--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/17" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 17 of 24. Showing 20 of 469 items.* ### [How should teams assign ownership for EU Data Act enforcement and complaint-handling work?](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md#how-should-teams-assign-ownership-for-eu-data-act-enforcement-and-complaint-handling-work) *Module: [EU Data Act Enforcement And Competent Authorities](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md)* For Data Act enforcement, the team should name the legal, product, procurement, cloud, support, or security owner who can change the affected process. - Assign one internal owner for each Data Act decision or complaint file. - Record which teams were consulted and which documents were checked. - Make sure the owner knows when to revisit the authority route or complaint record. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for competent authorities, data coordinators, complaint rights, judicial remedies, penalties, GDPR supervisory-authority boundaries, dispute settlement, and EDIB coordination. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for the practical role of data coordinators, the Commission public register, EDIB penalty coordination, and certified dispute settlement bodies. - [European Commission - Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical explanations of enforcement bodies, complaint routing, penalties, DPAs, EDIB support, and dispute settlement limits. ### [Which Data Act implementation evidence makes the enforcement answer usable later?](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md#which-data-act-implementation-evidence-makes-the-enforcement-answer-usable-later) *Module: [EU Data Act Enforcement And Competent Authorities](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md)* Under the Data Act, the most useful evidence is the set of documents and references that let a later reviewer see why the team chose a particular authority path or complaint route. - Keep source URLs and the exact date the register was checked. - Store the complaint file, authority correspondence, and any national penalty measure used. - Link the evidence to the owner who approved the interpretation. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for competent authorities, data coordinators, complaint rights, judicial remedies, penalties, GDPR supervisory-authority boundaries, dispute settlement, and EDIB coordination. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for the practical role of data coordinators, the Commission public register, EDIB penalty coordination, and certified dispute settlement bodies. - [European Commission - Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical explanations of enforcement bodies, complaint routing, penalties, DPAs, EDIB support, and dispute settlement limits. ### [When should the EU Data Act enforcement and competent-authority answer be reviewed again?](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md#when-should-the-eu-data-act-enforcement-and-competent-authority-answer-be-reviewed-again) *Module: [EU Data Act Enforcement And Competent Authorities](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md)* Under the Data Act, review the answer when the product, service model, customer base, authority structure, or national penalty rule changes. - Recheck the public register after any change in national enforcement arrangements. - Revisit the answer after a relevant Commission FAQ or explainer update. - Update the file if the issue starts to involve GDPR supervision or dispute settlement instead of complaint handling. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for competent authorities, data coordinators, complaint rights, judicial remedies, penalties, GDPR supervisory-authority boundaries, dispute settlement, and EDIB coordination. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for the practical role of data coordinators, the Commission public register, EDIB penalty coordination, and certified dispute settlement bodies. - [European Commission - Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical explanations of enforcement bodies, complaint routing, penalties, DPAs, EDIB support, and dispute settlement limits. ### [What should teams avoid when applying the Data Act enforcement answer?](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md#what-should-teams-avoid-when-applying-the-data-act-enforcement-answer) *Module: [EU Data Act Enforcement And Competent Authorities](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md)* Do not treat the Data Act enforcement answer as a generic checklist without checking the actual authority, route, and legal basis. - Do not guess the competent authority or data coordinator. - Do not quote penalty amounts unless they come from the applicable Member State rule. - Do not ignore the GDPR boundary when personal data are involved. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for competent authorities, data coordinators, complaint rights, judicial remedies, penalties, GDPR supervisory-authority boundaries, dispute settlement, and EDIB coordination. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for the practical role of data coordinators, the Commission public register, EDIB penalty coordination, and certified dispute settlement bodies. - [European Commission - Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical explanations of enforcement bodies, complaint routing, penalties, DPAs, EDIB support, and dispute settlement limits. ### [How do EU Data Act competent authorities cooperate across borders and with the European Data Innovation Board?](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md#how-do-eu-data-act-competent-authorities-cooperate-across-borders-and-with-the-european-data-innovation-board) *Module: [EU Data Act Enforcement And Competent Authorities](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md)* Under the Data Act, competent authorities must cooperate with each other and with authorities in other Member States, sharing relevant information so a cross-border issue does not fall between national gaps. The European Data Innovation Board supports consistency, including coordinating on the approach to penalties so they remain comparable across the Union. - Expect competent authorities to cooperate and exchange information on cross-border Data Act matters. - Use the data coordinator to route a multi-Member-State issue to the right authority. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for competent authorities, data coordinators, complaint rights, judicial remedies, penalties, GDPR supervisory-authority boundaries, dispute settlement, and EDIB coordination. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for the practical role of data coordinators, the Commission public register, EDIB penalty coordination, and certified dispute settlement bodies. - [European Commission - Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical explanations of enforcement bodies, complaint routing, penalties, DPAs, EDIB support, and dispute settlement limits. ### [When can a non-emergency public-sector request qualify as an exceptional need under the EU Data Act?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#when-can-a-non-emergency-public-sector-request-qualify-as-an-exceptional-need-under-the-eu-data-act) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* The Data Act context is the starting point for this answer. A non-emergency request qualifies only if the exceptional need is limited in time and scope and concerns non-personal data. The requesting body must be acting under Union or national law and must identify specific data whose absence prevents it from fulfilling a specific task carried out in the public interest and explicitly provided for by law. - Confirm that the request is outside the public-emergency route and is limited to non-personal data. - Identify the legal task, the specific missing data, and why the lack of that data prevents the task from being fulfilled. - Ask the requester to show the alternative access routes it tried before using the Data Act exceptional-need route. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 15 defines non-emergency exceptional need as limited in time and scope, restricted to non-personal data, tied to a legally provided public-interest task, and dependent on exhausting other means. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission overview explains that non-emergency public-sector requests may be used only for non-personal data and gives traffic-flow optimisation as an example. ### [What must the public-sector request contain before a data holder treats it as a valid Data Act request?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#what-must-the-public-sector-request-contain-before-a-data-holder-treats-it-as-a-valid-data-act-request) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* The Data Act context is the starting point for this answer. The request must be written in clear, concise, plain language and must specify the data required, including metadata needed to interpret and use it. It must demonstrate the exceptional need, explain the purpose, intended use, duration of use, expected erasure timing if possible, why this data holder was chosen, and any expected sharing with other public bodies or delegated third parties. - Check that the request identifies data categories, metadata, purpose, use period, erasure expectation, recipient bodies, and any delegated third party. - Check that it cites the legal task and explains why Article 15 exceptional need is met. - Check that it includes both the requested delivery deadline and the data holder's deadline to decline or seek modification. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 17 lists the required contents and form of a Data Act request for data based on exceptional need. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission overview summarises Chapter V as allowing public-sector access under strict principles and conditions. ### [How should a data holder test proportionality and data scope for a non-emergency Data Act request?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#how-should-a-data-holder-test-proportionality-and-data-scope-for-a-non-emergency-data-act-request) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* The Data Act context is the starting point for this answer. Test proportionality against the exceptional need, not against the requester's general public mission. Article 17 requires the request to be specific about the type of data, correspond to data the holder controls at the time of the request, and be justified by the granularity, volume, and frequency of access requested. - Map the requested datasets to systems, retention status, metadata, and export formats controlled by the data holder. - Challenge overbroad granularity, excessive volume, or repeated access that is not justified by the exceptional need. - Keep a written scope table showing provided, modified, refused, unavailable, and protected data elements. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 17 requires requests to be specific, proportionate, and tied to data controlled by the holder at the time of the request. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission overview says public-sector requests must avoid undue administrative burden on businesses. ### [When can a data holder decline or seek modification of a non-emergency Data Act request?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#when-can-a-data-holder-decline-or-seek-modification-of-a-non-emergency-data-act-request) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* For a non-emergency exceptional-need request, the data holder may decline or seek modification without undue delay and no later than 30 working days after receiving the request. The Data Act grounds are limited: the holder does not control the requested data, a similar request for the same purpose was already submitted and no erasure notice has been received, or the request does not meet the Article 17 content and condition requirements. - Use the 30-working-day outside limit for non-emergency decline or modification responses. - Tie each refusal or modification point to lack of control, duplicate same-purpose request, or Article 17 non-compliance. - Preserve the correspondence needed for competent-authority review if the dispute is not resolved. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 18 sets the non-emergency 30-working-day limit for declining or seeking modification and lists the permitted grounds. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission overview describes Chapter V as a mechanism for public-sector requests where exceptional need is shown. ### [What confidentiality and trade-secret safeguards apply to non-emergency public-sector requests under the Data Act?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#what-confidentiality-and-trade-secret-safeguards-apply-to-non-emergency-public-sector-requests-under-the-data-act) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* The Data Act context is the starting point for this answer. The request must respect the data holder's legitimate aims, including trade-secret protection and the cost and effort required to make data available. Disclosure of trade secrets is required only to the extent strictly necessary to achieve the Article 15 purpose. The data holder or trade-secret holder should identify protected data, including relevant metadata, before disclosure. - Mark trade-secret fields and metadata before transfer, not after the public body receives the data. - Require confidentiality, access-control, transfer-security, and erasure arrangements that match the requested data. - Record any delegated third-party access and the safeguards applied to that third party. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 17 and 19 require respect for legitimate aims, limit trade-secret disclosure to what is strictly necessary, and require confidentiality and security measures. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission overview states that Chapter V requests must protect trade secrets and delete data once no longer needed. ### [Can the data holder charge compensation for a non-emergency Data Act request?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#can-the-data-holder-charge-compensation-for-a-non-emergency-data-act-request) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* The Data Act context is the starting point for this answer. Yes. For Article 15(1)(b) non-emergency exceptional-need requests, Article 20 entitles the data holder to fair compensation. The compensation covers technical and organisational costs incurred to comply with the request, including costs of anonymisation, pseudonymisation, aggregation, and technical adaptation where applicable, plus a reasonable margin. - Separate technical extraction, transformation, anonymisation, aggregation, secure transfer, and project-management costs from unrelated business costs. - Keep the basis for cost and margin calculation ready because Article 20 requires it to be provided on request. - Check whether the request concerns production of official statistics and whether national law bars purchase of that data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 20 sets fair compensation for non-emergency exceptional-need requests and the official-statistics exception. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission overview summarises compensation for non-emergency Chapter V requests as reasonable remuneration not exceeding technical and organisational costs, with an official-statistics exception. ### [What request file and decision record should teams keep for Data Act non-emergency public-sector requests?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#what-request-file-and-decision-record-should-teams-keep-for-data-act-non-emergency-public-sector-requests) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* The Data Act context is the starting point for this answer. Keep a request file that can show why the request was accepted, modified, declined, costed, or escalated. The file should include the original request, proof of receipt date, requester identity, legal task cited, exceptional-need analysis, alternative-means analysis, data-scope table, trade-secret markings, security measures, compensation calculation, response letters, delivery evidence, and any competent-authority correspondence. - Log the receipt date and calculate the 30-working-day non-emergency response window. - Keep request-content checks against each Article 17 field, including publication or public-security handling where relevant. - Retain the final outcome: delivered, modified, declined, escalated, compensated, erased, or still disputed. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 17 to 20 support the request-content, response, confidentiality, erasure, compensation, and dispute records a data holder should retain. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission overview explains the once-only principle and public availability of requests, which supports keeping duplicate-request and publication records. ### [Which Data Act Chapter V situations fall outside this non-emergency FAQ and should be handled separately?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#which-data-act-chapter-v-situations-fall-outside-this-non-emergency-faq-and-should-be-handled-separately) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* The Data Act context is the starting point for this answer. This FAQ does not cover the public-emergency route, where different timing and compensation rules apply and personal data may be requested if non-personal data is insufficient. It also does not cover criminal, administrative-offence, customs, or taxation requests, because Article 16 excludes those activities from this Chapter V mechanism. - Route public-emergency requests to the emergency-specific timing, data-type, and compensation checks. - Route criminal, administrative-offence, customs, and taxation requests away from this Chapter V exceptional-need analysis. - Check microenterprise and small-enterprise status before applying the non-emergency obligation. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 15 and 16 distinguish the non-emergency route from public emergencies, micro and small enterprise limits, and excluded enforcement, customs, and taxation activities. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission overview separates emergency and non-emergency Chapter V scenarios and states that non-emergency requests are limited to non-personal data. ### [What Data Act source evidence should teams keep for this FAQ decision?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#what-data-act-source-evidence-should-teams-keep-for-this-faq-decision) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* For non-emergency public-sector requests, the Data Act record should identify the source clause, Commission guidance, actor role, dataset, request or contract trigger, and the owner who approved the interpretation. - Map the non-emergency public-sector request decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act source for Chapter V business-to-government exceptional-need requests, including Articles 14 to 20 on scope, request contents, response grounds, confidentiality, and compensation. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for public-facing context on Chapter V, non-emergency non-personal data requests, strict request principles, once-only handling, and compensation summary. ### [How should teams assign ownership for Data Act non-emergency public-sector request handling and follow-up?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#how-should-teams-assign-ownership-for-data-act-non-emergency-public-sector-request-handling-and-follow-up) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* For non-emergency public-sector requests, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process. - Map the non-emergency public-sector request decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act source for Chapter V business-to-government exceptional-need requests, including Articles 14 to 20 on scope, request contents, response grounds, confidentiality, and compensation. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for public-facing context on Chapter V, non-emergency non-personal data requests, strict request principles, once-only handling, and compensation summary. ### [Which Data Act implementation evidence makes this non-emergency request answer usable later?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#which-data-act-implementation-evidence-makes-this-non-emergency-request-answer-usable-later) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* For non-emergency public-sector requests, the Data Act evidence should be concrete enough for a later reviewer to reconstruct why the team classified the product, service, request, or contract in scope. - Map the non-emergency public-sector request decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act source for Chapter V business-to-government exceptional-need requests, including Articles 14 to 20 on scope, request contents, response grounds, confidentiality, and compensation. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for public-facing context on Chapter V, non-emergency non-personal data requests, strict request principles, once-only handling, and compensation summary. ### [When should the Data Act non-emergency public-sector request FAQ be reviewed again?](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md#when-should-the-data-act-non-emergency-public-sector-request-faq-be-reviewed-again) *Module: [EU Data Act Non-Emergency Public-Sector Requests](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md)* For non-emergency public-sector requests, the Data Act answer should be reviewed when the product, service model, dataset, customer role, public-sector request path, or contract wording changes. - Map the non-emergency public-sector request decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act source for Chapter V business-to-government exceptional-need requests, including Articles 14 to 20 on scope, request contents, response grounds, confidentiality, and compensation. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for public-facing context on Chapter V, non-emergency non-personal data requests, strict request principles, once-only handling, and compensation summary. ### [What does non-personal data mean under the EU Data Act, and how does it differ from personal data?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#what-does-non-personal-data-mean-under-the-eu-data-act-and-how-does-it-differ-from-personal-data) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* The Data Act defines non-personal data as data other than personal data. That sounds simple, but it means the team must classify fields by substance, not by dataset label. A machine telemetry export, support log, vehicle dataset, or cloud export can contain both non-personal fields and fields that identify, relate to, or can be linked to a natural person. - Classify each field as personal, non-personal, mixed or linkable, inferred or derived, trade-secret-sensitive, or outside the request. - Record whether the field is product data, related-service data, relevant metadata, or another data category. - Do not rely on internal labels such as telemetry, operational data, customer data, or analytics unless the field-level classification is visible. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines non-personal data and the key product, related-service, user, data holder, and data recipient terms used for field classification. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that Chapter II covers raw and pre-processed readily available data, including metadata, and excludes inferred or derived data. ### [Does the EU Data Act override GDPR when a dataset contains both personal and non-personal data?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#does-the-eu-data-act-override-gdpr-when-a-dataset-contains-both-personal-and-non-personal-data) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* No. The Data Act complements EU data-protection and privacy law and must not be interpreted to diminish personal-data rights. When a mixed dataset contains personal data, GDPR, the EU institutions data-protection regulation, and ePrivacy rules continue to control the personal-data processing layer. - Treat Data Act access and GDPR processing as separate questions that must both be satisfied for personal-data fields. - If the requester is not the data subject, document the GDPR legal basis before releasing personal data. - Where possible, separate, anonymise, or limit personal-data fields instead of blocking access to non-personal fields that remain in scope. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - States that the Data Act is without prejudice to data-protection and privacy law and does not create a new legal basis for personal-data collection or generation. - [European Commission - Data protection overview](https://commission.europa.eu/law/law-topic/data-protection_en?ref=sorena.io) - Provides Commission context that EU personal-data protection is grounded in GDPR, the Law Enforcement Directive, and the EU institutions data-protection regulation. ### [Which Data Act roles matter when handling non-personal data and mixed datasets?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#which-data-act-roles-matter-when-handling-non-personal-data-and-mixed-datasets) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* The Data Act context is the starting point for this answer. The main roles are user, data holder, third party, and data recipient. A user is the person or organisation that owns, rents, leases, or receives the related service for the connected product. A data holder is the person or organisation with the right or obligation to use and make data available. A third party can receive data at the user's request, and may also be a data recipient for business-to-business sharing rules. - Name the user, data holder, third party, data recipient, and any data subject for each request. - Check whether the relevant organisation is a manufacturer, related-service provider, provider of data processing services, public undertaking, or another party with a Data Act duty. - Keep the role map with the request log because role errors change the access, sharing, GDPR, and evidence analysis. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines user, data holder, data recipient, product data, related-service data, and related Data Act roles. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains Chapter II roles in practice, including users, third parties, and typical data holders for connected products and related services. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 17 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items/page/16.md) | [Next page](/artifacts/eu/data-act/faq/items/page/18.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/17