--- title: "Applicability Test" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/applicability-test" source_url: "https://www.sorena.io/artifacts/eu/data-act/applicability-test" author: "Sorena AI" description: "A practical EU Data Act applicability test you can run in 15 minutes: determine if Chapter II IoT access rights apply (connected products + related services)." published_at: "2026-02-23" updated_at: "2026-02-23" keywords: - "EU Data Act applicability test" - "EU Data Act scope test" - "Data Act in scope checklist" - "connected product related service Data Act" - "data holder definition EU Data Act" - "B2B data sharing EU Data Act Chapter III" - "unfair contractual terms Data Act Chapter IV" - "B2G exceptional need Data Act Chapter V" - "cloud switching Data Act Chapter VI" - "Data Act applies 12 September 2025 Article 50" - "EU compliance" - "data-act compliance" - "Applicability Test" - "compliance timeline" - "compliance decision flow" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # Applicability Test A practical EU Data Act applicability test you can run in 15 minutes: determine if Chapter II IoT access rights apply (connected products + related services). *Artifact Guide* *EU* ## EU Data Act: Fair Access to Connected Product Data and Cloud Switching Applicability Test Decide what applies (and what doesn't), per product and per contract. Outputs: chapter mapping, roles (user/data holder/data recipient/cloud provider), and the evidence you'll need to implement without rescoping later. Treat EU Data Act applicability as a repeatable scoping exercise. You're rarely "in scope" for everything: the same organization can be a data holder for connected products, a data recipient in B2B sharing, and a customer of cloud services (with switching rights). The Data Act applies from 12 September 2025, with additional triggers such as the connected-product design duty for products placed on the market after 12 September 2026 (Article 50). ## Fast result - which chapters are you likely dealing with? Use this as your first-pass chapter map. Then confirm with the steps below and write a one-page scope memo per product line and per contract type. - Chapter II (Articles 3-6): connected products/related services -> transparency + user access + third-party sharing workflows - Chapter III (B2B access rules) (Articles 5-12): mandatory sharing with data recipients in B2B scenarios -> operational sharing + safeguards + compensation logic - Chapter IV (Article 13): enterprise-to-enterprise terms unilaterally imposed and unfair -> terms may be non binding (risk concentrates in click through B2B terms) - Chapter V (Articles 14-22): B2G requests based on an 'exceptional need' -> request validation, minimisation, secure disclosure, compensation handling - Chapter VI (Articles 23-31): cloud/data processing services -> switching and exit rights (customers) and switching/portability obligations (providers) ## Step 0 - gather minimum inputs (don't guess) Most scoping errors come from missing inputs. Collect product definitions, contracts, and data architecture facts before you decide scope. Applicability is scenario-based: the same company can be in scope for some activities and out of scope for others. - Portfolio: connected products + related services; EU market placement model; versions and deployment modes - Data map: product data vs related service data; "readily available" extraction path; personal vs non-personal fields - Contracts: B2B data sharing agreements; platform/API terms; cloud contracts; long-duration legacy agreements - Roles: who is the user; who controls access (data holder); who receives data (data recipient/third party) ## Step 1 - connected products + related services: is Chapter II triggered? Start with concrete product definitions and a data map. Chapter II becomes implementable only when you can name the dataset generated by use, define what is "readily available", and specify the delivery mechanism (direct vs indirect access). If you operate in automotive, the Commission's vehicle data guidance is a helpful grounded example of how Chapter II obligations translate into dataset definitions and access rules. - Inventory: connected products and related services placed on the EU market - Dataset definition: product data and related service data; metadata needed to interpret/use the data - Delivery decision: direct access vs indirect request portal; identity verification and security model - GDPR coordination where personal data is involved (lawful basis, roles, privacy notices) ## Step 2 - identify roles: user, data holder, data recipient, third party A single ecosystem can have multiple data holders. Identify who controls access to the dataset the user is entitled to, per scenario, because that entity must implement the workflow. Then document who the user is (consumer or business), who may receive data (data recipients or third parties chosen by the user), and how you authenticate them. - User: owns/rents/leases the connected product or receives the related service - Data holder: controls access to the readily available data (often the platform/API operator) - Data recipient/third party: receives data via user instruction; needs technical + legal onboarding - Evidence: role mapping memo + "who can request what" access control matrix ## Step 3 - B2B sharing and contracts: Chapter III and Chapter IV triggers If your business uses contracts to control data access, check two things: (1) are you obliged to share data B2B under Chapter III, and (2) do you have unilaterally imposed terms that can be unfair under Chapter IV (and therefore non binding). Operationally, this is the contract layer: remedies, liability, trade secret safeguards, pricing/compensation, and dispute handling. - Chapter III: data sharing agreements and mandatory sharing obligations in B2B relations - Chapter IV (Article 13): unilaterally imposed enterprise terms that grossly deviate from good commercial practice, contrary to good faith and fair dealing - High-risk clauses: exclusive interpretation rights, unilateral price changes, limitations on remedies, restrictions on copying/using one's own generated data - Deliverable: contract clause matrix (clause -> Data Act risk -> remediation text) ## Step 4 - cloud/data processing services: Chapter VI switching obligations Chapter VI applies to providers of data processing services and creates enforceable customer switching rights and provider obligations. Even if you're not a provider, use Chapter VI as a vendor governance instrument in procurement and renewals. A fast signal: if you offer cloud-like services (IaaS/PaaS/SaaS) from a service catalog, you must review switching notice periods, transitional periods, exportable data definitions, and switching charges. - Contract gates: maximum notice period = 30 days - Fees: reduced switching charges permitted 11 Jan 2024-12 Jan 2027; no switching charges from 12 Jan 2027 - Transparency: online register of exportable data structures/formats and website disclosures on jurisdiction and measures against conflicting international access ## Step 5 - B2G 'exceptional need' requests: could a public body ask you for data? Chapter V is not a general data access right. It is limited to an 'exceptional need' that is limited in time and scope, and the request must meet specific content requirements (what data, why, safeguards, sharing, deadlines). If you hold high-value datasets (mobility, energy, telecom, financial risk signals, supply chain), build a triage playbook now: it's faster than improvising under time pressure. - Exceptional need lanes: public emergency vs non-emergency statutory task (non-personal data only) - SME carve-out: non-emergency lane does not apply to microenterprises and small enterprises - Operational outputs: secure extraction, minimisation, transfer channel, deletion/erasure plan, compensation calculation ## Deliverable - the 1-page scope memo (the thing that prevents rework) When teams skip the scope memo, they ship the wrong workflow: they build portals for data they don't control, they miss unfair terms risk, or they underestimate cloud switching obligations. Write one memo per product line and per contract type and keep it versioned like product documentation. - Chapters that apply and why (include the specific product/service/contract trigger) - Roles per scenario (user, data holder, data recipient, cloud provider/customer) - Dataset definition + extraction method (including metadata, format, and security controls) - Contract remediation list (what clauses must change, owners, and date gates) - Evidence pack (logs, portal specs, security controls, compensation model, dispute playbook) *Recommended next step* *Placement: after the applicability result* ## Turn EU Data Act: Fair Access to Connected Product Data and Cloud Switching Applicability Test into an operational assessment Assessment Autopilot can take EU Data Act: Fair Access to Connected Product Data and Cloud Switching Applicability Test from deciding whether these obligations apply in practice to a reusable workflow inside Sorena. Teams working on EU Data Act: Fair Access to Connected Product Data and Cloud Switching can keep owners, evidence, and next steps aligned without copying this guide into separate documents. - [Open Assessment Autopilot for EU Data Act: Fair Access to Connected Product Data and Cloud Switching Applicability Test](/solutions/assessment.md): Start from EU Data Act: Fair Access to Connected Product Data and Cloud Switching Applicability Test and turn the guidance into owned tasks, evidence requests, and review checkpoints. - [Talk through EU Data Act: Fair Access to Connected Product Data and Cloud Switching](/contact.md): Review your current process, evidence gaps, and next steps for EU Data Act: Fair Access to Connected Product Data and Cloud Switching Applicability Test. ## Primary sources - [Regulation (EU) 2023/2854 (Data Act) - Official Journal (ELI)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Chapter II (access), Chapter IV (unfair terms), Chapter V (B2G exceptional need), Chapter VI (cloud switching) and application dates (Article 50). - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Plain-language overview of what the EU Data Act is intended to achieve and who it affects. - [European Commission - Data Act FAQs (library page)](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-frequently-asked-questions-about-data-act?ref=sorena.io) - Implementation clarifications used for scoping (direct vs indirect access, portability vs GDPR, trade secrets safeguards). - [Commission Communication C/2025/5026 - Guidance on vehicle data accompanying the Data Act (ELI)](https://data.europa.eu/eli/C/2025/5026/oj?ref=sorena.io) - Sector-specific example of how Chapter II access obligations become implementable (dataset definition + access rules). ## Related Topic Guides - [Access Rights and Portability | EU Data Act: Fair Access to Connected Product Data and Cloud Switching](/artifacts/eu/data-act/access-rights-and-portability.md): EU Data Act access rights and portability (Chapter II) made practical: direct vs indirect access, "readily available" data. - [B2B Data Sharing Contract Clauses | EU Data Act: Mandatory Sharing, Unfair Terms, Trade Secrets](/artifacts/eu/data-act/b2b-data-sharing-contract-clauses.md): EU Data Act contract clauses for B2B data sharing made practical: clause library for Chapter III access/use (purpose limits, compensation, security. - [B2B Data Sharing Contract Template | EU Data Act: Data Access and Use Agreement (Drafting Checklist)](/artifacts/eu/data-act/b2b-data-sharing-contract-template.md): A practical EU Data Act-aligned B2B data sharing contract template: sections, annexes, and drafting checklist for dataset definition, permitted use. - [B2G Exceptional Need Requests | EU Data Act: Public Emergency Data Requests, Safeguards, Compensation](/artifacts/eu/data-act/b2g-exceptional-need-requests.md): EU Data Act Chapter V B2G 'exceptional need' requests made practical. - [Cloud Switching and Exit Plans | EU Data Act Chapter VI: Switch Providers, Port Data, Remove Egress Barriers](/artifacts/eu/data-act/cloud-switching-and-exit-plans.md): EU Data Act Chapter VI cloud switching made practical: Article 23 obstacle removal, Article 25 required contract terms (max 2-month notice, 30-day transition. - [Cloud Switching Compliance Checklist | EU Data Act Chapter VI: Contracts, Exportable Data, Fees, Transparency](/artifacts/eu/data-act/cloud-switching-compliance-checklist.md): A detailed EU Data Act Chapter VI cloud switching compliance checklist: Article 25 contract terms (max notice period, 30-day transition, retrieval period). - [Compliance Program | EU Data Act Implementation Playbook: Governance, Controls, Evidence, Operating Cadence](/artifacts/eu/data-act/compliance.md): Turn the EU Data Act into an implementation program: chapter scoping, roles and ownership, product workflows for Chapter II access. - [Deadlines and Compliance Calendar | EU Data Act](/artifacts/eu/data-act/deadlines-and-compliance-calendar.md): Plan EU Data Act delivery with real dates: Regulation applies from 12 Sep 2025. - [EU Data Act Checklist | Chapter II Access, B2B Sharing, Unfair Terms, B2G Requests, Cloud Switching](/artifacts/eu/data-act/checklist.md): A comprehensive EU Data Act checklist organized by roles and chapters: Chapter II connected product data access (direct vs indirect access). - [EU Data Act vs GDPR | Differences, Overlap, Portability, Lawful Basis, Implementation Playbook](/artifacts/eu/data-act/data-act-vs-gdpr.md): EU Data Act vs GDPR made practical: how Chapter II access/portability for connected product data differs from GDPR data subject rights. - [FAQ | EU Data Act Explained: Key Dates, Access Rights, Trade Secrets, B2G Requests, Cloud Switching](/artifacts/eu/data-act/faq.md): EU Data Act FAQ with practical answers grounded in official sources: when the Data Act applies (Article 50), direct vs indirect access. - [Penalties and Fines | EU Data Act Enforcement: Member State Penalties, GDPR-Linked Fines, Risk Controls](/artifacts/eu/data-act/penalties-and-fines.md): EU Data Act penalties and fines made practical: how Member States set penalties (Article 40), the criteria authorities must consider. - [Requirements | EU Data Act Obligations Explained: Chapter II Access, Chapter IV Unfair Terms, Chapter V B2G, Chapter VI Switching](/artifacts/eu/data-act/requirements.md): A structured EU Data Act requirements breakdown across Chapters II-VI: connected product data transparency and access workflows. - [Scope, Connected Products and Data Types | EU Data Act: Fair Access to Connected Product Data and Cloud Switching](/artifacts/eu/data-act/scope-connected-products-and-data-types.md): EU Data Act scope explained: connected products vs related services, product data vs related service data, readily available data. - [Trade Secrets and Protection | EU Data Act: Confidentiality Measures, Withholding Rules, Evidence Pack](/artifacts/eu/data-act/trade-secrets-and-protection.md): EU Data Act trade secrets protection made practical: how to identify trade secret fields before disclosure, how to agree confidentiality measures (NDAs. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/applicability-test