Digital Omnibus

DaTNet is taking part in the European Commission’s Digital Omnibus process

The European Commission’s Digital Omnibus process is designed to review and further develop key European digital legislation, including the Data Governance Act (DGA). This forms the basis for trustworthy European data infrastructure: It establishes a legal framework for data trustee models, data altruism organisations and mechanisms for shared data use. The aim of the Omnibus process is to examine, on the basis of practical experience, how these regulations can be further developed to bring innovation, data protection and social trust into equilibrium.

The Data Trustee Competence Network (DaTNet) acts as the voice of the emerging data trust community in Germany. Through its participation in the Digital Omnibus process, DaTNet contributes the perspectives of the research community, industry, public administration and civil society to the European debate. Inspiration was created for this during the DaTNet Networking Conference in 2025, at which Dr Malte Beyer-Katzenberger (European Commission, DG CONNECT) outlined the further development of European data policy and encouraged participants to contribute their practical experiences to the consultation process.

Malte Beyer-Katzenberger
At the DaTNet Networking Conference on September 30, 2025, Dr. Malte Beyer Katzenberger (DG Connect) explained the idea of consolidating the EU’s digital legislation (“Digital Omnibus”)

Thanks to its positioning, DaTNet continues its work at the interface between research, policy and practice and contributes to further raising the profile of the concept of data trusteeship within the European context. This page features both the summary and the full text of the statement which was submitted.

You can download the full statement on the investigation regarding ‘Omnibus provisions for the digital sector (part of the simplification package for the digital sector)’ as well as a summary in PDF format.


Statement on the investigation regarding ‘Omnibus provisions for the digital sector (part of the simplification package for the digital sector)’

The signatory academics from the Competence Network for Data Trustee Models (DaTNet) are pleased to provide their perspective on the reform needs with regard to the Data Governance Act and the Directive on open data.

As the European Commission notes in its call for comments, measures to enhance coherence and ensure greater legal certainty are required in relation to these two legal acts. We propose the following changes:

  1. The Data Governance Act should improve the conditions for data sharing within the single market and, to this end, to establish a harmonised framework for data exchange. For this reason, strict requirements are included, for example, on data intermediation services to prevent the concentration of market power in the hands of individual players and to increase confidence in these service providers.

Whilst this objective is generally to be welcomed, the question arises as to why providers of data intermediation services are subject to comparatively strict regulation, whilst, for example, data brokers are exempt from regulation (Article 2(11)(a) DGA). The regulatory objective should be highlighted even more clearly here. The regulatory objective should be highlighted even more clearly here.

  1. The concept of a ‘separate legal person’, which is autonomous under EU law, is unclear and gives rise to tensions with national company law systems. Under German law, partnerships with legal capacity (Außen-GbR, GmbH & Co. KG) also have legal capacity, but are not ‘legal persons’. This uncertainty makes it more difficult to set up and register data trustees.

The requirement of a ‘separate legal person’ (Article 12(a) DGA) should be clarified.

Proposed amendment (Article 12(a) DGA, reworded):

Reasons: The proposed wording replaces the narrow concept of a ‘legal person’ with the more appropriate criterion of legal capacity and limited liability, thereby also encompassing company forms such as the GmbH & Co. KG or the GbR with legal capacity provided that they have a clear governance structure. The term, which is to be understood autonomously within the EU legal framework, is defined in a functional manner (legal capacity rather than the narrow concept of a ‘legal person’) without undermining the required separation/neutrality; at the same time, the text addresses the significant liability risks encountered in practice (GDPR, competition law) by referring to available forms of limited liability (e.g. GmbH, AG or, where applicable, GmbH & Co. KG).

  1. The DGA calls for neutrality, independence and trust, without, however, laying down minimum corporate law standards for internal organisation. These matters have so far been left entirely to national law.

A new Article 12a of the DGA, ‘Corporate Governance of Data Intermediation Services’, should therefore be introduced to safeguard neutrality, independence and trust by means of minimum standards.

This new article establishes a framework for corporate governance principles applicable to data trustees and ensures that corporate law control mechanisms (duty of loyalty, advisory board, co-determination) are effectively aligned with data neutrality and the building of trust without interfering with the legal structures established by Member States.

Proposal for a new Article 12a:

  1. The DGA’s current lack of clarity regarding the legal form creates legal uncertainty and a lack of comparability.

A special form recognised across the EU with limited liability could promote trust and market homogeneity. We therefore propose a new legal form: the ‘European Data Trust’. An optional European company form like this would establish uniform governance standards without depriving Member States of their autonomy in matters of company law along the lines of the SE (Societas Europaea) or the SCE (European Cooperative Society). Two proposed amendments to this effect comprise a new Recital 33a and a new Article 12b.

New Recital 33a:

New Section 12b DGA – European Data Trust (EDaT):

  1. Article 12(a) DGA requires neutrality, but there is no legally enforceable provision for data neutrality within the internal structure of the company.

The incorporation of data neutrality as an aspect of the duty of loyalty under company law broadens the scope of company law, strengthens the internal obligations of corporate bodies and makes obligations of neutrality enforceable under civil law as well.

Proposed amendment to Article 12(a) DGA:

  1. The requirements of Article 18(2)(c) DGA (‘not-for-profit’ and legally independent) lead to funding problems and poor governance.

Article 18 DGA (data altruism organisations) should be made more precise. The proposed clarification set out below allows for self-sustaining governance structures and prevents data altruism organisations from being effectively excluded from professional corporate forms.

Section 18(2)(c) DGA – new:

  1. Article 11(6) requires, amongst other things, details of the legal form, ownership structure and relevant subsidiaries to be provided at the time of registration; the Commission maintains a public register (Article 11(14)). However, details regarding governance (supervisory bodies, conflict avoidance) are currently not provided.

Such disclosure of the governance of data intermediation services promotes transparency and trust. It makes the corporate structure for data providers and users traceable without introducing any additional registration requirements.

Proposed amendment to Article 11(6) DGA (new subparagraphs (h) to (k)):

Proposed amendment to Article 11(14) – sentence (new):

  1. The substantive requirements set out in Article 12 are not linked to the concerns of a concretely functional internal organisation, but they should be.

New Recital 33b – Company law and data governance:

  1. Article 12 is currently worded in such a way that it does not cover models of transaction-based data trusteeship with sufficient precision.

It is proposed that an amendment, primarily for the sake of clarity, be made to classify the services of a transaction-based trustee (and similar activities) as a sub-category of data intermediary activities.

  1. In practice, unclear terminology and inconsistencies also prove to be obstacles. Examples of this include: There are differing interpretations regarding the term ‘commercial relationships’ between data owners and data users in the context of the definition of data intermediation services in Article 2(11) DGA. Contributions to the discussion consider, for example, whether the commercial relationship is of a certain duration, whether both parties are acting in the course of their commercial or self-employed professional activities, whether the purpose of the data use is commercial, or whether an exchange transaction is taking place in the sense that the data owner receives consideration in return, e.g. a fee or access to other data.

These ambiguities regarding such a key concept as ‘commercial relationships’, which is central to the scope of the DGA, should be resolved.

  1. There are also unresolved issues regarding value-added services. Under Article 12(a), providers of data intermediation services shall not use the data for any purposes other than making it available to data users. An exception to this is set out in Article 12(e), which permits additional services such as conversion, anonymisation and pseudonymisation.

Due to discrepancies between the different language versions of the DGA, it is unclear whether these additional services are permitted exclusively or in particular to facilitate the exchange of data. This needs to be clarified. Furthermore, it may also be appropriate to regard low-threshold value-added services such as curation and standardisation as permissible.

  1. The scope and addressee of the obligations to ensure the appropriate continuation of data intermediation services in the event of insolvency (Article 12(h)) are also unclear. The standard is aimed at providers of data intermediation services, so it remains unclear whether the insolvency administrator, which has the power of disposal in the event of insolvency, is also bound by it.

It is not clear from the provision whether its aim is to ensure that the claims of data providers and data users should be given priority in the hierarchy of creditors’ claims. These ambiguities should be resolved. Only a framework for dealing with insolvency that is geared towards sustainability can strengthen confidence in new intermediaries.

  1. Time and again, there are calls for an obligation to make data available in the legal and policy debate concerning the usability of data held by public bodies.

It is appropriate that neither the Open Data Directive nor the Data Governance Act impose a ‘strict’ obligation to make data openly available. This should remain the case.

However, on the one hand, the cost-benefit ratio of providing open data should be reviewed. It should be kept in mind that the provision and ongoing maintenance of dynamic data via high-performance APIs entails a considerable technical, staffing and financial outlay. For local authorities in particular, which are often faced with tight budgets and limited IT resources, this requirement might not be feasible. Against this backdrop, it is worth considering whether the available resources might be better spent initially on creating a standardised and modernised basic infrastructure (rather than on ‘openness’). Such a consolidated foundation could then, in a further step, pave the way for a broader and potentially more cost-effective API deployment.

On the other hand, the critical nature of data, and of data provision, is different now than it was just a few years ago. The different geopolitical situation has since proved to be a challenge for the ‘open’ concept. This applies to science (‘Open Science’), but also to the public sector as a whole. In principle, therefore, security concerns might be justified, for example where detailed local authority data is involved. Keyword ‘Critical Infrastructure’ (KRITIS): Real-time traffic light sequences in City X, HVDs from the dam management department of Water Management Association Y, bridge load-bearing capacity and structural condition in City Z etc. may also contain information that is relevant from a security perspective.

Finally, the question arises as to whether access to public sector data should be guaranteed equally to all applicants or whether there should be restrictions on companies based in third countries or on companies designated as gatekeepers (analogous to the provisions under the Data Act, Art. 5(3) Data Act).

Professor Dr Steffen Augsberg (University of Giessen)
Professor Dr Johannes Buchheim (Marburg University)
Professor Dr Petra Gehring (TU Darmstadt)
Professor Dr Anne Lauber-Rönsberg (TU Dresden)
Professor Dr Florian Möslein (Marburg University)
Professor Dr Sebastian Omlor (Marburg University)