--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/20" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 20 of 24. Showing 20 of 469 items.* ### [What should a data holder keep to answer readily available data requests consistently under the Data Act?](/artifacts/eu/data-act/faq/readily-available-data.md#what-should-a-data-holder-keep-to-answer-readily-available-data-requests-consistently-under-the-data-act) *Module: [EU Data Act Readily Available Data](/artifacts/eu/data-act/faq/readily-available-data.md)* The Data Act context is the starting point for this answer. Maintain a field-level readily-available-data register for each connected product and related service. The register should identify the product or service, user-facing data category, field name, source system, format, metadata supplied, retention period, access route, quality level, latency, and the reason for any exclusion or safeguard. - Add a short reason for each out-of-scope field, such as content, inferred or derived insight, unavailable due to product design, or not product or related-service data. - Keep request logs showing the requester, user relationship, requested fields, access route, delivery format, metadata supplied, and safeguard decisions. - Update the register when product architecture, related-service contracts, APIs, telemetry pipelines, retention settings, or data-holder roles change. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3 requires pre-contractual information about generated data, storage, retention, access, retrieval, erasure, data holders, and third-party sharing mechanics. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The Commission FAQ provides the practical criteria needed for a field-level register: data category, enrichment level, metadata, access route, and technical feasibility. ### [What records help justify a readily available data decision later under the EU Data Act?](/artifacts/eu/data-act/faq/readily-available-data.md#what-records-help-justify-a-readily-available-data-decision-later-under-the-eu-data-act) *Module: [EU Data Act Readily Available Data](/artifacts/eu/data-act/faq/readily-available-data.md)* Keep the Data Act source clause, the relevant product or service description, the field-level classification, and the reason each field is in scope or out of scope. Add the access route, the metadata supplied, and any safeguard relied on so the decision can be rechecked if the product or service changes. - Keep the Data Act source URL with each decision record. - Store the classification basis, the decision owner, and the review date. - Link the decision to the relevant inventory or request log. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Data Act definitions, Chapter II scope, product and related-service data access duties, relevant metadata, user and third-party access routes, and privacy, security, and trade-secret safeguards. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of in-scope raw and pre-processed data, metadata, enrichment boundaries, edge processing, direct and indirect access, and trade-secret handling. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for accessible examples of connected products, related services, Chapter II data sharing, inferred or derived data, content exclusions, and user access mechanics. ### [Which team should own readily available data implementation work under the EU Data Act long term?](/artifacts/eu/data-act/faq/readily-available-data.md#which-team-should-own-readily-available-data-implementation-work-under-the-eu-data-act-long-term) *Module: [EU Data Act Readily Available Data](/artifacts/eu/data-act/faq/readily-available-data.md)* Ownership of the Data Act answer should sit with the team that can change the data path or the access process, usually product, engineering, or platform operations, with legal and privacy input where needed. The owner should be able to explain how the field is generated, where it is stored, and how a user or third party receives it. - Name one accountable owner for each connected product or related service. - List legal, privacy, security, and support teams as contributors. - Tie ownership to the system or workflow that actually serves the data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Data Act definitions, Chapter II scope, product and related-service data access duties, relevant metadata, user and third-party access routes, and privacy, security, and trade-secret safeguards. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of in-scope raw and pre-processed data, metadata, enrichment boundaries, edge processing, direct and indirect access, and trade-secret handling. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for accessible examples of connected products, related services, Chapter II data sharing, inferred or derived data, content exclusions, and user access mechanics. ### [What evidence makes a readily available data answer usable later under the EU Data Act for reviewers?](/artifacts/eu/data-act/faq/readily-available-data.md#what-evidence-makes-a-readily-available-data-answer-usable-later-under-the-eu-data-act-for-reviewers) *Module: [EU Data Act Readily Available Data](/artifacts/eu/data-act/faq/readily-available-data.md)* Useful Data Act evidence is concrete and easy to revisit: source URLs, data inventories, contract clauses, API descriptions, request logs, and any technical or organisational safeguards. The evidence should show why the field was treated as product data, related service data, metadata, or out of scope. - Save the source URL and the relevant clause reference. - Keep inventories, request logs, and architecture notes together. - Record any safeguard or exclusion that affects the answer. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Data Act definitions, Chapter II scope, product and related-service data access duties, relevant metadata, user and third-party access routes, and privacy, security, and trade-secret safeguards. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of in-scope raw and pre-processed data, metadata, enrichment boundaries, edge processing, direct and indirect access, and trade-secret handling. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for accessible examples of connected products, related services, Chapter II data sharing, inferred or derived data, content exclusions, and user access mechanics. ### [When should the Data Act Readily Available Data FAQ answer be reviewed again?](/artifacts/eu/data-act/faq/readily-available-data.md#when-should-the-data-act-readily-available-data-faq-answer-be-reviewed-again) *Module: [EU Data Act Readily Available Data](/artifacts/eu/data-act/faq/readily-available-data.md)* Review the Data Act answer when the product design, related service, telemetry path, retention policy, or access interface changes. A new firmware release, a changed API, or a new contract term can move a field into or out of scope, or change how the user receives it. - Review after architecture, contract, or retention changes. - Review when the legal basis or safeguard changes. - Set both a calendar review date and an event trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Data Act definitions, Chapter II scope, product and related-service data access duties, relevant metadata, user and third-party access routes, and privacy, security, and trade-secret safeguards. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of in-scope raw and pre-processed data, metadata, enrichment boundaries, edge processing, direct and indirect access, and trade-secret handling. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for accessible examples of connected products, related services, Chapter II data sharing, inferred or derived data, content exclusions, and user access mechanics. ### [What is a related service under the EU Data Act for Related Services implementation evidence?](/artifacts/eu/data-act/faq/related-services.md#what-is-a-related-service-under-the-eu-data-act-for-related-services-implementation-evidence) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Under the Data Act, a related service is a digital service, other than an electronic communications service, that is connected with a product at purchase, rent, or lease in a way that the product would lose one or more functions without it. A service can also become a related service later if the manufacturer or a third party connects it to the product to add, update, or adapt the product's functions. - Ask whether the service is digital and connected to the product's operation. - Check whether the service is needed for, or changes, at least one product function. - Do not classify ordinary connectivity, power supply, repair, maintenance, auxiliary analytics, consulting, or financial services as related services solely because they support the product ecosystem. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(6) defines related service and excludes electronic communications services from that definition. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 10 explains the operational test for identifying a related service and gives product-control examples. ### [How does a related service link to a connected product under the Data Act?](/artifacts/eu/data-act/faq/related-services.md#how-does-a-related-service-link-to-a-connected-product-under-the-data-act) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* The service must be tied to a connected product, not merely offered by the same company. Under the Data Act, a connected product is an item that obtains, generates, or collects data about its use or environment and can communicate product data through an electronic communications service, physical connection, or on-device access. - Document the product function the service enables, adds, updates, or adapts. - Record the data or command path between the product and service provider. - Treat product marketing, user expectations, contract wording, replaceability, and pre-installation as useful facts, not substitutes for the legal definition. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(5) defines connected product by data generation or collection, communication capability, and primary function. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 10 identifies bidirectional data exchange and effect on product functions as practical related-service indicators. ### [What are examples of related services for connected products under the Data Act?](/artifacts/eu/data-act/faq/related-services.md#what-are-examples-of-related-services-for-connected-products-under-the-data-act) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Examples under the Data Act include an app that changes smart-light brightness, software that regulates a connected fridge's temperature, or a product-linked service that sends commands or updates to a connected device so that the device performs or changes a function. - In scope: a product app that sends settings or commands to the connected product. - Potentially in scope: software later connected to the product to add, update, or adapt functions. - Not enough by itself: customer support, ordinary repair, maintenance, or analytics that does not affect the product's functions. Sources for this answer: - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 10 gives practical examples of services that affect connected-product functions and lists services that cannot be related services. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(6) supports the distinction between function-affecting product-linked services and adjacent services. ### [What product data and related service data are in scope under the Data Act?](/artifacts/eu/data-act/faq/related-services.md#what-product-data-and-related-service-data-are-in-scope-under-the-data-act) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Under the Data Act, product data is data generated by use of the connected product that the manufacturer designed to be retrievable by the user, data holder, third party, or manufacturer through electronic communications, physical connection, or on-device access. Related service data is data representing digitised user actions or events related to the connected product during the provision of the related service. - Include raw and pre-processed product data and related service data where the data holder can lawfully obtain it without disproportionate effort. - Include relevant metadata needed to interpret and use the data. - Separate in-scope data from inferred insights, derived analytics, and content protected by intellectual property rights. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(15), Article 2(16), and Article 2(17) define product data, related service data, and readily available data. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 4 and 5 explain that raw and pre-processed data are generally in scope, while highly enriched inferred or derived data is out of scope. ### [Who is the user and who is the data holder for a related service under the Data Act?](/artifacts/eu/data-act/faq/related-services.md#who-is-the-user-and-who-is-the-data-holder-for-a-related-service-under-the-data-act) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Under the Data Act, a user is a natural or legal person that owns a connected product, has temporary contractual rights to use it, or receives related services. A data holder is the person or entity with the right or obligation to use and make available data, including product data or related service data retrieved or generated during the related service where the contract provides for that. - Identify the connected-product owner, lessee, renter, or other person with temporary contractual use rights. - Identify any person receiving the related service as a user for that service. - Name the service provider or other party that lawfully obtains or can obtain the readily available data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(12) defines user and Article 2(13) defines data holder for product data and related service data. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 10, 14, and 16 explain how related-service providers and multiple users can fit into the Chapter II role model. ### [What access rights apply to related service data under the Data Act?](/artifacts/eu/data-act/faq/related-services.md#what-access-rights-apply-to-related-service-data-under-the-data-act) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Under the Data Act, related services must be designed and provided so product data and related service data, including relevant metadata, are by default easy, secure, free of charge, comprehensive, structured, commonly used, machine-readable, and where relevant and technically feasible directly accessible to the user. - Direct access means the user can access, stream, or download the data without asking the data holder to approve the request. - Indirect access means the user asks the data holder, for example through a portal or other electronic request path. - Third-party sharing is user-driven and is separate from the data holder's own permitted use of non-personal data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 3, 4, and 5 set the design, user access, and user-directed third-party sharing duties for product data and related service data. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 17 explains direct and indirect access routes for data generated by connected products or related services. ### [What information should be provided before a related service contract under the Data Act?](/artifacts/eu/data-act/faq/related-services.md#what-information-should-be-provided-before-a-related-service-contract-under-the-data-act) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Before concluding a related-service contract under the Data Act, the prospective provider must give the user clear information about product data expected to be obtained, related service data expected to be generated, data access or retrieval arrangements, storage arrangements and retention duration, intended use of readily available data, data holder identity, contact means, third-party sharing requests, complaint rights, trade-secret status, and contract duration and termination. - Describe the nature, volume, and collection frequency of product data the provider expects to obtain. - Describe the nature and volume of related service data expected to be generated. - Explain access, retrieval, third-party sharing, retention, trade-secret, complaint, and termination arrangements in clear language. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 3(3) lists the pre-contractual information that a prospective provider of a related service must provide to users. ### [Which services or data are excluded from related-service treatment under the Data Act?](/artifacts/eu/data-act/faq/related-services.md#which-services-or-data-are-excluded-from-related-service-treatment-under-the-data-act) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Under the Data Act, the related-service definition excludes electronic communications services. The Commission FAQ also states that connectivity, power supply, aftermarket services such as auxiliary consulting and analytics, financial services, and regular repair and maintenance cannot be considered related services. - Do not treat connectivity or power supply as a related service merely because the product needs them. - Do not treat routine repair, maintenance, consulting, analytics, or financing as a related service unless the service itself meets the product-function test. - Do not treat inferred insights, derived analytics, or creative content as ordinary product or related service data access outputs. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(6) excludes electronic communications services from the related-service definition, while Recitals 15 and 16 distinguish in-scope data from derived data and content. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 4, 5, 6, and 10 explain exclusions for highly enriched data, content, and services that cannot be related services. ### [How do privacy, trade secrets, and security safeguards affect related-service data access under the Data Act?](/artifacts/eu/data-act/faq/related-services.md#how-do-privacy-trade-secrets-and-security-safeguards-affect-related-service-data-access-under-the-data-act) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* The Data Act does not override EU personal-data rules. If the user is not the data subject, personal data generated by use of a connected product or related service may be made available only where there is a valid legal basis under GDPR and any relevant conditions under EU privacy rules are met. - Classify whether requested related-service data includes personal data, non-personal data, trade secrets, or mixed data. - Use proportionate confidentiality, access, and security measures rather than blanket refusals. - Keep written reasons for any withholding, suspension, or refusal based on security requirements or trade secrets. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4 and 5 set personal-data, security, and trade-secret conditions for user access and user-directed third-party sharing. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The FAQ explains that Data Act access to personal and non-personal connected-product and related-service data must operate alongside GDPR and trade-secret safeguards. ### [What record should a team keep when classifying a Data Act related service?](/artifacts/eu/data-act/faq/related-services.md#what-record-should-a-team-keep-when-classifying-a-data-act-related-service) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Keep a short Data Act related-service register for each product-linked digital service. The record should identify the connected product, the service, the product function affected, the bidirectional data or command path, the user, the data holder, the product data, the related service data, the access route, and any exclusions or safeguards. - Record whether the service is connected at purchase, rent, or lease, or later connected to add, update, or adapt product functions. - Record which raw or pre-processed data and metadata are readily available, and which data are excluded as derived, inferred, content, or not readily available. - Record the access method, owner, source citation, safeguard, and reason for any refusal or limitation. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 2 to 5 provide the classification fields needed to connect service status, data categories, roles, and access route. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 10 and the data-in-scope section support a practical register that records product linkage, service effect, data type, and exclusions. ### [What should a visitor check under the EU Data Act before treating software as a related service?](/artifacts/eu/data-act/faq/related-services.md#what-should-a-visitor-check-under-the-eu-data-act-before-treating-software-as-a-related-service) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Start with three checks: is the service digital, is it linked to the connected product, and does it affect the product's function, behaviour, or operation? If the answer to any of those is no, the service is less likely to be a related service under the Data Act. - Check whether the product would lose a function without the service. - Check whether data or commands move between the product and the service provider. - Check whether the service is simply connectivity, power, repair, or another excluded service. Sources for this answer: - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 10 gives the practical test for identifying a related service and lists services that cannot be related services. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(6) sets the legal definition of related service. ### [How should a visitor decide what Data Act evidence to keep for a related-service classification?](/artifacts/eu/data-act/faq/related-services.md#how-should-a-visitor-decide-what-data-act-evidence-to-keep-for-a-related-service-classification) *Module: [EU Data Act Related Services](/artifacts/eu/data-act/faq/related-services.md)* Keep the legal source, the product or service description, the product function affected, the relevant data flows, and the reason the service was or was not treated as a related service. That makes it easier to show why the classification fits the Data Act definition. - Save the source clause or FAQ reference you relied on. - Save the product-function analysis and any bidirectional data-exchange notes. - Review the classification again if the service changes or is newly connected to the product. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(6) covers services connected at the time of purchase, rent or lease, and services later connected to add, update or adapt functions. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 10 explains the practical indicators that help document a related-service classification. ### [When does Article 36 of the EU Data Act apply to smart contracts for data sharing?](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md#when-does-article-36-of-the-eu-data-act-apply-to-smart-contracts-for-data-sharing) *Module: [EU Data Act Smart Contracts for Data Sharing](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md)* The Data Act context is the starting point for this answer. Article 36 applies when a vendor of an application using smart contracts, or another professional deployer acting for others, uses a smart contract in the context of executing an agreement or part of an agreement to make data available. - Check whether the code executes a data sharing agreement or part of one. - Identify the vendor of the smart-contract application or, if there is no vendor, the professional deployer acting for others. - Keep internal-only smart-contract development separate unless it is deployed for others in the Article 36 fact pattern. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 36](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36 defines the actors and the data-sharing agreement context for the smart-contract essential requirements. ### [What are the Article 36 essential requirements for Data Act smart contracts?](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md#what-are-the-article-36-essential-requirements-for-data-act-smart-contracts) *Module: [EU Data Act Smart Contracts for Data Sharing](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md)* The Data Act context is the starting point for this answer. Article 36 lists five requirements. The smart contract must support robustness and access control, safe termination and interruption, data archiving and continuity, access control at governance and smart-contract layers, and consistency with the terms of the data sharing agreement it executes. - Robustness: test for functional errors and resistance to third-party manipulation. - Termination and interruption: prove the contract can be stopped, reset, or interrupted to prevent accidental future executions. - Archiving and continuity: preserve transactional data, logic, and code when the contract is terminated or deactivated. - Access control: protect both governance actions and smart-contract-layer functions. - Consistency: compare the deployed logic with the terms of the data sharing agreement. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 36](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36(1) is the binding list of smart-contract essential requirements. ### [Who must perform the conformity assessment and issue the EU declaration of conformity under the Data Act?](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md#who-must-perform-the-conformity-assessment-and-issue-the-eu-declaration-of-conformity-under-the-data-act) *Module: [EU Data Act Smart Contracts for Data Sharing](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md)* The Data Act context is the starting point for this answer. The vendor of the smart contract, or in the absence of a vendor the professional deployer acting for others, must perform a conformity assessment against the Article 36 requirements. Once the requirements are fulfilled, that actor must issue an EU declaration of conformity. - Name the vendor or professional deployer responsible for Article 36. - Attach the conformity assessment to a specific smart-contract version and deployment context. - Keep the EU declaration of conformity tied to the evidence package that supports it. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 36](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36(2) and 36(3) assign the conformity assessment, declaration, and responsibility for compliance. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 20 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items/page/19.md) | [Next page](/artifacts/eu/data-act/faq/items/page/21.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/20