EU Data Act Exportable Data and Metadata FAQ

The Data Act context is the starting point for this answer. For connected products and related services, the key scope term is readily available data. It means product data and related service data that a data holder lawfully obtains, or can lawfully obtain, from the connected product or related service without disproportionate effort beyond a simple operation.

Product data is generated by the use of a connected product and designed to be retrievable from that product. Related service data represents user actions or events related to the connected product during the provision of a related service. The Commission explains the practical scope as raw and pre-processed data generated from use of a connected product or related service, where that data is readily available to the data holder.

The Data Act context is the starting point for this answer. The metadata obligation is not a separate nice-to-have documentation exercise. Article 3 requires product data and related service data to include relevant metadata necessary to interpret and use the data. Article 4 uses the same standard where the user cannot directly access the data and the data holder must make readily available data accessible.

In practice, an export that contains values but omits basic context can fail the point of the access right. The metadata set should let the user or an authorized third party understand what each field is, when and how it was generated, how units and identifiers work, and what quality or access limitations apply.

The Data Act does not name one universal file type for every connected product or related service. Instead, it requires access in a comprehensive, structured, commonly used and machine-readable format. Where relevant and technically feasible, Article 3 also expects direct access by default, and Article 4 expects continuous and real-time access where relevant and technically feasible.

A practical export catalogue should therefore state the actual delivery method and format for each dataset: API, bulk file, real-time stream, device interface, or another technical route. The format should be understandable outside the vendor's internal systems and should include the metadata needed to interpret and use the data.

The Data Act context is the starting point for this answer. Before a connected product purchase, rent, or lease contract is concluded, the seller, renter, or lessor must give the user clear and comprehensible information about the type, format, and estimated volume of product data the product can generate, whether it can generate data continuously and in real time, where it can store data, retention information, and how the user can access, retrieve, or erase data.

Before a related service contract is concluded, the provider must disclose the nature, estimated volume, and collection frequency of product data it expects to obtain, the nature and estimated volume of related service data to be generated, access and retrieval arrangements, storage and retention arrangements, whether readily available data will be used by the prospective data holder, and how the user can request sharing with a third party.

The Data Act context is the starting point for this answer. For cloud and other data processing services, exportable data is a defined term used for switching obligations. It covers input and output data, including metadata, directly or indirectly generated or cogenerated by the customer's use of the data processing service. It excludes assets or data protected by intellectual property rights, or constituting a trade secret, of the provider or third parties.

The customer-facing question is not only whether data can be downloaded. The provider must remove obstacles that inhibit customers from porting exportable data and digital assets to another provider of the same service type or to on-premises ICT infrastructure.

The Data Act context is the starting point for this answer. A provider of data processing services must give customers information on available switching and porting procedures, including available methods and formats, and known restrictions or technical limitations. The provider must also refer customers to an up-to-date online register with details of data structures, data formats, relevant standards, and open interoperability specifications in which the exportable data is available.

Where switching is between services of the same service type and no relevant common specifications or harmonised interoperability standards have been published in the central Union standards repository, the provider must, at the customer's request, export all exportable data in a structured, commonly used and machine-readable format.

The Data Act context is the starting point for this answer. For connected products and related services, the ordinary access scope does not include inferred or derived information that results from additional investments into assigning values or insights, particularly through proprietary complex algorithms, unless the user and data holder agree otherwise. The Commission gives examples such as highly enriched data and content being outside the Chapter II scope.

For cloud switching, exportable data excludes provider or third-party assets or data protected by intellectual property rights or constituting trade secrets. Providers are also not required to develop new technologies or services, disclose protected digital assets, or compromise customer or provider security and service integrity.

The Data Act preserves trade secrets, but it does not allow a broad confidentiality label to erase the access right. For user access and third-party sharing, the data holder or trade secret holder must identify protected data, including in the relevant metadata, and agree proportionate technical and organisational measures to preserve confidentiality.

Withholding, suspending, or refusing access on trade-secret grounds is limited and must be substantiated. Security restrictions for connected products require a risk that security requirements laid down by Union or national law would be undermined with serious adverse effects on health, safety, or security of natural persons.

A useful exportability register should make the Data Act answer reproducible. For each connected product, related service, or cloud service, record the data category, role, user or customer route, format, metadata, access method, retention or retrieval constraint, exclusion reason, safeguard, and owner.

The register should be specific enough to support pre-contract disclosures, user requests, third-party sharing requests, cloud switching requests, and complaints. It should also show whether the same dataset is governed by connected-product access rules, cloud switching rules, or both.

For exportable data and metadata, the Data Act record should identify the source clause, Commission guidance, actor role, dataset, request or contract trigger, and the owner who approved the interpretation.

For exportable data and metadata, keep the cited external URL, decision date, reviewer, unresolved assumptions, and implementation artifact together so the answer remains auditable.

For exportable data and metadata, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process.

For exportable data and metadata, use one accountable owner per action, then record consulted teams and evidence dependencies separately.

For exportable data and metadata, the Data Act evidence should be concrete enough for a later reviewer to reconstruct why the team classified the product, service, request, or contract in scope.

For exportable data and metadata, useful evidence includes source URLs, data inventories, contract clauses, request logs, technical controls, customer notices, and approval records.