New open infringement procedure against Romania for failure to implement the Data Governance Act


On 23 May 2024, the European Commission announced it has initiated infringement procedures against 18 Member States, including Romania, for failing to comply with the Data Governance Act (DGA). The Member States concerned – Belgium, Czechia, Germany, Estonia, Greece, France, Italy, Cyprus, Latvia, Luxembourg, Malta, Austria, Poland, Portugal, Romania, Slovenia, Slovakia, and Sweden – either:

  • failed to designate responsible authorities, or
  • did not prove their authorities have the necessary powers to enforce the Act.

We remind you that DGA entered into force on 23 June 2022 and is applicable since September 2023.

Key points of the DGA include:

  • data sharing across sectors and EU countries for the benefit of citizens and businesses;
  • rules ensuring the neutrality of data intermediaries, requiring them to be independent and registered, identifiable by a common EU logo;
  • facilitate the reuse of certain data held by the public sector;
  • voluntary data sharing through data altruism, allowing citizens to consent to share their data for the common good (e.g., medical research);
  • requiring designated authorities to register data altruism organizations and monitor compliance of data intermediation services.

For more information on what the DGA entails, read our comprehensive summary here.

Next steps:

The 18 Member States now have two months to respond to the Commission’s formal notice and address the identified issues. Failure to provide a satisfactory response could lead to the Commission issuing a reasoned opinion.