To monitor open data policies across the world, we developed the Open Data Policy Lab Policy Repository. This quarter, we added 11 new policy developments within and across Africa, Europe, Asia, and North America. They illustrate the range of mechanisms through which governments and international institutions are increasingly structuring access to data. Five approaches emerge:

• mandating the release and reuse of public data; 

• authorizing controlled sharing of government-held datasets; 

• enabling structured access to privately controlled or platform-held data; 

• governing cross-border data flows through trade frameworks, certification regimes, and bilateral agreements; and 

• restructuring the legal architecture that governs data access frameworks themselves.

In the below, we provide further detail.

1. Mandating Release and Reuse of Public Data

Ukraine’s Resolution No. 1151 expands the list of datasets that must be published on the national open data portal and strengthens interoperability requirements across government information systems. Newly required datasets include areas such as judicial statistics, bankruptcy records, fiscal information, and real-time transport data. The resolution also requires the use of unified identifiers across datasets to improve cross-dataset linkage and authorizes the use of AI tools to assist with moderation and processing on the portal. 

Similarly, Spain’s Decálogo Reutilizador de Datos del Sector Público provides practical guidance for public agencies on how to prepare and release public sector data for reuse. The guidance incorporates the EU Open Data Directive’s concept of high-value datasets, which must be published free of charge in machine-readable formats and made available through APIs. It also promotes open licensing, including Creative Commons (CC BY 4.0), and aligns national practices with European interoperability standards such as NTI-RISP and the European Interoperability Framework.

2. Authorizing the Sharing of Government-Held Data

Singapore’s Public Sector (Governance) (Amendment) Bill 2025 extends the existing framework for inter-agency data sharing to allow sharing with trusted external partners such as social service organizations and industry associations when it supports defined public sector purposes. Each arrangement requires ministerial authorization specifying the purpose, partner, and scope of data involved, and external partners must meet data protection and security requirements through contractual safeguards. The reform aims to enable more coordinated service delivery while maintaining clear accountability for how government-held data is used.

Japan’s Basic Policy on the Data Utilization System promotes cross-sector data integration as part of the country’s broader digital transformation strategy. The policy frames data as a shared societal resource and links improved data utilization to productivity growth, AI development, and administrative modernization. It calls for digital public infrastructure to enable data linkage across sectors, improvements in administrative data quality, and centralized tools such as a national data dashboard to facilitate reuse by local governments and private actors.

3. Enabling Access to Privately Held Data

The European Commission’s Recommendation on Model Contractual Terms supports implementation of the EU Data Act by providing standardized contractual clauses for data sharing between firms. The templates operationalize the Act’s requirement for fair, reasonable, and non-discriminatory (FRAND) access to data generated by connected products. They clarify responsibilities between data holders and recipients, address liability and confidentiality, and include provisions supporting cloud switching and service portability.

Ireland’s Guidance for Vetted Researchers implements Article 40 of the Digital Services Act, which requires Very Large Online Platforms and Search Engines to provide access to platform data for the study of systemic risks. The guidance establishes procedures through which researchers can apply for access, sets out documentation and security requirements, and defines the conditions under which platforms must provide data through technical interfaces or secure processing environments.

Elsewhere, the African Commission’s Guidelines on Promoting and Harnessing Data Access for Human Rights and Sustainable Development situate data access within the right to information under the African Charter. The guidelines extend access-to-information principles to the digital environment and encourage states to ensure that digital platforms provide structured access mechanisms for public-interest research. They also emphasize inclusive access, including affordability and accessibility for marginalized groups, and require that restrictions on access satisfy established human rights limitation tests. 

4. Governing Cross-Border Data Flows

The EU–Singapore Digital Trade Agreement establishes binding rules governing cross-border digital trade between the parties. The agreement restricts unjustified data localization requirements and protects cross-border data transfers while allowing public policy safeguards. It also includes provisions encouraging governments to publish public data in machine-readable formats and through APIs, linking open data practices with broader commitments to digital interoperability and economic cooperation.

China's Measures for Certification of Cross-Border Transfer of Personal Information establish a certification mechanism for exporting personal data under the Personal Information Protection Law. Organizations seeking to transfer personal information abroad must obtain certification from accredited bodies demonstrating compliance with Chinese data protection standards. The framework requires impact assessments before transfers, establishes oversight mechanisms, and allows regulators to suspend certifications if organizations fail to meet compliance requirements.

The United States’ Bilateral Global Health Agreements link health assistance to bilateral cooperation on data and surveillance. The agreements establish monitoring systems for service delivery, epidemiology, supply chains, and financing, and call for long-term health data systems and data sharing arrangements to support outbreak surveillance and program management. Reported draft agreements also indicate that some arrangements may include commitments to share pathogen information and other health surveillance data as part of ongoing cooperation. 

4. Restructuring the Legal Architecture of Data Governance

The European Commission’s Digital Omnibus proposal seeks to simplify the European Union’s expanding body of digital and data legislation. The proposal repeals several existing instruments—including the Open Data Directive, the Data Governance Act, the Free Flow of Non-Personal Data Regulation, and the Platform-to-Business Regulation—and integrates their core provisions into a revised legal framework centered on the Data Act and related digital regulations. As opposed to creating new access rights, the initiative focuses on reducing regulatory fragmentation and streamlining compliance requirements across overlapping data governance regimes.

Conclusion

These eleven additions illustrate the expanding scope of data access policy. Governments and international institutions are using a wide range of legal instruments to determine how data is published, shared, requested, transferred, and controlled. Some initiatives expand access to public or privately held data for research, innovation, and oversight, while others structure or condition access through certification regimes, trade agreements, and bilateral arrangements. In parallel, policymakers are beginning to reorganize the growing body of digital regulation that governs these mechanisms.

Data access has therefore become a critical arena of governance, including administrative reform, market regulation, international cooperation, and geopolitical strategy.

Back to the Blog