---
title: "EU Data Act Article 36 Smart Contract Controls FAQ"
canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq/article-36-smart-contract-controls"
source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/article-36-smart-contract-controls"
author: "Sorena AI"
description: "FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires."
published_at: "2026-05-06"
updated_at: "2026-05-06"
keywords:
  - "EU Data Act"
  - "Regulation (EU) 2023/2854"
  - "Article 36"
  - "smart contracts"
  - "data-sharing agreements"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# EU Data Act Article 36 Smart Contract Controls FAQ

FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires.

*FAQ* *EU* *Data Act*

## EU Data Act Article 36 Smart Contract Controls FAQ

Article 36 is about essential requirements for smart contracts used to execute data-sharing agreements.

Use this FAQ to separate the required controls from broader blockchain claims: robustness, access control, interruption, archiving, continuity, consistency with the agreement, and conformity evidence.

Article 36 of Regulation (EU) 2023/2854 applies to smart contracts used in the context of executing a data-sharing agreement, or part of one, to make data available. It does not make a smart contract a substitute for contract law. It creates essential technical and conformity requirements for the vendor of an application using smart contracts, or where there is no vendor, the person deploying smart contracts for others in that context.

## When does EU Data Act Article 36 apply to a smart contract for Article 36 Smart Contract Controls implementation evidence?

Article 36 applies when a smart contract is used in the context of executing an agreement, or part of an agreement, to make data available. The trigger is not simply using blockchain, automation, or an electronic ledger. The trigger is the use of smart-contract functionality for execution of a data-sharing agreement covered by the Data Act context.

The first scoping check should name the agreement, the data being made available, the automated functions that execute the agreement, and whether the organization is the vendor of an application using smart contracts or the deployer for others where no vendor is present.

- Keep in scope: smart-contract logic that executes data-sharing terms or makes data available under the agreement.
- Do not treat every internal automation or in-house-only smart contract as automatically covered by this FAQ.
- Record whether the responsible party is the application vendor or, where no vendor exists, the person deploying smart contracts for others.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36 identifies the covered actors and the data-sharing-agreement context for smart contracts.

## What controls does Article 36 require for smart contracts used in data-sharing agreements under the Data Act?

The Data Act context is the starting point for this answer. Article 36 lists five essential requirements. The smart contract must be designed for robustness and access control; support safe termination and interruption; allow archiving and continuity when terminated or deactivated; be protected by rigorous governance-layer and smart-contract-layer access controls; and remain consistent with the terms of the data-sharing agreement it executes.

A useful control matrix should map each requirement to the relevant code version, governance permission, operational runbook, test evidence, and agreement clause. The evidence should show that the control exists before relying on the smart contract in the data-sharing workflow.

- Robustness: test for functional errors and manipulation attempts by third parties.
- Termination and interruption: define who can stop or reset operation and what mutual-consent condition applies under the agreement.
- Archiving and continuity: preserve transactional data, smart contract logic, and code needed to audit past operations.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36(1) lists the essential requirements for covered smart contracts.

## How should Article 36 access control be implemented and evidenced under the Data Act?

The Data Act context is the starting point for this answer. Article 36 mentions access control twice: first as part of robustness against errors and third-party manipulation, and again as a requirement for rigorous access control at both the governance and smart contract layers. That means access control should not be limited to wallet ownership or a single administrator key.

Evidence should show who can deploy, upgrade, pause, terminate, reset, or change parameters; how those permissions are approved; how privileged actions are logged; and how the same controls are reflected in the agreement and operating process.

- Governance layer: approvers, role assignment, segregation of duties, emergency authority, and change approval.
- Smart contract layer: privileged functions, key management, multi-party approval, event logs, and upgrade or pause controls.
- Review trigger: any change to agreement terms, deployer/vendor role, permission model, code version, or data route.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36 requires access control mechanisms and protection at governance and smart contract layers.

## What does Article 36 mean by safe termination and interruption under the Data Act?

The Data Act context is the starting point for this answer. Article 36 requires a mechanism to terminate continued execution of transactions and internal functions that can reset, stop, or interrupt operation, especially to avoid future accidental executions. This is a technical-control requirement, not a license for one party to rewrite the commercial bargain unilaterally.

Recital 104 adds an important limit: the requirement to ensure smart contracts can be interrupted and terminated implies mutual consent by the parties to the data-sharing agreement. The runbook should therefore connect technical stop functions to the agreement's approval path, notices, and evidence of consent.

- Define the exact functions that can stop, interrupt, reset, or prevent future execution.
- Tie each intervention to the contractual trigger and party approval process.
- Log the reason, authority, affected transactions, data availability impact, and restoration or archiving step.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36(1)(b) requires termination and interruption mechanisms; Recital 104 explains the mutual-consent context.

## What should teams archive when an Article 36 smart contract is terminated or deactivated under the Data Act?

The Data Act context is the starting point for this answer. Article 36 requires the possibility to archive transactional data, smart contract logic, and code where the smart contract must be terminated or deactivated, so that past operations on the data remain auditable. The archiving plan should be designed before deployment, because a terminated contract may no longer expose the same operational state.

The archive does not need to become a public dump of sensitive data. It should preserve enough evidence to reconstruct what the smart contract did, under which agreement version, with which permissions, and with which data-sharing transaction history, while respecting separate confidentiality, security, and data protection controls.

- Archive code version, deployed address or identifier, agreement version, configuration, and privileged-action logs.
- Preserve transaction records needed to audit past data-sharing operations.
- Document continuity steps for access, dispute handling, and evidence retention after deactivation.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36(1)(c) requires archiving of transactional data, smart contract logic, and code for auditability after termination or deactivation.

## Does Article 36 make the smart contract legally control the data-sharing agreement under the Data Act?

The Data Act context is the starting point for this answer. No. Article 36 requires consistency between the smart contract and the data-sharing agreement it executes, but Recital 104 says applicable civil, contractual, and consumer protection law remains unaffected by using smart contracts for automated execution. Teams should avoid saying that the code itself resolves legal rights, consent, liability, or contract interpretation.

The practical requirement is alignment. The code, interface, access permissions, termination mechanism, and archive record should match the agreed terms. If the written agreement changes, the smart contract control record should show whether code or configuration changes are needed before continued use.

- Do not describe Article 36 as creating self-enforcing legal validity for all agreement terms.
- Check that code paths and agreement clauses say the same thing about access, use conditions, interruption, and termination.
- Keep a traceable link between agreement versions, smart contract versions, and deployment approvals.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recital 104 limits overclaims about legal effects and Article 36(1)(e) requires consistency with the agreement.

## What conformity evidence does Article 36 require before deployment or use under the Data Act?

The Data Act context is the starting point for this answer. The vendor of a smart contract, or the deployer for others where there is no vendor, must perform a conformity assessment with a view to fulfilling the Article 36 essential requirements and issue an EU declaration of conformity when those requirements are fulfilled. Drawing up that declaration makes the actor responsible for compliance with the Article 36 essential requirements.

The evidence file should therefore be more than a security review. It should include the Article 36 requirement mapping, test results, access-control design, termination and interruption test evidence, archive plan, agreement-consistency review, version identifiers, approver sign-off, and the EU declaration of conformity.

- Create a requirement-by-requirement conformity checklist for Article 36(1)(a) through Article 36(1)(e).
- Attach evidence from engineering, security, product, and legal review rather than relying on a generic audit statement.
- Keep the EU declaration of conformity tied to the smart contract version and agreement context it covers.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36(2) and Article 36(3) set the conformity assessment, EU declaration, and responsibility rules.

## How do harmonised standards and common specifications affect Article 36 conformity under the Data Act?

The Data Act context is the starting point for this answer. Article 36 provides a presumption of conformity where a smart contract meets harmonised standards, or relevant parts of them, whose references are published in the Official Journal of the European Union, to the extent those standards cover the essential requirements. It also allows the Commission to adopt common specifications as a fallback where the listed conditions are met.

The wider Data Act standardisation work is active, but teams should not claim that a future or adjacent standard automatically proves Article 36 compliance. Use the Data Act text as the binding source, then track whether an Article 36 harmonised standard or common specification has been published and which requirement it covers.

- Treat harmonised standards as conformity support only for the Article 36 requirements they actually cover.
- Do not cite general data-space standards as proof of Article 36 smart-contract conformity unless the source covers Article 36.
- Maintain a standards watch entry for Official Journal references, common specifications, and affected smart contract versions.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36(4) to Article 36(10) explain harmonised standards, common specifications, and presumption of conformity.
- [CEN-CENELEC - Data Act standardization request accepted](https://www.cencenelec.eu/news-events/news/2025/brief-news/2025-07-11-data-act-standardization-request/?ref=sorena.io) - CEN-CENELEC describes broader accepted Data Act standardisation work for the European Trusted Data Framework.

## What should an Article 36 smart contract control record contain under the Data Act?

The Data Act context is the starting point for this answer. A practical record should let a reviewer understand scope, ownership, controls, and evidence without reconstructing the project from code comments. The record should identify the data-sharing agreement, the smart contract version, the responsible actor, each Article 36 requirement, the evidence used to assess it, and the declaration or standards basis relied on.

The record should also show what changed over time. Article 36 controls can become stale when agreement terms change, access roles are modified, a new deployer takes over, code is upgraded, termination functions are adjusted, or relevant standards or common specifications are published.

- Scope fields: agreement, data made available, parties, vendor or deployer role, contract version, and smart contract identifier.
- Control fields: robustness tests, access-control model, interruption and termination process, archive plan, and agreement-consistency review.
- Evidence fields: code version, test results, approvals, privileged-action logs, EU declaration of conformity, and standards or common-specification references.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36 supplies the essential-requirement headings that should structure an internal control and evidence record.

## What is the most common Article 36 mistake to avoid under the Data Act?

The Data Act context is the starting point for this answer. The common mistake is treating Article 36 as a blockchain policy page instead of a concrete conformity and control obligation for smart contracts executing data-sharing agreements. Generic statements about security, immutability, decentralisation, or automation do not answer the Article 36 questions.

A defensible answer identifies the covered agreement, responsible actor, exact smart contract functions, access-control layers, termination and interruption path, archive plan, agreement-consistency check, conformity assessment, and EU declaration status. It also avoids uncited claims about fines, effective dates, or legal effects that are not needed to answer the Article 36 control question.

- Avoid penalty numbers or deadline claims on this FAQ unless a cited source directly supports them.
- Avoid claiming that a smart contract can override the parties' agreement or applicable contract law.
- Avoid relying on future standards as current conformity proof unless their Official Journal or common-specification status is verified.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recitals 104 and 105 frame Article 36 as essential requirements and conformity evidence, not a broad blockchain-law rule.

## What Data Act source evidence should teams keep for the Article 36 Smart Contract Controls FAQ decision?

Keep the source evidence that shows why Article 36 applies and how the control decision was made. At a minimum, store the cited Data Act clause, the smart contract role identified by Article 36, the agreement version, the specific control tested, and the conformity evidence used to support the answer.

Also keep the decision date, the reviewer or approver, and the linked implementation artifact so future reviewers can see how the Article 36 control position was reached and whether the same conclusion still fits the current agreement and code version.

- Keep the cited Data Act source URL and the exact Article 36 requirement that was used.
- Keep the smart contract version, agreement version, and the evidence used for conformity assessment.
- Keep the reviewer or approver and the date of the decision so the record can be traced later.

## How should teams assign ownership for Data Act Article 36 Smart Contract Controls implementation work?

Assign one accountable owner for the Data Act Article 36 control record itself: the vendor of the smart contract or, where there is no vendor, the person deploying smart contracts for others in the context of executing the agreement. That owner should be responsible for the conformity assessment, the EU declaration of conformity, and the control record that links the smart contract to the agreement.

Other teams can contribute evidence, but the owner should be the person or function that can approve code, access control, interruption, archiving, and agreement changes. When responsibilities are split, keep the legal, product, security, and engineering contributors named separately so the accountable owner remains clear.

- Make the vendor or deployer the single accountable owner for the Article 36 control file.
- List legal, engineering, security, and product contributors as consulted teams, not as owners.
- Change ownership whenever the vendor or deployer role changes, or when the agreement and code move to a new operational owner.

## Primary sources

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Article 36 smart-contract scope, essential requirements, conformity assessment, EU declaration of conformity, harmonised standards, common specifications, and limits on overclaiming legal effects.
- [CEN-CENELEC - Data Act standardization request accepted](https://www.cencenelec.eu/news-events/news/2025/brief-news/2025-07-11-data-act-standardization-request/?ref=sorena.io) - Public standardisation context for the European Trusted Data Framework; used only as background, not as proof that an Article 36 harmonised standard is already available.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview for Data Act chapters, connected-product access, B2G requests, cloud switching, interoperability, and implementation support.

## Topic Guides

- [Data Act and Common European Data Spaces](/artifacts/eu/data-act/data-act-and-common-european-data-spaces.md): How Data Act Article 33 connects data-space participation with metadata, vocabularies, APIs, access terms, data quality, governance, and standards monitoring.
- [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md): FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows.
- [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md): FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing.
- [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md): FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries.
- [Data Act B2B Data-Sharing Contract Clauses](/artifacts/eu/data-act/b2b-data-sharing-contract-clauses.md): Clause guide for EU Data Act B2B data sharing: FRAND terms, compensation, trade secret safeguards, recipient limits, termination, logs, and GDPR boundaries.
- [Data Act B2B Data-Sharing Contract Template](/artifacts/eu/data-act/b2b-data-sharing-contract-template.md): A usable EU Data Act B2B data-sharing template outline covering access requests, data schedules, permitted use, trade secrets, security, compensation, GDPR boundaries, audit records, and termination.
- [Data Act B2G Exceptional-Need Requests](/artifacts/eu/data-act/b2g-exceptional-need-requests.md): A grounded guide to EU Data Act Chapter V requests from public bodies: exceptional need, public emergencies, request contents, limits, safeguards, costs, and records.
- [Data Act Cloud Switching Compliance Checklist](/artifacts/eu/data-act/cloud-switching-compliance-checklist.md): A grounded EU Data Act checklist for cloud and data processing service providers covering switching clauses, notices, export formats, charges, interoperability, and evidence.
- [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md): FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records.
- [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md): FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records.
- [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md): FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records.
- [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md): FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded.
- [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md): FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services.
- [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md): FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence.
- [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md): FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited.
- [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md): FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers.
- [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md): FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614.
- [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md): FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence.
- [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md): FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records.
- [Data Act Smart Contracts for Data Sharing](/artifacts/eu/data-act/smart-contracts-for-data-sharing.md): Data Act Article 36 smart contract guide for data-sharing agreements: scope, robustness, access control, termination, interruption, archiving, standards status, and conformity evidence.
- [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md): FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms.
- [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md): FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence.
- [Data Act Trade Secrets and Protection Measures](/artifacts/eu/data-act/trade-secrets-and-protection.md): Data Act guide for protecting trade secrets during access and sharing: classification, safeguards, refusal thresholds, notices, evidence records, and reviews.
- [Data Act Unfair Contractual Terms | Article 13 B2B Contract Review](/artifacts/eu/data-act/unfair-contractual-terms.md): Review B2B data-sharing clauses under EU Data Act Article 13: unilateral terms, always unfair examples, presumed unfair terms, model clauses, evidence, and remediation.
- [Data Act Vehicle Data Guidance](/artifacts/eu/data-act/vehicle-data-guidance.md): Commission-grounded guide to Data Act vehicle data access: connected vehicles, vehicle-related services, raw and pre-processed data, aftermarket use cases, access routes, safeguards, and GDPR boundaries.
- [Data Act vs GDPR: connected-product data access](/artifacts/eu/data-act/data-act-vs-gdpr.md): Compare EU Data Act connected-product access duties with GDPR personal-data rules: scope, roles, lawful basis, data subject rights, third-party sharing, trade secrets, and conflicts.
- [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md): FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation.
- [EU Data Act Applicability Test](/artifacts/eu/data-act/applicability-test.md): Check whether a product, related service, data holder, cloud service, data-space role, smart contract, or B2G request is in scope of the EU Data Act.
- [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md): FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain.
- [EU Data Act Article 3 Pre-Contract Information](/artifacts/eu/data-act/pre-contractual-information-obligations.md): What Article 3 of the EU Data Act requires before connected-product purchase, rent, lease, or related-service contracting: data categories, access, data holder identity, third-party sharing, complaints, and evidence.
- [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md): FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards.
- [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md): FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep.
- [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md): When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence.
- [EU Data Act Checklist for Product, Cloud, and Contract Teams](/artifacts/eu/data-act/checklist.md): A grounded EU Data Act checklist for connected-product data access, third-party sharing, B2G requests, cloud switching, unfair terms, smart contracts, personal data boundaries, evidence, and owners.
- [EU Data Act Cloud Switching and Exit Plans](/artifacts/eu/data-act/cloud-switching-and-exit-plans.md): A grounded EU Data Act guide for data processing service exit plans: switching contracts, exportable data, assistance, charges, interoperability, retrieval, erasure, and records.
- [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md): Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence.
- [EU Data Act Compliance Program](/artifacts/eu/data-act/compliance.md): Build a Data Act compliance program for connected-product data access, contracts, B2G requests, cloud switching, smart contracts, GDPR boundaries, records, and ownership.
- [EU Data Act Connected Product Scope and Data Types](/artifacts/eu/data-act/scope-connected-products-and-data-types.md): Classify EU Data Act connected products, related services, product data, related-service data, readily available data, metadata, and excluded derived outputs.
- [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md): FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope.
- [EU Data Act Data Processing Service Switching](/artifacts/eu/data-act/data-processing-services-switching.md): A grounded EU Data Act guide for provider and customer switching duties: exit assistance, exportable data, contract clauses, charges, interoperability, retrieval, and erasure.
- [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md): FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence.
- [EU Data Act deadlines and compliance calendar](/artifacts/eu/data-act/deadlines-and-compliance-calendar.md): A source-linked calendar for EU Data Act application dates, product design timing, contract remediation, cloud switching charges, response periods, standards work, and evidence records.
- [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md): FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act.
- [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md): FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible.
- [EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates](/artifacts/eu/data-act/faq.md): Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates.
- [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md): FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence.
- [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md): FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records.
- [EU Data Act Penalties and Enforcement](/artifacts/eu/data-act/penalties-and-fines.md): Grounded guide to Data Act penalties under Article 40, Member State enforcement, penalty factors, complaints, judicial remedies, and the GDPR enforcement boundary.
- [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md): FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries.
- [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md): FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs.
- [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md): FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics.
- [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md): FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply.
- [EU Data Act requirements](/artifacts/eu/data-act/requirements.md): Source-grounded EU Data Act requirements for connected-product data access, B2B sharing terms, B2G exceptional needs, cloud switching, smart contracts, interoperability, GDPR boundaries, and records.
- [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md): Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status.
- [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md): FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers.
- [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md): FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records.
- [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md): FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence.
- [EU Data Act User Access and Portability Rights](/artifacts/eu/data-act/access-rights-and-portability.md): Practical guide to EU Data Act user access, connected-product data portability, third-party sharing, trade secret safeguards, and the GDPR boundary.
- [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md): FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries.
- [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md): FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries.
- [EU Data Act vs Data Governance Act](/artifacts/eu/data-act/data-act-vs-data-governance-act.md): Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement.

*Recommended next step*

*Placement: after conformity evidence section*

## Operationalize Data Act Article 36 smart contract controls

Turn Article 36 into a smart contract control record that connects agreement terms, access controls, interruption functions, archive evidence, conformity assessment, and responsible owners.

- [Open Research Copilot](/solutions/research-copilot.md): Get cited answers on EU Data Act Article 36 and adjacent data-sharing obligations.
- [Discuss Article 36 controls](/contact.md): Review how Article 36 affects smart contract scope, controls, conformity evidence, and agreement alignment.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/data-act/faq/article-36-smart-contract-controls