The so-called Big 5 acts – the Data Governance Act, Digital Markets Act, Digital Services Act, Data Act, and Artificial Intelligence Act – have been a key part of the European Data Strategy in recent years. Once approved, the Big 5 acts are directly applicable throughout the EU, but many of them require Member States to enact legislation to support their enforcement and supervision, e.g., to designate nationally competent authorities and assign them new powers.
Below, we have collected a summary of the status of the Big 5 preparations and competent authorities in Finland.
Data Governance Act (DGA)
The DGA sets forth rules to govern and facilitate voluntary data sharing, such the operations of data intermediary services providers and data altruism organisations, as well the reuse of certain public sector data. The DGA entered into force on 23 June 2022 and its application commenced on 24 September 2023.
For the DGA, the national preparation concerns mainly the designation of a competent authority who will be tasked with the new responsibilities related to, in particular, the notifications by data intermediation services providers and the registration of recognised data altruism organisations under Chapters 3 and 4 of the DGA, and related supervision. In Finland, the national implementation of the DGA is nearly complete and expected to enter into force in the beginning of 2024. The competent authority will be the Finnish Transport and Communications Agency Traficom. Traficom’s new tasks are set to commence when the national implementation enters into force.
Further, the DGA’s provisions on reuse of certain public sector data are further implemented in Finland by the Decree of the Ministry of Finance on the Provision of Certain Electronic Support Services Shared by the Administration (900/2023), in force as of 31 July 2023. The Finnish Digital and Population Data Services Agency is tasked with the national single information point under the DGA to handle requests for the reuse of the data.
Digital Markets Act (DMA)
The DMA aims to make the EU digital market fairer and more contestable by regulating large digital platforms, so-called “gatekeepers”. The DMA entered into force on 1 November 2022 and its application commenced largely on 2 May 2023 (with certain obligations applicable as of 25 June 2023). The main objective of the national preparation related to the DMA is to clarify the powers of the Finnish Competition and Consumer Authority, which would act as the nationally competent authority to assist the European Commission in the enforcement of the DMA. The related national legislative proposal was to be submitted to the Finnish Parliament in autumn 2023, however, it seems that the timing has been delayed to early 2024.
Digital Services Act (DSA)
The DSA governs online intermediaries and platforms to prevent illegal and harmful activities online and the spread of disinformation. The DSA entered into force on 16 November 2022 and its application at large will commence on 17 February 2024 (the rules for very large platforms have been applicable already since August 2023).
For the DSA, Member States are required to designate competent authorities and implement their new powers to monitor and enforce the regulation. In Finland, the national implementation is reaching its end as the legislation implementing the DSA is set to enter into force on 17 February 2024. The main supervisory authority and the Digital Services Coordinator under the DSA will be the Finnish Transport and Communications Agency Traficom. Other authorities monitoring compliance with the DSA are the Finnish Consumer Ombudsman and the Data Protection Ombudsman. Several laws will be amended and a new act, the Act on the Supervision of Online Intermediary Services, will be enacted to implement the DSA.
Data Act
The Data Act sets forth rules that, e.g., enable users of connected devices to access the data generated by such devices as well as grant customers the option to switch between cloud data processing service providers. The Data Act is expected to enter into force in early 2024, in which case its application would commence in autumn 2025, i.e., twenty (20) months after its entry into force. However, the obligation under Article 3(1) of the Data Act to design and manufacture connected products in such manner that the data is accessible to the user directly from the product or related service will only apply to products placed on the market after thirty-two (32) months from entry into force.
For the Data Act, Member States are required, e.g., to designate the competent authorities and lay down rules on penalties. In Finland, the national preparation related to the Data Act is in its early stages. A working group was established on 2 October 2023 to prepare an assessment memorandum of the contents, requirements, and effects of the Data Act, including the need for any legislative changes nationally. Once completed, the memorandum will be used in drafting the Government Bill to begin the legislative process to enact any such changes. The term of the working group ends on 31 December 2024.
Artificial Intelligence Act (AI Act)
The objective of the AI Act proposal is to ensure the safe and transparent use of artificial intelligence systems. The rules applicable to artificial intelligence systems would vary depending on the level of potential risk posed by different types or uses of artificial intelligence. A provisional agreement on the AI Act proposal was reached in the EU trilogue negotiations on 9 December 2023. At the time of writing this article, no national implementation measures have yet been announced. However, the Ministry of Economic Affairs and Employment of Finland published a joint study with the think tank Demos Helsinki on the effects of the AI Act proposal on the business environment of Finnish companies on 7 December 2023.
