FAQEUData Act

EU Data Act B2G exceptional need FAQ

When can a public-sector body request data from a business under Chapter V of the EU Data Act?

Use this FAQ to check emergency and non-emergency conditions, request contents, response limits, confidentiality, trade secrets, compensation, and evidence.

Back to main artifactReview sources
Author
Sorena AI
Published
May 6, 2026
Updated
May 6, 2026
Questions
13

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 6, 2026
Updated May 6, 2026
Overview

Chapter V of Regulation (EU) 2023/2854 lets public-sector bodies, the Commission, the European Central Bank, and Union bodies request data from legal-person data holders only where an exceptional need is demonstrated. The request must be limited, reasoned, transparent, and tied to a public-interest task; it is not a general shortcut for public access to private data.

Search this module

Find a question or answer quickly

13 of 13 questions
Question 1

When does the EU Data Act allow a public-sector body to request business-held data because of an exceptional need?

The EU Data Act allows a Chapter V request only where the requesting public body or EU institution demonstrates an exceptional need to use certain data, including metadata needed to interpret and use it, for a statutory public-interest task. The need must be limited in time and scope.

There are two routes. For a public emergency, the requested data must be necessary to respond to that emergency and unavailable by alternative means in a timely and effective way under equivalent conditions. Outside a public emergency, the request is limited to non-personal data, must support a specific public-interest task explicitly provided by law, and can be used only after other means to obtain the data have been exhausted.

  • Emergency route: necessary data for response to a declared or determined public emergency, including natural disasters, pandemics, or major cybersecurity incidents.
  • Non-emergency route: specific non-personal data needed for a public-interest task such as official statistics or mitigation of or recovery from a public emergency.
  • Not enough: a broad policy interest, routine procurement preference, repeated reporting demand, or request that can be satisfied from public databases, voluntary provision, existing obligations, or market purchase under equivalent conditions.
Citations
Regulation (EU) 2023/2854 (Data Act)

Articles 14 and 15 define the exceptional-need obligation, including the public-emergency route and the separate non-emergency route for non-personal data.

Recommended next step

Review the Data Act B2G Exceptional Need FAQ

Turn the Data Act b2g exceptional need FAQ into a source-linked scope note, owner decision, implementation action, and evidence record.

Research workflow
Open Research Copilot

Check the Data Act b2g exceptional need question against cited legal and Commission sources.

Explore next step
Talk to Sorena
Discuss Data Act B2G Exceptional Need

Review the scope, source evidence, owners, and implementation records before changing product, contract, cloud, or request workflows.

Explore next step
Question 2

Who can make a Data Act B2G exceptional-need request, and who can receive one?

The Data Act context is the starting point for this answer. The request side is limited to public-sector bodies of Member States, the Commission, the European Central Bank, and Union bodies. The receiving side is a data holder that is a legal person, other than a public-sector body, and that holds the requested data.

A public-sector body from one Member State can request data from a data holder in another Member State, but cross-border requests have an extra protection step: the competent authority in the data holder's Member State examines the request under the Article 22 procedure.

  • Verify the requester's identity and whether it is one of the entities allowed to use Chapter V.
  • Confirm that the company controls the requested data at the time of the request; lack of control is a ground to decline or seek modification.
  • For cross-border requests, retain the notification and competent-authority review record before treating the request as ready for fulfilment.
Citations
Regulation (EU) 2023/2854 (Data Act)

Articles 14, 17, 18, and 22 identify the requesting entities, the legal-person data holder, the control-over-data condition, and cross-border examination route.

Question 3

What must a valid EU Data Act B2G exceptional-need request contain?

The Data Act context is the starting point for this answer. A valid request must be written in clear, concise, plain language and must be specific about the data requested, the data holder chosen, the public-interest task, the purpose and intended use, the duration of use, any planned onward sharing, and the deadlines for making data available and for declining or seeking modification.

The request must also justify why the exceptional-need conditions are met, be proportionate in data type, volume, granularity, and frequency of access, respect the data holder's legitimate aims and trade-secret protection, and state the legal provision allocating the relevant public-interest task to the requesting body.

  • Required data scope: data type, relevant metadata, data holder control, granularity, volume, and access frequency.
  • Required legal and purpose scope: exceptional-need basis, public-interest task, legal provision, intended use, duration, and expected erasure timing where possible.
  • Required safeguards: personal-data measures where relevant, trade-secret protection commitment, publication or notification steps, penalties notice, and best efforts to avoid creating liability for the data holder.
Citations
Regulation (EU) 2023/2854 (Data Act)

Article 17 lists the contents and formal requirements for a Chapter V request, including purpose, use, duration, legal basis, deadlines, proportionality, and safeguards.

Question 4

How should a data holder document, share, and review an EU Data Act exceptional-need request?

The Data Act context is the starting point for this answer. A data holder should keep the written request, the basis for accepting or challenging it, the response deadline, the data disclosed or withheld, and the safeguards applied to the transfer. The record should also show any cross-border notification and any competent-authority contact.

If the data holder relies on a refusal or a request for modification, it should record the reason and the relevant Article 18 ground. If the request is fulfilled, the record should include the purpose limitation, security measures, any trade-secret identification, and later erasure or onward-sharing notices.

  • Keep the Article 17 request elements together with the Article 18 response and any authority correspondence.
  • Record whether the request was for a public emergency or another exceptional need, because the response clock is five or 30 working days depending on that distinction.
  • Preserve evidence of erasure, notification, or authorised onward sharing so the file shows how the data was used after disclosure.
Citations
Regulation (EU) 2023/2854 (Data Act)

Articles 17, 18, 19, and 21 set out the request record, response windows, safeguards, erasure duties, and onward-sharing notices that should be retained.

Question 5

Can a Data Act B2G exceptional-need request include personal data?

The Data Act context is the starting point for this answer. For non-emergency requests, only non-personal data may be requested. For public-emergency requests, the request should concern non-personal data first, and personal data may only be included if non-personal data is insufficient to respond to the need. In that case, the data holder must anonymise the data where possible, or pseudonymise it where disclosure of personal data is strictly necessary.

Where personal data is involved, the request must identify the technical and organisational safeguards needed to protect data-protection principles, and the relevant supervisory authority must be notified.

  • Check whether the request is emergency or non-emergency before reviewing any personal-data fields.
  • Require a clear explanation of why non-personal data is insufficient and why the personal-data element is strictly necessary.
  • Keep the anonymisation or pseudonymisation decision, the safeguards named in the request, and any supervisory-authority notification where personal data is involved.
Citations
Question 6

When may a data holder refuse or ask to modify a Data Act B2G exceptional-need request?

The Data Act context is the starting point for this answer. A data holder may decline or seek modification without undue delay, and in any event within five working days for data necessary to respond to a public emergency or within 30 working days for other exceptional-need requests.

The Data Act gives three listed grounds: the data holder does not control the requested data; a similar request for the same purpose was previously submitted by another eligible public body or EU institution and the data holder has not been notified that the earlier data was erased; or the request does not meet the Article 17 requirements.

  • Respond on the correct clock: five working days for public-emergency response data and 30 working days for other exceptional-need requests.
  • If relying on a previous similar request, identify the earlier requesting body or EU institution.
  • If the requester challenges a refusal, or the data holder challenges the request and no modification resolves it, the matter goes to the competent authority where the data holder is established.
Citations
Question 7

How do confidentiality, trade secrets, and onward sharing work for Data Act B2G exceptional-need data?

The Data Act context is the starting point for this answer. Data received under Chapter V does not become open public-sector information for general reuse. It must be used only for the purpose stated in the request, protected with technical and organisational measures, and erased once no longer necessary for that stated purpose unless archiving is required under transparency rules.

Trade secrets may be disclosed only to the extent strictly necessary for the Article 15 purpose. The data holder or trade-secret holder must identify the protected data, including relevant metadata, and the requesting body must take necessary and appropriate measures to preserve confidentiality before disclosure.

  • Do not treat Chapter V data as open data or general public-sector information for reuse.
  • Identify any public bodies, EU bodies, or third parties that will receive the data in the original request or in the later Article 21 notification.
  • For trade secrets, record the identified protected data, confidentiality measures, transfer controls, and the stated purpose that makes disclosure strictly necessary.
Citations
Question 8

Can businesses receive compensation for making data available under a Data Act B2G exceptional-need request?

The Data Act context is the starting point for this answer. For a public-emergency request, data holders other than microenterprises and small enterprises must make the necessary data available free of charge, but may request public acknowledgement. The Commission's explanation states that micro and small companies may ask for reasonable remuneration not exceeding incurred technical and organisational costs, plus public acknowledgement upon request.

For non-emergency exceptional-need requests under Article 15(1)(b), the data holder is entitled to fair compensation covering technical and organisational costs, including anonymisation, pseudonymisation, aggregation, and technical adaptation where applicable, plus a reasonable margin. There is an exception where the task is official statistics and national law does not allow purchase of the data.

  • Separate the compensation record by request type: public emergency or non-emergency exceptional need.
  • For non-emergency requests, document the cost calculation basis and reasonable margin because the requester may ask for it.
  • Do not charge for the data itself; keep compensation tied to the costs and margin allowed by Article 20.
Citations
Question 9

What evidence should a data holder keep for a Data Act B2G exceptional-need request?

The Data Act context is the starting point for this answer. Keep enough evidence to show whether the request was valid, how the company responded, what data was made available or withheld, and which safeguards governed the data after transfer. The evidence file should be built around the Article 17 request contents and the Article 18 response, not around generic compliance notes.

A useful record includes the written request, requester identity, statutory task and legal provision, exceptional-need route, public-emergency declaration or non-emergency exhaustion analysis, data scope and metadata, personal-data analysis, trade-secret identification, timestamps, refusal or modification reasons, compensation calculation, delivery logs, onward-sharing notices, erasure notice, and competent-authority communications.

  • For emergency requests, keep the public-emergency basis, alternative-means analysis, five-working-day response record, and any public-acknowledgement request.
  • For non-emergency requests, keep the non-personal-data classification, exhausted-means evidence, market-purchase record where relevant, 30-working-day response record, and compensation basis.
  • For safeguards, keep anonymisation or pseudonymisation decisions, security measures, trade-secret protections, purpose limitation, onward-sharing notifications, and deletion confirmations.
Citations
Regulation (EU) 2023/2854 (Data Act)

Articles 17 through 21 define the request fields, response windows, safeguards, compensation records, onward-sharing notices, and erasure obligations that drive the evidence file.

Question 10

What records should teams keep to support a Data Act B2G exceptional-need decision?

For b2g exceptional need, the Data Act record should identify the source clause, Commission guidance, actor role, dataset, request or contract trigger, and the owner who approved the interpretation.

For b2g exceptional need, keep the cited external URL, decision date, reviewer, unresolved assumptions, and implementation artifact together so the answer remains auditable.

  • Record the b2g exceptional-need decision together with the cited Data Act source URL.
  • Store the owner, affected workflow, evidence artifact, and review trigger in the same file set.
Question 11

How should teams assign ownership for Data Act B2G exceptional-need implementation work?

For b2g exceptional need, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process.

For b2g exceptional need, use one accountable owner per action, then record consulted teams and evidence dependencies separately.

  • Record the owner for the b2g exceptional-need decision next to the cited Data Act source URL.
  • Store the owner, affected workflow, evidence artifact, and review trigger as part of the implementation record.
Question 12

Which records make the Data Act B2G exceptional-need answer usable later?

For b2g exceptional need, the Data Act evidence should be concrete enough for a later reviewer to reconstruct why the team classified the product, service, request, or contract in scope.

For b2g exceptional need, useful evidence includes source URLs, data inventories, contract clauses, request logs, technical controls, customer notices, and approval records.

  • Keep the cited source URL, the decision memo, and the implementation evidence together.
  • Preserve the review trigger and the named owner so the decision can be revisited when the facts change.
Question 13

When should the Data Act B2G exceptional-need FAQ answer be reviewed again?

For b2g exceptional need, the Data Act answer should be reviewed when the product, service model, dataset, customer role, public-sector request path, or contract wording changes.

For b2g exceptional need, set a review date and an event trigger instead of relying on a one-time legal note.

  • Trigger a review when the Data Act source, request process, or affected workflow changes.
  • Keep the owner, review date, and cited source URL with the record so the answer stays current.
Primary sources

References and citations

European Commission - Data Act explained
digital-strategy.ec.europa.eu
Referenced sections
  • Commission compensation table explains what businesses, including micro and small companies, may request for public-emergency and non-emergency Chapter V data sharing.
Regulation (EU) 2023/2854 (Data Act)
eur-lex.europa.eu
Referenced sections
  • Articles 17 through 21 define the request fields, response windows, safeguards, compensation records, onward-sharing notices, and erasure obligations that drive the evidence file.
Related guides

Explore more topics

Data Act and Common European Data Spaces
How Data Act Article 33 connects data-space participation with metadata, vocabularies, APIs, access terms, data quality, governance, and standards monitoring.
Data Act and Data Governance Act Overlap FAQ
FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows.
Data Act and GDPR Personal Data Overlap FAQ
FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing.
Data Act Audit Evidence And Request Logs FAQ
FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries.
Data Act B2B Data-Sharing Contract Clauses
Clause guide for EU Data Act B2B data sharing: FRAND terms, compensation, trade secret safeguards, recipient limits, termination, logs, and GDPR boundaries.
Data Act B2B Data-Sharing Contract Template
A usable EU Data Act B2B data-sharing template outline covering access requests, data schedules, permitted use, trade secrets, security, compensation, GDPR boundaries, audit records, and termination.
Data Act B2G Exceptional-Need Requests
A grounded guide to EU Data Act Chapter V requests from public bodies: exceptional need, public emergencies, request contents, limits, safeguards, costs, and records.
Data Act Cloud Switching Compliance Checklist
A grounded EU Data Act checklist for cloud and data processing service providers covering switching clauses, notices, export formats, charges, interoperability, and evidence.
Data Act Cloud Switching Contract Terms FAQ
FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records.
Data Act Cloud Switching Fees And Deadlines FAQ
FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records.
Data Act Complaints and Dispute Settlement FAQ
FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records.
Data Act Exportable Data and Metadata FAQ
FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded.
Data Act FAQ for Aftermarket Repair and Mobility Services
FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services.
Data Act Functional Equivalence FAQ
FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence.
Data Act Indirect Access Request Flows FAQ
FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited.
Data Act International Government Access FAQ
FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers.
Data Act Interoperability Standards FAQ
FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614.
Data Act Model Contractual Terms FAQ
FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence.
Data Act Public Emergency Requests FAQ
FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records.
Data Act Smart Contracts for Data Sharing
Data Act Article 36 smart contract guide for data-sharing agreements: scope, robustness, access control, termination, interruption, archiving, standards status, and conformity evidence.
Data Act SME Exceptions and Startups FAQ
FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms.
Data Act Trade Secret Technical Protection Measures FAQ
FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence.
Data Act Trade Secrets and Protection Measures
Data Act guide for protecting trade secrets during access and sharing: classification, safeguards, refusal thresholds, notices, evidence records, and reviews.
Data Act Unfair Contractual Terms | Article 13 B2B Contract Review
Review B2B data-sharing clauses under EU Data Act Article 13: unilateral terms, always unfair examples, presumed unfair terms, model clauses, evidence, and remediation.
Data Act Vehicle Data Guidance
Commission-grounded guide to Data Act vehicle data access: connected vehicles, vehicle-related services, raw and pre-processed data, aftermarket use cases, access routes, safeguards, and GDPR boundaries.
Data Act vs GDPR: connected-product data access
Compare EU Data Act connected-product access duties with GDPR personal-data rules: scope, roles, lawful basis, data subject rights, third-party sharing, trade secrets, and conflicts.
EU Data Act and Common European Data Spaces FAQ
FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation.
EU Data Act Applicability Test
Check whether a product, related service, data holder, cloud service, data-space role, smart contract, or B2G request is in scope of the EU Data Act.
EU Data Act Application Dates And Transition FAQ
FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain.
EU Data Act Article 3 Pre-Contract Information
What Article 3 of the EU Data Act requires before connected-product purchase, rent, lease, or related-service contracting: data categories, access, data holder identity, third-party sharing, complaints, and evidence.
EU Data Act Article 36 Smart Contract Controls FAQ
FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires.
EU Data Act B2B Data Sharing Compensation FAQ
FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards.
EU Data Act B2G Compensation and Costs FAQ
FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep.
EU Data Act Checklist for Product, Cloud, and Contract Teams
A grounded EU Data Act checklist for connected-product data access, third-party sharing, B2G requests, cloud switching, unfair terms, smart contracts, personal data boundaries, evidence, and owners.
EU Data Act Cloud Switching and Exit Plans
A grounded EU Data Act guide for data processing service exit plans: switching contracts, exportable data, assistance, charges, interoperability, retrieval, erasure, and records.
EU Data Act Cloud Switching Procurement FAQ
Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence.
EU Data Act Compliance Program
Build a Data Act compliance program for connected-product data access, contracts, B2G requests, cloud switching, smart contracts, GDPR boundaries, records, and ownership.
EU Data Act Connected Product Scope and Data Types
Classify EU Data Act connected products, related services, product data, related-service data, readily available data, metadata, and excluded derived outputs.
EU Data Act Connected Product Scope FAQ
FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope.
EU Data Act Data Processing Service Switching
A grounded EU Data Act guide for provider and customer switching duties: exit assistance, exportable data, contract clauses, charges, interoperability, retrieval, and erasure.
EU Data Act data spaces interoperability FAQ
FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence.
EU Data Act deadlines and compliance calendar
A source-linked calendar for EU Data Act application dates, product design timing, contract remediation, cloud switching charges, response periods, standards work, and evidence records.
EU Data Act Direct Access by Design FAQ
FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act.
EU Data Act Enforcement And Competent Authorities FAQ
FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible.
EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates
Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates.
EU Data Act Non-Emergency Public-Sector Requests FAQ
FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence.
EU Data Act Non-Personal Data and Mixed Datasets FAQ
FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records.
EU Data Act Penalties and Enforcement
Grounded guide to Data Act penalties under Article 40, Member State enforcement, penalty factors, complaints, judicial remedies, and the GDPR enforcement boundary.
EU Data Act Pre-Contractual Information FAQ
FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries.
EU Data Act Product Data vs Related Service Data FAQ
FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs.
EU Data Act Readily Available Data FAQ
FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics.
EU Data Act Related Services FAQ
FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply.
EU Data Act requirements
Source-grounded EU Data Act requirements for connected-product data access, B2B sharing terms, B2G exceptional needs, cloud switching, smart contracts, interoperability, GDPR boundaries, and records.
EU Data Act Smart Contracts for Data Sharing FAQ
Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status.
EU Data Act Third-Party Data Sharing FAQ
FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers.
EU Data Act Trade Secret Safeguards FAQ
FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records.
EU Data Act Unfair Contractual Terms FAQ
FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence.
EU Data Act User Access and Portability Rights
Practical guide to EU Data Act user access, connected-product data portability, third-party sharing, trade secret safeguards, and the GDPR boundary.
EU Data Act Users, Data Holders, and Recipients FAQ
FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries.
EU Data Act Vehicle Data Guidance FAQ
FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries.
EU Data Act vs Data Governance Act
Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement.