--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/22" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 22 of 24. Showing 20 of 469 items.* ### [How should teams assign ownership for Data Act third-party sharing implementation work?](/artifacts/eu/data-act/faq/third-party-data-sharing.md#how-should-teams-assign-ownership-for-data-act-third-party-sharing-implementation-work) *Module: [EU Data Act Third-Party Data Sharing](/artifacts/eu/data-act/faq/third-party-data-sharing.md)* Assign one accountable owner for the Data Act request workflow, with clear support from legal, privacy, security, product, and operations as needed. The owner should be the person who can actually change the affected process and decide whether the request is fulfilled, limited, suspended, or refused. - Name one accountable owner for each sharing request workflow. - Track legal, privacy, security, product, and operations inputs as consults, not as duplicate owners. - Store the approval, refusal, or suspension rationale with the request record. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Article 5 user-requested third-party sharing, Article 6 recipient duties, Article 8 data-recipient conditions, Article 9 compensation, Article 11 misuse remedies, trade-secret safeguards, security limits, GDPR boundaries, and gatekeeper exclusions. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for connected-product and related-service data scope, user and data-holder roles, third-party sharing, GDPR overlap, trade-secret limits, security limits, compensation context, and gatekeeper exclusion. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ support for user definitions, data holder roles, related services, GDPR portability overlap, readily available data, and privacy-enhancing technology boundaries. - [European Commission - EU Data Act gives users control over data from connected devices](https://ec.europa.eu/commission/presscorner/detail/en/ip_25_2078?ref=sorena.io) - Commission press source confirming the user-control framing for connected-device data and implementation support on trade secrets, data sharing model terms, and cloud clauses. ### [Does the EU Data Act let data holders protect trade secrets during data access and sharing?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#does-the-eu-data-act-let-data-holders-protect-trade-secrets-during-data-access-and-sharing) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Yes. The Data Act says trade secrets must be preserved when product data or related-service data is disclosed to a user or to a third party chosen by the user. The data holder, or the trade-secret holder if different, should identify the protected data before disclosure, including in relevant metadata where needed. - Identify the specific fields, records, metadata, or outputs that are claimed to contain trade secrets. - Separate trade-secret material from data that can be shared without special confidentiality controls. - Record whether the request is a user-access request under Article 4 or a third-party sharing request under Article 5, because the recipient obligations differ. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 4(6), Article 5(9), and Recital 31 support identifying trade secrets and preserving confidentiality before disclosure. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 23 explains that a trade-secret claim alone does not block the Data Act access right. ### [What safeguards should be agreed with users before trade-secret data is disclosed under Article 4 under the Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#what-safeguards-should-be-agreed-with-users-before-trade-secret-data-is-disclosed-under-article-4-under-the-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Before disclosure to a user, the data holder and user must take necessary measures to preserve confidentiality, especially where third parties may later be involved. The Data Act gives examples: model contractual terms, confidentiality agreements, strict access protocols, technical standards, and codes of conduct. - Define the data covered by the safeguard and the permitted purpose for the user. - State the confidentiality duties, access controls, onward-sharing limits, and incident or misuse reporting route. - Keep evidence that the user accepted and implemented the safeguards before disclosure. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 4(6) lists proportionate technical and organisational measures for preserving trade-secret confidentiality with users. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 23 gives practical safeguard examples before data sharing, including confidentiality agreements and access protocols. ### [How should teams document EU Data Act trade-secret safeguards, ownership, and evidence for later review?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#how-should-teams-document-eu-data-act-trade-secret-safeguards-ownership-and-evidence-for-later-review) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Keep a short decision record that ties the request to the specific Data Act article, the trade-secret holder, the agreed safeguard package, and the person who approved the decision. That record should also show the request date, the data category, and whether the outcome was disclosure, withholding, suspension, or refusal. - Store the source clause, decision date, approver, and affected data category in one file. - Keep the recipient notice, competent-authority notification, and non-confidential explanation with the supporting evidence. - Update the record if the safeguard package or the responsible owner changes. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4 and 5 support records for trade-secret identification, agreed safeguards, written substantiation, and competent-authority notifications. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 23 supports maintaining evidence for identification, safeguard agreement, withholding, suspension, refusal, and challenge handling. ### [What is the common mistake to avoid when using trade-secret safeguards under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#what-is-the-common-mistake-to-avoid-when-using-trade-secret-safeguards-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* The main mistake is treating trade-secret status as a broad reason to block or delay a Data Act request. The safer operational approach is to identify the specific trade-secret data, agree proportionate safeguards, share the remaining data where possible, and reserve withholding, suspension, or refusal for the limited conditions in the Data Act. - Avoid blanket refusals based only on the phrase trade secret or confidential business information. - Avoid asking users or third parties for more information than is necessary to verify the request or protect the data route. - Avoid publishing recipient-facing explanations that disclose the trade secret while trying to justify the safeguard. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recital 31 and Articles 4 and 5 show that trade-secret safeguards must preserve confidentiality without subverting Data Act access rights. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 23 explains the balance between preventing illegitimate restrictions and upholding trade-secret protection. ### [How should a data holder identify the exact trade-secret fields it wants protected under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#how-should-a-data-holder-identify-the-exact-trade-secret-fields-it-wants-protected-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* The Data Act expects identification before disclosure rather than a vague claim afterwards, so the holder, or the trade-secret holder where they differ, should map the precise fields, calculated values, calibration parameters, or metadata that reveal the secret. Identification at this granularity is what later justifies a proportionate safeguard rather than a broad refusal. - Tag the specific columns, signals, or derived outputs that disclose a formula, method, or model feature. - Keep the identification list with the request so a later reviewer can see what was protected and why. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Articles 4, 5, and 6 on trade-secret identification, safeguards, withholding, suspension, refusal, challenge routes, and third-party use limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source for the trade-secret handbrake, including safeguard examples and the limits on withholding, suspension, and refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act user access, third-party sharing, trade-secret protection, security limitations, competent-authority notices, and challenge routes. ### [When may a data holder suspend trade-secret data sharing after a confidentiality breach under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#when-may-a-data-holder-suspend-trade-secret-data-sharing-after-a-confidentiality-breach-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Under the Data Act, suspension is available where a user or third party fails to implement the agreed confidentiality measures or breaches them, and it must be accompanied by written reasons to the recipient and a notification to the competent authority. It is a temporary, breach-driven response rather than a way to reverse the access right. - Record the specific safeguard that was not implemented or was breached before suspending. - Send written reasons and notify the competent authority without undue delay, then restore access on remediation. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Articles 4, 5, and 6 on trade-secret identification, safeguards, withholding, suspension, refusal, challenge routes, and third-party use limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source for the trade-secret handbrake, including safeguard examples and the limits on withholding, suspension, and refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act user access, third-party sharing, trade-secret protection, security limitations, competent-authority notices, and challenge routes. ### [What objective evidence supports refusing a trade-secret data request in exceptional cases under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#what-objective-evidence-supports-refusing-a-trade-secret-data-request-in-exceptional-cases-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Under the Data Act, a data holder may refuse a specific request only in exceptional circumstances and only where it demonstrates with objective evidence that disclosure is highly likely to cause serious economic damage despite the agreed measures. The assessment is per request, not a standing policy across all telemetry. - Scope any refusal to the precise fields that would cause serious economic damage if disclosed. - Keep case-specific evidence and notify the competent authority while preserving the challenge route. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Articles 4, 5, and 6 on trade-secret identification, safeguards, withholding, suspension, refusal, challenge routes, and third-party use limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source for the trade-secret handbrake, including safeguard examples and the limits on withholding, suspension, and refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act user access, third-party sharing, trade-secret protection, security limitations, competent-authority notices, and challenge routes. ### [How do trade-secret safeguards bind a third party that receives shared data under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#how-do-trade-secret-safeguards-bind-a-third-party-that-receives-shared-data-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Under the Data Act, when a user directs sharing to a third party under Article 5, the confidentiality undertakings, access controls, and onward-disclosure limits should bind that recipient too, and Article 6 restricts the third party from using the data to build a competing connected product. Safeguards agreed for user access should carry through to the third-party path. - Extend the same confidentiality controls into the third-party contract, not only the user-facing route. - Bind the recipient to Article 6 use and onward-sharing restrictions before any disclosure. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Articles 4, 5, and 6 on trade-secret identification, safeguards, withholding, suspension, refusal, challenge routes, and third-party use limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source for the trade-secret handbrake, including safeguard examples and the limits on withholding, suspension, and refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act user access, third-party sharing, trade-secret protection, security limitations, competent-authority notices, and challenge routes. ### [How should teams keep trade-secret safeguards proportionate rather than over-restrictive under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#how-should-teams-keep-trade-secret-safeguards-proportionate-rather-than-over-restrictive-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Under the Data Act, technical and organisational measures must be necessary and proportionate, so the right safeguard is the least restrictive control that still protects the identified secret. A measure that blocks the whole access route, or is far broader than the risk, can itself breach the prohibition on hindering Data Act rights. - Match each control to a specific protected element rather than the entire export or interface. - Prefer scoped, reversible controls over measures that make the access right impractical. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Articles 4, 5, and 6 on trade-secret identification, safeguards, withholding, suspension, refusal, challenge routes, and third-party use limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source for the trade-secret handbrake, including safeguard examples and the limits on withholding, suspension, and refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act user access, third-party sharing, trade-secret protection, security limitations, competent-authority notices, and challenge routes. ### [How do trade-secret safeguards interact with personal data and the GDPR under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#how-do-trade-secret-safeguards-interact-with-personal-data-and-the-gdpr-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Under the Data Act, trade-secret protection is a separate question from personal data protection, and the Regulation is without prejudice to the GDPR, so a confidentiality control that shields a secret does not remove the need for a valid legal basis where the same dataset includes personal data. Both analyses can apply to one export. - Classify each field for both trade-secret sensitivity and personal data content before disclosure. - Apply a GDPR basis and minimisation to personal data even when confidentiality controls are in place. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Articles 4, 5, and 6 on trade-secret identification, safeguards, withholding, suspension, refusal, challenge routes, and third-party use limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source for the trade-secret handbrake, including safeguard examples and the limits on withholding, suspension, and refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act user access, third-party sharing, trade-secret protection, security limitations, competent-authority notices, and challenge routes. ### [Which challenge routes can a user or third party use against a trade-secret withholding under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#which-challenge-routes-can-a-user-or-third-party-use-against-a-trade-secret-withholding-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Under the Data Act, a user or third party that disputes a withholding, suspension, or refusal can take the matter to a competent authority, use the dispute settlement procedure, or seek a judicial remedy, which is why the holder must give written reasons and notify the authority. The safeguard decision has to stand up to that review. - Provide written reasons so the recipient can use the authority, dispute settlement, or court route. - Retain the evidence trail so the withholding can be defended on review without disclosing the secret. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Articles 4, 5, and 6 on trade-secret identification, safeguards, withholding, suspension, refusal, challenge routes, and third-party use limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source for the trade-secret handbrake, including safeguard examples and the limits on withholding, suspension, and refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act user access, third-party sharing, trade-secret protection, security limitations, competent-authority notices, and challenge routes. ### [When should a trade-secret safeguard package be reviewed again as products and recipients change under the EU Data Act?](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md#when-should-a-trade-secret-safeguard-package-be-reviewed-again-as-products-and-recipients-change-under-the-eu-data-act) *Module: [EU Data Act Trade Secret Safeguards](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md)* Under the Data Act, the safeguard package should be reviewed whenever the protected data, the access path, the recipient, or the available controls change, because each can shift the proportionality balance. A new firmware build, a new export field, or a new third-party recipient can each move the risk picture. - Review the package when protected fields, the access route, or the recipient set changes. - Trigger a review after an incident, a complaint, or a dispute settlement outcome. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Articles 4, 5, and 6 on trade-secret identification, safeguards, withholding, suspension, refusal, challenge routes, and third-party use limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ source for the trade-secret handbrake, including safeguard examples and the limits on withholding, suspension, and refusal. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview source for Data Act user access, third-party sharing, trade-secret protection, security limitations, competent-authority notices, and challenge routes. ### [What does Article 13 of the EU Data Act do for B2B data contracts?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#what-does-article-13-of-the-eu-data-act-do-for-b2b-data-contracts) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act context is the starting point for this answer. Article 13 protects one enterprise from unfair data-related contract terms unilaterally imposed by another enterprise. The rule covers terms about access to and use of data, and terms about liability and remedies for breach or termination of data-related obligations. - Use Article 13 for B2B terms about data access, data use, liability, remedies, breach, or termination of data-related obligations. - Do not treat Article 13 as a general review of every commercial clause; the term must be data-related in the Article 13 sense. - Record whether the challenged clause was imposed on one enterprise by another and whether it can be severed from the contract. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13 defines the B2B unfair-terms rule, the data-related clauses it covers, and the effect that an unfair term is not binding. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer confirms that Chapter IV protects businesses, especially SMEs, from unfair contractual terms related to data sharing. ### [When is a Data Act contract term considered unilaterally imposed?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#when-is-a-data-act-contract-term-considered-unilaterally-imposed) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act context is the starting point for this answer. A term is treated as unilaterally imposed when one contracting party supplied it and the other party could not influence its content despite trying to negotiate it. This is the practical issue behind take-it-or-leave-it data access and data use clauses. - Keep the proposed template clause, negotiation comments, redlines, rejection emails, and fallback positions. - Mark whether the counterparty actually had a realistic chance to change the data-related term. - For standard templates, distinguish terms that were merely accepted from terms that were genuinely negotiated. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13(6) explains unilateral imposition and places the burden of proving the opposite on the party that supplied the term. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer describes the practical trigger as a stronger party imposing a non-negotiable take-it-or-leave-it term. ### [What is the general unfairness test under Article 13 under the Data Act?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#what-is-the-general-unfairness-test-under-article-13-under-the-data-act) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act context is the starting point for this answer. The general test is whether the term grossly deviates from good commercial practice in data access and use, contrary to good faith and fair dealing. That test matters for terms not already captured by the Article 13 always-unfair or presumed-unfair examples. - State the clause text and the data-related obligation it affects. - Explain the commercial impact on the enterprise that did not supply the term. - Record whether the clause blocks access, use, remedies, termination, data copies, or reasonable control of generated data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13(3) states the general unfairness standard based on good commercial practice, good faith, and fair dealing. ### [Which Data Act terms are always considered unfair for Unfair Contractual Terms implementation evidence?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#which-data-act-terms-are-always-considered-unfair-for-unfair-contractual-terms-implementation-evidence) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act context is the starting point for this answer. Article 13 lists three types of terms that are unfair where their object or effect matches the list. These are the closest equivalent to a black-list review for B2B data contracts. - Flag any clause that limits the imposing party's liability for intentional acts or gross negligence. - Flag any clause that removes remedies for non-performance or breach of data-related obligations. - Flag any clause giving the imposing party sole power to decide whether supplied data conforms to the contract or what a term means. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13(4) identifies terms that are unfair because of their object or effect, including liability exclusions, remedy exclusions, and exclusive interpretation rights. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer summarizes the Data Act's non-exhaustive list of terms always considered unfair. ### [Which Data Act terms are presumed to be unfair for Unfair Contractual Terms implementation evidence?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#which-data-act-terms-are-presumed-to-be-unfair-for-unfair-contractual-terms-implementation-evidence) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act context is the starting point for this answer. Article 13 also lists terms presumed unfair. These are not automatically final in the same way as the always-unfair terms: the party that imposed the term can try to show that the term is not unfair. - Review remedy caps, liability extensions, data-use rights, termination rights, copy/export rights, notice periods, and unilateral change clauses. - Pay close attention to commercially sensitive data, trade secrets, and intellectual property rights when the imposing party claims broad access or use rights. - If the term is only presumed unfair, keep the imposing party's written justification and the reasons it does or does not overcome the presumption. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13(5) lists presumed-unfair terms, including remedy limits, harmful data use, blocked data use, blocked copies, short-notice termination, and unilateral changes. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer confirms that presumed-unfair terms may be defended by the entity that imposed them. ### [Are price and main-subject-matter clauses reviewed under the Data Act unfair-terms rule?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#are-price-and-main-subject-matter-clauses-reviewed-under-the-data-act-unfair-terms-rule) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act context is the starting point for this answer. Article 13 does not apply to terms defining the main subject matter of the contract or to the adequacy of the price as against the data supplied in exchange. That exclusion should be recorded before treating a pricing or core-scope clause as an Article 13 unfair term. - Separate the main subject matter and price adequacy from surrounding data access, use, remedy, and unilateral-change clauses. - Do not use the exclusion to ignore a data-related remedy, liability, termination, or unilateral change term. - Keep the review note short: excluded under Article 13(8), reviewable elsewhere, or not an Article 13 issue. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13(8) excludes main-subject-matter terms and adequacy of price against supplied data from the Article 13 unfairness control. ### [When do the Data Act unfair-terms rules apply to new and older contracts?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#when-do-the-data-act-unfair-terms-rules-apply-to-new-and-older-contracts) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act applies from 12 September 2025, and Chapter IV applies to contracts concluded after 12 September 2025. Older contracts concluded on or before 12 September 2025 enter Chapter IV from 12 September 2027 only if they are of indefinite duration or are due to expire at least 10 years from 11 January 2024. - Record contract signature date, renewal or amendment date, expiry date, and whether the contract is indefinite. - Flag post-12 September 2025 templates for Article 13 review before signature. - For older contracts, flag only indefinite-duration contracts and contracts due to expire at least 10 years from 11 January 2024 for the 12 September 2027 Chapter IV review. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 50 sets the Data Act application date and the Chapter IV timing for new and qualifying older contracts. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer confirms that the Data Act applies since 12 September 2025. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 22 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items/page/21.md) | [Next page](/artifacts/eu/data-act/faq/items/page/23.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/22