---
title: "EU Data Act Direct Access by Design FAQ"
canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq/direct-access-by-design"
source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/direct-access-by-design"
author: "Sorena AI"
description: "FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act."
published_at: "2026-05-06"
updated_at: "2026-05-06"
keywords:
  - "EU Data Act"
  - "Regulation (EU) 2023/2854"
  - "connected product data"
  - "related service data"
  - "direct access by design"
  - "connected products"
  - "related services"
  - "direct access"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# EU Data Act Direct Access by Design FAQ

FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act.

*FAQ* *EU* *Data Act*

## EU Data Act Direct Access by Design FAQ

Answers for teams designing user access to connected-product and related-service data.

Use this FAQ to separate direct access from request-based access, define metadata and format requirements, and document security, trade-secret, and evidence decisions.

Article 3 of the EU Data Act turns data access into a product design requirement for connected products and related services. This FAQ explains what must be designed into user access paths, when indirect access under Article 4 is still needed, and what evidence should prove that access is easy, secure, free of charge, and usable.

## What does direct access by design actually mean under the EU Data Act Article 3 obligation?

The Data Act context is the starting point for this answer. Direct access by design means the connected product and any related service must be built so the user can access product data and related-service data by default. Article 3 requires the access path to include relevant metadata, use a comprehensive, structured, commonly used and machine-readable format, and be easy, secure, and free of charge.

The obligation is not just a helpdesk process. Product teams should decide during architecture, release, and UX design whether the user will retrieve data from on-device storage, an app, an account portal, an API, or a remote server. Where direct access is relevant and technically feasible, it should be available without making the user ask support to manually extract the data.

- Treat direct access as a product requirement for each connected product and related service, not as a later compliance add-on.
- Specify the user-facing route, authentication method, data format, metadata, retention assumptions, and support fallback.
- Test whether a real user can retrieve and understand the data without non-neutral interface patterns or unnecessary identity checks.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3 states the direct-access-by-design duty for connected products and related services.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer describes Chapter II access to data generated by connected products and related services.

## Which categories of data must the access design cover under the EU Data Act Article 3 rules?

The Data Act context is the starting point for this answer. The design should cover product data and related-service data that are readily available to the data holder. The Commission explains this as raw and pre-processed data generated from use of a connected product or related service that can be accessed without disproportionate effort, including relevant metadata.

The data map should distinguish raw data, pre-processed data, relevant metadata, personal data, non-personal data, inferred or derived data, trade-secret material, and data that is not stored or transmitted by the product design. Inferred or derived insights produced through additional investment, such as proprietary analytics, should not be mixed into the direct-access dataset unless the parties have agreed otherwise.

- Inventory generated data by field or stream, including sensor data, event data, timestamps, basic context, units, format, collection frequency, and estimated volume.
- Flag data that is available on-device, sent to a remote server, generated by a related service, or unavailable because the product does not store or transmit it.
- Record why each exclusion is outside the Article 3 or Article 4 access path, especially for derived insights, trade-secret material, and personal data limits.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recital 15 explains raw, pre-processed, metadata, and derived-data boundaries.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer summarizes Chapter II scope for raw and pre-processed readily available data.

## When is indirect access under Article 4 still needed under the Data Act?

The Data Act context is the starting point for this answer. Article 4 applies where the user cannot directly access the data from the connected product or related service. In that case, the data holder must make readily available data and necessary metadata accessible to the user without undue delay, with the same quality available to the data holder, and through a simple electronic request where technically feasible.

A product can therefore need both paths: direct access for data that can be exposed by design, and a request-based route for data that cannot be directly accessed. The request route should not be used to compensate for avoidable design gaps in a new product that falls under Article 3.

- Document why each dataset is direct-accessible, request-accessible, or outside the readily available data boundary.
- Make the indirect request channel simple, electronic where technically feasible, and connected to the same data inventory used for product design.
- Keep evidence that indirect access does not degrade quality, format, metadata, security, or user comprehension compared with what the data holder has.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 4 creates the fallback user-access duty when direct access is not available.
- [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ explains user verification and simple request mechanisms for access requests.

## Does direct user access remove the need to support third-party sharing under the Data Act?

The Data Act context is the starting point for this answer. No. The Commission FAQ states that users can still ask a data holder to transfer data to a third party under Article 5 even where the user already has direct access under Article 3. Direct access helps the user retrieve data, but it does not supersede the separate user right to have a data holder make readily available data available to a chosen third party.

The product design should therefore avoid a dead end where the user can download data but cannot authorize third-party sharing. Teams should provide a clear route for third-party requests, eligibility checks, trade-secret safeguards, and refusal or suspension records where the Data Act allows them.

- Add a third-party sharing path alongside direct user export where a data holder has readily available data.
- Exclude Digital Markets Act gatekeepers from the Article 5 third-party route where the Data Act does so.
- Keep user authorization, third-party identity checks, purpose, scope, format, metadata, delivery, and safeguard records together.

Sources for this answer:

- [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 31 confirms Article 5 third-party transfer rights can apply despite direct access.
- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 5 sets the user's right to have readily available data made available to third parties.

## What must be explained before the user buys, rents, leases, or takes a related service under the Data Act?

The Data Act context is the starting point for this answer. Before a connected-product contract, Article 3 requires clear and comprehensible information about the type, format, and estimated volume of product data; whether data can be generated continuously and in real time; storage location and retention where applicable; and how the user may access, retrieve, or erase the data.

Before a related-service contract, the provider must explain the expected product data and related-service data, collection frequency, access or retrieval arrangements, storage and retention, intended use of readily available data, third-party sharing routes, complaint rights, relevant trade-secret holder information, and contract termination arrangements. These pre-contract disclosures should match the actual product interface and API behavior.

- Keep product pages, order flows, contracts, QR-code pages, support articles, and API documentation consistent with the same access design.
- Include enough detail for a user to understand what data exists, how often it is generated, where it is stored, and how to retrieve it.
- Update user-facing information when product updates or service changes add accessible data or restrict previously accessible data.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3 lists pre-contract information for connected products and related services.

## How should security and identity controls be designed under the Data Act?

The Data Act context is the starting point for this answer. Security controls can verify that the requester is a user and protect the data infrastructure, but they should not make access unduly difficult. Article 4 limits verification requests to necessary information, and the Commission FAQ points to simple request mechanisms and automatic execution where possible.

Security also has a substantive limit: users and data holders may restrict access, use, or onward sharing if processing could undermine security requirements of the connected product laid down by EU or national law, with serious adverse effects on people's health, safety, or security. That is narrower than a general preference not to share data.

- Use proportionate authentication, account, device-pairing, or proof-of-use controls that fit the product and expected user base.
- Avoid dark patterns, non-neutral choices, excessive identity documents, unnecessary logs, or manual clearance where automatic access is feasible.
- If security requirements justify a restriction, record the legal requirement, risk analysis, affected data, user notice, authority notification, and challenge route.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 4 covers user verification, interface design, log minimisation, and security-based restrictions.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer summarizes the security limitation and authority notification path.

## How should trade secrets be handled without blocking lawful access under the Data Act?

The Data Act preserves trade secrets, but it does not allow a blanket trade-secret label to erase user access. The data holder or trade-secret holder must identify protected data, including in relevant metadata, and agree proportionate technical and organisational measures such as confidentiality terms, strict access protocols, technical standards, and codes of conduct.

Withholding, suspension, or refusal should be exceptional and documented. Article 4 requires written substantiation and competent-authority notification when data sharing is withheld, suspended, or refused on trade-secret grounds. Refusal for serious economic damage must be assessed case by case and supported by objective elements.

- Mark trade-secret fields in the data inventory and metadata instead of hiding the entire dataset.
- Choose proportionate measures that preserve confidentiality while leaving the usable data access path open where possible.
- Keep written reasons, objective evidence, user notices, competent-authority notifications, and challenge-route records for any withholding, suspension, or refusal.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 4 sets trade-secret identification, safeguard, suspension, withholding, refusal, and notification rules for user access.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer describes the trade-secret safeguard and refusal mechanism.
- [European Commission - Data Act press release](https://ec.europa.eu/commission/presscorner/detail/en/ip_25_2078?ref=sorena.io) - Commission press release notes further implementation tools on trade-secret protection.

## When does the Article 3 design obligation apply under the Data Act?

The Data Act generally applies from 12 September 2025, but Article 50 states that the obligation resulting from Article 3(1) applies to connected products and related services placed on the market after 12 September 2026. Teams should keep those two dates separate in release plans and customer-facing materials.

For products already in the market, other Data Act duties can still matter, including user access under Article 4, data holder contracts for non-personal readily available data, and third-party sharing under Article 5 where the conditions are met. Do not present the later Article 3 design date as a full exemption from the Data Act.

- Tie the Article 3 release gate to products and related services placed on the market after 12 September 2026.
- Review older products separately for request-based access, data-use contracts, third-party sharing, and support processes.
- Keep the date source in the design record so sales, legal, product, and support teams do not reuse the wrong Data Act date.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 50 gives the general application date and the later timing rule for Article 3(1).
- [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ explains post-application contracts for data holders' use of readily available data.

## What evidence should prove that the access design is compliant under the Data Act?

The evidence file should let a reviewer connect the product architecture to the Data Act duty without reconstructing decisions from tickets. Keep a data inventory, Article 3 design specification, pre-contract disclosure, UX/API evidence, security and identity assessment, trade-secret register, request-path procedure, and release approval.

Evidence should also show that the access path works in practice. Useful records include sample exports, API schemas, metadata dictionaries, user journey screenshots, access logs limited to what is necessary, support scripts, test results for machine readability, and records of any security or trade-secret restriction.

- Preserve a direct-access matrix showing each dataset, access route, format, metadata, retention assumption, safeguard, and owner.
- Retain test evidence that the user can access data easily, securely, free of charge, and in the promised format.
- Log exceptions with the affected data, legal basis, reason, user notice, authority notice where required, and remediation or review date.

Sources for this answer:

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 3 and 4 support evidence fields for access format, metadata, security, verification, logs, and safeguards.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer supports evidence for simple processes, free access, security limits, and trade-secret restrictions.

## Who should own the EU Data Act direct-access design and the related review workflow over time?

Under the Data Act, assign one accountable owner for the design decision itself and separate owners for the supporting work. The accountable owner should be the team that can approve changes to the product or related service, while legal, security, procurement, support, and engineering can supply review and evidence inputs.

For direct-access by design, the workflow should name the owner who signs off on the Article 3 interpretation, the owner who maintains the data map, and the owner who closes any open review trigger. Consulted teams and evidence dependencies should be recorded, but they should not replace a single accountable owner.

- Assign one accountable owner for the design decision and one record owner for the evidence file.
- List the affected workflow, required approvals, and review trigger separately so the decision is easier to revisit later.
- Keep legal, product, procurement, cloud, support, and security inputs in the file, but do not duplicate the same ownership note across sections.

## Does the EU Data Act require direct access to be free of charge for the connected-product user?

Under the Data Act, Article 3 requires direct access to product and related-service data to be provided to the user easily, securely, and free of charge, in a comprehensive, structured, commonly used, machine-readable format with relevant metadata. A data holder cannot put the statutory user access behind a fee or a premium tier.

Compensation can arise in the separate context of sharing with a third party under Articles 4 and 5, but that is distinct from the user's own free access by design, which the product must support without charge.

- Provide the user's own direct access free of charge in a structured, machine-readable format.
- Keep any third-party sharing compensation separate from the user's free statutory access.

## When must a connected product be redesigned to meet the EU Data Act direct-access obligation?

Under the Data Act, the Article 3 design obligation applies to connected products and related services placed on the market after 12 September 2026, so products designed before that date are not retrofitted by the rule but may still owe Article 4 access on request. Teams should map each product to the date it was or will be placed on the market.

A product roadmap crossing that date should bake direct access into the design rather than relying on a manual export, so the access path is easy, secure, and free of charge from launch.

- Apply the Article 3 design obligation to products placed on the market after 12 September 2026.
- Design direct access into new products rather than relying on a manual support export.

## Primary sources

- [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Article 3 direct-access design obligations, Article 4 fallback access and safeguards, Article 5 third-party sharing, and Article 50 timing.
- [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ support for user verification, direct access alongside Article 5 third-party transfer rights, and legacy-product contract context.
- [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for Chapter II scope, raw and pre-processed data, simple access processes, security limits, and trade-secret safeguards.
- [European Commission - Data Act press release](https://ec.europa.eu/commission/presscorner/detail/en/ip_25_2078?ref=sorena.io) - Commission announcement identifying implementation support on trade-secret protection and user control over connected-device data.

## Topic Guides

- [Data Act and Common European Data Spaces](/artifacts/eu/data-act/data-act-and-common-european-data-spaces.md): How Data Act Article 33 connects data-space participation with metadata, vocabularies, APIs, access terms, data quality, governance, and standards monitoring.
- [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md): FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows.
- [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md): FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing.
- [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md): FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries.
- [Data Act B2B Data-Sharing Contract Clauses](/artifacts/eu/data-act/b2b-data-sharing-contract-clauses.md): Clause guide for EU Data Act B2B data sharing: FRAND terms, compensation, trade secret safeguards, recipient limits, termination, logs, and GDPR boundaries.
- [Data Act B2B Data-Sharing Contract Template](/artifacts/eu/data-act/b2b-data-sharing-contract-template.md): A usable EU Data Act B2B data-sharing template outline covering access requests, data schedules, permitted use, trade secrets, security, compensation, GDPR boundaries, audit records, and termination.
- [Data Act B2G Exceptional-Need Requests](/artifacts/eu/data-act/b2g-exceptional-need-requests.md): A grounded guide to EU Data Act Chapter V requests from public bodies: exceptional need, public emergencies, request contents, limits, safeguards, costs, and records.
- [Data Act Cloud Switching Compliance Checklist](/artifacts/eu/data-act/cloud-switching-compliance-checklist.md): A grounded EU Data Act checklist for cloud and data processing service providers covering switching clauses, notices, export formats, charges, interoperability, and evidence.
- [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md): FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records.
- [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md): FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records.
- [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md): FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records.
- [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md): FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded.
- [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md): FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services.
- [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md): FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence.
- [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md): FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited.
- [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md): FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers.
- [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md): FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614.
- [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md): FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence.
- [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md): FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records.
- [Data Act Smart Contracts for Data Sharing](/artifacts/eu/data-act/smart-contracts-for-data-sharing.md): Data Act Article 36 smart contract guide for data-sharing agreements: scope, robustness, access control, termination, interruption, archiving, standards status, and conformity evidence.
- [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md): FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms.
- [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md): FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence.
- [Data Act Trade Secrets and Protection Measures](/artifacts/eu/data-act/trade-secrets-and-protection.md): Data Act guide for protecting trade secrets during access and sharing: classification, safeguards, refusal thresholds, notices, evidence records, and reviews.
- [Data Act Unfair Contractual Terms | Article 13 B2B Contract Review](/artifacts/eu/data-act/unfair-contractual-terms.md): Review B2B data-sharing clauses under EU Data Act Article 13: unilateral terms, always unfair examples, presumed unfair terms, model clauses, evidence, and remediation.
- [Data Act Vehicle Data Guidance](/artifacts/eu/data-act/vehicle-data-guidance.md): Commission-grounded guide to Data Act vehicle data access: connected vehicles, vehicle-related services, raw and pre-processed data, aftermarket use cases, access routes, safeguards, and GDPR boundaries.
- [Data Act vs GDPR: connected-product data access](/artifacts/eu/data-act/data-act-vs-gdpr.md): Compare EU Data Act connected-product access duties with GDPR personal-data rules: scope, roles, lawful basis, data subject rights, third-party sharing, trade secrets, and conflicts.
- [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md): FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation.
- [EU Data Act Applicability Test](/artifacts/eu/data-act/applicability-test.md): Check whether a product, related service, data holder, cloud service, data-space role, smart contract, or B2G request is in scope of the EU Data Act.
- [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md): FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain.
- [EU Data Act Article 3 Pre-Contract Information](/artifacts/eu/data-act/pre-contractual-information-obligations.md): What Article 3 of the EU Data Act requires before connected-product purchase, rent, lease, or related-service contracting: data categories, access, data holder identity, third-party sharing, complaints, and evidence.
- [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md): FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires.
- [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md): FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards.
- [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md): FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep.
- [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md): When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence.
- [EU Data Act Checklist for Product, Cloud, and Contract Teams](/artifacts/eu/data-act/checklist.md): A grounded EU Data Act checklist for connected-product data access, third-party sharing, B2G requests, cloud switching, unfair terms, smart contracts, personal data boundaries, evidence, and owners.
- [EU Data Act Cloud Switching and Exit Plans](/artifacts/eu/data-act/cloud-switching-and-exit-plans.md): A grounded EU Data Act guide for data processing service exit plans: switching contracts, exportable data, assistance, charges, interoperability, retrieval, erasure, and records.
- [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md): Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence.
- [EU Data Act Compliance Program](/artifacts/eu/data-act/compliance.md): Build a Data Act compliance program for connected-product data access, contracts, B2G requests, cloud switching, smart contracts, GDPR boundaries, records, and ownership.
- [EU Data Act Connected Product Scope and Data Types](/artifacts/eu/data-act/scope-connected-products-and-data-types.md): Classify EU Data Act connected products, related services, product data, related-service data, readily available data, metadata, and excluded derived outputs.
- [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md): FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope.
- [EU Data Act Data Processing Service Switching](/artifacts/eu/data-act/data-processing-services-switching.md): A grounded EU Data Act guide for provider and customer switching duties: exit assistance, exportable data, contract clauses, charges, interoperability, retrieval, and erasure.
- [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md): FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence.
- [EU Data Act deadlines and compliance calendar](/artifacts/eu/data-act/deadlines-and-compliance-calendar.md): A source-linked calendar for EU Data Act application dates, product design timing, contract remediation, cloud switching charges, response periods, standards work, and evidence records.
- [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md): FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible.
- [EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates](/artifacts/eu/data-act/faq.md): Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates.
- [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md): FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence.
- [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md): FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records.
- [EU Data Act Penalties and Enforcement](/artifacts/eu/data-act/penalties-and-fines.md): Grounded guide to Data Act penalties under Article 40, Member State enforcement, penalty factors, complaints, judicial remedies, and the GDPR enforcement boundary.
- [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md): FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries.
- [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md): FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs.
- [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md): FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics.
- [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md): FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply.
- [EU Data Act requirements](/artifacts/eu/data-act/requirements.md): Source-grounded EU Data Act requirements for connected-product data access, B2B sharing terms, B2G exceptional needs, cloud switching, smart contracts, interoperability, GDPR boundaries, and records.
- [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md): Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status.
- [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md): FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers.
- [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md): FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records.
- [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md): FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence.
- [EU Data Act User Access and Portability Rights](/artifacts/eu/data-act/access-rights-and-portability.md): Practical guide to EU Data Act user access, connected-product data portability, third-party sharing, trade secret safeguards, and the GDPR boundary.
- [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md): FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries.
- [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md): FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries.
- [EU Data Act vs Data Governance Act](/artifacts/eu/data-act/data-act-vs-data-governance-act.md): Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement.

*Recommended next step*

*Placement: after implementation section*

## Operationalise Data Act direct access by design

Turn Article 3 into product release gates, data maps, metadata dictionaries, user access paths, safeguard records, and evidence that product, legal, security, and support teams can maintain.

- [Open Research Copilot](/solutions/research-copilot.md): Get cited answers on Data Act connected-product access, metadata, safeguards, and third-party sharing routes.
- [Discuss direct access design](/contact.md): Review Data Act design impacts across product architecture, contracts, API behavior, support workflows, and evidence records.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/data-act/faq/direct-access-by-design