--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/18" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 18 of 24. Showing 20 of 469 items.* ### [What mixed-dataset access must a data holder provide to a user under the EU Data Act?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#what-mixed-dataset-access-must-a-data-holder-provide-to-a-user-under-the-eu-data-act) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* The Data Act context is the starting point for this answer. Where the user cannot directly access the data from the connected product or related service, the data holder must make readily available data and necessary metadata accessible to the user without undue delay, in the same quality available to the data holder, securely, free of charge, and in a comprehensive, structured, commonly used, machine-readable format. Where relevant and technically feasible, access should be continuous and real-time. - Deliver in-scope non-personal fields and metadata in the required format and quality. - For personal fields, confirm whether the user is the data subject or has a valid GDPR basis for receiving them. - Document any excluded field by category: personal-data restriction, inferred or derived data, trade secret, security requirement, unavailable data, or out-of-scope content. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 4 sets user access duties for readily available product data, related-service data, and metadata, including format and quality requirements. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Summarises the Chapter II user-access right and the scope of readily available raw and pre-processed data. ### [Can a user ask the data holder to share a mixed dataset with a third party under the Data Act?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#can-a-user-ask-the-data-holder-to-share-a-mixed-dataset-with-a-third-party-under-the-data-act) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* Yes, but the same boundaries apply. At the user's request, the data holder must make readily available data and relevant metadata available to a third party under the Data Act conditions. A gatekeeper under the Digital Markets Act is not an eligible third party for this user-requested Chapter II sharing route. - Tie third-party sharing to a specific user request and a stated user-approved purpose. - Screen the requested recipient for the Data Act gatekeeper exclusion where Chapter II third-party access is used. - Add recipient controls for purpose limitation, onward sharing, deletion, trade secrets, security, and non-use for competing connected products. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 5 and 6 set user-requested third-party sharing duties, gatekeeper exclusion, GDPR limits, purpose controls, deletion, and onward-sharing restrictions. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that users may share connected-product data directly or ask the data holder to share it with a third party of their choice, excluding gatekeepers. ### [What are the main boundaries for non-personal data use by data holders and third parties under the Data Act?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#what-are-the-main-boundaries-for-non-personal-data-use-by-data-holders-and-third-parties-under-the-data-act) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* The Data Act context is the starting point for this answer. A data holder may use readily available non-personal data only on the basis of a contract with the user. The data holder must not use that data to derive insights about the user's economic situation, assets, production methods, or use of the product in a way that could undermine the user's commercial position. - Check the user contract before using non-personal product or related-service data internally. - Separate permitted aftermarket or related-service use from prohibited development of a competing connected product. - Prohibit commercial insight extraction about the user, data holder, or third party where the Data Act restricts it. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4 and 6 limit data holder and third-party use of non-personal product and related-service data, including competitive-product and insight restrictions. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains limits on using Data Act data to develop a competing connected product and distinguishes related or aftermarket services. ### [How should trade secrets and security concerns be handled in mixed datasets under the Data Act?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#how-should-trade-secrets-and-security-concerns-be-handled-in-mixed-datasets-under-the-data-act) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* Trade secrets are not a blanket reason to deny a Data Act request. The data holder or trade-secret holder must identify protected data, including relevant metadata, and agree proportionate technical and organisational measures with the user or third party. Examples in the Data Act include contractual terms, confidentiality agreements, strict access protocols, technical standards, and codes of conduct. - Identify trade-secret fields and metadata before applying confidentiality measures. - Use proportionate safeguards first; reserve withholding, suspension, or refusal for the Data Act conditions that support them. - Keep the written reason, affected fields, measures requested, measures implemented, and any competent-authority notification. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4 and 5 require trade-secret identification, proportionate confidentiality measures, written substantiation, and competent-authority notification for withholding, suspension, or refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that trade-secret protection and security restrictions are limitations on access, not broad exemptions from Data Act sharing. ### [How do public-sector requests change the treatment of non-personal data and mixed datasets under the Data Act?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#how-do-public-sector-requests-change-the-treatment-of-non-personal-data-and-mixed-datasets-under-the-data-act) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* The Data Act context is the starting point for this answer. Chapter V is different from ordinary user and third-party access. Public sector bodies, the Commission, the European Central Bank, and Union bodies may request data from data holders on the basis of an exceptional need, but the request must be limited in time and scope and tied to statutory duties in the public interest. - Separate Chapter V public-sector requests from Chapter II user or third-party requests. - For emergency requests, record why non-personal data is sufficient or why personal data is necessary and anonymisation is or is not possible. - For non-emergency requests, verify that the request is for non-personal data and that the requester has documented the public-interest task and failed alternatives. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 14 and 15 define exceptional-need requests and limit non-emergency exceptional-need requests to non-personal data. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains Chapter V emergency and non-emergency handling, including the focus on non-personal data and anonymisation where possible. ### [What should cloud and data-processing-service teams know about non-personal data under the Data Act?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#what-should-cloud-and-data-processing-service-teams-know-about-non-personal-data-under-the-data-act) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* The Data Act also contains rules for data processing services and international governmental access to non-personal data held in the Union. Providers of data processing services must take adequate technical, organisational, and legal measures, including contracts, to prevent third-country governmental access or transfer of non-personal data where it would conflict with Union or Member State law. - Classify whether the workflow is connected-product access, cloud switching, or third-country governmental access. - For third-country governmental access, keep the request, legal basis, conflict assessment, minimisation decision, customer notice analysis, and any national-authority consultation. - Do not use cloud-access rules to narrow a user's Chapter II access to connected-product data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32 sets safeguards against conflicting third-country governmental access and transfer of non-personal data held in the Union. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that Chapter VII protects non-personal data stored in the EU against unlawful third-country governmental access requests. ### [What evidence should teams keep for Data Act non-personal data and mixed-dataset decisions?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#what-evidence-should-teams-keep-for-data-act-non-personal-data-and-mixed-dataset-decisions) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* Keep evidence that proves the classification and the outcome, not a generic compliance memo. The minimum useful record is a field-level data inventory, the Data Act role map, the requester and recipient identity checks, the GDPR basis or exclusion for any personal-data fields, and the final delivery or refusal file. - Keep the data dictionary, request log, role map, field classification, recipient purpose, and delivery manifest together. - Attach GDPR, anonymisation, trade-secret, security, and third-country-access assessments only where those issues affected the result. - Store written substantiation and competent-authority or dispute records for withholding, suspension, refusal, or challenged restrictions. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports evidence fields for user access, third-party sharing, GDPR limits, trade-secret measures, security restrictions, technical protection measures, and dispute routes. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Provides practical implementation context for Chapter II access, Chapter V public-sector requests, and Chapter VII non-personal-data safeguards. ### [What source evidence should teams keep for a Data Act mixed-dataset decision?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#what-source-evidence-should-teams-keep-for-a-data-act-mixed-dataset-decision) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* For mixed datasets, the decision record should point to the exact Data Act article or recital, the Commission guidance used, the actor role, and the specific dataset or workflow reviewed. That makes it easier to explain why some fields were shared, some were excluded, and which law controlled each part of the decision. - Map the mixed-dataset decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. - Keep article-level references with the field-level inventory so reviewers can connect the rule to the decision. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text used for definitions, Chapter II user and third-party access rules, GDPR interaction, trade-secret and security limits, Chapter V public-sector requests, and Chapter VII non-personal-data transfer safeguards. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for practical context on raw and pre-processed readily available data, mixed personal and non-personal datasets, user/data holder/third-party roles, public-sector requests, and non-personal cloud data safeguards. - [European Commission - Data protection overview](https://commission.europa.eu/law/law-topic/data-protection_en?ref=sorena.io) - Commission data-protection overview used to ground the GDPR precedence and personal-data-rights context for mixed datasets. ### [Which team should own a Data Act mixed-dataset implementation decision and keep it current over time?](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md#which-team-should-own-a-data-act-mixed-dataset-implementation-decision-and-keep-it-current-over-time) *Module: [EU Data Act Non-Personal Data and Mixed Datasets](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md)* For mixed datasets, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process. The owner should be the person who can approve the field-level classification, route any GDPR or trade-secret review, and close the request with a documented outcome. - Assign one accountable owner for the classification and one for the response if the workflow spans multiple teams. - Record the legal, product, procurement, cloud, support, and security inputs alongside the final decision. - Keep the owner with the cited Data Act source URL and the request log so the decision can be reproduced. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text used for definitions, Chapter II user and third-party access rules, GDPR interaction, trade-secret and security limits, Chapter V public-sector requests, and Chapter VII non-personal-data transfer safeguards. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for practical context on raw and pre-processed readily available data, mixed personal and non-personal datasets, user/data holder/third-party roles, public-sector requests, and non-personal cloud data safeguards. - [European Commission - Data protection overview](https://commission.europa.eu/law/law-topic/data-protection_en?ref=sorena.io) - Commission data-protection overview used to ground the GDPR precedence and personal-data-rights context for mixed datasets. ### [What pre-contract information does the EU Data Act require before buying, renting, or leasing a connected product?](/artifacts/eu/data-act/faq/pre-contractual-information.md#what-pre-contract-information-does-the-eu-data-act-require-before-buying-renting-or-leasing-a-connected-product) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* The Data Act context is the starting point for this answer. Before conclusion of a purchase, rent, or lease contract for a connected product, Article 3(2) requires the seller, rentor, or lessor to give the user clear and comprehensible information. The disclosure must cover the type, format, and estimated volume of product data the connected product can generate. - Describe the connected product data in user-facing terms, then add format and estimated volume. - State whether generation is continuous or real time when the product has that capability. - Explain data storage location, retention duration where applicable, and the technical access, retrieval, or erasure route. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3(2) lists the minimum pre-contract information for connected products. - [European Commission - Data Act Explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explanation of Chapter II data access for connected products and related services. ### [What extra pre-contract information is required for a related service under the EU Data Act?](/artifacts/eu/data-act/faq/pre-contractual-information.md#what-extra-pre-contract-information-is-required-for-a-related-service-under-the-eu-data-act) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* The Data Act context is the starting point for this answer. For a related service, Article 3(3) requires the prospective provider to disclose both product data it expects to obtain and related service data that will be generated. The notice must explain the nature, estimated volume, and, for product data, collection frequency, plus access or retrieval arrangements and storage or retention arrangements. - Separate product data obtained through the related service from related service data generated by the service. - Include collection frequency for product data the prospective data holder expects to obtain. - State intended use by the data holder and any planned third-party use agreed with the user. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3(3) lists the minimum pre-contract information for related services. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ explains that related services can create their own data holder role. ### [Which data categories should the EU Data Act Article 3 notice describe?](/artifacts/eu/data-act/faq/pre-contractual-information.md#which-data-categories-should-the-eu-data-act-article-3-notice-describe) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* The Data Act context is the starting point for this answer. The Article 3 notice should focus on product data and related service data, not a broad inventory of every file associated with the product. Commission guidance describes Chapter II as covering raw and pre-processed data that are readily available to the data holder, including relevant metadata, while inferred or derived data and protected content can fall outside that Chapter II access scope. - Identify product data generated by the connected product and related service data generated during the service. - Describe raw and pre-processed data that are readily available, including relevant metadata needed to use them. - Do not imply that inferred insights, derived analytics, or protected content are automatically available under Article 3. Sources for this answer: - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ identifies product data, related service data, readily available data, raw and pre-processed data, metadata, and excluded inferred or derived data. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recitals 15 and 20 support the distinction between raw or pre-processed data, relevant metadata, readily available data, and inferred or derived data. ### [How should the pre-contract notice explain direct and indirect data access under the EU Data Act?](/artifacts/eu/data-act/faq/pre-contractual-information.md#how-should-the-pre-contract-notice-explain-direct-and-indirect-data-access-under-the-eu-data-act) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* The Data Act context is the starting point for this answer. Article 3(1) says connected products and related services should be designed so product data and related service data are easily, securely, and freely accessible to the user in a structured, commonly used, machine-readable format, and directly accessible where relevant and technically feasible. - Name the user interface, API, export, account, portal, or request route used for each major data category. - State when direct access is available and when the user must request access from the data holder. - Explain the terms of use and quality of service for the technical means of access or retrieval. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3(1) sets the design/access baseline and Article 3(2) requires disclosure of technical access and retrieval means. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ distinguishes direct access from indirect access and gives examples of each. ### [Does the EU Data Act pre-contract notice have to identify the data holder?](/artifacts/eu/data-act/faq/pre-contractual-information.md#does-the-eu-data-act-pre-contract-notice-have-to-identify-the-data-holder) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* The Data Act context is the starting point for this answer. Yes for related services, and in practice the identity question is central for connected products too because the user needs to know who controls access to readily available data. Article 3(3) requires the related service provider to disclose the prospective data holder's identity, such as trading name and geographical address, plus communication means for quick and efficient contact. - Name each prospective data holder in the contract pack or linked pre-contract notice. - Provide a trading name, geographical establishment address, and efficient contact channel where Article 3(3) applies. - Avoid saying 'manufacturer' when a related service provider, component supplier, or other contracted party is the actual data holder for a data stream. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3(3)(d) and (e) require identity and communication details for the prospective data holder of a related service. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ explains that data holder status depends on who controls access to readily available data, not simply who made the hardware. ### [What should the EU Data Act pre-contract notice say about sharing data with third parties?](/artifacts/eu/data-act/faq/pre-contractual-information.md#what-should-the-eu-data-act-pre-contract-notice-say-about-sharing-data-with-third-parties) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* The Data Act context is the starting point for this answer. For related services, Article 3(3) requires information on how the user can ask for data to be shared with a third party and, where applicable, how to end that sharing. It also requires disclosure of whether the prospective data holder intends to allow one or more third parties to use the data for purposes agreed with the user. - Explain the user request path for third-party sharing and the stop-sharing path where it applies. - State any data holder plan to let third parties use data for purposes agreed with the user. - Do not present DMA gatekeepers or non-EU third parties as guaranteed recipients under the Data Act access right. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3(3)(c) and (f) require related-service disclosures about third-party use and user-requested sharing. - [European Commission - Data Act Explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explanation describes user-directed third-party sharing and limits for DMA gatekeepers and third parties outside the EU. ### [How does GDPR limit EU Data Act pre-contract information and later access to personal data?](/artifacts/eu/data-act/faq/pre-contractual-information.md#how-does-gdpr-limit-eu-data-act-pre-contract-information-and-later-access-to-personal-data) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* The Data Act does not supersede the GDPR. Commission FAQ material states that the GDPR is fully applicable to personal data processing under the Data Act, and that GDPR rules prevail in a conflict. Article 3 disclosures can describe personal-data categories and access routes, but they do not create a new legal basis for collecting, generating, or disclosing personal data. - State which generated data may contain personal data and which access paths involve personal data processing. - Do not use Article 3 wording as a substitute for GDPR transparency notices or a GDPR legal basis. - Preserve the GDPR boundary when explaining user access, third-party sharing, anonymisation, and mixed personal/non-personal datasets. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recital 7 and Article 1(5) support the GDPR boundary for personal data under the Data Act. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ explains that GDPR remains fully applicable and prevails for personal data protection conflicts. ### [What trade secret and security information belongs in the EU Data Act pre-contract package?](/artifacts/eu/data-act/faq/pre-contractual-information.md#what-trade-secret-and-security-information-belongs-in-the-eu-data-act-pre-contract-package) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* Article 3(3) requires the related-service notice to say whether a prospective data holder is the holder of trade secrets contained in accessible or generated data, and, if not, to identify the trade secret holder. The Data Act also allows safeguards for trade secrets and security, but those safeguards should be explained as limits on access or sharing, not as a blanket reason to avoid clear Article 3 disclosures. - Disclose whether the prospective data holder is also the trade secret holder where Article 3(3)(h) applies. - Identify a separate trade secret holder when the prospective data holder is not that holder. - Keep trade secret and security limits specific to the affected data category and access route. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3(3)(h), Article 4, and Article 5 support trade secret and security-related access safeguards. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ explains the Data Act trade secret mechanism and security handbrake in Chapter II. ### [Is EU Data Act pre-contractual information the same thing as a declaration of conformity?](/artifacts/eu/data-act/faq/pre-contractual-information.md#is-eu-data-act-pre-contractual-information-the-same-thing-as-a-declaration-of-conformity) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* No. The Data Act pre-contract obligation is a user-facing information duty about generated data, access, retrieval, data holder identity, third-party sharing, and related limits. It is not a CE-style declaration of conformity or a standalone self-certification document under the Data Act. - Do not label the Article 3 disclosure as a Data Act conformity declaration. - Make the disclosure durable enough for the user to store and consult later. - Keep the disclosure consistent across product documentation, website copy, contract schedules, and support answers. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3 and Recital 24 support a pre-contract information duty rather than a Data Act declaration of conformity. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Commission policy page provides official context for connected-device user control under the Data Act. ### [What records should teams keep to support the EU Data Act pre-contract information answer later?](/artifacts/eu/data-act/faq/pre-contractual-information.md#what-records-should-teams-keep-to-support-the-eu-data-act-pre-contract-information-answer-later) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* For pre contractual information, the Data Act record should identify the source clause, Commission guidance, actor role, dataset, request or contract trigger, and the owner who approved the interpretation. - Map the pre contractual information decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. - Keep the source citation and approval trail together so later reviewers can confirm the basis for the answer. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Article 3 pre-contract information duties, data access design duties, trade secret disclosure, GDPR boundary, and complaint rights. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission implementation FAQ used for data categories, direct and indirect access, data holder identity, GDPR interaction, and third-party sharing limits. - [European Commission - Data Act Explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for connected-product and related-service context, user access, data holder roles, and limits on third-party sharing. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Official Commission policy context for user control over connected-device data under the Data Act. ### [Which team should own the Data Act pre-contract disclosure process and keep the templates current?](/artifacts/eu/data-act/faq/pre-contractual-information.md#which-team-should-own-the-data-act-pre-contract-disclosure-process-and-keep-the-templates-current) *Module: [EU Data Act Pre-Contractual Information](/artifacts/eu/data-act/faq/pre-contractual-information.md)* For pre contractual information, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process. - Assign one accountable owner for the disclosure content and one operational contact for updates. - Record the legal, product, privacy, and support teams consulted on the final wording. - Track who can approve changes when the product, service, or data flow changes. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Article 3 pre-contract information duties, data access design duties, trade secret disclosure, GDPR boundary, and complaint rights. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission implementation FAQ used for data categories, direct and indirect access, data holder identity, GDPR interaction, and third-party sharing limits. - [European Commission - Data Act Explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for connected-product and related-service context, user access, data holder roles, and limits on third-party sharing. - [European Commission - Data Act policy page](https://digital-strategy.ec.europa.eu/en/policies/data-act?ref=sorena.io) - Official Commission policy context for user control over connected-device data under the Data Act. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 18 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items/page/17.md) | [Next page](/artifacts/eu/data-act/faq/items/page/19.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/18