Artifact GuideEU

EU Data Act: Fair Access to Connected Product Data and Cloud Switching FAQ

Fast answers to the questions teams ask right before they ship (or get stuck).

Focus: dates, access workflows, trade secrets, B2G exceptional need, and cloud switching.

Back to main artifact Review sources

Author

Sorena AI

Published

Feb 23, 2026

Updated

Feb 23, 2026

Questions

Structured answer sets in this page tree.

Primary sources

Cited legal and guidance references.

Publication metadata

Sorena AI

Published Feb 23, 2026

Updated Feb 23, 2026

Overview

This FAQ focuses on implementation questions that cause real delays: what applies when, what data must be made available, how to design direct vs indirect access, how to coordinate with GDPR for mixed datasets, how trade secret safeguards work, how B2G requests are validated, and what Chapter VI cloud switching means for contracts and fees.

Question 1

When does the EU Data Act apply?

The Data Act applies from 12 September 2025. Article 50 also sets specific timing gates for certain obligations (for example, a connected-product design duty tied to products placed on the market after 12 September 2026) and clarifies how some contract-related rules apply based on contract dates.

Baseline application date: 12 September 2025 (Article 50)
Cloud switching charges: no switching charges from 12 January 2027 (Article 29)
Treat dates as release gates: scope memo -> contract remediation -> workflow launch -> evidence pack

Question 2

What is the difference between direct and indirect access?

The Commission's FAQs describe two patterns. Direct access means the user can access/port data via technical means without requesting the data holder each time. Indirect access means the user requests access via the data holder (e.g., a portal) and the data holder delivers the data.

Both can be compliant. The choice affects security, operational cost, and how you handle sensitive fields.

Direct access: lower operational load; higher product security responsibility
Indirect access: higher operational load; can simplify sensitive data minimisation and logging
Either way: build an auditable workflow (identity, decision, delivery, logs)

Question 3

What data is 'in scope' for Chapter II access rights?

Chapter II focuses on data generated by use of connected products and related services, including the metadata needed to interpret and use the data. Implementation depends on what is "readily available" for the data holder to provide.

Operationally, the scoping deliverable is a dataset manifest: fields, formats, metadata, and delivery method.

Define the dataset and metadata, not just the concept of "data"
Document extraction path and latency constraints (batch exports vs near real-time)
Keep a schema change log so exports stay consistent

Question 4

How does the EU Data Act interact with GDPR?

The Data Act does not replace GDPR. Many connected product datasets are mixed (personal + non-personal). When personal data is involved, GDPR principles still govern lawfulness, minimisation, transparency, and security.

The safest implementation is one workflow with two decision layers: Data Act eligibility + GDPR safeguards.

Classify data at field-level: personal vs non-personal and apply filters accordingly
Design recipient onboarding: verify third parties and require security + purpose commitments
Keep evidence: request logs, decision records, and delivery receipts

Question 5

Can we refuse access because parts of the dataset are trade secrets?

Trade secret protection is handled through safeguards, not blanket refusals. The Data Act expects confidentiality measures such as agreements, strict access protocols, and technical controls.

Withholding/suspension is a targeted mechanism when the necessary measures cannot be agreed or are breached.

Build a trade secret register and mark fields in dataset manifests
Require enforceable confidentiality + security measures before disclosure
If safeguards fail: use targeted withholding/suspension with a documented case file

Question 6

What is a B2G 'exceptional need' request and how do we validate it?

Chapter V allows certain public sector bodies (and EU bodies) to request data from private data holders only when an 'exceptional need' is demonstrated and the request is duly reasoned. Article 15 defines the exceptional need lanes.

Your intake workflow should validate: lane selection, completeness (Article 17), safeguards, and deadlines.

Two lanes: public emergency vs non-emergency statutory task (non-personal data only)
SME carve-out: the non-emergency lane does not apply to micro and small enterprises
Operational output: case file with minimisation, safeguards, delivery receipts, and deletion proof

Question 7

Do we get compensated for B2G requests?

Compensation depends on the lane. For public emergencies, the required data is provided free of charge. For non-emergency statutory tasks, data holders are entitled to fair compensation covering costs (including safeguards work) and a reasonable margin (Article 20).

Build a repeatable cost model so you can respond quickly and defend it.

Emergency: free of charge; you may request public acknowledgement
Non-emergency: fair compensation for technical/organisational costs plus margin
Disputes: requester can complain to the competent authority if it disagrees with compensation level

Question 8

What does Chapter VI require for cloud switching and exit?

Chapter VI requires providers of data processing services to remove switching obstacles and to support customer switching to another provider (same service type) or to on-prem infrastructure. Article 25 sets required contract terms and timing gates.

Even if you're only a customer, Chapter VI is a procurement checklist: require proof before renewal.

Contract gates: notice period <= 2 months; transition 30 days; retrieval >= 30 days
Transparency: online register of exportable data structures/formats and known limitations
Fees: reduced switching charges only until 12 Jan 2027; none from 12 Jan 2027

Question 9

What evidence should we keep to avoid disputes and reduce enforcement risk?

Most disputes are about what you delivered, under what authority, with what safeguards. Build an evidence pack that is generated automatically by your workflows.

Evidence is also procurement fuel: buyers increasingly ask for proof of exit readiness and switching posture.

Scope memo + role mapping per product line
Dataset manifests + schema change logs
Request logs + identity verification + delivery receipts
Trade secret safeguard agreements + technical control evidence
Cloud switching: contract clause matrix + online register snapshots + drill reports

Recommended next step

Use EU Data Act: Fair Access to Connected Product Data and Cloud Switching FAQ as a cited research workflow

Research Copilot can take EU Data Act: Fair Access to Connected Product Data and Cloud Switching FAQ from cited answers to recurring questions on this topic to a reusable workflow inside Sorena. Teams working on EU Data Act: Fair Access to Connected Product Data and Cloud Switching can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow

Open Research Copilot for EU Data Act: Fair Access to Connected Product Data and Cloud Switching FAQ

Start from EU Data Act: Fair Access to Connected Product Data and Cloud Switching FAQ and answer scope, timing, and interpretation questions with cited outputs.

Explore next step

Talk to Sorena

Talk through EU Data Act: Fair Access to Connected Product Data and Cloud Switching

Review your current process, evidence gaps, and next steps for EU Data Act: Fair Access to Connected Product Data and Cloud Switching FAQ.

Explore next step

Primary sources