ChecklistEUData Act

EU Data Act Implementation Checklist

Use this checklist to assign Data Act work across product, legal, procurement, security, engineering, support, and cloud teams.

The checklist is grounded in Regulation (EU) 2023/2854 and European Commission implementation material. It is an operational planning aid, supporting implementation planning and should be validated against jurisdiction-specific legal, contractual, and policy requirements before implementation.

Back to main artifactReview sources
Author
Sorena AI
Published
May 6, 2026
Updated
May 6, 2026
Sections
9

Structured answer sets in this page tree.

Primary sources
4

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 6, 2026
Updated May 6, 2026
Overview

This checklist turns the EU Data Act into concrete implementation workstreams: scope and ownership, connected-product access, user-selected third-party sharing, B2G exceptional-need requests, cloud switching, contract review, smart contracts, personal data boundaries, and evidence.

Section 1

Data Act 1. Map actor roles and ownership before assigning controls

Start with a role map because the Data Act applies to different actors in different chapters. A connected-product manufacturer, related-service provider, data holder, user, data recipient, cloud provider, public-sector requester, data-space participant, or smart-contract vendor will not have the same checklist items.

Record the EU nexus, product or service family, legal entity, accountable owner, reviewer, and escalation path for every workstream. Where an entity offers connected products or services in the Union but is not established there, flag the legal-representative requirement for legal review.

  • List each connected product, related service, data processing service, data-space role, and smart-contract deployment that may fall in scope.
  • Classify each entity as manufacturer, provider, user, data holder, data recipient, cloud customer, cloud source provider, destination provider, public-sector requester, or smart-contract vendor or deployer.
  • Assign one internal owner for each chapter-level workstream: product access, third-party sharing, B2B terms, B2G requests, cloud switching, interoperability, smart contracts, complaints, and evidence.
  • Keep a separate review flag for personal data, trade secrets, security requirements, intellectual-property exclusions, sector-specific rules, and non-EU establishment.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Article 1 identifies the actor categories covered by the regulation, including manufacturers, users, data holders, recipients, public-sector bodies, cloud providers, data-space participants, and smart-contract vendors.
European Commission - Data Act explained
The Commission explainer groups the Data Act into the operational chapters used for this checklist: IoT data access, B2B sharing, unfair terms, B2G sharing, switching, third-country access, interoperability, and enforcement.
Section 3

Data Act 3. Build user access and pre-contract information controls

Product and related-service teams should treat user access as a design and disclosure requirement, not only as a support process. The checklist should require a tested route for users to access or retrieve data and a pre-contract information record that explains what the product or service can generate.

Where data cannot be directly accessed by the user, the data holder should provide the readily available data and relevant metadata in the required quality and format through a simple electronic request route where technically feasible.

  • Verify product and related-service design for easy, secure, free, comprehensive, structured, commonly used, machine-readable access, and direct access where relevant and technically feasible.
  • Add pre-contract disclosures for type, format, estimated volume, continuous or real-time generation, storage location, retention, access, retrieval, erasure, data-holder identity, contact route, third-party sharing route, complaint right, trade-secret status, and contract duration.
  • Test the request workflow with representative users and record response evidence, delivery format, metadata, identity checks, security controls, and logs retained only as necessary.
  • Create written refusal, withholding, or suspension templates for security-law restrictions, trade-secret safeguards, and exceptional trade-secret harm cases.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Articles 3 and 4 set the user access design, pre-contract information, request, format, security, trade-secret, and personal-data conditions for connected-product and related-service data.
European Commission - Data Act explained
The Commission explainer states that users should be able to request access through a simple process and that data holders must provide information on data types generated by the product or service.
Section 4

Data Act 4. Control user-selected third-party sharing for implementation evidence and owner review

The checklist should separate direct user access from data-holder delivery to a user-selected third party. Third-party sharing needs eligibility checks, purpose controls, trade-secret safeguards, personal-data checks, and recipient restrictions before the data is released.

A third party can use the data only for the purpose and conditions agreed with the user. The checklist should make prohibited uses visible, especially profiling beyond the requested service, onward sharing without the required contract and safeguards, sharing to Digital Markets Act gatekeepers, competing connected-product development, and use that harms product or service security.

  • Create an intake route for requests made by the user or a party acting on behalf of the user, including the third party identity and agreed purpose.
  • Screen third parties for gatekeeper status, necessary verification information only, security constraints, trade-secret measures, and personal-data legal basis where the user is not the data subject.
  • Contractually restrict the recipient to the agreed purpose, required erasure, permitted onward sharing, trade-secret safeguards, no competing connected-product development, and no adverse security impact.
  • Record each delivery, refusal, suspension, user challenge, recipient challenge, competent-authority notification, and dispute-settlement referral.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Articles 5 and 6 govern user-selected third-party access, gatekeeper exclusions, recipient obligations, prohibited uses, trade-secret measures, and challenge routes.
European Commission - Data Act explained
The Commission explainer confirms that users may ask the data holder to share data with a third party of their choice, excluding Digital Markets Act gatekeepers.
Recommended next step

Turn the checklist into assigned Data Act work

Use the checklist as an evidence tracker for product data access, third-party sharing, B2G intake, cloud switching, contract remediation, smart contracts, and privacy boundaries.

Research workflow
Open Research Copilot

Answer Data Act scope, contract, access, and evidence questions with cited outputs.

Explore next step
Talk to Sorena
Talk through implementation

Review your product scope, cloud contracts, access workflows, and evidence model.

Explore next step
Section 5

Data Act 5. Preserve personal data, security, and trade-secret boundaries

The Data Act does not supersede GDPR, ePrivacy, or other privacy rules. If the user is not the data subject, personal data should not be released to the user or a third party unless a valid data-protection basis and any special-category or terminal-equipment conditions are satisfied.

Trade secrets and security restrictions should be handled as documented exceptions, not informal blockers. The checklist should require objective justification, written notice, competent-authority notification where required, and a route for users or third parties to challenge the decision.

  • Classify each field as personal data, non-personal data, mixed data, trade secret, security-sensitive data, inferred or derived data, or out-of-scope content.
  • For personal data, record the GDPR Article 6 basis, any Article 9 condition, any ePrivacy terminal-equipment issue, data-subject relationship, anonymisation or pseudonymisation decision, and supervisory-authority escalation where needed.
  • For trade secrets, identify the trade-secret holder, protected data and metadata, confidentiality measures, access protocols, contractual measures, technical standards, and reasons for withholding, suspending, or refusing.
  • For security limits, cite the EU or national security requirement, describe the serious adverse health, safety, or security effect, and keep the notification and challenge record.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Article 1 preserves EU and national data-protection and privacy law; Articles 4 and 5 set personal-data, security, and trade-secret limits for user and third-party access.
European Commission - Data Act explained
The Commission explainer confirms GDPR compatibility, valid legal basis requirements where the user is not the data subject, and confidentiality measures for trade secrets.
Section 6

Data Act 6. Prepare B2G exceptional-need request handling for implementation evidence and owner review

B2G handling needs a dedicated intake process because public-sector, Commission, ECB, and Union-body requests must demonstrate an exceptional need and satisfy detailed request criteria. Treat each request as a legal, security, data, and operations matter.

The checklist should distinguish public emergency requests from non-emergency exceptional-need requests. It should also require controls for personal data, trade secrets, compensation, reuse limits, erasure, data-holder refusal or modification, and cross-border competent-authority routing.

  • Require the requester to specify the data and metadata, exceptional need, public-interest task, legal provision, intended use, duration, erasure timing, third-party sharing, deadline, and data-holder selection rationale.
  • Check that requests are written, clear, specific, proportionate, limited to data under the holder's control, protective of trade secrets, and focused on non-personal data unless personal data is necessary for a public emergency.
  • Build internal clocks for refusing or seeking modification: five working days for public-emergency data requests and 30 working days for other exceptional-need requests.
  • Record whether data is provided free of charge for public-emergency requests, whether compensation is available for non-emergency requests, and whether micro or small enterprise limits affect the obligation.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Articles 14 to 22 set the exceptional-need basis, request contents, refusal or modification timing, personal-data handling, trade-secret protection, compensation, sharing, erasure, and cooperation rules for B2G requests.
European Commission - Data Act explained
The Commission explainer confirms that B2G requests apply in public emergencies and limited non-emergency situations, with strict principles for specificity, transparency, proportionality, trade secrets, and deletion.
Section 7

Data Act 7. Remediate B2B data terms and unfair contract terms

Contract review should cover both mandatory B2B data-sharing arrangements and unilaterally imposed terms concerning data access, use, liability, remedies, and termination. The checklist should not treat a standard procurement template as sufficient without clause-level review.

For mandatory B2B sharing, terms should be fair, reasonable, non-discriminatory, and transparent. For unilaterally imposed terms, identify clauses that are always unfair, presumed unfair, or severable, and preserve evidence of negotiation attempts.

  • Review data-sharing terms for access scope, use purpose, format, delivery method, transparency, non-discrimination, compensation basis, trade-secret limits, remedies, termination, and user-right preservation.
  • Flag terms that exclude intentional or gross negligence liability, remove remedies for non-performance, or give one party exclusive power to decide conformity or interpret the contract.
  • Flag presumed-unfair terms that inappropriately limit remedies, harm legitimate interests through data use, prevent use or copying of generated data, block reasonable termination, terminate at unreasonably short notice, or allow unjustified unilateral changes.
  • Use Commission model contractual terms and cloud SCCs only as voluntary drafting support, with legal review for the specific relationship and consumer-protection additions where relevant.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Articles 8, 9, 12, and 13 support contract checklist items for B2B data sharing, compensation, non-discrimination, transparency, and unfair unilaterally imposed terms.
European Commission - Model contractual terms and cloud SCCs
The Commission page explains that model contractual terms cover data-holder, user, and data-recipient relationships, and that cloud SCCs translate switching, termination, security, and business-continuity provisions into optional clauses.
Section 8

Data Act 8. Implement cloud switching and interoperability controls

Cloud and edge providers should maintain a switching checklist for contracts, public information, technical export, business continuity, security, and customer support. Customers should use the same checklist to review source-provider and destination-provider obligations before signing or switching.

The workstream should cover exportable data and digital assets, service-type scope, functional equivalence where applicable, notice, transition, retrieval, erasure, switching charges, known technical limits, open interfaces, online registers, and third-country government access transparency for non-personal data.

  • Add written contract clauses for switching on request, reasonable assistance, business continuity, security during transfer and retrieval, maximum notice, transitional period, retrieval period, erasure, and switching charges.
  • Publish or maintain customer-accessible information on switching procedures, porting methods, formats, restrictions, technical limitations, data structures, data formats, standards, and open interoperability specifications.
  • For infrastructure services, document reasonable measures, information, documentation, support, and tools used to facilitate functional equivalence after switching to the same service type.
  • Track switching-charge status, including reduced charges only for directly linked costs before the withdrawal date and no switching charges from 12 January 2027.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Articles 23 to 31 set cloud switching, contract, information, good-faith, charge, technical, and special-regime requirements; Articles 34 and 35 address in-parallel use and interoperability of data processing services.
European Commission - Data Act explained
The Commission explainer summarises cloud and edge switching requirements, open interfaces, machine-readable export, functional equivalence, and removal of switching and egress charges.
Section 9

Data Act 9. Check smart contracts, evidence, and review records

If smart contracts automate all or part of a data-sharing agreement, the checklist should include the Data Act's essential requirements and conformity evidence. This is separate from ordinary API access, contract drafting, or workflow automation that does not deploy a smart contract for executing a data-sharing agreement.

Close each checklist item with evidence that can be reviewed later: source rule, product or service scope, decision, owner, reviewer, control, test result, contract clause, request log, refusal notice, notification, or remediation ticket.

  • For smart contracts, verify robustness, access control, safe termination and interruption, archiving, continuity, governance-layer access control, consistency with the data-sharing agreement, conformity assessment, and EU declaration of conformity.
  • Keep evidence for product access tests, pre-contract disclosures, third-party request handling, personal-data basis, trade-secret measures, B2G request responses, cloud switching tests, contract clause review, and complaint or dispute handling.
  • Use review triggers for new products, related-service changes, data-field changes, export format changes, cloud architecture changes, contract template updates, guidance updates, standards publications, security-law changes, and enforcement feedback.
  • Do not close an item with a policy assertion alone; require a named evidence artifact and a reviewer who can verify it against the Data Act source.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Article 36 sets essential requirements, conformity assessment, and declaration obligations for smart contracts used to execute data-sharing agreements; Article 37 supports complaint and enforcement evidence records.
European Commission - Data Act FAQ publication page
The Commission FAQ publication page identifies the FAQs, legal helpdesk, model terms, and guidance as implementation support material that teams can monitor for review triggers.
Primary sources

References and citations

European Commission - Data Act explained
digital-strategy.ec.europa.eu
Referenced sections
  • The Commission explainer summarises cloud and edge switching requirements, open interfaces, machine-readable export, functional equivalence, and removal of switching and egress charges.
European Commission - Data Act FAQ publication page
digital-strategy.ec.europa.eu
Referenced sections
  • The Commission FAQ publication page identifies the FAQs, legal helpdesk, model terms, and guidance as implementation support material that teams can monitor for review triggers.
European Commission - Model contractual terms and cloud SCCs
digital-strategy.ec.europa.eu
Referenced sections
  • The Commission page explains that model contractual terms cover data-holder, user, and data-recipient relationships, and that cloud SCCs translate switching, termination, security, and business-continuity provisions into optional clauses.
Regulation (EU) 2023/2854 (Data Act)
eur-lex.europa.eu
Referenced sections
  • Article 36 sets essential requirements, conformity assessment, and declaration obligations for smart contracts used to execute data-sharing agreements; Article 37 supports complaint and enforcement evidence records.
Related guides

Explore more topics

Data Act and Common European Data Spaces
How Data Act Article 33 connects data-space participation with metadata, vocabularies, APIs, access terms, data quality, governance, and standards monitoring.
Data Act and Data Governance Act Overlap FAQ
FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows.
Data Act and GDPR Personal Data Overlap FAQ
FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing.
Data Act Audit Evidence And Request Logs FAQ
FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries.
Data Act B2B Data-Sharing Contract Clauses
Clause guide for EU Data Act B2B data sharing: FRAND terms, compensation, trade secret safeguards, recipient limits, termination, logs, and GDPR boundaries.
Data Act B2B Data-Sharing Contract Template
A usable EU Data Act B2B data-sharing template outline covering access requests, data schedules, permitted use, trade secrets, security, compensation, GDPR boundaries, audit records, and termination.
Data Act B2G Exceptional-Need Requests
A grounded guide to EU Data Act Chapter V requests from public bodies: exceptional need, public emergencies, request contents, limits, safeguards, costs, and records.
Data Act Cloud Switching Compliance Checklist
A grounded EU Data Act checklist for cloud and data processing service providers covering switching clauses, notices, export formats, charges, interoperability, and evidence.
Data Act Cloud Switching Contract Terms FAQ
FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records.
Data Act Cloud Switching Fees And Deadlines FAQ
FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records.
Data Act Complaints and Dispute Settlement FAQ
FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records.
Data Act Exportable Data and Metadata FAQ
FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded.
Data Act FAQ for Aftermarket Repair and Mobility Services
FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services.
Data Act Functional Equivalence FAQ
FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence.
Data Act Indirect Access Request Flows FAQ
FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited.
Data Act International Government Access FAQ
FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers.
Data Act Interoperability Standards FAQ
FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614.
Data Act Model Contractual Terms FAQ
FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence.
Data Act Public Emergency Requests FAQ
FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records.
Data Act Smart Contracts for Data Sharing
Data Act Article 36 smart contract guide for data-sharing agreements: scope, robustness, access control, termination, interruption, archiving, standards status, and conformity evidence.
Data Act SME Exceptions and Startups FAQ
FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms.
Data Act Trade Secret Technical Protection Measures FAQ
FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence.
Data Act Trade Secrets and Protection Measures
Data Act guide for protecting trade secrets during access and sharing: classification, safeguards, refusal thresholds, notices, evidence records, and reviews.
Data Act Unfair Contractual Terms | Article 13 B2B Contract Review
Review B2B data-sharing clauses under EU Data Act Article 13: unilateral terms, always unfair examples, presumed unfair terms, model clauses, evidence, and remediation.
Data Act Vehicle Data Guidance
Commission-grounded guide to Data Act vehicle data access: connected vehicles, vehicle-related services, raw and pre-processed data, aftermarket use cases, access routes, safeguards, and GDPR boundaries.
Data Act vs GDPR: connected-product data access
Compare EU Data Act connected-product access duties with GDPR personal-data rules: scope, roles, lawful basis, data subject rights, third-party sharing, trade secrets, and conflicts.
EU Data Act and Common European Data Spaces FAQ
FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation.
EU Data Act Applicability Test
Check whether a product, related service, data holder, cloud service, data-space role, smart contract, or B2G request is in scope of the EU Data Act.
EU Data Act Application Dates And Transition FAQ
FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain.
EU Data Act Article 3 Pre-Contract Information
What Article 3 of the EU Data Act requires before connected-product purchase, rent, lease, or related-service contracting: data categories, access, data holder identity, third-party sharing, complaints, and evidence.
EU Data Act Article 36 Smart Contract Controls FAQ
FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires.
EU Data Act B2B Data Sharing Compensation FAQ
FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards.
EU Data Act B2G Compensation and Costs FAQ
FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep.
EU Data Act B2G Exceptional Need FAQ
When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence.
EU Data Act Cloud Switching and Exit Plans
A grounded EU Data Act guide for data processing service exit plans: switching contracts, exportable data, assistance, charges, interoperability, retrieval, erasure, and records.
EU Data Act Cloud Switching Procurement FAQ
Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence.
EU Data Act Compliance Program
Build a Data Act compliance program for connected-product data access, contracts, B2G requests, cloud switching, smart contracts, GDPR boundaries, records, and ownership.
EU Data Act Connected Product Scope and Data Types
Classify EU Data Act connected products, related services, product data, related-service data, readily available data, metadata, and excluded derived outputs.
EU Data Act Connected Product Scope FAQ
FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope.
EU Data Act Data Processing Service Switching
A grounded EU Data Act guide for provider and customer switching duties: exit assistance, exportable data, contract clauses, charges, interoperability, retrieval, and erasure.
EU Data Act data spaces interoperability FAQ
FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence.
EU Data Act deadlines and compliance calendar
A source-linked calendar for EU Data Act application dates, product design timing, contract remediation, cloud switching charges, response periods, standards work, and evidence records.
EU Data Act Direct Access by Design FAQ
FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act.
EU Data Act Enforcement And Competent Authorities FAQ
FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible.
EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates
Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates.
EU Data Act Non-Emergency Public-Sector Requests FAQ
FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence.
EU Data Act Non-Personal Data and Mixed Datasets FAQ
FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records.
EU Data Act Penalties and Enforcement
Grounded guide to Data Act penalties under Article 40, Member State enforcement, penalty factors, complaints, judicial remedies, and the GDPR enforcement boundary.
EU Data Act Pre-Contractual Information FAQ
FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries.
EU Data Act Product Data vs Related Service Data FAQ
FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs.
EU Data Act Readily Available Data FAQ
FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics.
EU Data Act Related Services FAQ
FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply.
EU Data Act requirements
Source-grounded EU Data Act requirements for connected-product data access, B2B sharing terms, B2G exceptional needs, cloud switching, smart contracts, interoperability, GDPR boundaries, and records.
EU Data Act Smart Contracts for Data Sharing FAQ
Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status.
EU Data Act Third-Party Data Sharing FAQ
FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers.
EU Data Act Trade Secret Safeguards FAQ
FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records.
EU Data Act Unfair Contractual Terms FAQ
FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence.
EU Data Act User Access and Portability Rights
Practical guide to EU Data Act user access, connected-product data portability, third-party sharing, trade secret safeguards, and the GDPR boundary.
EU Data Act Users, Data Holders, and Recipients FAQ
FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries.
EU Data Act Vehicle Data Guidance FAQ
FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries.
EU Data Act vs Data Governance Act
Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement.