Juris Initiative : Juris Initiative"s News

April - 2025

ARCEP awards first data intermediation service provider label

By Decision No. 2025-0468 of April 10, 2025, ARCEP awarded for the first time the label of “data intermediation services provider recognised in the Union” to the company M-iTrust, which thus became the first entity to obtain this recognition.

This label is intended to identify service providers that meet European requirements for neutrality, fairness, independence, and security in data intermediation. It is part of the new powers entrusted to ARCEP by Law no. 2024-449 of May 21, 2024 (also known as “Loi SREN”, enacted to implement Regulation (EU) 2022/868 on data governance (“Data Governance Act” or “DGA”).

According to the DGA, a data intermediation service provider is a neutral actor that facilitates establishing commercial relationships for data sharing between data holders or data subjects and users through technical, legal, or other means, without significantly enhancing or altering the data.

The DGA requires data intermediation service providers to notify a competent national authority of their activity. In France, the Law of 21 May 2024 designated ARCEP as the competent authority for receiving such notifications. Upon notification of their activities, providers may apply to ARCEP for the label of “data intermediation services provider recognised in the Union.”

The label's award is subject to compliance with the conditions set out in Article 12 of the DGA. These notably impose the exclusive use of the data for making it available to users, the strict legal separation of intermediation activities from other activities, transparency of commercial terms, prevention of conflicts of interest, and security of exchanges.

Before awarding any label, ARCEP consults the French Data Protection Authority (CNIL) regarding any practices that could affect the protection of personal data and takes into account any observations it may provide.

Certified providers are authorized to use the official logo in their communications.

After examining the application and consulting the CNIL, ARCEP considered that M-iTrust met the certification criteria. However, two points of attention were raised.

Firstly, M-iTrust offers bank scoring solutions through a legally separate entity. ARCEP has reiterated that any activity other than data intermediation must be strictly separated to avoid conflicts of interest.

Secondly, M-iTrust states that it may use data scraping techniques. ARCEP and CNIL consider that this practice presents risks in terms of security and compliance with site usage conditions. ARCEP recommends using secure interfaces (APIs).

The issuance of this first label reflects the framework outlined by the DGA. This contributes to the ongoing development of a European data market based on key principles of transparency and trust. Additionally, various companies have formally notified ARCEP regarding their respective activities. In the months ahead, we will be watching to see if they also apply and obtain the label.

Tags:
ARCEP, Data Governance Act, DGA, Data intermediation service provider, Data intermediation label, EU data sharing, Data governance regulation, Personal data protection, Notification to ARCEP, Certified data intermediary, EU-recognized data provider, M-iTrust ARCEP

<- Back to: Last news