Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NL·EN
Explainer

Data Act: B2G Data Sharing under Exceptional Need

Adopted 2026-06-29 · ≈ 2 min read · Dirk Baaijen

The Data Act obliges businesses to share data with public sector bodies, but only under two strictly defined grounds of exceptional need — a public emergency or a statutory public interest task for which no alternative data source is available.

Short answer: The Data Act gives public authorities the power to compel businesses to share data, but only under exceptional need. That need exists in exactly two situations: a formally declared public emergency (Article 15(1)(a)), or a non-urgent statutory public interest task for which the authority has exhausted all other means of obtaining the data (Article 15(1)(b)). No obligation exists outside these two grounds.

What counts as exceptional need?

The Data Act (Regulation (EU) 2023/2854), applicable since 12 September 2025, establishes in Chapter V when public sector bodies, the European Commission, the ECB or Union bodies may request data from private holders. Article 15(1) defines when exceptional need exists.

Ground (a) — public emergency. A "public emergency" is defined in Article 2(29) as an exceptional, time-limited situation — such as a public health emergency, a natural disaster, or a man-made disaster such as a cyberattack — with serious negative consequences for the population, living conditions or economic stability, and declared as such under Union or national law procedures. Where this threshold is met and the authority cannot obtain the data through other means in time, personal data may also be requested. Data are provided free of charge by data holders that are not micro or small enterprises; SMEs may claim reasonable compensation (Article 20).

Ground (b) — statutory public interest task with no alternative data source. In non-emergency situations the bar is higher and only non-personal data may be requested. The requesting body must demonstrate that it is carrying out a specific task explicitly provided for by law — such as the production of official statistics or recovery from an emergency — and that it has exhausted all other means, including purchasing data on the market. Ground (b) does not apply to micro and small enterprises (Article 15(2)).

How does a request work?

A request must be made in writing and must specify: the precise data sought, the exceptional need justification, the intended purpose and duration, an erasure plan, and relevant data protection measures (Article 17). Once received, the data holder has five working days (public emergency) or thirty working days (other exceptional need) to reject or modify the request; otherwise the obligation to comply stands (Article 18). Data obtained under these provisions may not be reused under open data legislation and are strictly limited to the stated purpose.

Personal data

Only ground (a) — public emergency — permits requesting personal data. The data holder must anonymise the data unless anonymisation is insufficient; in that case pseudonymisation applies (Article 18(4)). Under ground (b), personal data are entirely excluded.

Compensation

In a public emergency, large and medium-sized data holders provide data free of charge; micro and small enterprises may request reasonable compensation. Under the non-emergency ground, all data holders receive fair compensation covering technical and organisational costs plus a reasonable margin (Article 20).

Sources

  1. https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng
    Regulation (EU) 2023/2854 (Data Act) — official consolidated text, including Articles 2, 15, 17, 18 and 20
  2. https://eur-lex.europa.eu/eli/reg/2023/2854/oj?locale=nl
    Regulation (EU) 2023/2854 — Dutch text (EUR-Lex)
  3. https://europadecentraal.nl/onderwerp/digitale-overheid/privacy/data-verordening/
    Europa Decentraal — explanation of B2G obligations for local authorities
  4. https://www.ictrecht.nl/blog/wat-je-wel-en-nog-niet-kan-verwachten-van-de-data-act-deelplicht-van-de-overheid
    ICTRecht — analysis of application date and SME exemption

Share on LinkedIn

Read next

U

Data Act: obligations for manufacturers of connected products (IoT)

Regulation (EU) 2023/2854 imposes concrete design obligations on manufacturers of connected products so that users and third parties can access generated data; the Article 7 exemption applies exclusively to Chapter II (Articles 3–6).

U

Data Act: cloud switching and portability

The Data Act requires cloud providers to enable barrier-free switching and prohibits switching charges from 12 January 2027.

U

AI agents in logistics planning: opportunities and rules

AI agents can plan, re-plan and adjust in logistics — from trip planning to chain coordination. That touches the AI Act (oversight, classification), the Data Act (chain data) and liability for autonomous decisions.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject — programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method →

A project or programme? Work with YRproject →

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.