NEN: why European harmonised standards are key to comply with the upcoming Data Act

NEN: why European harmonised standards are key to comply with the upcoming Data Act

The European Commission (EC) regularly submits standardisation requests to a recognised European standardisation organisation (CEN, CENELEC, or ETSI) to develop European standards that help comply with new European legislation. It is very likely that the EC will submit a request to develop European standards that enable organisations to comply with the Data Act, with which Europe wants to promote the value of data sharing. Inge Piek, Consultant ICT Standards of NEN (Netherlands Standardisation Institute), explains the added value of European harmonised standards developed by recognised European standardisation organisations. She also elaborates on the requirements for harmonised standards in the Data Act and the European process for adherence, and on how NEN in the Netherlands, in collaboration with Dutch market parties, can contribute to the development of these standards.

Market standards versus harmonised standards

Standards are agreements that market parties can make to demonstrate the quality and safety of their products, services, and processes. NEN is the Dutch standardisation institute and as such designated by the Dutch state. NEN helps define Dutch standards and supports Dutch stakeholders in contributing to standards that are created on a European level and in the technical committees of the European standardisation organisations CEN and CENELEC. According to Inge, there is an important distinction between standards and harmonised standards. “Standards assure that companies work according to the same agreements and this provides clarity for the market. However, they do not have a legal basis. This is different with harmonised standards, which are explicitly referred to from European legislation. In this case, it is the technical specifications that are considered appropriate or sufficient to meet the technical requirements of EU law. Whereas regular standards are useful in practice – as everyone abides by the same agreements – harmonised standards can be used by e.g. suppliers and manufacturers to demonstrate that they comply with European legislation and regulations, which is called ‘presumption of conformity’. That makes them a lot more significant.”

Requirements for harmonised standards related to the Data Act

The Data Act is part of a series of legislations on the handling and opportunities of using data. With this legislation, Europe wants to outline the framework for realising the value of data for Europe in a fair manner. The Data Act also states the need for harmonised standards for data sharing and smart contracts and possibly also harmonised standards for cloud portability. Inge explains: “Firstly, it concerns interoperability requirements for data, for data sharing mechanisms and services, as well as for common European data spaces. Data must be findable and accessible for the recipient in a user-friendly way. For instance, data structures and word structures need to be described in a publicly available and consistent manner. In addition, automatic access and transfer of data between parties must be possible. Secondly, there are requirements for the automatic execution of data sharing agreements (‘smart contracts’), so that, for example, data sharing transactions can be simplified and ownership can be assigned to digital assets. This implies that functionalities must be able to be stopped, interrupted or reset automatically. Additionally, data archiving, continuity requirements and access control are required. Thirdly, the Data Act sets interoperability requirements for data processing services. This must ensure that users can switch to another service provider and easily transfer their data and applications to a comparable service (‘cloud portability’). This means that there must be syntactic and semantic interoperability for both the cloud infrastructure and the data and application layer.”

Process for developing European harmonised standards

To achieve harmonised standards, Europe follows a strict process, Inge says. “Harmonised standards are developed to answer a request from the European Commission. It all starts with legislation, in this case the Data Act. This is followed by a request of the European Commission to start the preparation for a so-called standardisation request. In this request, the European Commission asks one or more of the three European standardisation organisations (CEN, CENELEC, or ETSI) to develop standards. The European standardisation organisations can then either accept or reject the proposal unconditionally. After acceptance, the standardisation organisations form a technical committee with experts who develop the requested standards. This results first in a draft standard that is offered to the market for public consultation. After processing the feedback, the standard is finalised. In one of the final stages, a so-called HAS consultant assesses on behalf of the European Commission whether all phases have been completed correctly and whether the standard fulfills the original requirements of the standardisation request by the European Commission. As soon as (s)he gives the green light, the references of the harmonised standard will be published in the Official Journal of the European Union (OJEU). Once that has happened, the standard also has legal relevance.”

NEN represents the interests of the Dutch market

Inge encourages participants of the CoE-DSC to actively contribute to European standards. Inge: “On an international level, NEN serves as a representative of Dutch market interests.  As a Dutch standardisation institute, we are a member of the European standardisation networks CEN and CENELEC. We invite participants of the CoE-DSC to get involved. Let’s come together, pool our expertise, and exchange views on the interpretation of the European standards. These standards are crucial for companies to adhere to and comply with the Data Act.”

Do you have questions about the requirements for harmonised standards within the Data Act? Or do you want to share expertise and knowledge on behalf of your organisation or sector? Please contact Inge Piek via:


Read more

What SMEs should know about EU digital legislations

What SMEs should know about EU digital legislations

Olga Batura, Senior scientist at TNO, shares some insights about the Digital Markets Act (DMA), the Digital Services Act (DSA), the Data Act, the Cyber Resilience Act, and the AI Act (which she also shared during our Community Meeting of June).