Data intermediation services providers are expected to have in place procedures and measures to impose penalties for fraudulent or abusive practices in relation to parties seeking access through their data intermediation services, including measures such as the exclusion of data users that breach the terms of service or infringe existing law.