--- title: "EU Data Act Checklist" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/checklist" source_url: "https://www.sorena.io/artifacts/eu/data-act/checklist" author: "Sorena AI" description: "A comprehensive EU Data Act checklist organized by roles and chapters: Chapter II connected product data access (direct vs indirect access)." published_at: "2026-02-23" updated_at: "2026-02-23" keywords: - "EU Data Act checklist" - "EU Data Act compliance checklist" - "Data Act Chapter II checklist" - "Data Act B2B sharing checklist Chapter III" - "unfair terms checklist Article 13" - "B2G exceptional need checklist Chapter V" - "cloud switching checklist Chapter VI" - "EU Data Act evidence checklist" - "EU compliance" - "data-act compliance" - "checklist" - "IoT data access" - "cloud switching" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act Checklist A comprehensive EU Data Act checklist organized by roles and chapters: Chapter II connected product data access (direct vs indirect access). *Artifact Guide* *EU* ## EU Data Act: Fair Access to Connected Product Data and Cloud Switching Checklist An evidence-first implementation checklist across Chapters II-VI. Use this to drive delivery: scope decisions, contracts, access workflows, cloud switching, and B2G readiness. Use this checklist to run EU Data Act implementation like a delivery program. It's organized by chapter and by the workstream that actually owns the outcome (product/engineering/security/legal/procurement/finance). The goal is not to "be compliant in theory"-it's to ship workflows, contract terms, and evidence that stand up in disputes and audits. ## 0) Scope and ownership (do this once per product line) Start with a scope memo per product line and per contract type. If you don't define the dataset and the data holder, you will build the wrong workflow. Make ownership explicit: most failures are cross-functional gaps. - Chapter mapping: which chapters apply (II-VI) and why, per scenario - Role mapping: user, data holder, data recipient, third party; cloud provider vs customer - Dataset definition: what is 'readily available', including metadata, format, and delivery method - Ownership map: product/engineering/security/legal/procurement/finance owners per obligation ## 1) Chapter II - connected product data access and portability Chapter II is the user-facing layer: transparency before purchase and an operational access/portability workflow (direct or indirect access). Treat this as a product feature with security and audit trails. - Transparency content: what data is generated and how access works (pre-contract) - Access workflow: direct access vs indirect request portal; identity verification and SLAs - Third-party sharing: onboarding requirements and secure delivery path - GDPR coordination: personal vs non-personal filtering and lawful basis approach - Evidence: request logs, dataset manifests, delivery receipts, and security controls ## 2) Chapter III - B2B data sharing operations For B2B sharing, the contract must be executable. Scope disputes and trade secrets are the common failure points. Build repeatable packaging: dataset manifest, confidentiality protocol, and billing mechanics. - Contract annexes: dataset manifest (schema/formats/metadata), security protocol, and SLA - Compensation model: cost drivers, fee schedule, invoice transparency, dispute handling - Trade secret safeguards: classification and enforceable confidentiality measures - Security controls: access control model, monitoring, incident response - Evidence: exports samples, change logs, security evidence, and billing audit trail ## 3) Chapter IV - unfair contractual terms risk (Article 13) Article 13 can make unilaterally imposed unfair terms non binding. Treat this as a contract hygiene project, especially for click through B2B terms and platform contracts. Document negotiation for key terms to reduce "unilaterally imposed" exposure. - Audit: identify unilaterally imposed terms on data access/use and liability/remedies - Remove red flags: exclusive interpretation rights, extreme remedy limits, one-sided termination traps - Preserve balance: reasonable termination rights and access to copies of generated/provided data - Evidence: clause matrix, negotiation trail, and remediation releases ## 4) Chapter V - B2G exceptional need readiness Chapter V is rare but urgent when it happens. Build a triage workflow now: exceptional need validation, minimisation, safeguards, and compensation logic. Treat each request as a case file with immutable logs. - Intake checklist: Article 15 lane (emergency vs non-emergency), SME carve-out check, legal basis - Article 17 request completeness: data + metadata, purpose, duration, erasure, safeguards, deadlines - Safeguards: trade secret marking, GDPR controls, secure transfer, access restrictions - Compensation model (Article 20): cost calculation and margin where applicable - Evidence: request packet, decision memo, dataset manifest, delivery receipts, deletion proof ## 5) Chapter VI - cloud switching and exit readiness Chapter VI is both compliance and procurement. Providers must remove switching obstacles; customers should require proof before renewing contracts. Treat it as a controlled exit plan per service type. - Article 25 contract clauses: notice period = 30 days - Article 26 online register: exportable data schemas/formats/standards + known limitations - Article 28 disclosures: jurisdiction + measures against conflicting international access - Article 29 charges: reduced charges only until 12 Jan 2027; none from 12 Jan 2027 - Evidence: switching runbook, drill reports, register snapshots, and billing controls ## 6) The minimum evidence pack (what to keep ready for disputes and audits) EU Data Act compliance becomes an evidence problem under pressure: a dispute with a counterparty, a regulator inquiry, or a procurement request. Keep the minimum pack ready and current. - Scope memo + role mapping per product line - Dataset manifests and schema change logs - Access workflow logs and delivery receipts (direct/indirect access) - Contract clause matrices (Chapter III/IV/VI) and remediation releases - Security evidence: access controls, encryption, monitoring, incident response - Switching and B2G case file templates + completed drill artifacts *Recommended next step* *Placement: after the checklist block* ## Turn EU Data Act: Fair Access to Connected Product Data and Cloud Switching Checklist into an operational assessment Assessment Autopilot can take EU Data Act: Fair Access to Connected Product Data and Cloud Switching Checklist from turning this checklist into an operational workflow to a reusable workflow inside Sorena. Teams working on EU Data Act: Fair Access to Connected Product Data and Cloud Switching can keep owners, evidence, and next steps aligned without copying this guide into separate documents. - [Open Assessment Autopilot for EU Data Act: Fair Access to Connected Product Data and Cloud Switching Checklist](/solutions/assessment.md): Start from EU Data Act: Fair Access to Connected Product Data and Cloud Switching Checklist and turn the guidance into owned tasks, evidence requests, and review checkpoints. - [Talk through EU Data Act: Fair Access to Connected Product Data and Cloud Switching](/contact.md): Review your current process, evidence gaps, and next steps for EU Data Act: Fair Access to Connected Product Data and Cloud Switching Checklist. ## Primary sources - [Regulation (EU) 2023/2854 (Data Act) - Official Journal (ELI)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding obligations across Chapters II-VI, including Article 13 unfair terms, Chapter V exceptional need, and Chapter VI cloud switching. - [European Commission - Data Act FAQs (library page)](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-frequently-asked-questions-about-data-act?ref=sorena.io) - Implementation clarifications (direct vs indirect access, portability framing, trade secrets safeguards). ## Related Topic Guides - [Access Rights and Portability | EU Data Act: Fair Access to Connected Product Data and Cloud Switching](/artifacts/eu/data-act/access-rights-and-portability.md): EU Data Act access rights and portability (Chapter II) made practical: direct vs indirect access, "readily available" data. - [Applicability Test | EU Data Act: Connected Products, B2B Data Sharing, B2G Exceptional Need, Cloud Switching](/artifacts/eu/data-act/applicability-test.md): A practical EU Data Act applicability test you can run in 15 minutes: determine if Chapter II IoT access rights apply (connected products + related services). - [B2B Data Sharing Contract Clauses | EU Data Act: Mandatory Sharing, Unfair Terms, Trade Secrets](/artifacts/eu/data-act/b2b-data-sharing-contract-clauses.md): EU Data Act contract clauses for B2B data sharing made practical: clause library for Chapter III access/use (purpose limits, compensation, security. - [B2B Data Sharing Contract Template | EU Data Act: Data Access and Use Agreement (Drafting Checklist)](/artifacts/eu/data-act/b2b-data-sharing-contract-template.md): A practical EU Data Act-aligned B2B data sharing contract template: sections, annexes, and drafting checklist for dataset definition, permitted use. - [B2G Exceptional Need Requests | EU Data Act: Public Emergency Data Requests, Safeguards, Compensation](/artifacts/eu/data-act/b2g-exceptional-need-requests.md): EU Data Act Chapter V B2G 'exceptional need' requests made practical. - [Cloud Switching and Exit Plans | EU Data Act Chapter VI: Switch Providers, Port Data, Remove Egress Barriers](/artifacts/eu/data-act/cloud-switching-and-exit-plans.md): EU Data Act Chapter VI cloud switching made practical: Article 23 obstacle removal, Article 25 required contract terms (max 2-month notice, 30-day transition. - [Cloud Switching Compliance Checklist | EU Data Act Chapter VI: Contracts, Exportable Data, Fees, Transparency](/artifacts/eu/data-act/cloud-switching-compliance-checklist.md): A detailed EU Data Act Chapter VI cloud switching compliance checklist: Article 25 contract terms (max notice period, 30-day transition, retrieval period). - [Compliance Program | EU Data Act Implementation Playbook: Governance, Controls, Evidence, Operating Cadence](/artifacts/eu/data-act/compliance.md): Turn the EU Data Act into an implementation program: chapter scoping, roles and ownership, product workflows for Chapter II access. - [Deadlines and Compliance Calendar | EU Data Act](/artifacts/eu/data-act/deadlines-and-compliance-calendar.md): Plan EU Data Act delivery with real dates: Regulation applies from 12 Sep 2025. - [EU Data Act vs GDPR | Differences, Overlap, Portability, Lawful Basis, Implementation Playbook](/artifacts/eu/data-act/data-act-vs-gdpr.md): EU Data Act vs GDPR made practical: how Chapter II access/portability for connected product data differs from GDPR data subject rights. - [FAQ | EU Data Act Explained: Key Dates, Access Rights, Trade Secrets, B2G Requests, Cloud Switching](/artifacts/eu/data-act/faq.md): EU Data Act FAQ with practical answers grounded in official sources: when the Data Act applies (Article 50), direct vs indirect access. - [Penalties and Fines | EU Data Act Enforcement: Member State Penalties, GDPR-Linked Fines, Risk Controls](/artifacts/eu/data-act/penalties-and-fines.md): EU Data Act penalties and fines made practical: how Member States set penalties (Article 40), the criteria authorities must consider. - [Requirements | EU Data Act Obligations Explained: Chapter II Access, Chapter IV Unfair Terms, Chapter V B2G, Chapter VI Switching](/artifacts/eu/data-act/requirements.md): A structured EU Data Act requirements breakdown across Chapters II-VI: connected product data transparency and access workflows. - [Scope, Connected Products and Data Types | EU Data Act: Fair Access to Connected Product Data and Cloud Switching](/artifacts/eu/data-act/scope-connected-products-and-data-types.md): EU Data Act scope explained: connected products vs related services, product data vs related service data, readily available data. - [Trade Secrets and Protection | EU Data Act: Confidentiality Measures, Withholding Rules, Evidence Pack](/artifacts/eu/data-act/trade-secrets-and-protection.md): EU Data Act trade secrets protection made practical: how to identify trade secret fields before disclosure, how to agree confidentiality measures (NDAs. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/checklist