1.   Public sector bodies which are competent under national law to grant or refuse access for the re-use of one or more of the categories of data referred to in Article 3(1) shall make publicly available the conditions for allowing such re-use and the procedure to request the re-use via the single information point referred to in Article 8. Where they grant or refuse access for re-use, they may be assisted by the competent bodies referred to in Article 7(1).

Member States shall ensure that public sector bodies are equipped with the necessary resources to comply with this Article.

2.   Conditions for re-use shall be non-discriminatory, transparent, proportionate and objectively justified with regard to the categories of data and the purposes of re-use and the nature of the data for which re-use is allowed. Those conditions shall not be used to restrict competition.

3.   Public sector bodies shall, in accordance with Union and national law, ensure that the protected nature of data is preserved. They may provide for the following requirements:

4.   In the case of re-use allowed in accordance with paragraph 3, points (b) and (c), the public sector bodies shall impose conditions that preserve the integrity of the functioning of the technical systems of the secure processing environment used. The public_sector_body shall reserve the right to verify the process, the means and any results of processing of data undertaken by the re-user to preserve the integrity of the protection of the data and reserve the right to prohibit the use of results that contain information jeopardising the rights and interests of third parties. The decision to prohibit the use of the results shall be comprehensible and transparent to the re-user.

5.   Unless national law provides for specific safeguards on applicable confidentiality obligations relating to the re-use of data referred to in Article 3(1), the public_sector_body shall make the re-use of data provided in accordance with paragraph 3 of this Article conditional on the adherence by the re-user to a confidentiality obligation that prohibits the disclosure of any information that jeopardises the rights and interests of third parties that the re-user may have acquired despite the safeguards put in place. Re-users shall be prohibited from re-identifying any data subject to whom the data relates and shall take technical and operational measures to prevent re-identification and to notify any data breach resulting in the re-identification of the data subjects concerned to the public_sector_body. In the event of the unauthorised re-use of non-personal data, the re-user shall, without delay, where appropriate with the assistance of the public_sector_body, inform the legal persons whose rights and interests may be affected.

6.   Where the re-use of data cannot be allowed in accordance with the obligations laid down in paragraphs 3 and 4 of this Article and there is no legal basis for transmitting the data under Regulation (EU) 2016/679, the public_sector_body shall make best efforts, in accordance with Union and national law, to provide assistance to potential re-users in seeking consent of the data subjects or permission from the data holders whose rights and interests may be affected by such re-use, where it is feasible without a disproportionate burden on the public_sector_body. Where it provides such assistance, the public_sector_body may be assisted by the competent bodies referred to in Article 7(1).

7.   Re-use of data shall be allowed only in compliance with intellectual property rights. The right of the maker of a database as provided for in Article 7(1) of Directive 96/9/EC shall not be exercised by public sector bodies in order to prevent the re-use of data or to restrict re-use beyond the limits set by this Regulation.

8.   Where data requested is considered to be confidential, in accordance with Union or national law on commercial or statistical confidentiality, the public sector bodies shall ensure that the confidential data is not disclosed as a result of allowing re-use, unless such re-use is allowed in accordance with paragraph 6.

9.   Where a re-user intends to transfer non-personal data protected on the grounds set out in Article 3(1) to a third country, it shall inform the public_sector_body of its intention to transfer such data and the purpose of such transfer at the time of requesting the re-use of such data. In the case of re-use in accordance with paragraph 6 of this Article, the re-user shall, where appropriate with the assistance of the public_sector_body, inform the legal person whose rights and interests may be affected of that intention, purpose and the appropriate safeguards. The public_sector_body shall not allow the re-use unless the legal person gives permission for the transfer.

10.   Public sector bodies shall transmit non-personal confidential data or data protected by intellectual property rights to a re-user which intends to transfer those data to a third country other than a country designated in accordance with paragraph 12 only if the re-user contractually commits to:

11.   Public sector bodies shall, where relevant and to the extent of their capabilities, provide guidance and assistance to re-users in complying with the obligations referred to in paragraph 10 of this Article.

In order to assist public sector bodies and re-users, the Commission may adopt implementing acts establishing model contractual clauses for complying with the obligations referred to in paragraph 10 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 33(3).

12.   Where justified because of the substantial number of requests across the Union concerning the re-use of non-personal data in specific third countries, the Commission may adopt implementing acts declaring that the legal, supervisory and enforcement arrangements of a third country:

Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 33(3).

13.   Specific Union legislative acts may deem certain non-personal data categories held by public sector bodies to be highly sensitive for the purposes of this Article where their transfer to third countries may put at risk Union public policy objectives, such as safety and public health or may lead to the risk of re-identification of non-personal, anonymised data. Where such an act is adopted, the Commission shall adopt delegated acts in accordance with Article 32 supplementing this Regulation by laying down special conditions applicable to the transfers of such data to third countries.

Those special conditions shall be based on the nature of the non-personal data categories identified in the specific Union legislative act and on the grounds for deeming those categories to be highly sensitive, taking into account the risks of re-identification of non-personal, anonymised data. They shall be non-discriminatory and limited to what is necessary to achieve the Union public policy objectives identified in that act, in accordance with the Union’s international obligations.

If required by specific Union legislative acts as referred to in the first subparagraph, such special conditions may include terms applicable for the transfer or technical arrangements in this regard, limitations with regard to the re-use of data in third countries or categories of persons entitled to transfer such data to third countries or, in exceptional cases, restrictions with regard to transfers to third countries.

14.   the natural or legal person to which the right to re-use non-personal data was granted may transfer the data only to those third countries for which the requirements in paragraphs 10, 12 and 13 are met.

1.   Public sector bodies which allow re-use of the categories of data referred to in Article 3(1) may charge fees for allowing the re-use of such data.

2.   Any fees charged pursuant to paragraph 1 shall be transparent, non-discriminatory, proportionate and objectively justified and shall not restrict competition.

3.   Public sector bodies shall ensure that any fees can also be paid online through widely available cross-border payment services, without discrimination based on the place of establishment of the payment service provider, the place of issue of the payment instrument or the location of the payment account within the Union.

4.   Where public sector bodies charge fees, they shall take measures to provide incentives for the re-use of the categories of data referred to in Article 3(1) for non-commercial purposes, such as scientific research purposes, and by SMEs and start-ups in accordance with State aid rules. In that regard, public sector bodies may also make the data available at a discounted fee or free of charge, in particular to SMEs and start-ups, civil society and educational establishments. To that end, public sector bodies may establish a list of categories of re-users to which data for re-use is made available at a discounted fee or free of charge. That list, together with the criteria used to establish it, shall be made public.

5.   Any fees shall be derived from the costs related to conducting the procedure for requests for the re-use of the categories of data referred to in Article 3(1) and limited to the necessary costs in relation to:

6.   the criteria and methodology for calculating fees shall be laid down by the Member States and published. The public_sector_body shall publish a description of the main categories of costs and the rules used for the allocation of costs.

1.   For the purpose of carrying out the tasks referred to in this Article, each Member State shall designate one or more competent bodies, which may be competent for particular sectors, to assist the public sector bodies which grant or refuse access for the re-use of the categories of data referred to in Article 3(1). Member States may either establish one or more new competent bodies or rely on existing public sector bodies or on internal services of public sector bodies that fulfil the conditions laid down in this Regulation.

2.   the competent bodies may be empowered to grant access for the re-use of the categories of data referred to in Article 3(1) pursuant to Union or national law which provides for such access to be granted. Where they grant or refuse access for the re-use, Articles 4, 5, 6 and 9 shall apply to those competent bodies.

3.   the competent bodies shall have adequate legal, financial, technical and human resources to carry out the tasks assigned to them, including the necessary technical knowledge to be able to comply with relevant Union or national law concerning the access regimes for the categories of data referred to in Article 3(1).

4.   the assistance provided for in paragraph 1 shall include, where necessary:

5.   Each Member State shall notify the Commission of the identity of the competent bodies designated pursuant to paragraph 1 by 24 September 2023. Each Member State shall also notify the Commission of any subsequent change to the identity of those competent bodies.

1.   Member States shall ensure that all relevant information concerning the application of Articles 5 and 6 is available and easily accessible through a single information point. Member States shall establish a new body or designate an existing body or structure as the single information point. The single information point may be linked to sectoral, regional or local information points. The functions of the single information point may be automated provided that the public_sector_body ensures adequate support.

2.   the single information point shall be competent to receive enquiries or requests for the re-use of the categories of data referred to in Article 3(1) and shall transmit them, where possible and appropriate by automated means, to the competent public sector bodies, or the competent bodies referred to in Article 7(1), where relevant. The single information point shall make available by electronic means a searchable asset list containing an overview of all available data resources including, where relevant, those data resources that are available at sectoral, regional or local information points, with relevant information describing the available data, including at least the data format and size and the conditions for their  re-use.

3.   the single information point may establish a separate, simplified and well-documented information channel for SMEs and start-ups, addressing their needs and capabilities in requesting the re-use of the categories of data referred to in Article 3(1).

4.   the Commission shall establish a European single access point offering a searchable electronic register of data available in the national single information points and further information on how to request data via those national single information points.

1.   Any data intermediation services provider who intends to provide the data intermediation services referred to in Article 10 shall submit a notification to the competent authority for data intermediation services.

2.   For the purposes of this Regulation, a data intermediation services provider with establishments in more than one Member State shall be deemed to be under the jurisdiction of the Member State in which it has its main_establishment, without prejudice to Union law regulating cross-border actions for damages and related proceedings.

3.   A data intermediation services provider that is not established in the Union, but which offers the data intermediation services referred to in Article 10 within the Union, shall designate a legal_representative in one of the Member States in which those services are offered.

For the purpose of ensuring compliance with this Regulation, the legal_representative shall be mandated by the data intermediation services provider to be addressed in addition to or instead of it by competent authorities for data intermediation services or data subjects and data holders, with regard to all issues related to the data intermediation services provided. The legal_representative shall cooperate with and comprehensively demonstrate to the competent authorities for data intermediation services, upon request, the actions taken and provisions put in place by the data intermediation services provider to ensure compliance with this Regulation.

The data intermediation services provider shall be deemed to be under the jurisdiction of the Member State in which the legal_representative is located. The designation of a legal_representative by the data intermediation services provider shall be without prejudice to any legal actions which could be initiated against the data intermediation services provider.

4.   After having submitted a notification in accordance with paragraph 1, the data intermediation services provider may start the activity subject to the conditions laid down in this Chapter.

5.   the notification referred to in paragraph 1 shall entitle the data intermediation services provider to provide data intermediation services in all Member States.

6.   the notification referred to in paragraph 1 shall include the following information:

7.   the competent authority for data intermediation services shall ensure that the notification procedure is non-discriminatory and does not distort the competition.

8.   At the request of the data intermediation services provider, the competent authority for data intermediation services shall, within one week of a duly and fully completed notification, issue a standardised declaration, confirming that the data intermediation services provider has submitted the notification referred to in paragraph 1 and that the notification contains the information referred to in paragraph 6.

9.   At the request of the data intermediation services provider, the competent authority for data intermediation services shall confirm that the data intermediation services provider complies with this Article and Article 12. Upon receipt of such a confirmation, that data intermediation services provider may use the label ‘ data intermediation services provider recognised in the Union’ in its written and spoken communication, as well as a common logo.

In order to ensure that data intermediation services providers recognised in the Union are easily identifiable throughout the Union, the Commission shall, by means of implementing acts, establish a design for the common logo. Data intermediation services providers recognised in the Union shall display the common logo clearly on every online and offline publication that relates to their data intermediation activities.

Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 33(2).

10.   the competent authority for data intermediation services shall notify the Commission of each new notification by electronic means without delay. The Commission shall keep and regularly update a public register of all data intermediation services providers providing their services in the Union. The information referred to in paragraph 6, points (a), (b), (c), (d), (f) and (g), shall be published in the public register.

11.   the competent authority for data intermediation services may charge fees for the notification in accordance with national law. Such fees shall be proportionate and objective and be based on the administrative costs related to the monitoring of compliance and other market control activities of the competent authority for data intermediation services in relation to notifications of data intermediation services providers. In the case of SMEs and start-ups, the competent authority for data intermediation services may charge a discounted fee or waive the fee.

12.   Data intermediation services providers shall notify the competent authority for data intermediation services of any changes to the information provided pursuant to paragraph 6 within 14 days of the date of the change.

13.   Where a data intermediation services provider ceases its activities, it shall notify the relevant competent authority for data intermediation services determined pursuant to paragraphs 1, 2 and 3 within 15 days.

14.   the competent authority for data intermediation services shall notify the Commission of each notification referred to in paragraphs 12 and 13 by electronic means without delay. The Commission shall update the public register of the data intermediation services providers in the Union accordingly.

1.   Each Member State shall designate one or more competent authorities to carry out the tasks related to the notification procedure for data intermediation services and shall notify the Commission of the identity of those competent authorities by 24 September 2023. Each Member State shall also notify the Commission of any subsequent change to the identity of those competent authorities.

2.   the competent authorities for data intermediation services shall comply with the requirements set out in Article 26.

3.   the powers of the competent authorities for data intermediation services are without prejudice to the powers of the data protection authorities, national competition authorities, authorities in charge of cybersecurity and other relevant sectoral authorities. In accordance with their respective competences under Union and national law, those authorities shall establish strong cooperation and exchange information as is necessary for the exercise of their tasks in relation to data intermediation services providers, and shall aim to achieve consistency in the decisions taken in applying this Regulation.

1.   the competent authorities for data intermediation services shall monitor and supervise compliance of data intermediation services providers with the requirements of this Chapter. The competent authorities for data intermediation services may also monitor and supervise the compliance of data intermediation services providers, on the basis of a request by a natural or legal person.

2.   the competent authorities for data intermediation services shall have the power to request from data intermediation services providers or their legal_representatives all the information that is necessary to verify compliance with the requirements of this Chapter. Any request for information shall be proportionate to the performance of the task and shall be reasoned.

3.   Where the competent authority for data intermediation services finds that a data intermediation services provider does not comply with one or more of the requirements of this Chapter, it shall notify that data intermediation services provider of those findings and give it the opportunity to state its views, within 30 days of the receipt of the notification.

4.   the competent authority for data intermediation services shall have the power to require the cessation of the infringement referred to in paragraph 3 within a reasonable time limit or immediately in the case of a serious infringement and shall take appropriate and proportionate measures with the aim of ensuring compliance. In that regard, the competent authority for data intermediation services shall have the power, where appropriate:

The competent authority for data intermediation services shall request the Commission to remove the data intermediation services provider from the register of data intermediation services providers once it has ordered the cessation of the provision of the data intermediation service in accordance with the first subparagraph, point (c).

If a data intermediation services provider remedies infringements, that data intermediation services provider shall re-notify the competent authority for data intermediation services. The competent authority for data intermediation services shall notify the Commission of each new re-notification.

5.   Where a data intermediation services provider that is not established in the Union fails to designate a legal_representative or the legal_representative fails, upon request of the competent authority for data intermediation services, to provide the necessary information that comprehensively demonstrates compliance with this Regulation, the competent authority for data intermediation services shall have the power to postpone the commencement of or to suspend the provision of the data intermediation service until the legal_representative is designated or the necessary information is provided.

6.   the competent authorities for data intermediation services shall notify the data intermediation services provider concerned of the measures imposed pursuant to paragraphs 4 and 5 and the reasons on which they are based, as well as the necessary steps to be taken to rectify the relevant shortcomings, without delay, and shall stipulate a reasonable period, which shall not be longer than 30 days, for the data intermediation services provider to comply with those measures.

7.   If a data intermediation services provider has its main_establishment or its legal_representative in a Member State but provides services in other Member States, the competent authority for data intermediation services of the Member State of the main_establishment or where the legal_representative is located and the competent authorities for data intermediation services of those other Member States shall cooperate and assist each other. Such assistance and cooperation may cover information exchanges between the competent authorities for data intermediation services concerned for the purposes of their tasks under this Regulation and reasoned requests to take the measures referred to in this Article.

Where a competent authority for data intermediation services in one Member State requests assistance from a competent authority for data intermediation services in another Member State, it shall submit a reasoned request. The competent authority for data intermediation services shall, upon such a request, provide a response without delay and within a timeframe proportionate to the urgency of the request.

Any information exchanged in the context of assistance requested and provided under this paragraph shall be used only in respect of the matter for which it was requested.

1.   Each competent authority for the registration of data altruism organisations shall keep and regularly update a public national register of recognised data altruism organisations.

2.   the Commission shall maintain a public Union register of recognised data altruism organisations for information purposes. Provided that an entity is registered in the public national register of recognised data altruism organisations in accordance with Article 18, it may use the label ‘ data altruism organisation recognised in the Union’ in its written and spoken communication, as well as a common logo.

In order to ensure that recognised data altruism organisations are easily identifiable throughout the Union, the Commission shall, by means of implementing acts, establish a design for the common logo. Recognised data altruism organisations shall display the common logo clearly on every online and offline publication that relates to their data altruism activities. The common logo shall be accompanied by a QR code with a link to the public Union register of recognised data altruism organisations.

Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 33(2).

1.   An entity which meets the requirements of Article 18 may submit an application for registration in the public national register of recognised data altruism organisations in the Member State in which it is established.

2.   An entity which meets the requirements of Article 18 and has establishments in more than one Member State may submit an application for registration in the public national register of recognised data altruism organisations in the Member State in which it has its main_establishment.

3.   An entity which meets the requirements of Article 18 but which is not established in the Union shall designate a legal_representative in one of the Member States in which the data altruism services are offered.

For the purpose of ensuring compliance with this Regulation, the legal_representative shall be mandated by the entity to be addressed in addition to or instead of it by competent authorities for the registration of data altruism organisations or data subjects and data holders, with regard to all issues related to that entity. The legal_representative shall cooperate with and comprehensively demonstrate to the competent authorities for the registration of data altruism organisations, upon request, the actions taken and provisions put in place by the entity to ensure compliance with this Regulation.

The entity shall be deemed to be under the jurisdiction of the Member State in which the legal_representative is located. Such an entity may submit an application for registration in the public national register of recognised data altruism organisations in that Member State. The designation of a legal_representative by the entity shall be without prejudice to any legal actions which could be initiated against the entity.

4.   Applications for registration referred to in paragraphs 1, 2 and 3 shall contain the following information:

5.   Where the entity has submitted all necessary information pursuant to paragraph 4 and after the competent authority for the registration of data altruism organisations has evaluated the application for registration and found that the entity complies with the requirements of Article 18, it shall register the entity in the public national register of recognised data altruism organisations within 12 weeks after the receipt of the application for registration. The registration shall be valid in all Member States.

The competent authority for the registration of data altruism organisations shall notify the Commission of any registration. The Commission shall include that registration in the public Union register of recognised data altruism organisations.

6.   the information referred to in paragraph 4, points (a), (b), (f), (g) and (h), shall be published in the relevant public national register of recognised data altruism organisations.

7.   A recognised data altruism organisation shall notify the relevant competent authority for the registration of data altruism organisations of any changes to the information provided pursuant to paragraph 4 within 14 days of the date of the change.

The competent authority for the registration of data altruism organisations shall notify the Commission of each such notification by electronic means without delay. Based on such a notification, the Commission shall update the public Union register of recognised data altruism organisations without delay.

1.   A recognised data altruism organisation shall inform data subjects or data holders prior to any processing of their data in a clear and easily comprehensible manner of:

2.   the recognised data altruism organisation shall not use the data for other objectives than those of general interest for which the data subject or data holder allows the processing. The recognised data altruism organisation shall not use misleading marketing practices to solicit the provision of data.

3.   the recognised data altruism organisation shall provide tools for obtaining consent from data subjects or permissions to process data made available by data holders. The recognised data altruism organisation shall also provide tools for easy withdrawal of such consent or  permission.

4.   the recognised data altruism organisation shall take measures to ensure an appropriate level of security for the storage and processing of non-personal data that it has collected based on data altruism.

5.   the recognised data altruism organisation shall, without delay, inform data holders in the event of any unauthorised transfer, access or use of the non-personal data that it has shared.

6.   Where the recognised data altruism organisation facilitates data processing by third parties, including by providing tools for obtaining consent from data subjects or permissions to process data made available by data holders, it shall, where relevant, specify the third-country jurisdiction in which the data use is intended to take place.

1.   the Commission shall adopt delegated acts in accordance with Article 32, supplementing this Regulation by establishing a rulebook laying down:

2.   the rulebook referred to in paragraph 1 shall be prepared in close cooperation with data altruism organisations and relevant stakeholders.

1.   Each Member State shall designate one or more competent authorities responsible for its public national register of recognised data altruism organisations.

The competent authorities for the registration of data altruism organisations shall comply with the requirements set out in Article 26.

2.   Each Member State shall notify the Commission of the identity of their competent authorities for the registration of data altruism organisations by 24 September 2023. Each Member State shall also notify the Commission of any subsequent change to the identity of those competent authorities.

3.   the competent authority for the registration of data altruism organisations of a Member State shall undertake its tasks in cooperation with the relevant data protection authority, where such tasks are related to processing of personal data, and with relevant sectoral authorities of that Member State.

1.   the competent authorities for the registration of data altruism organisations shall monitor and supervise compliance of recognised data altruism organisations with the requirements laid down in this Chapter. The competent authority for the registration of data altruism organisations may also monitor and supervise the compliance of such recognised data altruism organisations, on the basis of a request by a natural or legal person.

2.   the competent authorities for the registration of data altruism organisations shall have the power to request information from recognised data altruism organisations that is necessary to verify compliance with the requirements of this Chapter. Any request for information shall be proportionate to the performance of the task and shall be reasoned.

3.   Where the competent authority for the registration of data altruism organisations finds that a recognised data altruism organisation does not comply with one or more of the requirements of this Chapter, it shall notify the recognised data altruism organisation of those findings and give it the opportunity to state its views within 30 days of the receipt of the notification.

4.   the competent authority for the registration of data altruism organisations shall have the power to require the cessation of the infringement referred to in paragraph 3 either immediately or within a reasonable time limit and shall take appropriate and proportionate measures with the aim of ensuring compliance.

5.   If a recognised data altruism organisation does not comply with one or more of the requirements of this Chapter even after having been notified in accordance with paragraph 3 by the competent authority for the registration of data altruism organisations, that recognised data altruism organisation shall:

Any decision revoking the right to use the label ‘ data altruism organisation recognised in the Union’ under the first subparagraph, point (a), shall be made public by the competent authority for the registration of data altruism organisations.

6.   If a recognised data altruism organisation has its main_establishment or its legal_representative in a Member State but is active in other Member States, the competent authority for the registration of data altruism organisations of the Member State of the main_establishment or where the legal_representative is located and the competent authorities for the registration of data altruism organisations of those other Member States shall cooperate and assist each other. Such assistance and cooperation may cover information exchanges between the competent authorities for the registration of data altruism organisations concerned for the purposes of their tasks under this Regulation and reasoned requests to take the measures referred to in this Article.

Where a competent authority for the registration of data altruism organisations in one Member State requests assistance from a competent authority for the registration of data altruism organisations in another Member State, it shall submit a reasoned request. The competent authority for the registration of data altruism organisations shall, upon such a request, provide a response without delay and within a timeframe proportionate to the urgency of the request.

Any information exchanged in the context of assistance requested and provided under this paragraph shall be used only in respect of the matter for which it was requested.

1.   In order to facilitate the collection of data based on data altruism, the Commission shall adopt implementing acts establishing and developing a European data altruism consent form, after consulting the European Data Protection Board, taking into account the advice of the European Data Innovation Board and duly involving relevant stakeholders. The form shall allow the collection of consent or permission across Member States in a uniform format. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 33(2).

2.   the European data altruism consent form shall use a modular approach allowing customisation for specific sectors and for different purposes.

3.   Where personal data are provided, the European data altruism consent form shall ensure that data subjects are able to give consent to and withdraw consent from a specific data processing operation in compliance with the requirements of Regulation (EU) 2016/679.

4.   the form shall be available in a manner that can be printed on paper and is easily understandable as well as in an electronic, machine-readable form.

1.   the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations shall be legally distinct from, and functionally independent of, any data intermediation services provider or recognised data altruism organisation. The functions of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations may be carried out by the same authority. Member States may either establish one or more new authorities for those purposes or rely on existing ones.

2.   Competent authorities for data intermediation services and competent authorities for the registration of data altruism organisations shall exercise their tasks in an impartial, transparent, consistent, reliable and timely manner. Where they exercise their tasks, they shall safeguard fair competition and non-discrimination.

3.   the top-level management and personnel responsible for carrying out the relevant tasks of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations shall not be the designer, manufacturer, supplier, installer, purchaser, owner, user or maintainer of the services which they evaluate, nor the authorised representative of any of those parties. This shall not preclude the use of evaluated services that are necessary for the operations of the competent authority for data intermediation services and the competent authority for the registration of data altruism organisations or the use of such services for personal purposes.

4.   the top-level management and personnel of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations shall not engage in any activity that may conflict with their independence of judgment or integrity in relation to evaluation activities assigned to them.

5.   the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations shall have at their disposal the adequate financial and human resources to carry out the tasks assigned to them, including the necessary technical knowledge and resources.

6.   the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations of a Member State shall provide the Commission and competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations from other Member States, on reasoned request and without delay, with the information necessary to carry out their tasks under this Regulation. Where a competent authority for data intermediation services or a competent authority for the registration of data altruism organisations considers the information requested to be confidential in accordance with Union and national law on commercial and professional confidentiality, the Commission and any other competent authorities for data intermediation services or competent authorities for the registration of data altruism organisations concerned shall ensure such confidentiality.

1.   Natural and legal persons shall have the right to lodge a complaint in relation to any matter falling within the scope of this Regulation, individually or, where relevant, collectively, with the relevant competent authority for data intermediation services against a data intermediation services provider or with the relevant competent authority for the registration of data altruism organisations against a recognised data altruism organisation.

2.   the competent authority for data intermediation services or the competent authority for the registration of data altruism organisations with which the complaint has been lodged shall inform the complainant of:

1.   the Commission shall establish a European Data Innovation Board in the form of an expert group, consisting of representatives of the competent authorities for data intermediation services and the competent authorities for the registration of data altruism organisations of all Member States, the European Data Protection Board, the European Data Protection Supervisor, ENISA, the Commission, the EU SME Envoy or a representative appointed by the network of SME envoys, and other representatives of relevant bodies in specific sectors as well as bodies with specific expertise. In its appointments of individual experts, the Commission shall aim to achieve gender and geographical balance among the members of the expert group.

2.   the European Data Innovation Board shall consist of at least the following three subgroups:

3.   the Commission shall chair the meetings of the European Data Innovation Board.

4.   the European Data Innovation Board shall be assisted by a secretariat provided by the Commission.

1.   the public_sector_body, the natural or legal person to which the right to re-use data was granted under Chapter II, the data intermediation services provider or the recognised data altruism organisation shall take all reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to non-personal data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3.

2.   Any decision or judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring a public_sector_body, a natural or legal person to which the right to re-use data was granted under Chapter II, a data intermediation services provider or recognised data altruism organisation to transfer or give access to non-personal data within the scope of this Regulation held in the Union shall be recognised or enforceable in any manner only if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.

3.   In the absence of an international agreement as referred to in paragraph 2 of this Article, where a public_sector_body, a natural or legal person to which the right to re-use data was granted under Chapter II, a data intermediation services provider or recognised data altruism organisation is the addressee of a decision or judgment of a third-country court or tribunal or a decision of a third-country administrative authority to transfer or give access to non-personal data within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only where:

4.   If the conditions laid down in paragraph 2 or 3 are met, the public_sector_body, the natural or legal person to which the right to re-use data was granted under Chapter II, the data intermediation services provider or the recognised data altruism organisation shall provide the minimum amount of data permissible in response to a request, based on a reasonable interpretation of the request.

5.   the public_sector_body, the natural or legal person to which the right to re-use data was granted under Chapter II, the data intermediation services provider and the recognised data altruism organisation shall inform the data holder about the existence of a request of a third-country administrative authority to access its data before complying with that request, except where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.

1.   the power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.   the power to adopt delegated acts referred to in Article 5(13) and Article 22(1) shall be conferred on the Commission for an indeterminate period of time from 23 June 2022.

3.   the delegation of power referred to in Article 5(13) and Article 22(1) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.   Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

5.   As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6.   A delegated act adopted pursuant to Article 5(13) or Article 22(1) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by three months at the initiative of the European Parliament or of the Council.

1.   the Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.

2.   Where reference is made to this paragraph, Article 4 of Regulation (EU) No 182/2011 shall apply.

3.   Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.