09/07/2025
The European Union’s Data Act represents one of the most ambitious attempts to regulate data sharing across the bloc. While much attention has focused on business-to-consumer and business-to-business provisions, the Act’s business-to-government (B2G) data sharing mechanism may prove to be its most transformative element.
Set to become applicable on 12 September 2025, the Data Act introduces a framework that could fundamentally alter how public authorities access privately held data during emergencies and for other exceptional public interest purposes. However, new analysis by researchers Ludovica Paseri and Stefaan G. Verhulst reveals that the mechanism’s ambitious goals may be undermined by significant implementation challenges.
B2G Data Sharing Scenarios
The B2G provisions in Chapter V address a critical gap in public sector capabilities. In an era where private companies hold vast amounts of data crucial for public policy and emergency response, traditional boundaries between public and private data have become increasingly problematic.
The Act envisions two primary scenarios:
- Public emergencies: When data is necessary to respond to exceptional situations like public health crises, natural disasters, or major cybersecurity incidents
- Other public interest needs: When public authorities require specific non-personal data to fulfil legally mandated tasks, such as producing official statistics
This framework could enable more effective responses to crises like the COVID-19 pandemic, where mobility data from private companies proved invaluable for understanding transmission patterns.
The Implementation Challenge
Paseri and Verhulst’s analysis identifies two critical bottlenecks:
- Definitional Ambiguity: The Act’s broad definitions of “exceptional need,” “public emergency,” and “public interest” create significant legal uncertainty. The legislation provides examples but leaves substantial interpretation to Member States, potentially creating a patchwork of different standards across the EU. This could lead to inconsistent application and confusion for multinational companies.
- Procedural Complexity: The assessment and compliance procedures place substantial burdens on data holders. Companies must evaluate whether requests meet formal requirements and assess their legitimacy—all within tight timeframes (five working days for emergency requests, 30 days for others). For requests involving personal data, companies must also implement anonymisation or pseudonymisation measures, adding technical complexity and cost.
The Data Stewardship Solution
To address these challenges, the researchers propose establishing data stewardship frameworks within data-holding organisations. Data stewards would serve as specialised points of contact, equipped to handle B2G requests efficiently whilst ensuring compliance.
This approach mirrors the Act’s provision for “data coordinators” within Member States. Spain’s DATALOG, Europe’s first registered Data Altruism Organisation under the Data Governance Act, has already established a data steward role with promising results.
Implications for Public Interest Advocacy
The Data Act’s B2G provisions represent both an opportunity and a risk. They could dramatically enhance public sector capabilities, enabling more evidence-based policymaking and effective emergency responses. However, poorly implemented provisions could fail to deliver on these promises or create new risks for data protection.
Key considerations include:
- Accountability and Transparency: More robust transparency mechanisms may be needed to ensure public oversight
- Power Imbalances: Questions remain about whether the framework adequately addresses asymmetries between large tech platforms and public authorities
- Democratic Legitimacy: The broad discretion given to Member States raises questions about democratic input
Looking Ahead
As the September 2025 implementation date approaches, several priorities emerge:
- Regulatory Guidance: Clearer guidance on key definitions and assessment criteria to reduce legal uncertainty
- Capacity Building: Investment in data stewardship capabilities across both sectors
- Stakeholder Engagement: Broader consultation with civil society and affected communities
- Monitoring and Evaluation: Robust mechanisms for tracking effectiveness and identifying implementation challenges
The promise of the Data Act’s B2G mechanism is significant, but realising that promise will require sustained attention to implementation details and a commitment to ensuring that practical solutions match ambitious regulatory goals.
This analysis draws on the research paper “Unpacking B2G data sharing mechanism under the EU data act” by Ludovica Paseri and Stefaan G. Verhulst, published in BioLaw Journal – Rivista di BioDiritto.