Trusq

factual analysis · traceable to primary sources

Explainer

Must I store my data locally? The free flow of non-personal data

Adopted 2026-06-16 ยท ≈ 2 min read ยท Dirk Baaijen

No, a government may in principle not require you to store your non-personal data in a specific member state. Regulation (EU) 2018/1807 prohibits unjustified data localisation requirements within the EU.

Short answer: No, in principle not. Regulation (EU) 2018/1807 prohibits governments within the EU from requiring you to store or process your non-personal data in a specific member state. You may therefore host your systems and data freely anywhere in the EU, except in exceptional cases of public security.

What the prohibition covers

The regulation governs the free flow of non-personal data within the EU. Data localisation requirements, meaning rules that prescribe that data must remain on the territory of a particular member state, are prohibited.

  • Who is bound: the prohibition is directed at governments and public bodies

of member states, not at private parties dealing with each other.

  • The only exception: a localisation requirement is allowed only if it is

justified on grounds of public security and is proportionate.

  • Non-personal data: think of machine data, sensor data, anonymised data,

freight information and business data that cannot be traced back to a natural person.

Free choice and cloud portability

Besides prohibiting localisation requirements, the regulation promotes the free choice of storage and processing location. It also encourages switching between providers through self-regulatory codes of conduct for data portability, so that you are not unnecessarily locked in to a single vendor.

Mixed datasets and the GDPR

In practice, datasets often contain both personal and non-personal data. In that case:

  • Non-personal part: falls under Regulation 2018/1807 and the free flow rules.
  • Personal part: remains fully subject to the GDPR. The requirements for

transfer and protection of personal data do not change.

  • If the two are inextricably linked, the GDPR applies to the whole dataset.

What this means for logistics

You may host your transport and logistics systems, planning data, track-and-trace and operational business data freely within the EU without being forced to use a Dutch or other national storage location. Note, however, that on top of this regulation the Data Act rules apply to switching between cloud services (cloud switching). Keep this in mind in contracts with your cloud provider.

Read more: the Transport & Logistics overview. Take the scan.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2018/1807/oj
    Regulation (EU) 2018/1807: free flow of non-personal data.

Share on LinkedIn

Read next

U

AI agents in logistics planning: opportunities and rules

AI agents can plan, re-plan and adjust in logistics โ€” from trip planning to chain coordination. That touches the AI Act (oversight, classification), the Data Act (chain data) and liability for autonomous decisions.

U

Third-party ICT risk under DORA: contracts, register and oversight

DORA sets requirements for ICT outsourcing: mandatory contract clauses, a register of information on all ICT providers, and an EU oversight framework for ICT providers designated as critical.

A

Securing AI in critical infrastructure: where the AI Act, Cyber Resilience Act and NIS2 meet

A single AI system in a port often falls under three frameworks at once: the AI Act (Art. 15) secures the AI system itself, the Cyber Resilience Act the product, and NIS2 obliges the operator as an essential entity. This piece explains how they meet and who is responsible for what.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

Monthly Transport & Logistics alerts

Once a month: the EU developments that affect transport and logistics, briefly interpreted โ€” with sources. No spam, unsubscribe anytime.

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.