--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 1 of 24. Showing 20 of 469 items.* ### [What is the core difference between the Data Act and the Data Governance Act?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#what-is-the-core-difference-between-the-data-act-and-the-data-governance-act) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* The Data Act context is the starting point for this answer. The Data Governance Act is mainly a governance framework for trusted data sharing. It covers reuse of certain protected data held by public sector bodies, rules for data intermediation services, and voluntary data altruism for objectives of general interest. - Use the Data Governance Act for protected public-sector reuse, neutral intermediation services, data altruism, and related registers or competent authorities. - Use the Data Act for connected-product data access, user-directed sharing to third parties, mandatory B2B sharing terms, exceptional-need B2G requests, and cloud switching. - Use both only when the same programme combines a DGA mechanism with a Data Act access, use, interoperability, or cloud obligation. Sources for this answer: - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that the Data Act complements the Data Governance Act and distinguishes legal clarity on data access and use from voluntary data-sharing mechanisms. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Explains the DGA's focus on trusted voluntary sharing, protected public-sector data reuse, data intermediaries, and data altruism. ### [Which actors belong to the Data Act regime and which belong to the Data Governance Act regime?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#which-actors-belong-to-the-data-act-regime-and-which-belong-to-the-data-governance-act-regime) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Data Act actor mapping usually starts with a user, data holder, data recipient, public sector body, or provider of data processing services. In connected-product cases, the user may be a consumer, business, or public sector body that owns, rents, leases, or receives a related service for the product. - Start Data Act routing with user, data holder, data recipient, public-sector requester, customer, and data-processing-service provider roles. - Start DGA routing with public sector body, reuser, data intermediary, data altruism organisation, data holder, data user, competent authority, and register roles. - Do not assume that a company acting as a data holder under the Data Act is also a DGA intermediary; intermediary status depends on the specific DGA service model. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines Data Act roles and obligations for users, data holders, data recipients, public-sector requests, and data processing service providers. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission source explaining Data Governance Act public-sector reuse, data intermediation, data altruism, registers, and safeguards. ### [How do the data-sharing mechanisms differ in practice under the Data Act?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#how-do-the-data-sharing-mechanisms-differ-in-practice-under-the-data-act) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* The Data Act often starts from a legally recognised access or sharing route. A connected-product user can access certain raw and pre-processed data that is readily available to the data holder and can ask for it to be shared with a third party of the user's choice, subject to the Data Act limits. - Data Act product access: identify the connected product, related service, user, data holder, readily available data, third-party recipient, and any trade-secret or security limit. - DGA public-sector reuse: identify the public sector body, protected data category, legal basis for reuse, safeguard, fee approach, single information point, and reuser conditions. - DGA intermediation or altruism: identify whether the service is neutral intermediation or voluntary data contribution for general-interest purposes. Sources for this answer: - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Describes Data Act connected-product access, user-directed third-party sharing, readily available raw and pre-processed data, and key limits. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Describes DGA safeguards for protected public-sector data reuse and the separate DGA frameworks for intermediation and altruism. ### [What should teams record, who should own the choice, and when should they review a Data Act and DGA routing decision?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#what-should-teams-record-who-should-own-the-choice-and-when-should-they-review-a-data-act-and-dga-routing-decision) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, keep a short decision pack that shows why the team chose Data Act only, DGA only, or both. The pack should name the route, the trigger, the actors, the date, and the source URL used for the interpretation so a reviewer can recreate the decision later. - Keep the official source URL, decision date, owner, affected workflow, and any follow-up evidence in one place. - Use one accountable owner per decision and list consulted teams separately. - Set a review trigger for product, service, dataset, role, or contract changes so the answer does not go stale. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [Does the Data Act change how a data intermediation service registered under the Data Governance Act operates?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#does-the-data-act-change-how-a-data-intermediation-service-registered-under-the-data-governance-act-operates) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, a registered data intermediation service still follows the DGA neutrality rules, but it can also be the practical channel through which a connected-product user exercises a Data Act sharing right, since the user may direct readily available data to a third party. The two regimes stack rather than replace each other in that scenario. - Keep DGA intermediary neutrality duties separate from any Data Act third-party sharing the service facilitates. - Confirm whether the intermediary is acting only as a channel or has become a data holder with its own duties. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [How does a public sector body decide between a Data Act exceptional-need request and a Data Governance Act reuse route?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#how-does-a-public-sector-body-decide-between-a-data-act-exceptional-need-request-and-a-data-governance-act-reuse-route) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, a public sector body uses the Chapter V exceptional-need route to require a business to provide data it cannot get otherwise, mainly in emergencies or to fulfil a specific legal task. The Data Governance Act route is different: it governs how protected data the body already holds can be made available for reuse under safeguards. - Use the Data Act Chapter V route when the body needs to obtain business data for an exceptional public task. - Use the DGA reuse route when the body is making its own protected data available to a reuser. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [Where do the Data Act and the Data Governance Act both apply to a single data space project?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#where-do-the-data-act-and-the-data-governance-act-both-apply-to-a-single-data-space-project) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, a data space project can rely on DGA mechanisms for trusted intermediation and altruism while still being subject to Data Act access, use, and interoperability obligations where connected-product data or data processing services are involved. A mature data space often needs both regimes at once. - Map each data space function to the Data Act or the DGA rather than assuming one covers the other. - Apply Data Act interoperability and access duties where connected-product data or cloud services are in scope. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [Do the Data Act and the Data Governance Act treat trade secrets and protected data the same way?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#do-the-data-act-and-the-data-governance-act-treat-trade-secrets-and-protected-data-the-same-way) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, trade secrets are preserved through identification and proportionate safeguards before a connected-product disclosure, whereas the Data Governance Act focuses on safeguards for categories of protected public-sector data such as confidential or commercially sensitive information held by a public body. The protected interests overlap but the mechanisms differ. - Apply Data Act trade-secret identification and safeguards to connected-product and B2B disclosures. - Apply DGA reuse safeguards to protected public-sector data, keeping the two control sets distinct. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [How should a company that is both a data holder and a data intermediary separate its Data Act and DGA duties?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#how-should-a-company-that-is-both-a-data-holder-and-a-data-intermediary-separate-its-data-act-and-dga-duties) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, a company that holds connected-product data has data-holder duties, and if it also runs a registered DGA data intermediation service it must keep that service neutral, which the DGA largely prevents from also commercialising the data it intermediates. The duties must be kept on separate sides of the business. - Keep the Data Act data-holder role structurally separate from any DGA intermediation service. - Document which entity or function carries each duty so neutrality and holder obligations do not merge. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [Which competent authorities and enforcement routes differ between the Data Act and the Data Governance Act?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#which-competent-authorities-and-enforcement-routes-differ-between-the-data-act-and-the-data-governance-act) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, Member States designate competent authorities to enforce its access, sharing, and cloud-switching rules, while the Data Governance Act has its own competent authorities for intermediation registration and data altruism oversight. A complaint should be routed to the authority for the regime that actually governs the issue. - Route Data Act access, sharing, and switching disputes to the Data Act competent authority. - Route DGA intermediation and altruism matters to the relevant DGA competent authority. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [How do the Data Act and the Data Governance Act each handle international transfers of non-personal data?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#how-do-the-data-act-and-the-data-governance-act-each-handle-international-transfers-of-non-personal-data) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, Article 32 guards against unlawful third-country government access to non-personal data held in the EU, while the Data Governance Act sets safeguards for international transfers of protected public-sector data and for intermediaries and altruism organisations. Both address cross-border risk but at different points in the data lifecycle. - Apply the Data Act Article 32 safeguard to non-personal data in EU data processing services. - Apply DGA international-transfer safeguards to protected public-sector data and intermediation flows. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [When should a team re-run its Data Act and Data Governance Act boundary analysis as a programme evolves?](/artifacts/eu/data-act/faq/data-governance-act-overlap.md#when-should-a-team-re-run-its-data-act-and-data-governance-act-boundary-analysis-as-a-programme-evolves) *Module: [Data Act and Data Governance Act Overlap](/artifacts/eu/data-act/faq/data-governance-act-overlap.md)* Under the Data Act, the boundary analysis should be repeated whenever the programme adds a connected-product data flow, a cloud switching dependency, an intermediation service, or a public-sector reuse element, because each can pull a new regime into scope. A change in actors or data categories is the usual trigger. - Re-run the analysis when a new connected-product, cloud, intermediation, or public-sector element is added. - Recheck the boundary after new guidance or a competent-authority decision changes the interpretation. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for connected-product access, B2B sharing, B2G exceptional-need requests, cloud switching, interoperability, and enforcement roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for the practical distinction between Data Act legal access/use rights and DGA voluntary sharing mechanisms. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page used for the Data Act's overall scope as fair access to and use of data in the EU data economy. - [European Commission - Data Governance Act explained](https://digital-strategy.ec.europa.eu/en/policies/data-governance-act-explained?ref=sorena.io) - Commission explainer used for DGA public-sector reuse safeguards, intermediary neutrality, data altruism, registers, and international data-flow safeguards. - [data.europa.eu - Data Governance Act implementation](https://data.europa.eu/en/academy/data-governance-act-implementation?ref=sorena.io) - Implementation source used for DGA operational structures, including national single information points and reuse support. ### [Does the Data Act override the GDPR when requested data includes personal data?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#does-the-data-act-override-the-gdpr-when-requested-data-includes-personal-data) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* No. Article 1(5) is the boundary rule: the Data Act complements EU data-protection and privacy law, and GDPR rules prevail where personal-data protection conflicts with a Data Act access or sharing step. The Data Act is therefore not a shortcut around GDPR purpose limitation, lawful basis, special-category conditions, transparency, minimisation, security, or data-subject rights. - Treat the Data Act as the access-and-sharing regime for connected-product and related-service data, not as a GDPR lawful basis. - Escalate any personal-data element to the privacy owner before disclosure to a user, third party, or public body. - Document the split between non-personal data, personal data relating to the requesting user, and personal data relating to other people. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 1(5) and Recital 7 establish that EU personal-data and privacy law remain controlling when personal data is processed under the Data Act. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The Commission FAQ states that the GDPR is fully applicable to personal-data processing under the Data Act. ### [How should mixed datasets be handled under the Data Act for GDPR Personal Data Overlap implementation evidence?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#how-should-mixed-datasets-be-handled-under-the-data-act-for-gdpr-personal-data-overlap-implementation-evidence) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* Start with the Data Act scope, then classify the dataset. Chapter II covers raw and pre-processed data generated by the use of a connected product or related service that is readily available to the data holder, including relevant metadata. Commission material explains that this can include personal and non-personal data, and that co-generated IoT data may be difficult to separate. - Classify each requested field as non-personal data, personal data about the requesting user, personal data about another data subject, or trade-secret-encumbered data. - Record whether the data is raw, pre-processed, metadata, inferred, derived, or outside the readily available data set. - Keep the transformation note for any anonymisation, pseudonymisation, redaction, aggregation, or field exclusion. Sources for this answer: - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explanation of Chapter II scope, including raw and pre-processed readily available data and mixed personal/non-personal IoT data. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The FAQ explains that privacy-enhancing technologies can help where several data subjects or non-data-subject users are involved. ### [What changes when the requesting user is also the data subject under the Data Act?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#what-changes-when-the-requesting-user-is-also-the-data-subject-under-the-data-act) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* When the user is the data subject for the requested personal data, the Data Act access or porting request resembles GDPR access and portability in an IoT setting. The Data Act can complement GDPR Articles 15 and 20 by covering connected-product and related-service data and, where relevant and technically feasible, real-time access or portability. - Confirm that the requester is the data subject for the personal-data records being delivered. - Screen shared-device, fleet, household, workplace, and rental contexts for other people whose personal data appears in the same dataset. - Use the Data Act delivery route only for the data that can be tied to the requester without infringing other data-subject rights. Sources for this answer: - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 18 and 25a explain how the Data Act complements GDPR access and portability when the user is the data subject. ### [What changes when the requesting user is not the data subject under the Data Act?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#what-changes-when-the-requesting-user-is-not-the-data-subject-under-the-data-act) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* This is the highest-risk overlap. Recital 7 and the Commission FAQ make clear that the Data Act does not create a GDPR lawful basis for disclosing personal data to a user who is not the data subject or to a third party chosen by that user. The controller must identify an Article 6 GDPR basis or provide data in a form that no longer identifies the data subject. - Do not cite the Data Act itself as the GDPR Article 6 basis for disclosing other people's personal data. - Check whether the requester is a controller for the requested personal data and can demonstrate its own GDPR compliance. - If the lawful basis is missing or unclear, provide anonymised data or exclude the personal-data portion. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recital 7 states that the Data Act does not create a legal basis for access or third-party disclosure where the user is not the data subject. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 25a explains that the controller must assess a GDPR lawful basis or provide anonymised data when the user is not the data subject. ### [Who is the controller, processor, user, data holder, and third party in a Data Act/GDPR overlap?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#who-is-the-controller-processor-user-data-holder-and-third-party-in-a-data-actgdpr-overlap) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* Data Act roles and GDPR roles are separate labels. A data holder is typically the connected-product manufacturer or related-service provider that can make readily available data available. A processor under GDPR is not considered a data holder merely because it processes data for a controller, although a controller can task a processor with making data available. - Map Data Act roles first: user, data holder, data recipient, and third party. - Map GDPR roles separately: data subject, controller, processor, joint controller, and recipient. - Require controller-to-controller accountability evidence when personal data moves from the data holder to a business user or third party. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recitals 18 and 22 distinguish users, data holders, processors, controllers, and third-party processing environments. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 30 explains that a user who is not the data subject can be a controller when requesting personal data from IoT devices. ### [Must the data holder verify the requester's GDPR lawful basis before sending data under the Data Act?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#must-the-data-holder-verify-the-requesters-gdpr-lawful-basis-before-sending-data-under-the-data-act) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* The Data Act context is the starting point for this answer. For controller-to-controller sharing, each controller must be able to demonstrate GDPR compliance. The Commission FAQ says controllers should cooperate by sharing strictly necessary information so each can demonstrate compliance. That does not mean the data holder should collect excessive privacy paperwork, but it should not transmit personal data blindly. - Ask for enough information to distinguish data-subject access from business-controller access. - Keep only the lawful-basis evidence needed to justify the disclosure decision. - Escalate special-category, children's, workplace, health, precise-location, or multi-user data before third-party transfer. Sources for this answer: - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 25b explains controller accountability and cooperation when personal data is shared between controllers. - [European Commission - Data protection overview](https://commission.europa.eu/law/law-topic/data-protection_en?ref=sorena.io) - Commission overview used for the baseline point that EU data protection rules protect personal data and are enforced by data protection authorities. ### [How do data-subject rights fit with Data Act access and portability?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#how-do-data-subject-rights-fit-with-data-act-access-and-portability) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* Data-subject rights do not disappear because a request is framed as a Data Act request. Data subjects can still use GDPR access, portability, information, objection, restriction, and complaint routes where applicable. The Data Act can add an IoT-specific access or sharing route, but the personal-data part remains supervised through data-protection authorities. - Show users where Data Act access, GDPR access, and GDPR portability routes differ. - Do not use Data Act wording to narrow GDPR rights or complaint channels. - Log whether a request was completed as Data Act access, GDPR access, GDPR portability, or a combined response. Sources for this answer: - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 2 and 18 explain DPA competence and the Data Act's relationship with GDPR access and portability rights. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 37(3) gives GDPR supervisory authorities responsibility for Data Act monitoring insofar as personal-data protection is concerned. ### [Can trade secrets or security concerns justify limiting personal-data delivery under the Data Act?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#can-trade-secrets-or-security-concerns-justify-limiting-personal-data-delivery-under-the-data-act) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* Trade secrets and GDPR are different protections. The Data Act does not remove trade-secret protection, and it allows confidentiality safeguards before disclosure. If agreed safeguards are missing or not implemented, sharing trade-secret-protected data can be withheld or suspended. In exceptional cases, refusal may be possible where disclosure is highly likely to cause serious economic damage. - Separate privacy redactions from trade-secret safeguards in the response record. - Identify the trade-secret holder and the precise protected data or metadata. - Notify and preserve challenge routes where the Data Act requires notice for withholding, suspension, or refusal. Sources for this answer: - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explanation of trade-secret safeguards, withholding or suspension, and exceptional refusal under the Data Act. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 23 explains the Data Act trade-secret mechanism and challenge routes. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 1 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Next page](/artifacts/eu/data-act/faq/items/page/2.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items