← Back to all briefings

Data Strategy · Credibility 88/100 · · 2 min read

Data Strategy Briefing — September 24, 2025

Data intermediation services that were operating when the Data Governance Act was adopted must be fully compliant with Chapter III obligations by 24 September 2025, so data leaders need to close registration, neutrality, and security gaps now.

Executive briefing: Article 37 of the Data Governance Act (DGA) gives data intermediation services that were already active on 23 June 2022 until 24 September 2025 to comply with Chapter III obligations. That leaves no buffer for lagging providers to finish neutrality attestations, incident reporting workflows, and governance documentation before national authorities start checking registration dossiers.

Key governance checkpoints

  • Notification packages. Confirm that DGA Article 11 notifications include up-to-date service descriptions, legal representatives, and safeguards so competent authorities can confirm registration before the transitional window closes.
  • Neutrality controls. Validate organisational and technical firewalls that prevent the reuse of customer data beyond agreed purposes, including Article 12 requirements for separate accounting and staff duties.
  • Security assurances. Complete risk assessments and continuity playbooks that demonstrate compliance with Article 15 security obligations and document how breaches will be reported to users and authorities.

Operational priorities

  • Legal representative readiness. Ensure EU-established representatives can evidence enforcement cooperation, especially for providers headquartered outside the Union.
  • Service inventory audit. Catalogue data intermediation offerings to confirm each falls under the permitted models in Article 10 (data sharing between businesses, data spaces, or altruism support) and is covered by the neutral governance framework.
  • Customer communications. Prepare client briefings that explain neutrality safeguards, dispute handling, and withdrawal procedures so enterprise users can update contractual commitments.

Enablement moves

  • Deploy compliance dashboards that track notification acknowledgements, outstanding authority questions, and remediation timelines through 24 September 2025.
  • Stage board updates summarising DGA enforcement powers and penalty structures under Articles 34–35.

Sources

Zeph Tech assembles DGA notification dossiers, neutrality control playbooks, and oversight briefings for data intermediation services.

  • EU regulation
  • Data intermediation
  • Data governance
Back to curated briefings