Original article here.
Image by: Anton Grabolle / https://betterimagesofai.org / https://creativecommons.org/licenses/by/4.0/
The European Union’s pursuit to create a single data market has always been a balancing act between fostering public interest goals and safeguarding private enterprise. The Data Act (Regulation (EU) 2023/2854), which became applicable on September 12 2025, codified this tension, particularly in its Business-to-Government (B2G) provisions under Chapter V.
Initially, these provisions required data holders to share data with public sector bodies in cases of “exceptional need”, which was divided into two tracks: urgent Public Emergencies and non-emergency Public Interest Tasks.
However, the European Commission’s Digital Omnibus Package, published last month, has signaled a definitive pivot. The core message: B2G data sharing is now being refined and confined as a measure of last resort. This narrowing protects the private sector but simultaneously creates a critical challenge: without a designated data steward within both the public and private sector this restrictive, haphazard approach will fail to build the trusted, long-term data ecosystems necessary to address emergency and non-emergency, systemic societal challenges.
The Data Act’s Original Intent
The initial B2G framework in the Data Act (Chapter V, Articles 14–22) established the mandatory sharing mechanism, intended to prevent the absence of vital data from hindering public policy and crisis response. The concept of “exceptional need” provided the trigger, categorized as:
- Public Emergency (Article 15(1)(a)): A high-urgency scenario (e.g., natural disaster, health crisis) requiring immediate data access, and the only case where personal data (properly anonymized or pseudonymized, per Article 18(4)) could be requested.
- Public Interest Task (Article 15(1)(b)): A non-urgent task provided for by law (e.g., official statistics, post-emergency recovery), limited to non-personal data.
Crucially, even this original structure included a large barrier to routine government access, especially for non-emergency public interest tasks. The public body had to demonstrate it had “exhausted all other means at its disposal to obtain such data, including purchase of non-personal data on the market by offering market rates” (Article 15(1)(b)(ii)).
The Digital Omnibus Package: A Confined Mandate
The Digital Omnibus Package (the “Omnibus”), designed to streamline and clarify aspects of the EU’s digital laws, narrows this interpretation by targeting the core trigger of the B2G mechanism.
While the Data Act used the overarching term “exceptional need” to cover both urgency and public interest, proposals within the Omnibus aim to explicitly amend and focus the mandatory B2G access regime predominantly on “public emergencies” (as reported in recent legislative analysis).
What the Omnibus does to the B2G Mechanism:
- Narrowing: By deleting current Article 15 and replacing it with a new Article 15 (a), the mandatory sharing obligation is now being confined to just public emergencies, (“relevant and proportionate to responding, mitigating, or supporting the recovery from public emergencies”) . Thus the legislative intent shifts further away from allowing governments to use the Data Act as a tool for public interest data acquisition. This strengthens the protection of corporate data assets and trade secrets (safeguarded under Article 19.3).
- Focus on Crisis: It confirms that the Data Act’s B2G mandate is mainly an “emergency button” — a tool for immediate, existential crisis response — not a mechanism for medium-to-long-term societal improvement.
- Microenterprises and small businesses would be able to request compensation when mandated to provide data during emergency situations, recognising that compliance imposes disproportionate costs on smaller actors. Larger data holders, by contrast, would continue to be required to share emergency-related data without charge.
For data holders, this narrowing may provide legal clarity and reduce costs (20 million Euros according to the European Commission) but also amplifies the compliance challenge: every mandatory request is now, by design, a high-stakes, time-sensitive event.
It is also worth noting that this shift diverges significantly from the recommendations of the EU’s High-Level Expert Group on B2G Data Sharing, which emphasized building enduring and proactive frameworks for unlocking privately-held data for the public interest. Rather than an emergency-only regime, the HLEG proposed national B2G governance structures, recognised data stewards, regulatory sandboxes, and mechanisms to scale data sharing across sectors — all aimed at avoiding exactly the kind of fragmented, ad-hoc “last resort” scenario that the Omnibus now seems to institutionalize.
Data Stewardship: The Missing Infrastructure
To overcome the challenges of this narrowed B2G regime and, more importantly, to create the data ecosystem needed for wider societal benefit, organizations must implement robust in-house Data Stewardship structures and functions.
As argued in our previous analysis, a Data Steward is an organizational leader or team empowered to create public value by strategically and responsibly providing access to data for re-use. This function is the vital governance layer that transforms the Data Act’s coercive mandate into a foundation for proactive engagement.
1. Mastering the Last Resort Compliance
A Data Stewardship function is the only mechanism that can render the strict Chapter V compliance operational:
- Centralized Contact & Speed: Serving as the single, dedicated interface with the public sector’s Data Coordinator (Article 37), a Steward can ensure requests are routed and responded to within the tight Article 18 timeframes.
- Proactive Readiness: A Steward can institutionalize technical preparedness by maintaining data inventories and pre-certifying data pipelines for anonymisation/pseudonymisation, eliminating the need to “scramble” when an emergency hits.
2. Building the Long-Term Collaborative Ecosystem
More significantly, a Steward’s function is to look beyond the immediate demands of the Data Act’s “emergency button”. Long-term societal challenges — such as sustainable infrastructure planning, public transport optimisation, or climate modeling — require consistent, voluntary data sharing. These initiatives cannot rely on the burdensome, “last resort” criteria of the new proposed Article 15(a).
By demonstrating legal and ethical excellence in handling mandatory B2G requests, a Data Steward builds the trust and transparency required to negotiate voluntary, pre-competitive, data-sharing partnerships that address non-emergency public interest tasks. This proactive governance, rather than reactive compliance, is the true engine for creating a dynamic and reliable data ecosystem that benefits society as a whole.
Conclusion
The evolution of the EU Data Act’s B2G provisions, amplified by legislative proposals like the Digital Omnibus, establishes mandatory sharing as a confined “last resort” mechanism, now primarily reserved for urgent public emergencies.
This narrowing ensures private sector protection but places immense pressure on data holders to respond flawlessly during a crisis. Without a dedicated, proactive Data Stewardship framework, companies will be perpetually locked in a reactive, haphazard compliance scramble that jeopardizes both their legal standing and the critical public mission. Data Stewardship is the bridge — it ensures effective execution of the emergency protocol while simultaneously creating the trust and institutional infrastructure needed for the longer-term data collaboratives that Europe urgently requires to tackle systemic societal challenges.
(Thanks to Begoña Gonzalez Otero and Anna Colom for review)
