--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/2" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 2 of 24. Showing 20 of 469 items.* ### [What can a third party do with personal data received through a Data Act request?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#what-can-a-third-party-do-with-personal-data-received-through-a-data-act-request) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* Under the Data Act, a third party may use received data only for purposes agreed with the user, and Article 6 includes prohibitions such as using the data to develop a competing connected product and sharing it with a Digital Markets Act gatekeeper. Where the received data is personal data, the third party must also satisfy GDPR controller or processor obligations for its own processing. - Record the third party's identity, purpose, data categories, delivery method, and restrictions. - Do not send personal data to a third party on the user's instruction unless the GDPR basis and role allocation are clear. - Keep a narrower non-personal-data delivery option available when the personal-data part cannot lawfully be shared. Sources for this answer: - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explanation of users sharing data with third parties and the exclusion for DMA gatekeepers. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 31 and 35 explain third-party transfer rights and third-party use limits under Chapter II. ### [What evidence should a Data Act/GDPR overlap file contain for GDPR Personal Data Overlap implementation evidence?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#what-evidence-should-a-data-actgdpr-overlap-file-contain-for-gdpr-personal-data-overlap-implementation-evidence) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* The evidence file should show how the team separated the Data Act question from the GDPR question. Keep the request form, requester identity and role, data-scope decision, field-level classification, lawful-basis check, minimisation step, trade-secret or security review, third-party recipient details, and the final decision to disclose, limit, anonymise, or refuse. - Store the Data Act scope decision separately from the GDPR lawful-basis decision. - Keep field-level notes for excluded, anonymised, pseudonymised, aggregated, or redacted data. - Preserve the recipient restriction and user instruction for each third-party transfer. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Data Act scope, personal-data hierarchy, role distinctions, trade-secret safeguards, and supervisory-authority competence. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Implementation FAQ grounding the evidence fields for GDPR lawful basis, role allocation, portability, third-party sharing, and trade secrets. ### [What Data Act source evidence should teams keep for the GDPR Personal Data Overlap FAQ decision?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#what-data-act-source-evidence-should-teams-keep-for-the-gdpr-personal-data-overlap-faq-decision) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* Keep the source evidence tied to the legal point the team actually used. That means the Data Act article or recital, the Commission FAQ question or fact page, the request date, the internal owner, and the specific data categories affected. - Keep the cited Data Act article or recital, the Commission FAQ reference, and the source URL with the decision note. - Record the affected workflow, data categories, decision date, reviewer, and unresolved assumptions. - Store the implementation artifact or approval record together with the source evidence so the same file supports later audits. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding EU Data Act text used for Article 1(5), Recital 7, user/data-holder role boundaries, processors, trade-secret safeguards, and DPA competence where personal-data protection is concerned. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission implementation FAQ used for GDPR overlap, mixed personal and non-personal data, lawful basis where the user is not the data subject, portability, third-party use limits, and trade-secret handling. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission fact page used for Chapter II scope, connected-product and related-service data, third-party sharing, mixed datasets, and trade-secret safeguards. - [European Commission - Data protection overview](https://commission.europa.eu/law/law-topic/data-protection_en?ref=sorena.io) - Commission overview used only for general EU data-protection context and authority framework around personal data. ### [How should teams assign ownership for Data Act GDPR Personal Data Overlap implementation work?](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md#how-should-teams-assign-ownership-for-data-act-gdpr-personal-data-overlap-implementation-work) *Module: [Data Act and GDPR Personal Data Overlap](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md)* Assign one accountable owner for the process change, usually the team that can actually update the intake form, workflow, contract, or API rule. For Data Act/GDPR overlap, that is often privacy, legal, product, support, procurement, security, or data governance, depending on where the request enters the business. - Assign a single accountable owner for each request path and keep consulted teams in a separate field. - Map the decision to the source clause, implementation rule, and the workflow it changes. - Record the owner of the intake form, approval step, and escalation path so future requests follow the same rule. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding EU Data Act text used for Article 1(5), Recital 7, user/data-holder role boundaries, processors, trade-secret safeguards, and DPA competence where personal-data protection is concerned. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission implementation FAQ used for GDPR overlap, mixed personal and non-personal data, lawful basis where the user is not the data subject, portability, third-party use limits, and trade-secret handling. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission fact page used for Chapter II scope, connected-product and related-service data, third-party sharing, mixed datasets, and trade-secret safeguards. - [European Commission - Data protection overview](https://commission.europa.eu/law/law-topic/data-protection_en?ref=sorena.io) - Commission overview used only for general EU data-protection context and authority framework around personal data. ### [What should a Data Act request log prove for Audit Evidence And Request Logs implementation evidence?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#what-should-a-data-act-request-log-prove-for-audit-evidence-and-request-logs-implementation-evidence) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* The Data Act context is the starting point for this answer. A request log should prove the route from intake to outcome. For connected-product and related-service data, record whether the requester is the user, a party acting on the user's behalf, or a third party chosen by the user. The log should identify the product or related service, requested data and metadata, format, timing, delivery route, and any refusal, suspension, limitation, compensation, or dispute route. - Minimum fields: request ID, requester identity and role, product or related service, data category, metadata needed to interpret the data, request channel, decision, delivery or refusal date, responsible owner, and cited Data Act article. - For user access, record whether data were directly accessible or had to be made available by the data holder in a structured, commonly used, machine-readable format. - For third-party sharing, record the user's instruction, third-party identity check, delivery format, and any Article 8, Article 9, trade secret, security, or GDPR condition that changed the response. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 3, 4, and 5 ground user and third-party access logs, including the limit on keeping more access information than necessary. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ context for distinguishing raw and pre-processed product data from excluded inferred or derived information. ### [How should teams record trade secret and security safeguards under the Data Act?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#how-should-teams-record-trade-secret-and-security-safeguards-under-the-data-act) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* The Data Act context is the starting point for this answer. Trade secret handling needs its own evidence trail. The log should identify the data marked as trade secrets, the trade secret holder, the agreed technical and organisational measures, and whether the measures were accepted, not implemented, undermined, or still insufficient in exceptional circumstances. - Record the protected data, relevant metadata, trade secret holder, confidentiality measures, user or third-party commitments, and reviewer approval. - For withholding or suspension, keep the written reason, measures not agreed or not implemented, affected trade secrets, authority notification status, and user challenge route. - For security-based restrictions under Article 4, record the security requirement, expected serious adverse effect, scope of restriction, authority notification, and any narrower alternative offered. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4, 5, and 11 ground confidentiality measures, written substantiation, authority notification, and technical protection measures. - [EUR-Lex Summary - Rules on fair access to and use of data](https://eur-lex.europa.eu/EN/legal-content/summary/rules-on-fair-access-to-and-use-of-data-data-act.html?ref=sorena.io) - EUR-Lex summary confirms that Data Act access rules include trade secret and intellectual property safeguards. ### [What evidence belongs in a B2G exceptional need request file under the Data Act?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#what-evidence-belongs-in-a-b2g-exceptional-need-request-file-under-the-data-act) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* The Data Act context is the starting point for this answer. For public-sector exceptional need requests, keep the incoming written request and a structured review record. The file should show the requesting body, legal task, exceptional need basis, specific data and metadata requested, purpose, intended use, deadline, erasure expectation, onward-sharing plan, and whether personal data, trade secrets, or cross-border procedure steps are involved. - Log whether the request is for a public emergency or another legally defined public-interest task, and whether the Article 15 conditions are demonstrated. - Check that the request is written in clear language, specific, proportionate, tied to data the holder controls, and transmitted or published through the required public channel. - If declining or seeking modification, keep the ground relied on, response date, prior similar request details if relevant, correspondence, and competent-authority referral status. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 14 to 22 ground B2G exceptional need intake, request contents, modification grounds, safeguards, onward sharing, and erasure records. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ explains practical checks for cross-border public-sector requests, Article 17 validity, onward sharing, and repetitive requests. ### [What should cloud switching logs and export evidence contain under the Data Act?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#what-should-cloud-switching-logs-and-export-evidence-contain-under-the-data-act) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* The Data Act context is the starting point for this answer. For data processing services, the audit file should connect the customer's switching notice to the contract clauses, export inventory, transition timeline, assistance provided, risks communicated, security controls, retrieval period, erasure step, and switching charges. It should also show whether the service is IaaS, PaaS, SaaS, custom-built, or a limited testing version because the technical obligations can differ. - Record notice date, requested action, destination provider or on-premises target, exportable data, digital assets, excluded internal-provider data, assistance offered, continuity risks, and security measures during transfer. - Keep the provider's online register reference for data structures, formats, standards, and open interoperability specifications used for export. - For switching charges, record whether the charge is a reduced charge during the transition period or prohibited from 12 January 2027, and keep the calculation basis rather than publishing unsupported penalty figures. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 23 to 30 ground switching notices, contract clauses, exportable data, retrieval, erasure, charges, open interfaces, and export format evidence. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ explains the relationship between notice period, transition period, charge withdrawal, and PaaS/SaaS switching obligations. ### [Which contract evidence should be kept for Data Act audit review?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#which-contract-evidence-should-be-kept-for-data-act-audit-review) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* The Data Act context is the starting point for this answer. Keep a contract-term register for data access, use, compensation, remedies, termination, switching, and cloud exit. For B2B data access and use, the register should flag terms that were unilaterally imposed and explain whether they could be unfair under Article 13. For cloud contracts, keep the written switching clauses and the website disclosures that the contract points to. - For Article 13 review, record the clause, supplier or customer role, whether negotiation was possible, the business impact, and the final approval or fallback text. - For data sharing compensation, keep the calculation basis, cost categories, volume or format assumptions, SME or research organisation status if relevant, and dispute route. - For cloud switching clauses, keep the signed contract version, pre-contract copy provided to the customer, exit strategy support record, retrieval and erasure clauses, and charge disclosures. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 9, 12, 13, 25, 26, 28, 29, and 41 ground compensation, unfair terms, cloud switching clauses, website disclosures, and model terms. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ confirms the scope and non-binding status of model contractual terms and cloud standard contractual clauses. ### [How should the GDPR boundary appear in request logs under the Data Act?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#how-should-the-gdpr-boundary-appear-in-request-logs-under-the-data-act) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* The Data Act does not supersede GDPR analysis. If the requested dataset contains personal data, the log should show the GDPR legal basis, special-category conditions if relevant, ePrivacy check where relevant, data minimisation steps, and whether anonymisation or pseudonymisation was used before disclosure. - Tag each request as non-personal, personal, mixed, anonymised, pseudonymised, or escalated because a valid GDPR basis is missing. - For B2G requests involving personal data, keep the requester's Article 17 privacy safeguards, supervisory-authority notification, anonymisation or pseudonymisation decision, and erasure record. - For cloud and international-government-access records, separate non-personal Data Act safeguards from GDPR transfer records for personal data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recital 7 and Articles 4, 17, 18, 19, and 37 ground the GDPR boundary, personal-data safeguards, anonymisation, pseudonymisation, and DPA competence. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ confirms that data protection authorities remain responsible for Data Act monitoring where personal data protection is concerned. ### [How much should the log retain, and what should not be retained under the Data Act?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#how-much-should-the-log-retain-and-what-should-not-be-retained-under-the-data-act) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* The log should retain enough to prove compliance, but not become an unnecessary surveillance record. For user and third-party access requests, the Data Act expressly limits verification information and access logs to what is necessary for sound execution of the request and for security and maintenance of the data infrastructure. - Retain decision evidence: request, classification, source article, data map, safeguard, response, delivery proof, refusal reason, authority notice, dispute or complaint record, and closure step. - Do not retain extra identity, access, or log data merely because the Data Act request occurred; tie retention to execution, security, maintenance, dispute handling, or another documented legal basis. - Use separate retention labels for product-data access, third-party sharing, B2G exceptional need, cloud switching, third-country authority requests, and contract-term review. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4, 5, 19, 21, 32, and 36 ground request-log minimisation, erasure notices, third-country request records, and smart-contract auditability. - [European Commission - Data Act Legal Helpdesk](https://digital-strategy.ec.europa.eu/en/policies/data-act-legal-helpdesk?ref=sorena.io) - Commission helpdesk page confirms practical support channels for Data Act access, sharing, cloud switching, user rights, and interoperability questions. ### [What practical request-log schema should teams implement first under the Data Act?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#what-practical-request-log-schema-should-teams-implement-first-under-the-data-act) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* The Data Act context is the starting point for this answer. Start with one register that can route a request into separate workflows. The register should not decide the law by itself; it should preserve the facts needed for legal, support, product, security, procurement, cloud, and privacy owners to make the right decision quickly. - Core fields: request type, requester, Data Act actor role, product or service, data category, personal-data status, trade secret status, contract reference, deadline, owner, decision, source article, response, and closure evidence. - Workflow fields: identity check completed, data map linked, safeguard selected, format selected, authority or DPA notification needed, compensation or charge basis, dispute route, and escalation owner. - Closure fields: data delivered, refusal or modification reason, third party or public body notified, retrieval or erasure completed, complaint or dispute filed, and next review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - The binding Data Act text supplies the source articles for the register fields across access, safeguards, B2G, switching, contracts, and enforcement. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ provides implementation context for common request scenarios, including product data, B2G requests, cloud switching, and enforcement. ### [What Data Act source evidence should teams keep for the Audit Evidence And Request Logs FAQ decision?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#what-data-act-source-evidence-should-teams-keep-for-the-audit-evidence-and-request-logs-faq-decision) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* For audit evidence and request logs, teams should keep the exact source URL, the Data Act article or recital relied on, the question being answered, the owner who approved the interpretation, and the date the decision was made. The file should also show which workflow the decision affects so a future reviewer can reopen the same legal conclusion without starting over. - Record the source URL, cited article or recital, and the exact policy or workflow that depends on it. - Attach the implementing note, owner approval, and a dated review status so the rationale can be traced later. - Link the evidence to the live artifact it supports, such as the request-log field list, refusal template, or switching checklist. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Use the regulation itself as the anchor source for the cited article, recital, and workflow decision. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The FAQ is a useful implementation source when the decision depends on practical interpretation rather than the black-letter text alone. ### [How should teams assign ownership for Data Act Audit Evidence And Request Logs implementation work?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#how-should-teams-assign-ownership-for-data-act-audit-evidence-and-request-logs-implementation-work) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* For audit evidence and request logs, the Data Act workflow should name one accountable owner for each decision point. That owner should be the person who can update the log template, approve the evidence standard, or sign off the relevant legal interpretation when the workflow changes. - Assign a primary owner by workflow: access logs, trade secret handling, B2G requests, cloud switching, contract review, or retention. - List secondary contributors only as consulted reviewers or evidence providers, not as shared owners of the same decision. - Record the escalation path for unresolved issues, including the team that can approve a revised template or reopen the analysis. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - The regulation's enforcement and role-allocation provisions support clear ownership across data access, switching, B2G, and compliance workflows. - [European Commission - Data Act Legal Helpdesk](https://digital-strategy.ec.europa.eu/en/policies/data-act-legal-helpdesk?ref=sorena.io) - The helpdesk's practical guidance model supports assigning one responsible owner who can submit questions and apply the answer to a workflow. ### [Which Data Act implementation evidence makes the Audit Evidence And Request Logs answer usable later?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#which-data-act-implementation-evidence-makes-the-audit-evidence-and-request-logs-answer-usable-later) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* For Data Act audit evidence and request logs, the most useful evidence is evidence that can be reused in the next case. Keep artifacts that show how the team classified the request, what fields were required, what exception or safeguard was applied, and what source text supported the choice. - Keep the source extract, the completed template, and one worked example for each workflow. - Retain the decision memo or approval note that ties the evidence to a concrete Data Act article or recital. - Store the version history so future updates can see when a field or template was changed and why. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - The regulation provides the legal anchors for the reusable evidence set across user access, trade secrets, B2G, contracts, and cloud switching. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The FAQ helps show which practical interpretation should be preserved alongside the legal source. ### [When should the Data Act Audit Evidence And Request Logs FAQ answer be reviewed again by the team?](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md#when-should-the-data-act-audit-evidence-and-request-logs-faq-answer-be-reviewed-again-by-the-team) *Module: [Data Act Audit Evidence And Request Logs](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md)* For audit evidence and request logs, the Data Act answer should be reviewed when a workflow changes, when the source text changes, or when a new request pattern appears that the current template does not capture well. The answer should also be revisited after team ownership changes or when a new regulator or helpdesk position affects the interpretation. - Review after any change to the request process, contract wording, retention rule, or escalation path. - Review when a new Data Act article, recital, FAQ update, or Commission helpdesk answer changes the underlying interpretation. - Review when a real case reveals a missing field, duplicate field, or unclear ownership assignment in the log template. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Use the regulation as the baseline for review triggers tied to the relevant Data Act obligations. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The FAQ should be checked again whenever a practical implementation answer may have shifted. ### [Which Data Act cloud switching contract terms are mandatory in a provider contract?](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md#which-data-act-cloud-switching-contract-terms-are-mandatory-in-a-provider-contract) *Module: [Data Act Cloud Switching Contract Terms](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md)* Data Act Article 25 requires the customer switching rights and provider obligations to be clearly set out in a written contract that the customer can store and reproduce before signing. The contract must cover switching to another provider, porting to on-premises ICT infrastructure, or erasing exportable data and digital assets when the customer does not switch. - Maintain a clause matrix for each data processing service contract mapped to Article 25(2)(a) through Article 25(2)(i). - Confirm the contract is available before signature in a form the customer can keep and reproduce. - Check customer options at termination: switch provider, move to on-premises ICT infrastructure, or erase exportable data and digital assets. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Chapter VI cloud switching duties, including Article 23 obstacle removal, Article 25 mandatory contract clauses, Article 26 information duties, Article 29 charges, Article 30 technical switching, and Article 31 specific regimes. - [European Commission - Frequently Asked Questions on the Data Act](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source used for practical explanations of data processing service scope, exportable data, digital assets, switching and egress charges, notice and transition periods, interoperability repository process, SCC status, and IaaS/PaaS/SaaS distinctions. - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source for the non-binding model contractual terms and standard contractual clauses, including cloud SCC coverage for switching and exit, termination, security and business continuity, non-dispersion, non-amendment, and liability. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act application context and its policy objective of making data more accessible while encouraging innovation. ### [When does the Data Act treat a cloud or SaaS service as a data processing service for switching terms?](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md#when-does-the-data-act-treat-a-cloud-or-saas-service-as-a-data-processing-service-for-switching-terms) *Module: [Data Act Cloud Switching Contract Terms](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md)* The Data Act cloud switching chapter applies to providers of data processing services. The Commission FAQ explains that this concept covers IaaS, PaaS, and SaaS where the service has cloud-computing characteristics such as on-demand network access to configurable, scalable, elastic computing resources provided to a customer. - Record the service model, customer relationship, and computing resources in the contract review file. - Do not limit the review to IaaS; PaaS and SaaS can also need Article 25 switching clauses. - Flag custom-built or testing services separately because Article 31 can change which Chapter VI obligations apply. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Chapter VI cloud switching duties, including Article 23 obstacle removal, Article 25 mandatory contract clauses, Article 26 information duties, Article 29 charges, Article 30 technical switching, and Article 31 specific regimes. - [European Commission - Frequently Asked Questions on the Data Act](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source used for practical explanations of data processing service scope, exportable data, digital assets, switching and egress charges, notice and transition periods, interoperability repository process, SCC status, and IaaS/PaaS/SaaS distinctions. - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source for the non-binding model contractual terms and standard contractual clauses, including cloud SCC coverage for switching and exit, termination, security and business continuity, non-dispersion, non-amendment, and liability. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act application context and its policy objective of making data more accessible while encouraging innovation. ### [What Data Act switching assistance must be promised in cloud contract terms?](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md#what-data-act-switching-assistance-must-be-promised-in-cloud-contract-terms) *Module: [Data Act Cloud Switching Contract Terms](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md)* Data Act Article 25 requires the source provider to provide reasonable assistance to the customer and customer-authorised third parties during switching. The same clause should require due care to maintain business continuity, continued provision of contracted functions or services during the transition, clear information on known source-provider continuity risks, and a high level of security during transfer and retrieval. - Separate general Article 25 switching assistance from IaaS functional-equivalence support. - Name the support channel, required customer inputs, destination-provider coordination path, and escalation owner. - Keep evidence of assistance provided, known risks disclosed, continuity actions taken, and security controls used. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Chapter VI cloud switching duties, including Article 23 obstacle removal, Article 25 mandatory contract clauses, Article 26 information duties, Article 29 charges, Article 30 technical switching, and Article 31 specific regimes. - [European Commission - Frequently Asked Questions on the Data Act](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source used for practical explanations of data processing service scope, exportable data, digital assets, switching and egress charges, notice and transition periods, interoperability repository process, SCC status, and IaaS/PaaS/SaaS distinctions. - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source for the non-binding model contractual terms and standard contractual clauses, including cloud SCC coverage for switching and exit, termination, security and business continuity, non-dispersion, non-amendment, and liability. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act application context and its policy objective of making data more accessible while encouraging innovation. ### [How should Data Act cloud contracts handle notice periods and transition periods?](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md#how-should-data-act-cloud-contracts-handle-notice-periods-and-transition-periods) *Module: [Data Act Cloud Switching Contract Terms](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md)* Data Act Article 25 caps the notice period for starting switching at two months. After that notice period, the mandatory maximum transitional period is 30 calendar days, during which the provider must perform the actions needed to enable switching while the contract remains applicable. - Put the two-month notice cap, 30-calendar-day transition rule, and technical-unfeasibility branch directly into the contract or switching schedule. - Require a dated technical-unfeasibility notice and written justification before using the longer transition path. - Track customer-elected extensions separately from provider-justified technical extensions. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Chapter VI cloud switching duties, including Article 23 obstacle removal, Article 25 mandatory contract clauses, Article 26 information duties, Article 29 charges, Article 30 technical switching, and Article 31 specific regimes. - [European Commission - Frequently Asked Questions on the Data Act](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source used for practical explanations of data processing service scope, exportable data, digital assets, switching and egress charges, notice and transition periods, interoperability repository process, SCC status, and IaaS/PaaS/SaaS distinctions. - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source for the non-binding model contractual terms and standard contractual clauses, including cloud SCC coverage for switching and exit, termination, security and business continuity, non-dispersion, non-amendment, and liability. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act application context and its policy objective of making data more accessible while encouraging innovation. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 2 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items.md) | [Next page](/artifacts/eu/data-act/faq/items/page/3.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/2