3. Turning data into business

Small and medium-sized enterprises (SMEs) that scale up achieve greater business performance. A change in scale signals the capacity of the firm to create new competitive advantages, or increase productivity, resource efficiency or profits (See Chapter 1).

For long, policy makers have paid close attention to scalers for their significant contribution to job creation, or their potential to drive innovation, especially in technology-intensive sectors or frontier areas (OECD, 2021[1]). For instance, while scalers only represent 13%-15% of SMEs in Finland, Italy, Portugal, the Slovak Republic and Spain, they contributed 47% to 69% of all new jobs by non-micro firms between 2015 and 2017. However, most of these scalers are mature firms operating in low-tech sectors (see Chapter 1), with about three-quarters of employment scalers having been established at least six years before the beginning of their high-growth phase (OECD, 2021[1]).

This diversity in scalers’ profiles and trajectories has increased concerns that policy makers may look for potential scalers in the wrong (or only in a limited number of) places and support them with the wrong instruments. So far, most of governments’ efforts in support of scaling up have focused on start-ups and enterprises enabling disruptive innovation, giving by default stronger emphasis on policies that influence market entry (such as taxation, competition or regulation), or policies that affect early business growth and technology development (such as R&D tax incentives, university spin-offs, or equity capital etc.) (OECD, 2016[2]).

New results from the measurement work of this pilot project call for a rethinking of scale up policies, starting with a better understanding of what the SME scaling up drivers are, the potential failures that require policy intervention and the form(s) of action governments could implement (see Chapter 1 for a more detailed discussion). Based on literature review and early evidence from the microdata work of this pilot project, there are a number of internal factors that can drive SME scale up: 1) innovation; 2) Investments in financial, human and knowledge-based capital, and 3) market and network expansion, including abroad. These drivers can operate in isolation or in combination. In this context, scaling appears to be a strategic choice and most often a firm-driven process, with the associated transformation(s) often beginning before actual scaling materialises (OECD, 2021[1]).

More specifically, scalers tend to invest more in dedicated IT resources, as evidenced by a systematically higher share of IT employees in these firms, across all sectors, and at all stages of their transformation (before, during and after the scaling-up phase) (see Chapter 1). This suggests a higher digital intensity of future scalers which require above-average ICT handling capacity. In this context, the volume of data these firms access or generate is likely to increase, implying in turn a need to raise internal capacity for data management and for addressing a possibly greater exposure to digital security risks (OECD, 2021[3]).

Better access and use of data, and data-related technologies and skills, could help SMEs raise capacity to operate in a sustainable way at a higher scale of performance. There are multiple data types, with multiple data applications possible across sectors, or within the firm across business functions (see Box 3.1). These applications are poised to give tremendous opportunities to smaller businesses to pull on scale up levers, e.g. by achieving greater cost or resource efficiency, specialising or differentiating products, innovating with new data-enabled or data-enhanced business models, increasing own-financing capacity, or expanding markets and networks including abroad (see Chapter 1).

Improving SME data governance has thus emerged as a potentially critical condition for scaling up, and a central point of policy attention in support of job creation and the deployment of more sustainable and resilient business models. The cross-country analysis presented in this chapter seeks to provide an overview of how SME data governance policies shape across OECD countries, and will feed relevant policy lessons into a broader body of work on the subject (see Box 3.2).

This chapter starts by introducing data governance as an emerging policy field that is critical to SME scale up and presents the rationale for policy intervention by discussing key opportunities and barriers for SMEs in this area. It then proposes an analytical framework for mapping relevant national policies and institutions in this area. Based on cross-country analysis of 487 policies and 209 institutions across the OECD, the chapter then provides an overview of the character and intensity of public efforts to improve SME access to, protection and exploitation of data, as well as on the institutional and governance arrangements for implementing national policy mixes.

Businesses have long been using data, but in recent years both the scale of data usage and their central importance for many business models have grown exponentially, as reflected by increasing data traffic around the world and the global use of data centres (OECD, 2021[13]).

Progress has been driven by the deployment of key technologies that improved the conditions for storage, processing and use of data (see Box 3.3). Combined together, the Internet of Things (IoT), big data analytics and cloud computing have increased firms’ capacity for prototyping, decision making and automation (OECD, 2017[15]) (OECD, 2021[3]).

As a result, data are increasingly generated across business operations, e.g. production and delivery (process data), and compiled at various stages of business transactions (user, consumer and supplier data) (OECD, 2019[18]). The growing variety of data types and applications across business models and industries suggests that data governance will play a key role in corporate strategies and policies, and may ultimately also prove pivotal in driving business scale up.

  • Process data for instance can improve stock management, logistics and maintenance, and business reactivity to just-in-time production requirements. They also increase the scope of efficiency gains including in terms of energy and resource consumption, or waste generation. Data can help reduce operation costs along the internal value chain of the firm and generate productivity gains, without need for the firm to create additional mass.

  • User, consumer and supplier data, on the other hand, are crucial for developing market knowledge, improving customisation and shaping new products and business models. Data can help scale up capacity for product differentiation and market segmentation, as it enables businesses to gain insights on their customer base (“Know Your Customer”). Data also offer opportunities for achieving greater regional and global reach through network effects, or by reducing information asymmetry on markets.

In addition, better access to external data, including for example open government data, can allow entrepreneurs to develop innovative commercial or social goods and services, as well as create new business opportunities for data intermediaries, including data brokers, mobile apps and personal information management systems (OECD, 2019[7]). A recent study finds a significant and positive relationship between open government data and levels of entrepreneurship, especially in countries with high institutional quality. At the same, publishing government data alone does not seem to be sufficient to boost innovative entrepreneurship, rather governments need to focus on a broader set of policy initiatives that promote good governance, including rules related to contractual relationships and market exchanges between data publishers and users (Huber et al., 2022[19]).

As a result, data is emerging as a strategic asset for an increasing number of SMEs. In the OECD, they already represent the majority of businesses in sectors that process large volumes of data, such as professional, scientific and technical services, or sectors where data analytics and machine learning are poised to have a tremendous impact in the near future, e.g. retail, transport and logistics, travel, automotive and assembly and consumer packaged goods (OECD, 2019[18]) (OECD, 2021[3]). Table 3.1 illustrates how different data-driven applications may benefit SMEs in their operations and help them scale up through efficiency gains, enhanced innovation capacity, greater potential for diversification, differentiation and specialisation (typically, major levers on SME competitiveness) or network expansion, etc.

There are however varying degrees of capitalisation on data across business sectors, which will likely impact the degree to which specific SMEs can leverage data as a strategic asset. In 2019, for example, the Swedish government commissioned its Agency for Economic and Regional Growth to map the enabling conditions for SMEs to use data as a strategic resource and to identify particular sectors that hold most promise or face most challenges. The study identifies the Transportation and Storage sector as strategic for investment, with the sub-industry Road transport of goods as particularly relevant given the prevalence of SMEs in this sector, where access to real-time data sets has enabled new business models for transport activities. On the other hand, the study argues that the low digital maturity of the hospitality and construction industries, for example, made SMEs in these sectors less conducive to data-enabled business models (Tillväxtverket, 2020[20]). Such findings suggest that not all industries would benefit equally from targeted investments or policies related to data.

A growing body of literature offers empirical insights on the relationship between the adoption and use of data and firms’ performance. For instance, (DeStefano, Kneller and Timmis, 2020[21]) find that small firms in the UK that adopted cloud technologies were more likely to experience growth in both employment and revenue. Similarly, (Tang, Huang and Wang, 2018[22]) explored the adoption of IoT solutions at firm level and found that, controlling for industry, IoT adopters tend to display on average better financial performance (including return on assets, asset turnover and profit margins) than non-adopters. Lastly, (Müller, Fay and vom Brocke, 2018[23]) found that the adoption of big data related assets1 was associated with an average improvement in firm productivity of 3%-7%.

In the manufacturing sector, more specifically, a recent study by McKinsey found that predictive maintenance, system/ supply chain dynamic optimisation and Yield-energy Throughput (YET) analytics2 can deliver EBITDA (earnings before interest, taxes, depreciation, and amortization) margin improvements of as much as 4-10% for firms. By using these advanced data analytics, companies can determine the circumstances that tend to cause a machine to break and monitor input parameters so they can intervene before breakage happens—or be ready to replace it when it does—thus minimising downtime. Predictive maintenance typically reduces machine downtime by 30-50% and increases machine life by 20-40% (Dilda et al., 2017[24]).

While some firms lag behind, the digital age has facilitated the rise of firms at the cutting end of the technological frontier, whose current business models would not exist without the access to and use of data. Unlike firms whose operations are simply enhanced by data, some data-enabled firms rely on their ability to generate, collect and analyse data (Nguyen and Paczos, 2020[25]). Put differently, the more data-enabled a firm is, the more data represents a critical input into its productive activities, and data or data-related tools may be among the most valuable assets it controls. Based on this broad distinction, four categories of data-related business models emerge (Table 3.2).

As a result, markets increasingly value firms that can make use of the growing volumes of data they generate, which is notably reflected in the exponential growth that private equity investments in big data firms have experienced recent years. Data from Preqin Pro, a platform providing access to private capital and hedge fund data worldwide, suggests that venture capital (VC) investments in “big data” firms, which reflect the investors’ evaluation of the long-term value of the data assets owned by these firms, grew significantly over 2007-19, both in terms of the number of deals (9-fold increase, from 190 to 1702) and in terms of their value (15-fold increase, from USD 1.98 billion to USD 30.5 billion) (Figure 3.1).

Improved data governance can also create new opportunities for SMEs to grow and respond to growing environmental pressures, as well as the need for more responsible business conduct (RBC).

Efficiency gains can be achieved through energy and resource savings. Process data combined with an optimised use of data-intensive technologies, for example, enable consumption analytics and predictive maintenance (Table 3.1), which will help reduce wastage, and support the introduction of more environmentally-friendly practices in production process (Ortega-Gras et al., 2021[26]). This way, SMEs can identify operations at low energy consumption level, and implement strategies in order to modify their energy consumption practices curtailing carbon emissions. The deployment of smart grids and the Internet of Things (IoT) – a range of smart objects, sensors, devices and software that connect and exchange data - could also support data collection and transfer. For instance, Woodsense – a Danish SME – has created a product called “moisture meter”, which automatically monitors the moisture in timber structures through IoT sensors as a way to improve energy efficiency of building maintenance.3

In particular, the circular economy creates room for SMEs to scale up, because a circular approach - as opposed to the traditional linear one - raises business capacity to reduce costs, improve resource price predictability and increase resilience to supply disruptions. The circular economy carries a transformational and high profit potential for a broad range of industries, where SMEs are in the majority (Ellen MacArthur Foundation, 2015[27]). ‘Share’ models can help cut costs and improve performance in distributive trades (i.e. wholesale and retail trade) or accommodation and food services; ‘virtualise’ models in administrative and support services, legal and accounting and head-office consulting, as well as in a range of knowledge-intensive services; ‘loop’ models in construction, transportation and storage. The building sector, for example, could halve construction costs with industrial and modular processes.

In addition, SMEs embracing circular - and more broadly green - models could expand networks and benefit from access to emerging markets and obtain greater visibility to a customer base (OECD, 2019[18]). According to survey data, accessing new markets, together with saving material costs and creating competitive advantages, are indeed among the main reasons for European SMEs to take action towards more circular practices (Rizos et al., 2016[28]). SMEs can operate in circular and green supply chains in local markets that may be unattractive or impenetrable for large global firms, including in emerging economies and low-income countries. The circular economy also encourages a shift in business strategies towards more customer-focused design thinking for which smaller firms may have a comparative advantage due to their greater reactivity, local footprint, and proximity to end markets (OECD, 2019[18]).

To enable circular and green business models, SMEs need data. Information and data on the property of products and materials are required either as a way to create new products or for extending the lifetime of existing goods (Dubey et al., 2019[29]). With IoT devices compiling data across the value chain, firms that participate in the circular economy can obtain consistent and accurate insights on the conditions and functioning of assets (Suciu (Vodă) et al., 2021[30]). Without access to relevant data, however, SMEs will face barriers to repairing, refurbishing or upgrading goods and the development and creation of secondary markets will remain limited (Stahel, 2016[31]). To date, siloed data, lack of data interoperability and data standards remain indeed common barriers faced by actors of the circular economy (Nordic Innovation, 2021[32]).

Data is also instrumental to access sustainable finance or obtain eco-certification, a sesame to green markets and green public procurement. In recent years, markets, customers and investors have shown an increased interest in aligning decisions with environmental or personal values. As a consequence, more and more brokerage firms and mutual fund companies have started offering exchange-traded funds (ETFs) and other financial products that follow environmental, social, and governance (ESG) criteria (see Box 3.4) (Boffo and Patalano, 2020[33]). These criteria have become an increasingly popular way for investors to evaluate companies in which they might want to invest in, leading in turn to a soaring in the number of ESG indices, spurred by the growth in ESG-related data and benchmarks (Kuzmanovic and Koreen, 2022[34]). Eco-labels and green certifications also require business process data to estimate carbon footprint or environmental impact (Zhao, Guo and Chan, 2020[35]), and the increasing demand for sustainable products and services is likely to steer the development of green-certifications and further consumer demand for environmentally friendly goods (OECD, 2018[36]).

Accessing sustainable finance requires that SMEs are able to effectively respond to reporting requirements and leverage internal data (both financial and non-financial). ESG ratings rely mainly on self-reported data or proxy data that is often not verified or audited. The current quality of these data is likely to reflect the capacities of companies to adequately measure and report on their environmental performance and greening actions. This reporting burden likely disadvantages SMEs, because in many countries they are either not required to report on their non-financial performance – or simply have limited capacities to collect, measure and report on the relevant indicators (Kuzmanovic and Koreen, 2022[34]). A case in point is the 2020 EU Taxonomy Regulation4 which aims to create an EU-wide classification system for sustainable activities, but whose reporting requirements currently do not include SMEs, for which disclosure of relevant data remains voluntary. Recent research suggests indeed that there is an ESG scoring bias in favour of large-cap companies, and ESG ratings are positively correlated with the resources that companies devote to reporting, with larger companies that can dedicate more resources displaying higher scores (Boffo and Patalano, 2020[33]). In turn, higher ESG ratings can help advance capabilities in producing relevant data and metrics that conform to the needs of rating firms and a plethora of investors.

Business incentives to meet reporting requirements are likely to grow further, including among SMEs, with standardisation of ESG criteria. While there are many different solutions for ESG reporting for large and listed companies, dedicated solutions for SMEs are still scarce and the few existing ones can be found mostly in the emerging fintech ecosystem that deals with data collection for reporting purposes (Möslinger, Fazio and Eulaerts, 2022[38]). At the same time, regulators are increasingly standardising the definitions, data and methodologies with a view to limiting the scope for “greenwashing” in ESG (i.e. artificial elevation of environmental scores that provide a misleading picture of a company’s environmental performance). This, along with the development of sector/ industry specific metrics, should help overcome existing market inefficiencies and unlock useful ESG information from smaller companies by helping them prioritise their data collection efforts and develop core metrics that are most decision-relevant to equity and debt investors (Kuzmanovic and Koreen, 2022[34]).

A number of barriers, notably uneven access to data, technology and skills limit opportunities for SMEs in increasingly data-driven economies, frequently paired with a lack of financing options and burdensome regulatory requirements (e.g. related to personal data protection) (Bianchini and Michalkova, 2019[39]). A recent study examining how the EU General Data Protection Regulation (GDPR) can affect firm performance across 61 countries and 34 industries found that enhanced data protection reduces the financial performance of companies targeting European consumers. Importantly, the negative impact on profits among small technology companies was almost double the average effect across the full sample, suggesting that the compliance costs brought about by this regulation affect SMEs disproportionately (Chen, Frey and Presidente, 2022[40]). Outdated data infrastructures, data silos, as well as management practices or cultures that are not conducive to digital innovation and change, represent additional challenges inherited from analogue business models.

Taken together, these barriers largely reflect the key drivers of SME performance related to their business environment and access to strategic resources, as conceptualised in the OECD SME and Entrepreneurship Outlook (OECD, 2019[18]). A recent study demonstrates a widespread awareness of the benefits related to the use of digital platforms among EU SMEs operating across many sectors and exhibiting various levels of R&D intensity. It also points to a number of persisting challenges related in particular to scaling up activities, which is often hampered due to limited access to assets, resources, and markets. In this context, firms located in peripheral regions seem to face increased difficulties in finding complementary resources (De Marco et al., 2019[41])

In addition, the perspective of lower-income countries has so far largely been absent, even though they are likely to face increased barriers in terms of developing adequate legal and regulatory frameworks, and deploying the required broadband infrastructure. It is estimated that less than 20% of low- and middle-income countries have modern data infrastructure such as colocation data centers and direct access to cloud computing facilities, thus further limiting SME potential for accessing, creating and using data (World Bank, 2021[42]).

Overall, SME readiness to harness the value of data is strongly determined by their adoption level of digital technologies - and here, they tend to lag behind large firms, with adoption gaps typically larger the more advanced the technology is (OECD, 2021[3]). Even though digital technology adoption tends to spur further digital adoption, with cloud computing as prime example of a tool that can help SMEs leapfrog to more advanced technologies, effectively exploiting data generated within a business and implementing data-driven decision making typically requires significant complementary investments on the side of the firm. Such investments may include the purchase of hardware/ software to increase data storage and computing capacity, implementation of data-driven processes (management, supply chain), or the creation of a data analytics division, for which the required resources may not be proportional to the size of the firm (Brynjolfsson and McElheran, 2016[43]). At the same time, the fast evolving nature of data technologies, and extremely short technology cycles, may imply frequent investments into new tools, as well as high depreciation rates on the equipment needed, which may in turn act as a disincentive for SMEs and micro firms to invest. As a result, large enterprises are often better placed to absorb the necessary demands that data governance places on firms’ resources (Begg and Caira, 2017[9]).

Recent data on EU firms show that the share of large firms performing big data analysis in 2020 was 2.4 times higher than that of SMEs, suggesting that SMEs have not yet fully capitalized on data as a strategic asset, albeit with considerable differences across firm size (Eurostat, 2021[44]). Although SMEs continue to lag behind large enterprises, medium-sized firms (50-249 employees) are in fact on average 75% more likely to perform big data analysis compared to small firms (10-49) (Figure 3.2).

Gaps in adoption are broadly similar for cloud computing and IoT, with 38% of small firms using cloud technologies and 16% making use of IoT devices, compared to 72% and 38% of large firms, respectively. They are however more pronounced across more advanced technologies like AI and 3D printing, where the adoption rate among large EU firms in 2021 was four to five times higher compared to the EU average of small enterprises using this technology. More specifically, 28% of large firms used AI, compared to only 6% of small firms, and 17% of large firms had adopted 3D solutions, compared to only 4% of small firms (Eurostat, 2021[44]).

An increased volume of data SMEs may access or generate are making them also more vulnerable to digital security incidents. Such developments have been amplified by the COVID-19 crisis, where many SMEs in a rush to move operations online, left themselves exposed to new digital risks. Despite recent increases in the frequency and costs associated with cyberattacks, available evidence suggest that SMEs are less likely to undertake digital risk assessments or have insurance against ICT incidents. They are also less likely to be aware of digital security obligations and to implement security tests or regular backups (OECD, 2020[16]) (OECD, 2021[3]). The most common factors for the low uptake of digital security solutions are often the associated costs (Hiscox Ltd, 2019[45]), as well as a common misconception of being too small to be targeted (Abbott et al., 2015[46]). As a result, the implementation gap with regard to digital security practices between European SMEs and large firms was around 30% in 2020 (Eurostat, 2021[44])

Taken together, existing barriers to data governance may result in SMEs failing to manage, protect and value data to the same extent as other tangible assets that underpin their success, or in the same way large firms could do, thus foregoing the potential to improve business performance through the adoption of data intensive technologies.

What is more, the timing of technology adoption is crucial as early adopters of innovation tend to reap the largest benefits, while latecomers usually receive lower or even no benefits (OECD, 2021[3]). Therefore, SMEs’ overall lag in the digital transition is also an obstacle in generating and accessing more data, which may further widen the gap with more digitally-advanced firms, who are already reaping the opportunities of the data economy (OECD, 2019[18]).

One of the main barriers to data governance is SMEs’ lack of skills to adopt and effectively integrate relevant digital technologies in business processes, in particular as the adoption gap vis-à-vis large firms tends to increase the more advanced, i.e. data-driven, the technology. This includes notably a lack of capacity and networks to identify and access talent, higher job turnover, often due to less attractive remuneration and working conditions, resulting in higher relative costs in finding and retaining talent, as well as lower levels of management skills to anticipate needs. In addition, training requirements also typically imply elevated levels of time off the job and reskilling of SME staff, including the bearing of associated expenses. In this context, the financial costs of tailored training and development opportunities are relatively higher for SMEs, which constrains their capacity and willingness to invest in skills development (OECD, 2021[3]).

At the same time, there is a difference between digital literacy and advanced digital skills. While the adoption of advanced technologies can benefit all SMEs, including those operating in traditional sectors, not all SMEs need to develop or acquire the skills to code and produce software in-house. However, they do need to invest in internal capabilities so as to have an understanding of what advanced digital technologies (e.g. Block chain, Artificial Intelligence, Internet of things) could do for their business and how they could leverage them, even if they are provided by third parties. At the same time, the importance of early steps in the digital journey should not be overlooked, such as the benefits that small businesses may accrue by effectively using accessible digital tools that require basic skills, such as social media or launching a website. Acquisition and usage of basic digital technologies are the first steps toward more advanced digital adoption, which nonetheless demand strategic decisions for integrating the technology with the business model and process (OECD, 2021[47]).

Against this backdrop, the development of digital skills should be diffused across employees and managers and not be limited to ICT specialists. The share of firms offering ICT trainings to their employees, for example, seems to be positively correlated to the share of firms using social media across OECD countries, with a higher effect the smaller the size of the firm. Yet, across the OECD area, there is still a pronounced gap between large and smaller firms in terms of ICT training provided to non-ICT professionals (see Figure 3.3).

With regard to data governance in particular, while there is no common definition (or exhaustive list) of the skills that are typically required in data-related professions, there is a general convergence on key elements that are recurrent across online job postings in the field. Overall, it is estimated that by 2030, an estimated 90% of jobs will require some level of data skills in order to access the opportunities of the global digital economy (ICTworks, 2022[48]). Typically, data analysts are required to have a well-developed toolbox of technical skills, combined with a number of soft skills (see Box 3.5 for an overview).

This is also reflected in a recent OECD study analysing the skills sets (“skills bundles”) demanded in artificial intelligence (AI)-related online job postings, based on Burning Glass Technologies’ data for the United States and the United Kingdom over the 2012-19 period. The paper finds that with regard to skill bundles related to programming, management of big data and data analysis, skills related to the open source programming software Python and to machine learning represent “must-haves” for working with AI. Employers additionally value specialised skills related to data mining, cluster analysis, natural language processing and robotics. Beyond the technical dimension, network analysis relating AI skills to general skills highlights the growing role of socio-emotional skills, including notably communication skills, problem solving and creativity, while for managers in the AI field, presentation skills, planning, budgeting and business development are also important (Sameki, Squicciarini and Cammeraati, 2021[53]).

Data assets increasingly form the majority of firms’ value. Recent OECD analysis seeking to provide an estimate on the value of data suggests that production of data assets covers nearly 40% of intangible investment (ranging from data stores with raw records of data over structured databases ready to be exploited to advanced data intelligence, which reflects the further integration of data with advanced analytic tools). While there is no one-to-one correspondence between components of intangibles and different data asset components (sometimes also referred to as data stack or data value chain), intangible investment is likely to include most forms of data intelligence, which tends to represent the most valuable stage of the value chain and can take on many forms, including e.g. data tools/ apps and databases, but also related scientific/ engineering design, marketing, or business strategy (Corrado et al., 2022 forthcoming[54]) (Corrado et al., 2022 forthcoming[55]).

To protect their data and/ or related data-enabled products and activities enterprises can resort to intellectual property rights (IPRs). As data is a non-rival good by nature, i.e. multiple agents can use them at the same time, IPRs can provide innovators with a temporal monopoly in this context (Ilie, 2014[56]). Among the formal IPRs such as patents, trade secrets, trademarks, copyrights and industrial designs, some can be particularly suitable for businesses to appropriate the value of their data and secure a return on their investments in intangible assets (including data software and external data) (EUIPO, 2020[57]). Recent evidence on European SMEs documents the benefits of IPRs for high-growth firms. In particular, SMEs with prior IPR activities are more likely to grow than other SMEs, and SMEs that use bundles of trademarks, patents and designs instead of a single category of IPR, are even more likely to achieve high growth (EUIPO, 2020[57]). Similarly, recent data suggest that trademarks are the basic building block of effective IP bundles. Business surveys provide further evidence on the effect of IPRs on SMEs scaling up (EUIPO, 2019[58]). After registering their IP rights, 54 % of SME owners claim to have seen a positive impact, through an increase in reputation (52 %), turnover (39 %) and ability to access new markets (37 %).

However, SMEs face some challenges in applying IPRs that might hinder them from scaling up operations through data. In particular, while there is a large range of IPR mechanisms that could be used, they do not apply to data and data repositories to the same extent, thus raising the level of complexity SMEs may have to deal with. For instance, datasets are protected by copyright, with different levels of protection in the EU and in the United States. Algorithms and other methods for data processing and analysis, on the other hand, can usually not be protected through copyright, but through trade secrets6 (Maggiolino, 2019[59]) (IusMentis, 2005[60]). Unlike patents, trade secrets are protected by law on confidential information, e.g. confidentiality agreements or non-disclosure or covenant-not-compete clauses (OECD, 2019[18]).

Historically, SMEs have faced various barriers in using and applying intellectual property, with latest innovation surveys showing significant gaps among size classes of firms in using IPRs. While trade secrets remain the most popular IP solution for SMEs, only 9% of small enterprises were using trade secrets as compared to 13.7% of medium-sized enterprises and 21.5% of large ones in 2018 (Eurostat, 2021[61]). Similarly, there were on average three times more large firms applying for trademarks and copyright than small enterprises, and gaps are even more pronounced in the area of patents and industrial design, where the share of large firms leveraging these mechanisms is roughly four times higher than those of small firms (Figure 3.4).

Among the common barriers faced by SMEs in using and exploiting intellectual property are the lack of awareness, lack of legal skills as well as the high cost of application and enforcement procedures (Agostini, Filippini and Nosella, 2016[62]) (Sukarmijan and Sapong, 2014[63]). In particular, SMEs report the length and complexity of related procedures, or the risk of potential litigation and difficulties enforcing IPRs as the main reasons for not taking any measure, with only 17% of surveyed firms having a dedicated unit in place to monitor their IPR infringement in 2019 (EUIPO, 2019[58]).

Finally, the protection of data and databases through IPRs may limit the availability of external data SMEs can use, or increase the costs for accessing these data, especially for smaller scale businesses, and in fine limit the potential for effective data sharing. In addition, while trade secrecy and IPRs do not offer the same level of protection to the same sorts of assets and are complementary by nature, trade secret law is more difficult to enforce than a patent, and is set within national legal frameworks that apply to a certain jurisdiction, limiting transnational data transfers (OECD, 2019[18]).

With data emerging as a key driver of firm performance, and possibly a major barrier for business scale-up, there is a need to ensure more even data access and use for smaller firms, and to better understand the extent to which governments account for these issues in their national policies.

What is at stake goes beyond the employment benefits SME scaling up can bring, as a broader transformation capacity within the SME population could also drive the broader deployment of more sustainable, responsible and greener business models. If SMEs cannot achieve their full potential through better data governance, there may be a broader loss of opportunity to create the collective capacity that is required to reduce greenhouse gas emissions and address the urgent challenge of environmental degradation – at least in certain contexts or industries (see Chapter 1).

SME data governance has emerged as a multidimensional challenge reflecting the diverse set of internal- and external-to-the-firm barriers, and calling for a holistic approach in policy making – both in terms of institutional set up, as well as in terms of the policy mix. Yet, policymakers and regulators continue to face difficulties in defining a common ground and language for discussions, co-operation and coordination in this area, as they naturally tend to focus on aspects that are relevant to their policy domains (OECD, 2022 forthcoming[14]).

This section presents the analytical framework, sources and methodology used to identify emerging practices in this new policy field and inform policymakers on existing policy options with regard to how they can help SMEs better use data, build a data culture and improve data governance within the firm (OECD, 2021[13]).

This provides the bases of an international policy mapping of policies and institutions across the 38 OECD member countries in relevant areas. The mapping exercise aims to identify to which extent national policy initiatives pursue (one or several) specific data governance objectives, identify the key institutions involved at the national (and where possible and relevant at subnational and international level) and diverse set of policy instruments they mobilise (see Chapter 1 for operational definitions),

Policies in support of SME data governance aim to help SMEs turn data into economic value and capitalise on internal and external data to scale up capacity and grow business. Adopting the right cultural, policy, institutional, and technical environment could enable firms of all sizes and sectors to control, manage, share, protect and extract value from their data – and address relevant barriers in this context. In line with the OECD Going Digital Horizontal Project on Data Governance (see Box 3.2), the strategic objectives of SME data policy are depicted in Figure 3.5.

Policy intervention for improving SME data governance falls into two categories according to the strategic objectives it pursues. First, SME data policy can aim to improving SME access to external data, which is largely shaped by the degree of openness the policy environment allows for (but also the willingness of business partners to share data). Second, SME data policy can aim to incentivise and enable better exploitation and protection of data within the firm, both approaches aiming ultimately to greater business, economic, environmental or social value for the firm.

On that basis, five distinct data policy (sub-)objectives emerge, whose realisation mostly depends on an interplay between (infrastructure) investments and standards, on the one hand, and the availability of necessary assets, including technology and skills, within the firm, on the other hand.

Policies aiming to improve SME access to external data

  • Data access and sharing: increase SMEs’ overall access to data as an economic asset, including both open-source data, but also data from business partners and other relevant bodies via relevant sharing mechanisms.

  • Data infrastructure and interoperability: create the necessary (physical) infrastructure and conditions to allow for effective sharing of data via common standards, platforms or networks that bring together SMEs with other relevant players from their ecosystem (large firms, academia, etc.)

Policies aiming to strengthen SME exploitation and protection of data within the firm

  • Data use, quality and valorisation: enable SMEs to optimise the use of their data (whether internally generated or accessed externally) to create value for their business through relevant digital technologies and practices (e.g. data analytics).

  • Data protection and security: ensure that SMEs have the relevant safeguarding mechanisms (e.g. technologies, processes, as well as awareness and behavioural capacities) in place that allow them to protect their data in the same way as they (ideally) protect other business assets – both from external attacks/ infringements as well as from internal misuse.

  • Data culture and skills: strengthen awareness about the importance of data governance issues among SMEs and foster the development of relevant (digital) skills and skills strategies at firm level.

With barriers to better data governance arising in multiple areas, public intervention is becoming more pervasive across different (and non-IT) policy domains. Against this backdrop, the mapping exercise has screened several policy areas simultaneously in order to identify relevant institutions and initiatives that aim to achieve one (or several) of the policy objectives identified above, as well as assess to which extent they address the specific challenges faced by SMEs in this area.

It looked at policies aiming to scale up SME’s internal capacity to access, share, manage, protect and leverage the value of their data, as well as at more structural elements, which shape the overall business framework and market conditions related to data. In line with the OECD SME&E Outlook and Strategy (OECD, 2019[18]) (OECD, 2021[64]), the framework is thus based on the assumption that looking at specific SME-targeted measures to encourage better SME data governance is a too narrow focus to understand how SMEs are effectively enabled (or hindered) in their data transition, and a broader set of policy measures and levers need to be considered.

The mapping exercise starts therefore with an institutional mapping of the national governance arrangements and structures pursuing the SME data governance objectives above, on the basis of keywords and concepts search and text analysis (e.g. data access, data use, data protection, data infrastructure, cybersecurity etc.). Then the relevant policy initiatives these institutions administrate (alone or through joint implementation with other institutions) are identified, still on the basis of the same concepts and further text analysis.

For initiatives and institutions, where objectives on data governance are not articulated specifically, but which are likely to have an impact on SMEs’ capacity to turn data into value (either through greater access, upskilling or capacity building), additional criteria related to specific data-driven technologies are used (i.e. AI, machine learning, big data/ data analytics, cloud computing services, block chain, hardware/ software, 5G, 3D printing, IoT, robotics, etc.).

The mapping is consolidated based on an analysis of each institution and policy measure with a view to ensuring their respective relevance to the topic. Table 3.3 provides an overview of what the exercise entailed.

Governments have a diverse set of policy instruments at their disposal to address generic or SME-specific data-related challenges (see Table 3.4). Some guiding instruments have coordination functions and ensure overarching policy governance (e.g. Multi-annual Strategies or Action Plans).

Policy information is drawn from official sources (e.g. national strategies, action plans, websites of relevant Ministries and agencies, etc.), as well as OECD reports and publications, through desk research. In particular, the work builds on recent work on SME digitalisation (OECD, 2021[3]) and ongoing OECD activities on data governance, carried out as part of phase III of the OECD Going Digital project (see Box 3.2). Information is collected at institutional level. The information collected is structured and encoded, and made available through an online interface for the purposes of easing consultations and enabling re-use.

The policy work builds on similar exercises (EC/OECD, 2021[66]) (UNESCO, 2018[67]) (EC/OECD, 2016[68]) (OECD, 2012[69]) and follows the approach proposed by Meissner and Kergroach (2019[70]) to monitor and benchmark innovation policy mixes. Developments are also coordinated with the EC/OECD project on foreign direct investment (FDI) spillovers on SME productivity and innovation that follows a similar approach for better understanding how public policies at national and regional levels can help strengthen FDI-SME linkages and increase productivity and innovation spillovers for local development and resilience (OECD forthcoming, 2022[71]).

Finally, the policy mapping and the experimental visualisation dashboard developed for the EC/OECD SME Scale Up project serve as a “proof of concept” for the OECD SME&E data lake (CFE/SME(2021)20). Going forward, the ambition is to build towards a broad-based rollout of policy indicators and a harmonised policy database across OECD countries and regions that increasingly leverages the breadth of information that is collected throughout the thematic projects.

OECD countries have acknowledged the growing importance of data as a key source of growth and resilience in the 21st century and have done increasingly more to encourage investment in data enabled technologies and promote data sharing and reuse. A 2015 OECD report suggests that governments have been acting to seize these benefits by training more and better data scientists, reducing barriers to cross-border data flows, and encouraging investment in business processes to incorporate data analytics. However, it also stressed that at the time few companies outside of the ICT sector were able to change internal procedures to take advantage of data (OECD, 2015[72]).

This section looks at how SME data policy mixes have shaped recently, which priority is given to different aspects of data governance, the balance between targeted and generic approaches to fostering SME data governance, as well as the institutional arrangements in place to support policy design and implementation. It also intends to identify commonalities and differences in policy intervention across countries, and assess the overall intensity of public efforts in this emerging policy area. It builds upon a pilot mapping of 487 national policies and 209 institutions conducted between June 2021 and February 2022 across the 38 OECD countries.

With barriers to better data governance arising across multiple fields, public intervention is becoming more pervasive across different (and non-ICT) policy domains. As a result, the scope of SME data policies tends to cut across a number of policy areas – with some measures directly linked to data issues and others addressing them in a more indirect way; with some measures applying to businesses (or business conditions) and citizens alike, and others targeted specifically at SMEs. This diversity also reflects more broadly the diverse forms of policies and policy frameworks that can affect the SME and entrepreneurship (SME&E) business environment and performance (OECD, 2019[18]) (OECD, 2021[64]).

On that basis, the “policy universe” of SME data governance can be situated at the intersection of the three main areas encircled in red in Figure 3.6, namely SME&E policy, innovation policy (incl. digitalisation) and ICT infrastructure policy. Relevant measures that aim to enable SMEs to better exploit and manage their data are often – implicitly or explicitly – weaved into wider SME digitalisation (and innovation) measures, without necessarily articulating specific objectives on data governance. Rather, they target complementary investments, including cloud computing, skills and organisational capital, thus encouraging firms to invest and use data.

In addition, and without being the focus of the mapping at this stage, measures falling into other policy domains, such as regulatory, competition7, trade or labour market policy, could have a direct bearing on data governance in SMEs. Economies of scale in data collection, for example, typically increase the value of networks as more participants join platforms. Competition policy can thus play a critical role in preventing a concentration of market power that precludes the entry of small firms and ensure that producers and consumers equitably share the value created by platform-based business models.

The cross-cutting nature of SME data policies results in countries having put in place a diverse set of governance arrangements, which tend to increase the number of institutions for policy design and implementation. An overview of implementing institutions is depicted in Table 3.5.

In this context, several distinct models of public governance emerge that characterise implementation of national SME data policies. Out of a total of 209 institutions mapped across OECD countries with responsibilities in improving SME access and use of data, different types of structures exist, with a relatively broad range of mandates, and organised along different governance models. Consequently, attention has been paid to joint programming as the main coordination mechanisms to the extent available information allow.

Most OECD countries rely on diverse institutional set ups, including a range of Ministries, autonomous government agencies, public-private agencies and other institutions, for implementing SME data governance policies. In fact, only in Costa Rica, Germany and Mexico, SME data policies are exclusively implemented by ministries.

The most frequent implementation body is the autonomous government agency with a special mandate, representing 38% of the mapped institutions. This includes, for example, the Lithuanian Agency for Science, Innovation and Technology, who is in charge of implementing half of the mapped policies in the country. Another example is the Norwegian Digitalisation agency that implements initiatives such as the guide for mapping digital security culture, the national toolbox for data sharing and the National Data Catalogue. Another 37% of implementing institutions across the OECD are ministries, with a particular prevalence of ministries in charge of ICT and of economic affairs, including industry, commerce and trade. The Federal Ministry for Economic Affairs and Climate Action, for instance, is involved in the implementation of 64% of SME data governance policies in Germany.

Other actors involved in the design and implementation of SME data governance policies include public-private agencies and other organisations such as public research institutions or associations, which taken together represent 13% of the mapped institutions. The Danish Digital Initiative (MADE Digital), for example, facilitates SME adoption of data-intensive technologies through partnerships between public and private institutions, and is implemented by the Manufacturing Academy of Denmark. Finally, some OECD countries have also created specialised units or directorates within ministries in an attempt to better mainstream SME digitalisation and data issues into their policymaking, which correspond to 11% of the mapped institutions. This is for example the case of the unit for the future and the social adoption of technology (FAST unit) within the Chilean Ministry of Economy, Development and Tourism. This unit aims to provide support to SMEs in adopting advanced digital technologies by leveraging, among other things, the Ministry’s “Digitalise your SME” initiative - originally created to strengthen SME engagement in e-commerce - as an umbrella for its more recent efforts.

There is a strong prevalence of institutions that have innovation, SME and entrepreneurship, ICT infrastructure and trade policy as their core mandates (Figure 3.7). Looking at the relative share of mandates across all implementing institutions, innovation policy emerges as the most prevalent core mandate, representing on average 30% of mandates among implementing institutions in a country, followed by SME&E policy (12%). In addition, as data access and usage require physical and digital infrastructure, unsurprisingly, ICT infrastructure policy features as the third most common core mandate among implementing institutions (10%). Finally, trade policy (6%) is also among the core mandates of ministries and departments that are commonly involved in the design and implementation of SME data governance policies, certainly highlighting the commercial nature of data and the fact that it is a tradable good that frequently involves cross-border transactions.

In addition, the cross-cutting nature of data governance issues results in a sometimes significant share of other institutions with more “peripheral” core mandates and less obvious links to digital/ data issues forming part of the institutional landscape. This share ranges from over two thirds of policies in Iceland and Mexico to a little over 12% in Japan and includes mandates such as FDI/Investment promotion policy, regulatory policy and regional & local development policy. In Costa Rica, for example, the Ministry of Agriculture and Livestock is in charge of implementing the “Agroinnovation 4.0”, a programme for promoting the adoption of Industry 4.0 technologies in SMEs of the agricultural sector.

Overall, the distribution of core mandates across implementing institutions clearly shows that SME and entrepreneurship policy is NOT the focus of the majority of these institutions. Across the 209 institutions involved in improving SME data governance, only 26% of them have SMEs in their core mandate. As a result, a good portion of them is unlikely to be used to explicitly taking SME considerations into account when developing polices. This in turn suggests that there might be challenges in addressing the specific barriers that these firms face with regard to data governance issues, and also explain the relatively low share of SME-targeted policies in this context. These findings may call for a greater attention to mainstreaming SME&E considerations into policymaking.

As SME data policies tend to cut across multiple policy areas, there is a strong need for increased coordination among institutions to mitigate policy fragmentation. A network analysis8 of the institutional set up has been carried out for a sample of 15 countries, based on geographical balance across OECD members9 These networks depict the links between institutions and identify the locus (or loci) of the national data policy landscape. They allow for a better visualisation of the different sets of institutions and the heterogeneity of governance arrangements across countries, as well as on relevant coordination mechanisms that are necessary to implement SME&E data policies.

The network analysis of joint programming and joint responsibilities suggests that about half of the identified policies (50.6%) are implemented by two or more institutions, thus requiring varying levels of interaction and coordination. Overall, three different forms of institutional and governance arrangements emerge for the design and implementation of SME data policies: centralised, diffused and blended. A detailed description of these three governance arrangements is presented below.

The institutional and governance landscape for SME data policies in Estonia, Chile, Sweden and the Republic of Türkiye is centralised. This implies that even though there might overall be a relatively large number of institutions in charge of implementing SME data governance policies, there is one predominant institution that is involved – either alone or together with other institutions - for implementing most of the identified policies. In the case of Sweden, for example, the implementation of SME data policy governance gravitates around the Swedish Agency for Economic and Regional Growth (Figure 3.8). The agency is the main implementing institution for only one initiative - the CHALLENGESGOV.SE Platform, which organises innovation competitions and major hackathons around current societal challenges and encourages participants to make use of different public data sets in this context. At the same time, it is also involved in the joint implementation of three (out of the seven) initiatives alongside other Swedish institutions, including policies for enhancing SMEs data skills, as well as the adoption of robotics, AI and big data.

In the case of Estonia, the leading institution on SME data policy is the Ministry of Economic Affairs and Communications that is involved in implementing six (out of thirteen) initiatives. The Ministry is for instance in charge of implementing Digital Diagnostics, a SME-targeted grant provided to carry out a diagnostic with regard to the digitalisation and automation of manufacturing, mining and quarrying activities.

In Chile, the prevalent SME data policy institution is the Ministry of Economic Development and Tourism, which is in charge of implementing four out of the nine mapped policies, taking for instance part in the implementation of the “Digital route” programme that aims to enhance SME digital skills.

Lastly, in the Republic of Türkiye SME data governance policies are equally centralised under a single Ministry, namely the Ministry of Industry and Technology, which is responsible (alone or jointly) for the implementation of eight out of 17 Turkish SME data policies.

The blended governance model where not one but two central organisations form the loci responsible for the implementation of the largest number of policies is prevalent in Austria, France, Germany, Ireland and the United Kingdom.

The French institutional arrangement, for example, situates the Ministry for the Economy and Finance as well as the French Public Investment Bank (BPI France) at the centre of the governance network, with both institutions directly and/ or jointly implementing 12 out of the 19 SME data governance policies (see Figure 3.9). While the Ministry for the Economy and Finance is in charge of developing SME&E policy, BPI France contributes to the promotion of high-growth industries through the provision of dedicated financing instruments, including notably equity capital. The complementarity between the core mandates of these two institutions is for instance reflected in the Industry for the Future initiative. This is a national strategy developed by the Ministry for the Economy and Finance that aims to modernise the French industry - and in particular SMEs - through the development of relevant workforce skills and capacity building that can facilitate the adoption of data-enabling digital technologies, including through loans provided by BPI France.

The institutional patterns differ in the institutional set up for Austria, Germany and the United Kingdom. In those countries, two ministries serve as the centre of the two policy clusters. For instance, in Austria they are centred around the Federal Ministry for Climate Action, Environment, Energy, Mobility and Technology and on the Federal Ministry for Digital and Economic Affairs. In Germany, SME data governance policy gravitates around the Federal Ministry for Economic Affairs and Climate Action and the Federal Ministry for Education and Research that together implement 14 out of 16 policies. In the United Kingdom, the Department for Digital Culture Media and Sports and the Department for Business, Energy & Industrial Strategy interact with over eight institutions for implementing 40% of the existing policies. Lastly, for Ireland the loci of SME data governance are located around the Department of Enterprise, Trade and Employment and Science Foundation Ireland, an agency operating under the auspices of the Department of Further and Higher Education, Research, Innovation and Science, who is in charge of funding (applied) research.

A diffused governance model can be found in Italy, Norway, Portugal Slovenia, Spain and Switzerland, with a rather decentralised institutional landscape, where the implementation of SME data governance policies is not concentrated in one or two clusters, but distributed across multiple implementing institutions. The Italian network of organisations responsible for the deployment of SME data governance (Figure 3.10) illustrates that there are three major clusters around the Ministry of Economic Development, the Ministry of University Education and Research and the Presidency of the Council of Ministers. These clusters are connected through an inter-ministry collaboration in the implementation of SME data governance policy. Moreover, with almost all nodes representing a Ministry, these institutions heavily dominate the Italian SME data governance landscape as ministries account for 58% of the institutions that directly or jointly implementing SME data governance policies. Remaining institutions include not only autonomous agencies but also the Senate, as the creation of the National cybersecurity agency represented a legislative initiative.

A similar pattern is observed in Spain, where six ministries are in charge of the implementation or joint implementation of the vast majority of SME data governance policies. In addition, contrary to what is seen for Italy, there are two initiatives – the Cybersecurity Helpline and the GDPR Guides for Spanish SMEs - that are implemented solely by the Spanish Data Protection Agency and the National Cyber Security Centre.

A somewhat different diffused governance model is observed for Switzerland, where the implementation of 11 policies takes place through six small and rather independent clusters. The existence of these unconnected clusters suggests less horizontal coordination among the implementing institutions, which might be linked to the federal system of the Swiss state that calls for context-specific coordination mechanisms and arrangements.

With the increasing importance of data for their socio-economic outlook, governments have started incorporating relevant data governance dimensions into their policy mix. In particular, data issues now feature regularly in comprehensive national economic development strategies, action plans, and other multiannual strategies, over one third of the mapped policies represent such wider framework and public policy governance instruments. The relatively high prevalence of these instruments vis-à-vis others suggests that data governance remains an emerging policy field, where many efforts continue to focus on broader governance considerations and overall few dedicated data initiatives, especially for SMEs.

Within these wider plans, national strategies on Artificial Intelligence (AI) or Industry 4.0 serve as a specific example of policy governance instruments that give a particular focus on data-heavy digital technologies, sometimes with a dedicated focus on increasing their uptake among SMEs. National AI strategies10, for example, define policies and institutional frameworks for guiding the design and use of AI and increasingly tend to formulate strategic policy objectives related to SMEs and data (OECD, 2021[3]). As such, they have significantly contributed to putting SME data governance issues on the policy agenda. The Italian National AI Strategy, for example, includes a range of initiatives, including tax credits for trainings on AI related skills, voucher schemes for consulting services on AI technology adoption, as well as broader curriculum changes in higher education institutes, with new AI courses to train students in generating and interpreting AI applications and results.

As a response to the growing severity of cyber threats and data breaches, many OECD governments have also developed dedicated national cybersecurity strategies. While in the past, cybersecurity policies were mainly focusing on public networks and national security systems, more recent efforts in this area have expanded in scope, aiming to also protect private information networks, functions, and data. As a result, recent cybersecurity strategies include measures on education, training and awareness raising for SMEs, as for example the case in Luxembourg’s National Cybersecurity Strategy IV. In this context, for example Chile and Italy have created dedicated cybersecurity agencies to allow them to protect both public and private networks, including protection from data breaches. Such developments suggest a shift toward a broader approach in this area, with the objective of creating a safe digital ecosystem for businesses, including for SMEs and Start-ups.

Overall, national digital strategies seem to indicate an evolution of government approaches towards explicitly acknowledging the economic value of data. While some years ago, data policy was limited to open public data initiatives, where data was conceived as an input for designing evidence-based policies and improving the efficiency and service of public administrations, data is now increasingly being recognised as a strategic innovation asset for improving firms' competitiveness. The UK Data Strategy represents a specific example in this regard, which was launched by the British Department for Digital, Culture, Media and Sport in 2019 with the aim to support better use of data in the public sector, businesses and third sectors, as well as to encourage investment, entrepreneurship and innovation in the digital sector. Colombia’s National Data Infrastructure Plan, on the other hand, places particular attention on promoting data exchange among different actors through relevant governance models and infrastructure, such as data trusts, data commons and data marketplaces.

At the same time, specific provisions for SMEs in such strategies have remained rare to date. A recent example includes Sweden, which released the "Assignment to promote the ability of small and medium-sized enterprises to use data as a strategic resource" in 2019, delegating to the Swedish Agency for Economic and Regional Growth the responsibility of 1) mapping the conditions for increasing SMEs’ ability to use data strategically, including in those sectors that have the greatest potential to develop the work with data and realize its potential, and 2) promoting their ability to use data as a strategic resource through targeted knowledge-raising initiatives.

Lastly, it should be highlighted that subnational governments are responsible for 57% of total public investment and 40% of total public expenditure across the OECD – and thus increasingly in charge of executing government programming and expenditure across a wide range of areas (OECD, 2019[73]). In this context, the digital transformation of subnational governments can also represent an additional level of policy intervention, in particular for strengthening local economies through entrepreneurship with business models based on data analytics. While subnational efforts have not been the focus of this pilot phase, Box 3.6 provides an overview of selected initiatives at city, regional or municipal levels.

Countries are placing a greater focus on policies to strengthen SME internal exploitation and protection of data. An overview of the relative weight that the five data policy objectives take across the mapped policy initiatives in OECD member countries is shown in Table 3.6.

In relative terms, the vast majority of initiatives (72%) across the OECD focuses on enhancing the capacity of SMEs to effectively exploit and protect their data. Many different types of policies fall under this category, ranging from SME targeted training programmes and subsidised technology procurement, over smart factory/ industry initiatives to broader national strategies on digitalisation or AI, among others (Figure 3.11). Importantly, within this category policies attempting to capitalise on data’s business value are typically being developed alongside digital security policies (i.e. protection against cyber-attacks or respecting data privacy) – e.g. by facilitating firms’ access to data-intensive technologies or data-based business analytics, while raising awareness around cybersecurity issues. This reflects the complementarity of measures that frequently respond to several data policy objectives at once and may signal an emerging process of mainstreaming the notion of “data as a strategic asset” within the policy mix of OECD countries.

Less focus is given to enabling SME access to external data. Only a small share of initiatives - less than one third (28%) - is oriented toward improving data-sharing mechanisms or the deployment of data related infrastructure. These often take the form of more horizontal or framework-oriented policies, such as national strategies or the establishment of specialised agencies and research centres, which aggregate all or several data governance objectives by virtue of their wider scope, but which rarely focus on SMEs. A “classic” example in this context are open data portals, which exist today in the majority of OECD countries and increasingly display more interactive features that aim to facilitate the use and contribution of a broad set of stakeholders.

At the more granular level, where the external access vs. internal exploitation dichotomy is further articulated across the five data objectives, a more heterogeneous picture emerges. Notably, close to two thirds of policy initiatives (64%) seek to promote data culture and skills among SMEs11, suggesting that many countries address data governance issues and related adoption of advanced digital technologies from an educational and training entry point.

Relevant training initiatives, for example, are typically characterised by an offer that places a particular focus on more specialised technical skills necessary to work with data, including e.g. IoT and /or cybersecurity. This is supported through targeted funding for the activities of high-tech research institutions and academia-industry clusters. Examples include the Republic of Türkiye’s increased research funding for “strategic” technologies through dedicated centres (e.g. the Strategic Technology Transformation Research Centres) or Estonia’s Business Agency funding “Technology competence centres” in order to provide SMEs with the technical capabilities to deploy ICT-based solutions, data driven business models and encourage knowledge sharing between researchers and SMEs. Another example are the Australian Industry 4.0 Testlabs initiative that are facilities at research and education organisations like universities where experts provide tailored skills training and education programs for SMEs’ workforce.

However, as adopting data intensive technologies requires complementary investments in human capital, governments have also turned toward implementing more targeted initiatives for strengthening up- and re-skilling efforts among SMEs. In many cases, a first step often consists in some sort of assistance to help them navigate the increased training offer and identify the solutions that best fit their needs, with several types of policy initiatives to support the development of workforce skills in SMEs. Support measures mainly focus on reducing training costs for firms and promoting workplace training in the form of tax incentives, training subsidies (e.g. vouchers), and awareness raising, and often leveraging multiple public and private stakeholders as well as relevant networks.

As a result, much of the financial assistance available for innovation and (advanced) technology support focuses on the procurement of consulting services or digitalisation training, thus contributing to fostering data skills and culture among SMEs. For example, the Irish digitalisation voucher offers SMEs up to EUR 9 000 for purchasing advisory services that could support the design and implementation of measures to move toward a data-driven business. The Slovenian Voucher for raising digital competencies, on the other hand, offers funding to finance trainings to develop relevant managerial and workforce skills in the context of digitalisation projects within businesses.

The second most prevalent data policy objective is related to improving data use, quality and valorisation, with 41% of all mapped initiatives across the OECD aiming to advance in this area. There is a very diverse set of policies and instruments implemented for that purpose and typically in combination with other data objectives, that are frequently formulated as part of broader (SME) digitalisation policies. A large share of policies in this area are in fact technology adoption programmes, often specifically targeted at SMEs, aiming to support these firms with the take up of more advanced digital technologies that allow for the exploitation of large amounts of data. Many of these policies often aim to promote the adoption of AI, and/ or target specific sectors, such as manufacturing, industry or agricultural businesses/ SMEs. This includes, for example, Spain’s Agroimpulse initiative, which provides SMEs that operate in the agri-food value chain and in rural areas with financial support (loans) for the digital transformation projects including the adoption of data intensive technologies as well as for the AgriTech and Foodtech SMEs involved in the development of data-related technological solutions that benefit the agricultural sector.

In this context, a more emerging focus seems to be the effort of reflecting ethical standards or approaches in policies addressing data governance issues. This includes notably Denmark’s Digital Ethics Compass, which offers various tools/ guidelines and workshop modules to help companies adopt an ethical approach to data use and digital products. Another example is Finland’s IHAN business programme, which consist in a six-month training programme that aims to help SMEs develop new business models based on better and fairer use and sharing of data.

Data protection emerges as another “established” policy objective, with 24% of all policy initiatives being exclusively or partially dedicated to this issue across the OECD. Indeed cybersecurity acts, strategies and agencies now form a key ingredient of basically all countries’ policy mix, building on previous, but generally narrower efforts in this area (OECD, 2020[16]). In particular, whereas the protection of public networks has been standard practice for a number of years now, targeted support for data protection in the private sector, or for SMEs in particular, represents a more recent development that is not systematically found across countries12. Examples of the latter include the creation of a free cybersecurity helpline in Spain, where the Spanish National Cybersecurity Institute (INCIBE) offers personalised services including help with phishing, malware, and identity theft for citizens and enterprises, including SMEs.

In addition, several OECD countries have created national cybersecurity centres, mandated to protect countries against cyber-threats. These agencies have typically a broader mandate, but frequently also offer targeted support to businesses including SMES, through workshops, guidelines, certifications and trainings on how they can protect themselves against cyber-attacks and data breaches (e.g., UK National Cybersecurity Centre, French National Cybersecurity Agency, National Cybersecurity Centre Portugal).

Overall, only a smaller share of policies aim to strengthen data access and sharing and/ or improve data infrastructure and interoperability, with 15% and 12% of initiatives respectively responding to these two objectives. In Iceland, New Zealand, Portugal, the Slovak Republic and the United States, none of the mapped initiatives pursues either of these objectives. In the United States, for example, three out of the eight mapped initiatives focus on cybersecurity issues, with the remainder developed to promote the use of AI and other digital technologies. In addition, in a number of countries that do have initiatives in this area, these have remained fairly “basic” and typically come in the form of an open data portal as the only measure addressing issues of data access, such as e.g.in Denmark, Ireland or Lithuania.

At the same time, more business-oriented initiatives are slowly emerging in this area, including for example Japan’s Development Project on Data Sharing in collaborative areas and AI systems to achieve "Connected Industries", which aims to develop cross-sectoral AI systems and an industry-shared data infrastructure that is open to start-ups and other new players. A similar approach has been taken in Austria through the Data Market Austria (DMA) initiative, implemented by the Austrian Institute of Technology (AIT), which aims to create a data service ecosystem in the country by advancing the technological foundations for developing secure data markets and cloud interoperability, thereby creating an environment that encourages data-centred innovation.

In addition, there is also a small number of countries that place a relatively large focus on data access and infrastructure/ interoperability issues. This is the case of Austria, Costa Rica, Korea or Switzerland, where about one third of policies respond to each of these two objectives. In Korea, for example, the Ministry of Sciences and ICT has developed the so-called Data Dam initiative, which consists in collecting data from participating public and private networks across a variety of sectors, including biotechnology, finance, manufacturing, and medicine. The Data Dam standardises and processes the information, with the objective of creating more intelligent AI systems. As part of this initiative, the Ministry is also establishing several big data platforms and centres, with the aim of creating an innovative data ecosystem for producing and facilitating access to high-quality data in Korea and improve competitiveness of companies.

However, an important caveat in this context remains, that overall less attention has been paid to these types of initiatives during this first phase of the mapping, even though a number of them might have important consequences on SMEs, even without being directly targeted at them. This includes notably relevant privacy regulation, for example, which has important consequences for data access, as well as measures on data portability, which are key to facilitating data sharing among businesses.

As data-intensive technologies are also considered enablers toward more sustainable business models, a few OECD countries have started implementing policies to advance the so-called twin transition, i.e. combining digital and greening objectives. In Belgium, the Agency for Innovation and Entrepreneurship introduced a EUR 25 000 subsidy for helping SMEs hire strategic consultants to develop and implement growth strategies in the areas of digital transformation or sustainable and circular entrepreneurship. Another example is the Swedish Advanced and Innovative Digitalisation programme that provides grants for developing automation components and system solutions in the areas of the circular industry in order to develop new products and services in Sweden.

With regard to linking greening and data governance issues more specifically, policy makers equally have started introducing initiatives to create the necessary conditions that can allow SMEs to compete in specific industries. For instance, the Product Circularity Datasheet, launched in 2019 by the Luxembourg Ministry of Economy, intends to create an industry standard template in order to provide reliable and comparable data on circular product properties (see Box 3.7).

At a supranational level, a number of EU initiatives are also aiming to facilitate access to data as a way to help SMEs transition to more environmentally sustainable business models. This is for example the case of DigiCirc14 a European cluster-led accelerator for the digitalisation of the circular economy across key emerging sectors. DigiCirc offers tool to SMEs for enabling the use of digital technologies for developing innovative circular products and services. Among other things, DigiCirc offers a circular economy data hub composed of 261 datasets that allows SMEs to freely access data on waste, people, energy and other topics relevant to the greening their business activities and services. Likewise, it offers a matchmaking platform for connecting SMEs with business partners and customers, as well as a platform called ‘industrial symbiosis’ that allows SMEs to model material flows and logistics for designing circular business plans.

Country approaches typically combine generic data policies with more targeted measures aiming to tackle barriers that SMEs or certain segments of the SME and entrepreneurs population face frequently with regard to accessing and using data. Overall, however, less than one third (29%) of all policies mapped in this area are SME-targeted, and even fewer are specifically dedicated to data issues, which rather tend to be weaved into broader SME digitalisation initiatives.

  • Non-targeted policy initiatives to improve data governance include in particular the creation of dedicated institutions with specific data-related mandates (e.g. cybersecurity agencies), as well as the development of new data infrastructures (e.g. interactive open data portals).

  • SME-targeted measures, on the other hand, focus in particular on increasing data-related skills in the SME workforce, as well as facilitating SMEs adoption of relevant digital technologies. Spain’s Digital Spain 2025 Plan, for example, aims to accelerate the country’s digital transformation, including through the creation of a dedicated Data Office for promoting the sharing and use of public and private data, as well as a cloud infrastructure plan. In addition, the plan includes SME-targeted policies to enable SMEs to access and use data through capacity building and digital skills training.

Across the OECD, targeted data governance policies represent 41% of the mapped policies. At this level, the targeting can occur across several dimensions and eligibility criteria, including notably specific populations (including SMEs, but not only), sectors of activity, geographical regions and technologies. A number of policies also target several of these dimensions at once. For instance, the Industry 4.0 testlabs initiative from the Australian Government provides SMEs of the manufacturing sector designated facilities to implement Industry 4.0 technologies and to train their workforce. More specifically, 61% of the 197 targeted data governance policies are aimed at a specific population, while polices with a sectoral or a technology focus represent 19% and 18% of targeted policies, respectively (see Figure 3.12).

While population-targeted data governance policies mostly consist of policies that target SMEs as a whole (54%), the heterogeneity of this population might represent a challenge for the implementation of policy solutions that suit the highly diverse needs of these firms (Raes, 2021[74]). As a result, OECD governments have also developed a number of policies that target specific subgroups of the SME population, such as start-ups, young firms or entrepreneurs. For example, in Israel, the National Innovation Authority implemented the “Incentive programme: Technological Innovation Incubators” that provides grants for start-ups and entrepreneurs that are interested in developing a commercial product in several fields, including industry 4.0, artificial intelligence, and quantum computing. Taken together, these form another 22% of population-targeted policies.

Data policy initiatives with a specific focus on SMEs exist in a number of countries, albeit with significant differences in their scope. For instance, the Polish Agency for Enterprise Development launched its Industry 4.0 competition in 2021 as a measure dedicated exclusively to SMEs and with a focus on the field of Big Data and activities related to data analytics. The Dutch Government has also been making efforts to tailor data-related policies more to the needs of SMEs, with several initiatives undertaken by the Ministry of Economic Affairs and Climate Policy aiming to help small firms overcome barriers to the adoption of data-heavy digital technologies. Its ‘’Accelerating digitalisation for SMEs’’ initiative, for instance, was launched in 2018 to support SMEs and entrepreneurs in the areas of big data, online sales and automation, while the Commit2data programme included the creation of six regional data innovation hubs to provide SMEs that are late technology adaptors with up to date knowledge, tools and training modules related to the responsible use of AI and data.

An overview of SME-targeted data policies across a selected number of OECD countries illustrates the diverse character that initiatives in this domain can take (see Table 3.7)

Some OECD countries have also targeted institutions such as think tanks, universities and larger firms that form part of the data governance ecosystem. The rationale for targeting these other actors is that they can collaborate with SMEs in the adoption of data-intensive technologies through joint programmes, capacity building, consultancies or technology transfer. For instance, the Danish MADE digital programme finances applied industrial research projects, where large companies and research teams from universities collaborate to helping manufacturing SMEs install intelligent supply chains or smart factories.

Finally, there is also a significant involvement of the private sector in data governance related initiatives, with a variety of actors being active in this space, including chambers of commerce, business associations as well as large companies (Box 3.8). While such initiatives have not been systematically included in the mapping of this pilot phase of the project, going forward, it will be important to better understand complementarities between existing initiatives aiming to develop more practical and relevant digital learning for SMEs, take stock of possible gaps, as well as identify potential for improving collaboration between different actors, given that this is still an emerging policy field in many countries.

Given the global and non-rival nature of data, an increasing number of international initiatives have been emerging with the aim of developing a sound data ecosystem beyond national borders.

Recent regulatory approaches such as the European data strategy (see Box 3.9), the General Data Protection Regulation (GDPR)15, the EU Cybersecurity Act16, or the EuroQCI Declaration17 for improving communication networks have for instance all been adopted within the last five years.

In this context, efforts around data access, sharing and use that more specifically target SMEs have also emerged at international level, with the potential to drive their scale-up. This is for example the case of the EU-funded DigitaliseSME project18, which was launched in 2018, and which seeks to connect SMEs with digitalisation consultants that can provide them with tailored guidance and support to digitalise specific business areas or processes. Implemented projects cover a wide range of digital technologies, including more data-intensive ones such as the use of customer relationship management software, cloud hosting services and the implementation of 3D printing in manufacturing procedures.

In the same vein, the EU funded European Digital Innovation Hubs (EDIH)19 offer European SMEs a one-stop-shop, where they can access not only dedicated digital capacity building and training activities, but also relevant technologies that allow them to pilot the implementation of data-driven solutions in their business processes. In addition, several international initiatives have also started proliferating that aim to develop more sophisticated data infrastructures, benefiting both public and private actors. The GAIA-X initiative20, for example, brings together European governments, the private sector and academia to create a common data infrastructure for accessing data pools, thus facilitating data sharing and analysis across a large range of stakeholders, including SMEs.

Moreover, the European High Performance Computing (HPC) Joint Undertaking, which intends to create a joint supercomputing infrastructure at European level will also facilitate SMEs’ access to high-performance computing-related technologies. To this end, the initiative has also created dedicated HPC Competence Centres, where SMEs can experiment and adopt HPC supported modelling and simulation, data analytics, machine learning and AI.

Beyond EU-level coordination, many countries – often those bound by geographic proximity – have established a diverse set of bilateral or multilateral cooperation and coordination mechanisms.

For instance, the Nordic-Baltic region stands out for its advanced cross-border cooperation on different data governance issues, including data infrastructure, data sharing, open-source development, and applied research. Examples of initiatives include X-Road that allows automated cross-border exchange of population data between Finland and Estonia and the joint-declaration on making the Nordic-Baltic region a digital frontrunner. SME targeted initiatives have been also implemented in the Nordic-Baltic region. The Nordic Council of Ministers has implemented SME data governance policies such as innovation vouchers and, importantly, the Nordic Smart Government strategy launched in 2018, which aims “to create value for SMEs by making real time business data accessible and usable for innovation and growth across the region, in an automatic, consent based and secure manner”21. This cross-country cooperation arguably underpins the high performance of the region’s countries vis-à-vis the digitalisation of industry, public services, and society at large22.

An increased collaboration on emerging cutting-edge technologies through joint research centers or knowledge transfer programs is also, at least indirectly, increasing data skills, assets and underlying infrastructure available to SMEs in participating countries. Artificial Intelligence is gaining traction within such transnational agreements, signified by the UNESCO global agreement on the Ethics of Artificial Intelligence, The Global Partnership on Artificial Intelligence (GPAI) initiated by the G7, or the Recommendation of the OECD Council on Artificial Intelligence. These agreements have explicitly stated recommendations of assisting SMEs, in capitalizing on the potential of AI and machine learning techniques for advanced data analysis and in order to fuel innovation and increase business value.

Yet, although countries have introduced an increasing number of data regulations as a result of accelerated digitalisation trends and related growth in data-driven business models, the development of international data infrastructures remains in its infancy. While restrictions on cross-border data flows are probably (stil) a non-issue for the vast majority of SMES, they could pose a disproportionate barrier for trading SMEs who have a data driven business model. Looking ahead, the challenge is to strike a balance between ensuring that important objectives, such as consumer privacy and security, are met while maintaining the benefits from free flows of data, including the benefits from increased and more inclusive digital trade (Casalini and López González, 2019[77]).

Data governance remains an emerging policy field with different approaches and priorities across countries. While businesses have long been using data, growing levels of digitalisation have made data access, management and protection pivotal to the operations for an increasing number of businesses. SMEs are not exempt from this trend, with data emerging as a strategic asset for enhancing their scaling up capacity or by enabling their very existence through the emergence of new business models. However, SMEs still face a number of barriers, related notably to uneven access to data, technology, finance and skills, paired with sometimes burdensome regulation and outdated (data) infrastructures, which taken together may result in SMEs failing to manage, protect and value data to the same extent as other tangible assets that underpin their success.

As a result, SME data governance has emerged as a crucial area of policy attention, with countries developing measures to help SMEs turn data into economic value as a means to scale up capacity and grow. A policy mapping carried between June 2021 and February 2022 across the 38 OECD countries, identified a total of 487 policies and 209 institutions that allow for a first assessment of the intensity and form of public efforts in this area. The analytical framework proposes five data governance objectives that policies can respond to – either alone or in combination, with a specific attention to (digitalisation) measures that address data issues and that simultaneously target SMEs.

The pilot mapping suggests that OECD countries have started acknowledging the increasing importance of data as a key driver of SME performance and scale up, but the extent of policy efforts and degree of SME targeting vary greatly across countries. Overall, countries place a strong focus on improving SMEs’ internal capacity to manage data, with 72% of the mapped initiatives aiming to enabling better exploitation and protection of data within SMEs. Zooming in, policies attempting to capitalise on data’s business value are typically being developed alongside digital security policies (i.e. protection against cyber-attacks or respecting data privacy). In turn, less policy effort is directed toward addressing data access, infrastructural and interoperability issues, although a number of more business-oriented initiatives that go beyond traditional open data portals have started slowly emerging in a few countries.

The cross-cutting nature of SME data governance issues results in a diverse set of governance arrangements for the design and implementation of relevant measures. The policy mapping indicates that across the 209 implementing institutions, the majority of them has a core mandate in innovation policy, while those with a core mandate in SME and entrepreneurship policy represent only 26%. This suggests that there may be a need for mainstreaming SME&E considerations across a broader set of institutions and policy communities in charge of data policy making. In this context, joint implementation of policies could support such policy mainstreaming. A network analysis carried out across a sample of 15 selected OECD countries shows that roughly half of the mapped policies are implemented by two or more institutions, with varying levels of interaction and coordination. Currently, policy coordination takes notably place through national strategies on cybersecurity, digitalisation or innovation.

Looking ahead, more granular evidence on the scope, (relative) weight and impact of the data policy initiatives could help further fine-tune the present analysis. While the objective of this pilot exercise was to provide an overview of the character and intensity of public efforts in an emerging policy field that is critical to SME scale up, more information on a broader set of variables could help provide a better understanding on the relative balance of public efforts and their impact. However, information on the budget of specific measures, for example, is largely missing (or is difficult to collect through desk research), and given that many efforts have been developed fairly recently (i.e. in the past five years), there is no evaluation of the impact of these measures (yet).

Understanding the scope of SME data governance policies also requires a broader perspective. The current mapping exercise focused on a limited number of policy domains. While already useful and informative, the work gave less attention to a number of relevant areas, notably regulatory aspects (e.g. data laws, data portability measures, privacy regulation) and provisions in international agreements on cross-border data flows, which might all have a potential effect on SMEs data governance issues. In addition, measures related to broader data access, infrastructure and interoperability could be investigated further, as the current inventory of related policies is rather preliminary. While such measures might frequently lack an SME focus, they still represent crucial components of the SME data governance policy landscape.

It should also be stressed that better data governance on the part of public administrations can be beneficial for SMEs in different ways, both direct and indirect, and these aspects have been little developed. First, a more coordinated and structured approach to making available public sector information and data, which could be of commercial interest (and without interfering with privacy rights), could help encourage businesses, and in particular smaller firms, to make use of such data for their operations. Thus, by encouraging a more effective use, reuse and free access to public datasets, governments can further strengthen business creation and innovation (Rivera Perez, Emilsson and Ubaldi, 2020[6]). Second, better data governance across the public sector can help reduce the administrative burden on firms by eliminating duplication and excessive reporting requirements. Ultimately, improved data governance and analysis on the part of public authorities is not only likely to promote more citizen-centric services, but also to improve policy making for SMEs, and foster a more evidence-based culture with positive spillovers, including to the private sector more generally.

In addition, while better data access, use and protection could contribute to helping SMEs transition toward greener and more sustainable business models, only a small number of measures were identified that specifically attempt to link these issues. Therefore, it may be worthwhile to investigate further whether this is a reflection of the limited scope of the mapping at this pilot stage, or rather due to a real lack of tailored approaches, which seek to support SMEs in their green transition by leveraging data as a strategic asset.

In a similar vein, while issues around intellectual property rights (IPR) have received increased policy attention from the SME&E policy community (OECD, 2019[18]); (EPO/ EUIPO, 2019[78]), this is likewise an area, where the obvious linkages to data governance issues are less well reflected in the present mapping. The need for SMEs to protect this intangible asset as a way of unleashing scale up potential and further developing data-driven business models, along with the potential of leveraging IPR-protected assets like data as collateral to access finance, certainly call for a broader investigation into how governments reflect these issues into their policy mix.

Finally, innovation clusters and (industrial) networks might play a critical role in connecting SMEs to key stakeholder in their data ecosystem, including e.g. large enterprises, IT companies, R&D centres, universities or chambers of commerce. All these actors can play a role not only in facilitating SMEs’ access to data (and related digital technologies), but also in helping them access the broader set of skills and capacities that they require to leverage data as an asset for their operations. This will be all the more critical in the context of a broad-based push for the digitalisation of large swaths of traditional SMEs that are not at the cutting edge of technology, but rather need help with starting to deploy more basic digital tools. Progress in this area will not only require the setting up or strengthening of widespread and vast support and advisory mechanisms, but also a well-managed coordination effort of all available business stakeholder and other SME support organisations. It would thus be crucial to shed further light on the contribution of existing networks (in the broadest sense) to strengthening SME data governance – and the extent to which the policy mix of countries takes account of this dimension.


[46] Abbott, R. et al. (2015), “Log Analysis of Cyber Security Training Exercises”, Procedia Manufacturing, Vol. 3, pp. 5088-5094, https://doi.org/10.1016/J.PROMFG.2015.07.523.

[62] Agostini, L., R. Filippini and A. Nosella (2016), “Protecting intellectual property to enhance firm performance: does it work for SMEs?”, Knowledge Management Research & Practice, Vol. 14/1, pp. 96-105, https://doi.org/10.1057/kmrp.2014.20.

[17] Andrenelli, A. and J. López González (2021), “3D printing and International Trade: What is the evidence to date?”, OECD Trade Policy Papers, No. 256, OECD Publishing, Paris, https://doi.org/10.1787/0de14497-en.

[9] Begg, C. and T. Caira (2017), Data Governance in Practise: The SME Quandary Reflections on the reality of Data Governance in the Small to Medium Enterprise (SME) sector.

[39] Bianchini, M. and V. Michalkova (2019), “Data Analytics in SMEs: Trends and Policies”, OECD SME and Entrepreneurship Papers, No. 15, OECD Publishing, Paris, https://doi.org/10.1787/1de6c6a7-en.

[33] Boffo, R. and R. Patalano (2020), ESG Investing: Practices, Progress and Challenges, OECD Publishing, Paris.

[43] Brynjolfsson, E. and K. McElheran (2016), “The Rapid Adoption of Data-Driven Decision-Making”, American Economic Review, Vol. 106/5, pp. 133-139, https://doi.org/10.1257/aer.p20161016.

[77] Casalini, F. and J. López González (2019), “Trade and Cross-Border Data Flows”, OECD Trade Policy Papers, No. 220, OECD Publishing, Paris, https://doi.org/10.1787/b2023a47-en.

[40] Chen, C., C. Frey and G. Presidente (2022), “Privacy Regulation and Firm Performance: Estimating the GDPR Effect Globally”, Oxford Martin School, University of Oxford, https://www.oxfordmartin.ox.ac.uk/publications/privacy-regulation-and-firm-performance-estimating-the-gdpr-effect-globally/ (accessed on 29 July 2022).

[49] Columbia Engineering (2022), 11 Data Analyst Skills You Need to Get Hired in 2022, https://bootcamp.cvn.columbia.edu/blog/data-analyst-skills/ (accessed on 4 April 2022).

[55] Corrado, C. et al. (2022 forthcoming), “Measuring data as an asset: Framework, methods and preliminary estimates”, OECD Economics Department Working Papers.

[54] Corrado, C. et al. (2022 forthcoming), “The value of data in digital-based business models: Measurement and economic policy implications”, OECD Economics Department Working Papers.

[51] Coursera (2022), 7 In-Demand Data Analyst Skills to Get Hired in 2022 | Coursera, https://www.coursera.org/articles/in-demand-data-analyst-skills-to-get-hired (accessed on 4 April 2022).

[41] De Marco, C. et al. (2019), Digital platform innovation in European SMEs: An analysis of SME instrument business proposals and case studies, Publications Office of the European Union, https://op.europa.eu/en/publication-detail/-/publication/785b88e3-408a-11e9-8d04-01aa75ed71a1 (accessed on 7 September 2022).

[21] DeStefano, T., R. Kneller and J. Timmis (2020), “Cloud Computing and Firm Growth”, SSRN, https://doi.org/10.2139/SSRN.3618829.

[24] Dilda, V. et al. (2017), Manufacturing: Analytics unleashes productivity and profitability, McKinsey & Company, https://www.mckinsey.de/~/media/McKinsey/Business%20Functions/Operations/Our%20Insights/Manufacturing%20Analytics%20unleashes%20productivity%20and%20profitability/Manufacturing-analytics-unleashes-productivity-and-profitability.pdf (accessed on 14 September 2021).

[29] Dubey, R. et al. (2019), “Can big data and predictive analytics improve social and environmental sustainability?”, Technological Forecasting and Social Change, Vol. 144, pp. 534-545, https://doi.org/10.1016/j.techfore.2017.06.020.

[66] EC/OECD (2021), STIP Compass: International Database on Science Technology and Innovation Policies, https://stip.oecd.org/stip.html (accessed on 3 August 2021).

[68] EC/OECD (2016), International Database on STI Policies, https://www.innovationpolicyplatform.org/ecoecd-stipdatabase.

[27] Ellen MacArthur Foundation (2015), Growth Within: A Circular Economy Vision For A Competitive Europe.

[78] EPO/ EUIPO (2019), High-growth firms and intellectual property rights, https://ec.europa.eu/growth/smes/business-friendly-environment/ (accessed on 12 April 2022).

[57] EUIPO (2020), High-growth firms and intellectual property rights: IPR profile of high-potential SMEs in Europe, May 2019, https://euipo.europa.eu/tunnel-web/secure/webdav/guest/document_library/observatory/documents/reports/2019_High-growth_firms_and_intellectual_property_rights/2019_High-growth_firms_and_intellectual_property_rights.pdf (accessed 11 April 2022).

[58] EUIPO (2019), Intellectual Property SME Scoreboard 2019, https://euipo.europa.eu/ohimportal/en/web/observatory/sme-scoreboard#2019 (accessed 11 April 2022).

[11] European Commission (2020), Data governance and data policies at the European Commission - Executive summary.

[61] Eurostat (2021), Community Innovation Survey (CIS-11), https://ec.europa.eu/eurostat/web/main/data/database (accessed 11 April 2022).

[44] Eurostat (2021), Digital Economy and Society Database, https://ec.europa.eu/eurostat/data/database (accessed on 16 September 2021).

[75] Gaub, F. (2019), Global Trends to 2030: Challenges and Choices for Europe, European Strategy and Policy Analysis System (ESPAS).

[50] Grupman, C. (2021), Data Analyst Skills – 8 Skills You Need to Get a Job – Dataquest, Dataquest, https://www.dataquest.io/blog/data-analyst-skills/ (accessed on 4 April 2022).

[76] Hidaka, S. and J. Modrall (2021), EU’s possible Data Act: What can we anticipate from the Inception Impact Assessment and the Consultation?, https://www.dataprotectionreport.com/2021/07/eus-possible-data-act-what-can-we-anticipate-from-the-inception-impact-assessment-and-the-consultation/ (accessed on 16 September 2021).

[45] Hiscox Ltd (2019), Hiscox Cyber Readiness Report 2019, https://www.hiscox.com/documents/2019-Hiscox-Cyber-Readiness-Report.pdf (accessed on 6 December 2021).

[19] Huber, F. et al. (2022), “The wealth of (Open Data) nations? Open government data, country-level institutions and entrepreneurial activity”, https://doi.org/10.1080/13662716.2022.2109455, pp. 1-32, https://doi.org/10.1080/13662716.2022.2109455.

[48] ICTworks (2022), Introducing the 6 Principles for Subnational Data Use for Development, https://www.ictworks.org/principles-for-subnational-data-use/#.YtZsnnZBw2w (accessed on 19 July 2022).

[56] Ilie, L. (2014), “Intellectual Property Rights: An Economic Approach”, Procedia Economics and Finance, Vol. 16, pp. 548-552, https://doi.org/10.1016/s2212-5671(14)00837-5.

[60] IusMentis (2005), Database protection in the USA, https://www.iusmentis.com/databases/us/.

[34] Kuzmanovic, M. and M. Koreen (2022), “Financing SMEs for Sustainability: Drivers, Constraints and Policies”, No. CFE/SME(2022)7, Committee on SMEs and Entrepreneurship.

[10] Linck, A. (2021), Data Governance Act: DIGITAL SME welcomes Commission’s proposal to strengthen data sharing in the EU - European DIGITAL SME Alliance, https://www.digitalsme.eu/data-governance-act/ (accessed on 15 June 2021).

[59] Maggiolino, M. (2019), “EU Trade Secrets Law and Algorithmic Transparency”, SSRN Electronic Journal, https://doi.org/10.2139/ssrn.3363178.

[65] Meissner, D. and S. Kergroach (2019), “Innovation policy mix: mapping and measurement”, The Journal of Technology Transfer, Vol. 46/1, pp. 197-222, https://doi.org/10.1007/s10961-019-09767-4.

[38] Möslinger, M., A. Fazio and O. Eulaerts (2022), Data platform support to SMEs for ESG reporting and EU Taxonomy implementation, Publications Office of the European Union, Luxembourg, https://doi.org/10.2760/69381.

[23] Müller, O., M. Fay and J. vom Brocke (2018), “The Effect of Big Data and Analytics on Firm Performance: An Econometric Analysis Considering Industry Characteristics”, Journal of Management Information Systems, Vol. 35/2, pp. 488-509, https://doi.org/10.1080/07421222.2018.1451955.

[25] Nguyen, D. and M. Paczos (2020), “Measuring the economic value of data and cross-border data flows: A business perspective”, OECD Digital Economy Papers, No. 297, OECD Publishing, Paris, https://doi.org/10.1787/6345995e-en.

[32] Nordic Innovation (2021), Data sharing for a circular economy in the Nordics.

[80] OECD (2021), “Data portability, interoperability and digital platform competition” OECD Competition Committee Discussion Paper, http://oe.cd/dpic.

[5] OECD (2021), Recommendation of the Council on Enhancing Access to and Sharing of Data, OECD/LEGAL/0463, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0463 (accessed on 29 November 2021).

[64] OECD (2021), “SME and entrepreneurship policy frameworks across OECD countries: An OECD Strategy for SMEs and Entrepreneurship”, OECD SME and Entrepreneurship Papers, No. 29, OECD Publishing, Paris, https://doi.org/10.1787/9f6c41ce-en.

[47] OECD (2021), “SME digitalisation to “Build Back Better”: Digital for SMEs (D4SME) policy paper”, OECD SME and Entrepreneurship Papers, No. 31, OECD Publishing, Paris, https://doi.org/10.1787/50193089-en.

[13] OECD (2021), “Synthesis report of the Horizontal Project on Data Governance for Growth and Well-Being: Draft Outline”, No. DSTI/CDEP/GD(2021)3, Committee on Digital Economy Policy, https://one.oecd.org/official-document/DSTI/CDEP/GD(2021)3/en (accessed on 9 September 2021).

[3] OECD (2021), The Digital Transformation of SMEs, OECD Studies on SMEs and Entrepreneurship, OECD Publishing, Paris, https://doi.org/10.1787/bdb9256a-en.

[1] OECD (2021), Understanding Firm Growth: Helping SMEs Scale Up, OECD Studies on SMEs and Entrepreneurship, OECD Publishing, Paris, https://doi.org/10.1787/fc60b04c-en.

[37] OECD (2020), OECD Business and Finance Outlook 2020: Sustainable and Resilient Finance, OECD Publishing, Paris, https://doi.org/10.1787/eb61fd29-en.

[16] OECD (2020), OECD Digital Economy Outlook 2020, OECD Publishing, Paris, https://doi.org/10.1787/bb167041-en.

[7] OECD (2019), Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies, OECD Publishing, Paris, https://doi.org/10.1787/276aaca8-en.

[12] OECD (2019), Going Digital: Shaping Policies, Improving Lives, OECD Publishing, Paris.

[18] OECD (2019), OECD SME and Entrepreneurship Outlook 2019, OECD Publishing, Paris, https://doi.org/10.1787/34907e9c-en.

[73] OECD (2019), Subnational governments in OECD countries: key data, https://stats.oecd.org/Index.aspx?DataSetCode=SNGF (accessed on 19 July 2022).

[36] OECD (2018), Environmental Policy Toolkit for SME Greening in EU Eastern Partnership Countries, OECD Green Growth Studies, OECD Publishing, Paris, https://doi.org/10.1787/9789264293199-en.

[15] OECD (2017), The Next Production Revolution: Implications for Governments and Business, OECD Publishing, Paris, https://doi.org/10.1787/9789264271036-en.

[2] OECD (2016), “Start-ups and innovative entrepreneurship”, in OECD Science, Technology and Innovation Outlook 2016, OECD Publishing, Paris, https://doi.org/10.1787/sti_in_outlook-2016-25-en.

[72] OECD (2015), Data-Driven Innovation: Big Data for Growth and Well-Being, OECD Publishing, Paris, https://doi.org/10.1787/9789264229358-en.

[79] OECD (2015), Digital Security Risk Management for Economic and Social Prosperity: OECD Recommendation and Companion Document, OECD Publishing, Paris, https://doi.org/10.1787/9789264245471-en.

[69] OECD (2012), OECD Science, Technology and Innovation Outlook 2012, OECD Publishing, Paris, https://doi.org/10.1787/sti_outlook-2012-en.

[14] OECD (2022 forthcoming), “A Guide to Addressing Data Governance Challenges: Draft Outline”, No. DSTI/CDEP/GD(2021)4/REV1, Committee on Digital Economy Policy, https://one.oecd.org/official-document/DSTI/CDEP/GD(2021)4/REV1/en (accessed on 9 September 2021).

[71] OECD forthcoming (2022), Enabling FDI diffusion channels to boost SME productivity and innovation in EU countries and regions: Towards a Policy Toolkit. Revised Concept Paper.

[4] OECD forthcoming (2022), Synthesis report of the Horizontal Project on Data Governance for Growth and Well-being.

[26] Ortega-Gras, J. et al. (2021), “Twin Transition through the Implementation of Industry 4.0 Technologies: Desk-Research Analysis and Practical Use Cases in Europe”, Sustainability, Vol. 13/24, p. 13601, https://doi.org/10.3390/su132413601.

[8] Petzold, B. et al. (2020), “Designing data governance that delivers value”, McKinsey Digital.

[74] Raes, S. (2021), “Understanding SME heterogeneity: Towards policy relevant typologies for SMEs and entrepreneurship: An OECD Strategy for SMEs and Entrepreneurship”, OECD SME and Entrepreneurship Papers, No. 28, OECD Publishing, Paris, https://doi.org/10.1787/c7074049-en.

[6] Rivera Perez, J., C. Emilsson and B. Ubaldi (2020), “Open, Useful and Re-usable data (OURdata) Index: 2019 - Policy Paper - OECD”, OECD Policy Papers on Public Governance, No. No. 1, https://www.oecd.org/gov/digital-government/policy-paper-ourdata-index-2019.htm (accessed on 13 September 2021).

[28] Rizos, V. et al. (2016), “Implementation of Circular Economy Business Models by Small and Medium-Sized Enterprises (SMEs): Barriers and Enablers”, Sustainability 2016, Vol. 8, Page 1212, Vol. 8/11, p. 1212, https://doi.org/10.3390/SU8111212.

[53] Sameki, L., M. Squicciarini and E. Cammeraati (2021), “The human capital behind AI : Jobs and skills demand from online job postings”, OECD Science, Technology and Industry Policy Papers, No. 120, OECD Publishing, Paris, https://www.oecd-ilibrary.org/science-and-technology/the-human-capital-behind-ai_2e278150-en (accessed on 4 April 2022).

[70] Springer (ed.) (2019), “Innovation policy mix: mapping and measurement”, The Journal of Technology Transfer, https://doi.org/10.1007/s10961-019-09767-4.

[31] Stahel, W. (2016), “The circular economy”, Nature, Vol. 531/7595, pp. 435-438, https://doi.org/10.1038/531435a.

[30] Suciu (Vodă), A. et al. (2021), “IoT Technologies as Instruments for SMEs’ Innovation and Sustainable Growth”, Sustainability, Vol. 13/11, p. 6357, https://doi.org/10.3390/su13116357.

[63] Sukarmijan, S. and O. Sapong (2014), “The Importance of Intellectual Property for SMEs; Challenges and Moving Forward”, UMK Procedia, Vol. 1, pp. 74-81, https://doi.org/10.1016/j.umkpro.2014.07.010.

[22] Tang, C., T. Huang and S. Wang (2018), “The impact of Internet of things implementation on firm performance”, Telematics and Informatics, Vol. 35/7, pp. 2038-2053, https://doi.org/10.1016/J.TELE.2018.07.007.

[20] Tillväxtverket (2020), Data Som Strategisk Resurs I Små Och Medelstora Företag: Kartläggning och analys av tretton branscher (Data as a strategic resource in small and medium-sized companies: mapping and analysis of thirteen industries), https://tillvaxtverket.se/download/18.6eb2dc8b1754f19d38e165d7/1603722422433/Data+som+strategisk+resurs,+slutrapport+200605.pdf (accessed on 16 September 2021).

[67] UNESCO (2018), Go-spin global observatory of science, technology and innovation policy instruments., http://https ://gospin.unesco.org.

[52] University of Massachusetts Global (2019), 10 Data analytics skills that employers are looking for, https://www.umassglobal.edu/news-and-events/blog/data-analytics-skills (accessed on 4 April 2022).

[42] World Bank (2021), World Development Report 2021: Data for Better Lives, The World Bank, https://doi.org/10.1596/978-1-4648-1600-0.

[35] Zhao, F., X. Guo and W. Chan (2020), “Individual Green Certificates on Blockchain: A Simulation Approach”, Sustainability, Vol. 12/9, p. 3942, https://doi.org/10.3390/su12093942.


← 1. The authors define big data assets as 1. Databases and data warehouses running on high performance in-memory computing appliances, both on-premises and in the cloud, as well as tools for modelling and management of data. 2. Data mining and machine learning solutions, and 3. Data visualization and presentation tools

← 2. These and other concepts are explained further in Table 3.1 in relation to different data applications, sectors and business functions.

← 3. For more information, see: https://en.woodsense.dk/.

← 4. For more information see: https://finance.ec.europa.eu/sustainable-finance/tools-and-standards/eu-taxonomy-sustainable-activities_en

← 5. IEEE Spectrum is a technology magazine and the flagship publication of the Institute of Electrical and Electronics Engineers (IEEE), the world’s largest professional organisation devoted to engineering and the applied sciences.

← 6. Broadly speaking, trade secrecy is confidential business information that can cover new manufacturing processes, improved recipes, business plans or commercial information on whom to buy from and whom to sell to (e.g. customer list).

← 7. In this context, data portability and interoperability measures, for example, can represent a means to foster competition in an increasing number of data-driven markets and across a growing array of sectors, ranging from automobiles to finance. However, recent work in this area also suggests that when implemented with objectives other than competition (such as data protection), these measures may not always have pro-competitive impacts, or even create unintended consequences if they result in new entry barriers or entrench incumbent technologies (OECD, 2021[80]).

← 8. Network mapping is a technique used to develop graphical representations of connections, such as the physical connectivity of networks. Based on the full policy mapping of 38 OECD countries, a network analysis of national governance and institutional arrangements has been carried out for a selection of countries.

← 9. The countries that were part of the sample are Austria, Chile, Estonia, France, Germany, Ireland, Italy, Norway, Portugal, Slovenia, Spain, Sweden, Switzerland, the Republic of Türkiye, and the United Kingdom.

← 10. The OECD's AI Policy Observatory collects information on national strategies, policies and initiatives on AI in OECD countries. See here: https://oecd.ai/en/

← 11. It is important to note that the relatively large prevalence that data culture and skills take in terms of policy objective is in part due to the fact that all national strategies (e.g. on digitalisation, AI, Industry 4.0, etc.) have usually been mapped as responding to this objective. The reason for this is simply that as governance instruments they typically seek to orient policy in a given area and form a framework for a broad set of policies that governments aim to implement as part of these strategies. Nonetheless, the noise introduced by this approach is not significant – even when removing policy governance instruments from the calculation, data culture and skills remain the most prevalent objective across policy initiatives with 54% of measures addressing this dimension.

← 12. According to the OECD Recommendation (OECD, 2015[79]), national digital security strategies serve as major container for related policies and should consider SMEs specifically in design and implementation, especially because of possible governance failures between digital security agencies and SME policy instances (OECD, 2021[3]).

← 13. While initiatives in this specific area have not been the focus of this policy mapping exercise, they overall seem a rather nascent phenomenon across countries. Based on search of a few key words (sustainable/ sustainability, energy, circular, green, carbon, etc.), only about 10 initiatives in total combine data/ digital and sustainability objectives, representing less than 1% of all mapped policies.

← 14. See : https://digicirc.eu/tools/

← 15. The General Data Protection Regulation 2016/679 is an EU regulation on data protection and privacy that harmonised data privacy law across the European Union and the European Economic Area. For more info, see: https://gdpr-info.eu/

← 16. The EU Cybersecurity Act 2019/881 is an EU regulation that enabled the adoption of a permanent mandate for ENISA, the European Cyber Security Agency, as a facilitator of exchanges between Member States and that defines a European cybersecurity certification framework to harmonize at the European level. For more info, see: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act

← 17. The European Quantum Communication Infrastructure (EuroQCI) Initiative to design, develop and deploy a secure quantum communication infrastructure by 2027. For more info, see: https://digital-strategy.ec.europa.eu/en/policies/european-quantum-communication-infrastructure-euroqci

← 18. For more info, see: https://www.digitalsme.eu/

← 19. The European Digital Innovation Hub (EDIH) is defined by the Digital Europe Programme as a legal entity with a not-for-profit objective that supports companies – especially SMEs and mid-caps – and/or the public sector in their digital transformation by providing directly, or ensuring access to, technological expertise and experimentation facilities, such as equipment and software tools. Ongoing work between the European Commission’s Joint Research Centre (JRC) and DG CNECT will analyse EDIH data to better understand which types of SMEs the Hubs provide digitalisation services to. For more info, see: https://digital-strategy.ec.europa.eu/en/activities/edihs

← 20. GAIA-X is a joint private-public project that aims to create a common data infrastructure among EU governments. The aim of the project is to further digitalisation and networking, by providing a standard on cloud computing services. For more info, see: https://www.gaia-x.eu/

← 21. See: https://nordicsmartgovernment.org/

← 22. In 2020, the European Commission found the Baltic Sea region the leading area in digitalisation, with Finland, Sweden and Denmark, forming the top three followed by Estonia in 7th place. For the full Digital Economy and Society Index (DESI) 2020 report see: https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=67086

Metadata, Legal and Rights

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.

© OECD 2022

The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at https://www.oecd.org/termsandconditions.