The Big 5 – Status of National Preparation in Finland

Posted on

15 Dec

2023

Dittmar & Indrenius > Insight > The Big 5 – Status of National Preparation in Finland

The so-called Big 5 acts – the Data Governance Act, Digital Markets Act, Digital Services Act, Data Act, and Artificial Intelligence Act – have been a key part of the European Data Strategy in recent years. Once approved, the Big 5 acts are directly applicable throughout the EU, but many of them require Member States to enact legislation to support their enforcement and supervision, e.g., to designate nationally competent authorities and assign them new powers.

Below, we have collected a summary of the status of the Big 5 preparations and competent authorities in Finland.

Data Governance Act (DGA)

The DGA sets forth rules to govern and facilitate voluntary data sharing, such the operations of data intermediary services providers and data altruism organisations, as well the reuse of certain public sector data. The DGA entered into force on 23 June 2022 and its application commenced on 24 September 2023.

For the DGA, the national preparation concerns mainly the designation of a competent authority who will be tasked with the new responsibilities related to, in particular, the notifications by data intermediation services providers and the registration of recognised data altruism organisations under Chapters 3 and 4 of the DGA, and related supervision. In Finland, the national implementation of the DGA is nearly complete and expected to enter into force in the beginning of 2024. The competent authority will be the Finnish Transport and Communications Agency Traficom. Traficom’s new tasks are set to commence when the national implementation enters into force.

Further, the DGA’s provisions on reuse of certain public sector data are further implemented in Finland by the Decree of the Ministry of Finance on the Provision of Certain Electronic Support Services Shared by the Administration (900/2023), in force as of 31 July 2023. The Finnish Digital and Population Data Services Agency is tasked with the national single information point under the DGA to handle requests for the reuse of the data.

Digital Markets Act (DMA)

The DMA aims to make the EU digital market fairer and more contestable by regulating large digital platforms, so-called “gatekeepers”. The DMA entered into force on 1 November 2022 and its application commenced largely on 2 May 2023 (with certain obligations applicable as of 25 June 2023). The main objective of the national preparation related to the DMA is to clarify the powers of the Finnish Competition and Consumer Authority, which would act as the nationally competent authority to assist the European Commission in the enforcement of the DMA. The related national legislative proposal was to be submitted to the Finnish Parliament in autumn 2023, however, it seems that the timing has been delayed to early 2024.

Digital Services Act (DSA)

The DSA governs online intermediaries and platforms to prevent illegal and harmful activities online and the spread of disinformation. The DSA entered into force on 16 November 2022 and its application at large will commence on 17 February 2024 (the rules for very large platforms have been applicable already since August 2023).

For the DSA, Member States are required to designate competent authorities and implement their new powers to monitor and enforce the regulation. In Finland, the national implementation is reaching its end as the legislation implementing the DSA is set to enter into force on 17 February 2024. The main supervisory authority and the Digital Services Coordinator under the DSA will be the Finnish Transport and Communications Agency Traficom. Other authorities monitoring compliance with the DSA are the Finnish Consumer Ombudsman and the Data Protection Ombudsman. Several laws will be amended and a new act, the Act on the Supervision of Online Intermediary Services, will be enacted to implement the DSA.

Data Act

The Data Act sets forth rules that, e.g., enable users of connected devices to access the data generated by such devices as well as grant customers the option to switch between cloud data processing service providers. The Data Act is expected to enter into force in early 2024, in which case its application would commence in autumn 2025, i.e., twenty (20) months after its entry into force. However, the obligation under Article 3(1) of the Data Act to design and manufacture connected products in such manner that the data is accessible to the user directly from the product or related service will only apply to products placed on the market after thirty-two (32) months from entry into force.

For the Data Act, Member States are required, e.g., to designate the competent authorities and lay down rules on penalties. In Finland, the national preparation related to the Data Act is in its early stages. A working group was established on 2 October 2023 to prepare an assessment memorandum of the contents, requirements, and effects of the Data Act, including the need for any legislative changes nationally. Once completed, the memorandum will be used in drafting the Government Bill to begin the legislative process to enact any such changes. The term of the working group ends on 31 December 2024.

Artificial Intelligence Act (AI Act)

The objective of the AI Act proposal is to ensure the safe and transparent use of artificial intelligence systems. The rules applicable to artificial intelligence systems would vary depending on the level of potential risk posed by different types or uses of artificial intelligence. A provisional agreement on the AI Act proposal was reached in the EU trilogue negotiations on 9 December 2023. At the time of writing this article, no national implementation measures have yet been announced. However, the Ministry of Economic Affairs and Employment of Finland published a joint study with the think tank Demos Helsinki on the effects of the AI Act proposal on the business environment of Finnish companies on 7 December 2023.

More by the same author

Implementing the Data Act without Clashing with the GDPR?

The Data Act will largely apply as of 12 September 2025, imposing new obligations and rights in relation to personal and non-personal data in the context of, e.g., connected products and related services. As rules governing data expand, it is increasingly important to map what data sets are processed by an organisation and how they are managed in the upcoming regulatory framework. For data sets including personal data (which is often the case!), it is vital to align the implementation of the Data Act with existing GDPR compliance.

The Data Act Approved by the European Parliament

Today, the European Parliament voted yes to formally approve the new Data Act. Following today’s vote, the Data Act is expected to apply in the EU as of autumn 2025 except for Article 3(1), the transition period of which is one year longer. The exact date of application will be confirmed once the Data Act is published in the Official Journal of the European Union.

EU’s New Financial Data Space Proposal and DORA

On 28 June 2023, the European Commission published a proposal for a regulation on a framework for Financial Data Access (“FIDA”) for the access and use of customer data. As part of the EU Digital Finance Strategy,  FIDA is expected to lead to better-quality, user-centric financial services and new data-driven business models in the financial sector. As the financial data space evolves, the emergence of novel interfaces, data sharing methods, and other innovative technologies may also bring forth new risks, particularly in the realm of cybersecurity. We recommend stakeholders in the financial sector to consider their role and potential responsibilities and opportunities in light of the upcoming regulations.

Latest insights

Draft New Act Governing Offshore Wind Power within the Finnish EEZ Published for Comments

Alert / 28 May 2024
Reading time 2 minutes

Government proposal regarding the implementation of EU’s NIS 2 Directive published

Alert / 24 May 2024
Reading time 2 minutes