[{"data":1,"prerenderedAt":697},["ShallowReactive",2],{"navigation":3,"\u002Fen\u002Fblog\u002Fdata-governance-act-devops-guide":294,"\u002Fen\u002Fblog\u002Fdata-governance-act-devops-guide-surround":692},[4,8,12,16,20,24,28,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,207,219,250,287],{"title":5,"path":6,"stem":7},"Build and Deploy a Modern Website in 5 Minutes","\u002Fen\u002Fblog\u002Fbuild-with-loveable","en\u002F3.blog\u002F1.build-with-loveable",{"title":9,"path":10,"stem":11},"The Vercel Alternative for the German Mittelstand: Sovereign Hosting on Hetzner with lowcloud","\u002Fen\u002Fblog\u002Fdigital-sovereignty-lowcloud-vs-vercel-b2b","en\u002F3.blog\u002F10.digital-sovereignty-lowcloud-vs-vercel-b2b",{"title":13,"path":14,"stem":15},"Cloud Sovereignty Framework: How the EU Is Finally Making Cloud Sovereignty Measurable","\u002Fen\u002Fblog\u002Fcloud-sovereignty-framework","en\u002F3.blog\u002F12.cloud-sovereignty-framework",{"title":17,"path":18,"stem":19},"Avoiding Cloud Vendor Lock-in: What Real Sovereignty Means Technically","\u002Fen\u002Fblog\u002Fcloud-vendor-lock-in","en\u002F3.blog\u002F13.cloud-vendor-lock-in",{"title":21,"path":22,"stem":23},"Digital Sovereignty with Kubernetes: When Is Open Source Truly Sovereign?","\u002Fen\u002Fblog\u002Fkubernetes-digital-sovereignty","en\u002F3.blog\u002F14.kubernetes-digital-sovereignty",{"title":25,"path":26,"stem":27},"What Is DevOps as a Service and When Does It Actually Make Sense?","\u002Fen\u002Fblog\u002Fdevops-as-a-service","en\u002F3.blog\u002F15.devops-as-a-service",{"title":29,"path":30,"stem":31},"Cloud Sovereignty Governance: Why This Topic Belongs in the Boardroom, Not the Server Room","\u002Fen\u002Fblog\u002Fcloud-sovereignty-governance","en\u002F3.blog\u002F16.cloud-sovereignty-governance",{"title":33,"path":34,"stem":35},"PaaS vs. DaaS: What","\u002Fen\u002Fblog\u002Fpaas-vs-daas","en\u002F3.blog\u002F17.paas-vs-daas",{"title":37,"path":38,"stem":39},"Sovereign Cloud: Can SaaS Really Maintain Control Over Your Data?","\u002Fen\u002Fblog\u002Fsovereign-cloud-saas-data-control","en\u002F3.blog\u002F18.sovereign-cloud-saas-data-control",{"title":41,"path":42,"stem":43},"DevOps vs. DevOps as a Service – Which One Fits Your Team?","\u002Fen\u002Fblog\u002Fdevops-vs-devops-as-a-service","en\u002F3.blog\u002F19.devops-vs-devops-as-a-service",{"title":45,"path":46,"stem":47},"Docker Fundamentals -  Understanding Container Virtualization","\u002Fen\u002Fblog\u002Fhow-docker-works","en\u002F3.blog\u002F2.how-docker-works",{"title":49,"path":50,"stem":51},"The 7 Biggest DevOps Problems in SMBs – And How to Fix Them","\u002Fen\u002Fblog\u002Fdevops-problems-smb","en\u002F3.blog\u002F20.devops-problems-smb",{"title":53,"path":54,"stem":55},"PostgreSQL Helm Chart: How to Deploy Postgres on Kubernetes","\u002Fen\u002Fblog\u002Fpostgresql-helm-chart-kubernetes","en\u002F3.blog\u002F21.postgresql-helm-chart-kubernetes",{"title":57,"path":58,"stem":59},"Platform Engineering vs. DevOps – What","\u002Fen\u002Fblog\u002Fplatform-engineering-vs-devops","en\u002F3.blog\u002F22.platform-engineering-vs-devops",{"title":61,"path":62,"stem":63},"Cloud Act vs. GDPR: The Risk for EU Businesses","\u002Fen\u002Fblog\u002Fcloud-act-vs-gdpr","en\u002F3.blog\u002F23.cloud-act-vs-gdpr",{"title":65,"path":66,"stem":67},"Cut IT Costs with Automation: The Biggest Lever","\u002Fen\u002Fblog\u002Freduce-it-costs-automation","en\u002F3.blog\u002F24.reduce-it-costs-automation",{"title":69,"path":70,"stem":71},"NIS2 Compliance for DevOps Teams: What You Need to Do","\u002Fen\u002Fblog\u002Fnis2-compliance-devops","en\u002F3.blog\u002F25.nis2-compliance-devops",{"title":73,"path":74,"stem":75},"Self-Hosted EU Alternatives: Host LibreOffice & More","\u002Fen\u002Fblog\u002Fself-hosted-eu-alternatives","en\u002F3.blog\u002F26.self-hosted-eu-alternatives",{"title":77,"path":78,"stem":79},"DORA Compliance for DevOps: What the EU Resilience Act Means","\u002Fen\u002Fblog\u002Fdora-compliance-devops","en\u002F3.blog\u002F27.dora-compliance-devops",{"title":81,"path":82,"stem":83},"Cloud TCO: Hidden Costs AWS, Azure & GCP Don't Show You","\u002Fen\u002Fblog\u002Fcloud-tco-hidden-costs","en\u002F3.blog\u002F28.cloud-tco-hidden-costs",{"title":85,"path":86,"stem":87},"Data Residency vs. Data Sovereignty: What Really Matters","\u002Fen\u002Fblog\u002Fdata-residency-vs-data-sovereignty","en\u002F3.blog\u002F29.data-residency-vs-data-sovereignty",{"title":89,"path":90,"stem":91},"Self-Host n8n on Hetzner: Complete Docker Setup Guide","\u002Fen\u002Fblog\u002Fself-hosted-n8n-on-hetzner","en\u002F3.blog\u002F3.self-hosted-n8n-on-hetzner",{"title":93,"path":94,"stem":95},"Manual Deployments: An Underestimated Risk for SMBs","\u002Fen\u002Fblog\u002Fmanual-deployment-risks","en\u002F3.blog\u002F30.manual-deployment-risks",{"title":97,"path":98,"stem":99},"DevOps Tool Sprawl: How It Happens and How to Stop It","\u002Fen\u002Fblog\u002Fdevops-tool-sprawl","en\u002F3.blog\u002F31.devops-tool-sprawl",{"title":101,"path":102,"stem":103},"Kubernetes Monitoring: Using Logs and Metrics Effectively","\u002Fen\u002Fblog\u002Fkubernetes-monitoring-logs-metrics","en\u002F3.blog\u002F32.kubernetes-monitoring-logs-metrics",{"title":105,"path":106,"stem":107},"OB7 Case Study: Website Deployment Without Infrastructure Overhead","\u002Fen\u002Fblog\u002Fob7-case-study-lowcloud-deployment","en\u002F3.blog\u002F33.ob7-case-study-lowcloud-deployment",{"title":109,"path":110,"stem":111},"DevOps in SMBs: Why Missing Roles Become a Real Risk","\u002Fen\u002Fblog\u002Fmissing-devops-roles-smb","en\u002F3.blog\u002F34.missing-devops-roles-smb",{"title":113,"path":114,"stem":115},"Simplify Kubernetes Configuration: The Path to Human-Readable Cloud","\u002Fen\u002Fblog\u002Fsimplify-kubernetes-configuration","en\u002F3.blog\u002F35.simplify-kubernetes-configuration",{"title":117,"path":118,"stem":119},"Collaborative DevOps: How Modern Teams Build Cloud Apps Together","\u002Fen\u002Fblog\u002Fcollaborative-devops-teams","en\u002F3.blog\u002F36.collaborative-devops-teams",{"title":121,"path":122,"stem":123},"Knowledge Documentation in DevOps Teams: How to Actually Reduce Your Bus Factor","\u002Fen\u002Fblog\u002Fdevops-knowledge-documentation-bus-factor","en\u002F3.blog\u002F37.devops-knowledge-documentation-bus-factor",{"title":125,"path":126,"stem":127},"What Is PaaS? Platform as a Service Explained","\u002Fen\u002Fblog\u002Fwhat-is-paas","en\u002F3.blog\u002F38.what-is-paas",{"title":129,"path":130,"stem":131},"EU AI Act Hosting: What Changes for AI Workload Operators","\u002Fen\u002Fblog\u002Feu-ai-act-hosting","en\u002F3.blog\u002F39.eu-ai-act-hosting",{"title":133,"path":134,"stem":135},"Docker Compose Tutorial: Managing Multi-Container Apps Made Easy","\u002Fen\u002Fblog\u002Fdocker-compose-for-beginners","en\u002F3.blog\u002F4.docker-compose-for-beginners",{"title":137,"path":138,"stem":139},"Full-Stack Developer Reality: What the Title Actually Means","\u002Fen\u002Fblog\u002Ffull-stack-developer-reality","en\u002F3.blog\u002F40.full-stack-developer-reality",{"title":141,"path":142,"stem":143},"Cloud Egress Fees Compared: AWS vs. Azure vs. GCP Pricing","\u002Fen\u002Fblog\u002Fcloud-egress-fees","en\u002F3.blog\u002F41.cloud-egress-fees",{"title":145,"path":146,"stem":147},"Bring Your Own Cloud: What the Model Means and Why It","\u002Fen\u002Fblog\u002Fbring-your-own-cloud","en\u002F3.blog\u002F42.bring-your-own-cloud",{"title":149,"path":150,"stem":151},"Zero-Config Kubernetes: Why Simplicity Wins","\u002Fen\u002Fblog\u002Fzero-config-kubernetes","en\u002F3.blog\u002F43.zero-config-kubernetes",{"title":153,"path":154,"stem":155},"Minimalist Cloud Architecture: Why Less Complexity Means More Stability","\u002Fen\u002Fblog\u002Fminimalist-cloud-architecture","en\u002F3.blog\u002F44.minimalist-cloud-architecture",{"title":157,"path":158,"stem":159},"Software Deployment for SMBs: How Small Teams Ship Faster","\u002Fen\u002Fblog\u002Fsmb-software-deployment","en\u002F3.blog\u002F45.smb-software-deployment",{"title":161,"path":162,"stem":163},"EU Data Act: What Businesses and DevOps Teams Need to Know","\u002Fen\u002Fblog\u002Feu-data-act-business-devops","en\u002F3.blog\u002F46.eu-data-act-business-devops",{"title":165,"path":166,"stem":167},"Data Governance Act: What SMBs and DevOps Teams Need to Know","\u002Fen\u002Fblog\u002Fdata-governance-act-devops-guide","en\u002F3.blog\u002F47.data-governance-act-devops-guide",{"title":169,"path":170,"stem":171},"Self-Host Docmost with Docker Compose and Traefik: Complete Guide","\u002Fen\u002Fblog\u002Fself-host-docmost-with-docker-and-traefik","en\u002F3.blog\u002F5.self-host-docmost-with-docker-and-traefik",{"title":173,"path":174,"stem":175},"What Is Kubernetes? A Practical Guide to Container Orchestration","\u002Fen\u002Fblog\u002Fwhat-is-kubernetes","en\u002F3.blog\u002F6.what-is-kubernetes",{"title":177,"path":178,"stem":179},"The Cloud Illusion: Why a Server Location in Germany Doesn’t Guarantee Digital Sovereignty","\u002Fen\u002Fblog\u002Fcloud-illusion-digital-sovereignty","en\u002F3.blog\u002F7.cloud-illusion-digital-sovereignty",{"title":181,"path":182,"stem":183},"S3-Compatible Object Storage: The Best Solutions at a Glance","\u002Fen\u002Fblog\u002Fs3-compatible-object-storage","en\u002F3.blog\u002F8.s3-compatible-object-storage",{"title":185,"path":186,"stem":187},"Deployment as a Bottleneck: When AI Codes Faster Than You Can Deploy","\u002Fen\u002Fblog\u002Fdeployment-bottleneck","en\u002F3.blog\u002F9.deployment-bottleneck",{"title":189,"path":190,"stem":191,"children":192,"icon":206},"Getting Started","\u002Fen\u002Fdocs\u002Fgetting-started","en\u002F1.docs\u002F1.getting-started\u002F1.index",[193,196,201],{"title":194,"path":190,"stem":191,"icon":195},"Introduction","i-lucide-house",{"title":197,"path":198,"stem":199,"icon":200},"Get Started","\u002Fen\u002Fdocs\u002Fgetting-started\u002Fget-started","en\u002F1.docs\u002F1.getting-started\u002F2.get-started","i-lucide-rocket",{"title":202,"path":203,"stem":204,"icon":205},"How It Works","\u002Fen\u002Fdocs\u002Fgetting-started\u002Fhow-it-works","en\u002F1.docs\u002F1.getting-started\u002F3.how-it-works","i-lucide-lightbulb",false,{"title":208,"path":209,"stem":210,"children":211,"icon":206},"Guides","\u002Fen\u002Fdocs\u002Fguides","en\u002F1.docs\u002F2.guides\u002F1.index",[212,214],{"title":208,"path":209,"stem":210,"icon":213},"i-lucide-book-open",{"title":215,"path":216,"stem":217,"icon":218},"Connect a Container Registry","\u002Fen\u002Fdocs\u002Fguides\u002Fcontainer-registries","en\u002F1.docs\u002F2.guides\u002F2.container-registries","i-lucide-container",{"title":220,"path":221,"stem":222,"children":223,"icon":206},"App Services","\u002Fen\u002Fdocs\u002Fapp-services","en\u002F1.docs\u002F3.app-services\u002F1.index",[224,225,230,235,240,245],{"title":220,"path":221,"stem":222,"icon":200},{"title":226,"path":227,"stem":228,"icon":229},"Build Settings","\u002Fen\u002Fdocs\u002Fapp-services\u002Fbuild-settings","en\u002F1.docs\u002F3.app-services\u002F2.build-settings","i-lucide-settings",{"title":231,"path":232,"stem":233,"icon":234},"Env Variables","\u002Fen\u002Fdocs\u002Fapp-services\u002Fenvironment-variables","en\u002F1.docs\u002F3.app-services\u002F3.environment-variables","i-lucide-key",{"title":236,"path":237,"stem":238,"icon":239},"Custom Domains","\u002Fen\u002Fdocs\u002Fapp-services\u002Fcustom-domains","en\u002F1.docs\u002F3.app-services\u002F4.custom-domains","i-lucide-globe",{"title":241,"path":242,"stem":243,"icon":244},"Health Checks","\u002Fen\u002Fdocs\u002Fapp-services\u002Fhealth-checks","en\u002F1.docs\u002F3.app-services\u002F5.health-checks","i-lucide-heart-pulse",{"title":246,"path":247,"stem":248,"icon":249},"Autoscaling","\u002Fen\u002Fdocs\u002Fapp-services\u002Fautoscaling","en\u002F1.docs\u002F3.app-services\u002F6.autoscaling","i-lucide-scaling",{"title":251,"path":252,"stem":253,"children":254,"icon":206},"Helm Releases","\u002Fen\u002Fdocs\u002Fhelm-releases","en\u002F1.docs\u002F4.helm-releases\u002F1.index",[255,257,262,267,272,277,282],{"title":251,"path":252,"stem":253,"icon":256},"i-lucide-package",{"title":258,"path":259,"stem":260,"icon":261},"Deploy PostgreSQL","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-postgresql","en\u002F1.docs\u002F4.helm-releases\u002F2.deploy-postgresql","i-lucide-database",{"title":263,"path":264,"stem":265,"icon":266},"Deploy Redis","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-redis","en\u002F1.docs\u002F4.helm-releases\u002F3.deploy-redis","i-lucide-zap",{"title":268,"path":269,"stem":270,"icon":271},"Deploy n8n","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-n8n","en\u002F1.docs\u002F4.helm-releases\u002F4.deploy-n8n","i-lucide-workflow",{"title":273,"path":274,"stem":275,"icon":276},"Deploy RustFS","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-rustfs","en\u002F1.docs\u002F4.helm-releases\u002F5.deploy-rustfs","i-lucide-hard-drive",{"title":278,"path":279,"stem":280,"icon":281},"Deploy OpenSearch","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-opensearch","en\u002F1.docs\u002F4.helm-releases\u002F6.deploy-opensearch","i-lucide-search",{"title":283,"path":284,"stem":285,"icon":286},"Deploy Keycloak","\u002Fen\u002Fdocs\u002Fhelm-releases\u002Fdeploy-keycloak","en\u002F1.docs\u002F4.helm-releases\u002F7.deploy-keycloak","i-lucide-shield-check",{"title":288,"path":289,"stem":290,"children":291,"icon":206},"Glossary","\u002Fen\u002Fdocs\u002Fglossary","en\u002F1.docs\u002F5.glossary\u002F1.index",[292],{"title":288,"path":289,"stem":290,"icon":293},"i-lucide-book-a",{"id":295,"title":165,"authors":296,"badge":302,"body":303,"date":683,"description":684,"extension":685,"image":686,"lastUpdated":302,"meta":688,"navigation":689,"path":166,"published":689,"seo":690,"stem":167,"tags":302,"__hash__":691},"posts\u002Fen\u002F3.blog\u002F47.data-governance-act-devops-guide.md",[297],{"name":298,"to":299,"avatar":300},"Thomas Ens","\u002Fabout\u002Fthomasens",{"src":301},"\u002Fimages\u002Fblog\u002Fauthors\u002Fthomas.jpeg",null,{"type":304,"value":305,"toc":672},"minimark",[306,310,315,318,321,344,347,352,355,363,367,370,389,392,396,399,402,406,409,412,418,461,467,571,577,591,595,598,601,607,613,619,622,626,629,662,665,668],[307,308,309],"p",{},"The Data Governance Act has been binding across the EU since September 2023, yet unlike the GDPR, it barely registers on the radar of technical teams. That's a mistake. The DGA has direct implications for how companies share, manage, and retain data within their infrastructure. Ignoring it doesn't just risk compliance issues — it leads to architecture decisions that become expensive to reverse later on.",[311,312,314],"h2",{"id":313},"what-the-data-governance-act-covers-and-what-it-doesnt","What the Data Governance Act Covers — and What It Doesn't",[307,316,317],{},"The DGA is not a data protection law. It complements the GDPR but doesn't override it. While the GDPR governs the protection of personal data, the DGA addresses something different: it creates the legal and organizational framework for data sharing between companies, public bodies, and individuals across the EU.",[307,319,320],{},"Specifically, the DGA defines three core areas:",[322,323,324,332,338],"ul",{},[325,326,327,331],"li",{},[328,329,330],"strong",{},"Re-use of public sector data"," — under what conditions government-held data can be used for commercial or scientific purposes",[325,333,334,337],{},[328,335,336],{},"Data intermediation services"," — neutral intermediaries that facilitate data exchange between providers and users without having their own economic interest in the data",[325,339,340,343],{},[328,341,342],{},"Data altruism"," — organizations that collect and make data available for the common good",[307,345,346],{},"This sounds abstract, but it has tangible consequences the moment your company shares data with partners, uses external data services, or acts as a data intermediary itself.",[348,349,351],"h3",{"id":350},"how-it-differs-from-the-data-act","How It Differs from the Data Act",[307,353,354],{},"A common misconception: the Data Governance Act and the Data Act are often mentioned together but are fundamentally different. The DGA governs the structures — who is allowed to share data and under what conditions. The Data Act governs the rights — who is entitled to access data generated through the use of products and services.",[307,356,357,358,362],{},"Put simply: the DGA builds the road, the Data Act determines who gets to drive on it. Both frameworks need to be considered together — the ",[359,360,361],"a",{"href":162},"Data Act and its implications for DevOps"," are covered in a separate article.",[311,364,366],{"id":365},"who-the-data-governance-act-directly-affects","Who the Data Governance Act Directly Affects",[307,368,369],{},"At first glance, the DGA seems like a topic for public authorities and large data intermediation platforms. That's only partly true. Directly affected are:",[322,371,372,378,383],{},[325,373,374,377],{},[328,375,376],{},"Public bodies"," that make protected data (e.g., health, mobility, or financial data) available for re-use",[325,379,380,382],{},[328,381,336],{}," that act as neutral marketplaces between data providers and users — they must register with national authorities",[325,384,385,388],{},[328,386,387],{},"Data altruism organizations"," that collect data for public interest purposes",[307,390,391],{},"For SMBs and DevOps teams, the DGA applies indirectly but still noticeably: anyone sourcing or sharing data through a certified data intermediary must meet the technical and contractual requirements of these intermediaries. And anyone running their own services on infrastructure that could be classified as a data intermediary should take a close look at whether a registration obligation applies.",[311,393,395],{"id":394},"data-governance-act-and-deployment-what-changes-for-devops","Data Governance Act and Deployment: What Changes for DevOps",[307,397,398],{},"The technical dimension of the DGA is often overlooked. Yet it's particularly relevant for DevOps teams because it directly impacts architecture decisions.",[307,400,401],{},"The core principle: anyone managing or intermediating data under the DGA must be able to demonstrate where that data resides, who accesses it, and how it's protected. This isn't a new concept, but the DGA gives it a new regulatory framework — with consequences for Kubernetes deployments.",[348,403,405],{"id":404},"implementing-data-sovereignty-in-practice","Implementing Data Sovereignty in Practice",[307,407,408],{},"Data classification within the cluster is the first step. Which workloads process data that could fall under the DGA? This might include data from public sources, data from partners via a data intermediary, or your own data that you share through such a service.",[307,410,411],{},"Concrete technical measures that become relevant in this context:",[307,413,414,417],{},[328,415,416],{},"Namespace isolation:"," Sensitive workloads belong in dedicated namespaces with clear RBAC rules. It's not rocket science, but many teams don't do it consistently.",[419,420,425],"pre",{"className":421,"code":422,"language":423,"meta":424,"style":424},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","kubectl create namespace data-regulated\nkubectl apply -f rbac-data-regulated.yaml\n","bash","",[426,427,428,447],"code",{"__ignoreMap":424},[429,430,433,437,441,444],"span",{"class":431,"line":432},"line",1,[429,434,436],{"class":435},"sBMFI","kubectl",[429,438,440],{"class":439},"sfazB"," create",[429,442,443],{"class":439}," namespace",[429,445,446],{"class":439}," data-regulated\n",[429,448,450,452,455,458],{"class":431,"line":449},2,[429,451,436],{"class":435},[429,453,454],{"class":439}," apply",[429,456,457],{"class":439}," -f",[429,459,460],{"class":439}," rbac-data-regulated.yaml\n",[307,462,463,466],{},[328,464,465],{},"Network policies:"," By default, all pods in a Kubernetes cluster can communicate with each other. For regulated data, that's a problem. An explicit default-deny policy combined with allowed exceptions is mandatory:",[419,468,472],{"className":469,"code":470,"language":471,"meta":424,"style":424},"language-yaml shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","apiVersion: networking.k8s.io\u002Fv1\nkind: NetworkPolicy\nmetadata:\n  name: default-deny-all\n  namespace: data-regulated\nspec:\n  podSelector: {}\n  policyTypes:\n  - Ingress\n  - Egress\n","yaml",[426,473,474,487,497,506,517,527,535,546,554,563],{"__ignoreMap":424},[429,475,476,480,484],{"class":431,"line":432},[429,477,479],{"class":478},"swJcz","apiVersion",[429,481,483],{"class":482},"sMK4o",":",[429,485,486],{"class":439}," networking.k8s.io\u002Fv1\n",[429,488,489,492,494],{"class":431,"line":449},[429,490,491],{"class":478},"kind",[429,493,483],{"class":482},[429,495,496],{"class":439}," NetworkPolicy\n",[429,498,500,503],{"class":431,"line":499},3,[429,501,502],{"class":478},"metadata",[429,504,505],{"class":482},":\n",[429,507,509,512,514],{"class":431,"line":508},4,[429,510,511],{"class":478},"  name",[429,513,483],{"class":482},[429,515,516],{"class":439}," default-deny-all\n",[429,518,520,523,525],{"class":431,"line":519},5,[429,521,522],{"class":478},"  namespace",[429,524,483],{"class":482},[429,526,446],{"class":439},[429,528,530,533],{"class":431,"line":529},6,[429,531,532],{"class":478},"spec",[429,534,505],{"class":482},[429,536,538,541,543],{"class":431,"line":537},7,[429,539,540],{"class":478},"  podSelector",[429,542,483],{"class":482},[429,544,545],{"class":482}," {}\n",[429,547,549,552],{"class":431,"line":548},8,[429,550,551],{"class":478},"  policyTypes",[429,553,505],{"class":482},[429,555,557,560],{"class":431,"line":556},9,[429,558,559],{"class":482},"  -",[429,561,562],{"class":439}," Ingress\n",[429,564,566,568],{"class":431,"line":565},10,[429,567,559],{"class":482},[429,569,570],{"class":439}," Egress\n",[307,572,573,576],{},[328,574,575],{},"Audit logging:"," To ensure traceability of data access, you need centralized logging at the API server level. If you don't have this in place yet, set it up — not just because of the DGA, but as a general best practice.",[307,578,579,582,583,586,587,590],{},[328,580,581],{},"Infrastructure choice:"," If your cluster runs on a US hyperscaler, you have a structural problem. US providers are subject to the ",[359,584,585],{"href":62},"CLOUD Act",", which potentially grants American authorities access to data regardless of whether the servers are physically located in the EU. For deployments falling under the DGA, European infrastructure with clear legal sovereignty isn't optional — it's a must. For why this requires ",[359,588,589],{"href":30},"board-level cloud governance",", not just technical fixes, see our dedicated analysis.",[311,592,594],{"id":593},"data-governance-act-for-smbs-obligations-and-opportunities","Data Governance Act for SMBs: Obligations and Opportunities",[307,596,597],{},"SMBs face a particular challenge: they have fewer resources for compliance but are affected just as much as larger companies. The DGA makes no exception here — there are no explicit SMB exemptions.",[307,599,600],{},"What SMBs should do:",[307,602,603,606],{},[328,604,605],{},"Map your data flows:"," What data comes in from outside, goes out, and through which services? Many SMBs don't have this overview — that's the first problem to solve.",[307,608,609,612],{},[328,610,611],{},"Classify the services you use:"," Are external data sources or services registered data intermediaries under the DGA? This affects how contracts need to be structured.",[307,614,615,618],{},[328,616,617],{},"Technical implementation:"," Not every SMB runs Kubernetes. But anyone using cloud-based services should understand where their data resides and what control they have over it. A platform that operates natively on sovereign EU infrastructure takes a large part of this burden off your shoulders.",[307,620,621],{},"On the flip side, the DGA also creates opportunities. The EU is building European Data Spaces — sector-specific data ecosystems for health, mobility, energy, and other domains. SMBs that position themselves early can access data pools that were previously out of reach.",[311,623,625],{"id":624},"first-steps-toward-dga-compliance-in-practice","First Steps Toward DGA Compliance in Practice",[307,627,628],{},"No company needs to overhaul everything overnight. But having a clear starting point helps:",[630,631,632,638,644,650,656],"ol",{},[325,633,634,637],{},[328,635,636],{},"Document data flows"," — Which systems process what data? Where does it come from, where does it go?",[325,639,640,643],{},[328,641,642],{},"Audit external services"," — Are the data intermediation or data altruism services you use registered in compliance with the DGA?",[325,645,646,649],{},[328,647,648],{},"Evaluate your infrastructure"," — Where do the workloads that process regulated data run? Is the location legally sovereign?",[325,651,652,655],{},[328,653,654],{},"Establish technical baselines"," — Set up network policies, RBAC, and audit logging as a foundation",[325,657,658,661],{},[328,659,660],{},"Review contracts"," — Clarify with data suppliers and recipients what DGA obligations arise from the collaboration",[307,663,664],{},"This isn't a massive project if you approach it step by step. The biggest mistake would be to ignore the topic entirely just because there's no wave of fines yet.",[307,666,667],{},"lowcloud operates Kubernetes infrastructure exclusively in sovereign European data centers — with no US hyperscalers in the stack. For teams that need DGA-compliant deployments without building an entire infrastructure themselves, it's a practical starting point.",[669,670,671],"style",{},"html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}",{"title":424,"searchDepth":449,"depth":449,"links":673},[674,677,678,681,682],{"id":313,"depth":449,"text":314,"children":675},[676],{"id":350,"depth":499,"text":351},{"id":365,"depth":449,"text":366},{"id":394,"depth":449,"text":395,"children":679},[680],{"id":404,"depth":499,"text":405},{"id":593,"depth":449,"text":594},{"id":624,"depth":449,"text":625},"2026-04-01","The EU Data Governance Act affects technical teams too. Learn what the DGA means for your Kubernetes deployments, data flows, and infrastructure choices.","md",{"src":687},"\u002Fimages\u002Fblog\u002Fdata-governance-act-devops-guide.jpg",{},true,{"title":165,"description":684},"ADUIDUW_qqMERodIiYftEMQcqeqD4n3kAP7A4A8jOR0",[693,695],{"title":161,"path":162,"stem":163,"description":694,"children":-1},"The EU Data Act has been in effect since 2025. What it means for cloud services, data portability, and DevOps — and what companies should do now.",{"title":169,"path":170,"stem":171,"description":696,"children":-1},"Learn how to self-host Docmost on your own server using Docker Compose and Traefik as a reverse proxy. A step-by-step tutorial for GDPR-compliant documentation.",1775388341179]