--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/23" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 23 of 24. Showing 20 of 469 items.* ### [How do SMEs and larger enterprises fit into the unfair-contract-terms review under the Data Act?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#how-do-smes-and-larger-enterprises-fit-into-the-unfair-contract-terms-review-under-the-data-act) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act context is the starting point for this answer. Chapter IV is framed as protection for all businesses, with particular relevance for SMEs facing stronger bargaining positions in data-sharing negotiations. Article 13 itself applies to an enterprise on which a covered unfair term has been unilaterally imposed by another enterprise. - Capture whether the party receiving the term is an SME, but do not assume Article 13 is limited to SMEs. - Use bargaining position, template control, and negotiation evidence to assess unilateral imposition. - When an SME receives a take-it-or-leave-it data clause, prioritize review of liability, remedies, data-use restrictions, data-copy rights, termination, and unilateral-change language. Sources for this answer: - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer states that Chapter IV protects all businesses, especially SMEs, against unfair terms imposed by stronger players. - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source says the non-binding model terms were developed to help parties, especially SMEs, implement the Data Act. ### [How should teams use the Commission model contractual terms with Article 13 under the Data Act?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#how-should-teams-use-the-commission-model-contractual-terms-with-article-13-under-the-data-act) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Commission model contractual terms are voluntary tools, not a replacement for Article 13. They can help draft Data Act data-sharing contracts and benchmark whether a clause structure is aligned with fair, reasonable, and non-discriminatory rights and obligations. - Start with the relevant relationship: data holder to user, user to data recipient, data holder to data recipient, or voluntary data sharer to data recipient. - Document any departure from the model term where the change affects access, use, remedies, liability, termination, compensation, or trade secret protection. - Do not present model terms as mandatory; keep the Article 13 fairness review separate from the decision to use model wording. Sources for this answer: - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source describes the model contractual terms as voluntary and mainly drafted for B2B contracts, with sets for Data Act data-sharing relationships. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 41 requires the Commission to develop and recommend non-binding model contractual terms for data access and use. ### [What evidence should a Data Act unfair-terms contract review keep?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#what-evidence-should-a-data-act-unfair-terms-contract-review-keep) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* The Data Act context is the starting point for this answer. Keep enough evidence to show the clause text, who supplied it, whether the other party tried to negotiate it, the data-related obligation affected, the Article 13 category considered, and the final outcome. The file should let a later reviewer distinguish a negotiated clause from a unilateral template clause. - Retain clause versions, comments, counterparty objections, internal approvals, and final signed wording. - Record whether the term was removed, rewritten, justified, severed, or left because Article 13 did not apply. - Link the review to the contract population so older qualifying agreements can be found without repeating the whole analysis. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13 makes negotiation history and supplier burden relevant because the party supplying the term must prove it was not unilaterally imposed. - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source supports using model terms as practical drafting references while preserving voluntary adaptation. ### [What Data Act source evidence should teams keep for the Unfair Contractual Terms FAQ decision?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#what-data-act-source-evidence-should-teams-keep-for-the-unfair-contractual-terms-faq-decision) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* Keep the legal basis and the decision trail together. For Article 13 work, the record should cite the Data Act source clause, the specific Article 13 paragraph used, the Commission guidance or model-term reference relied on, and the contract version that was reviewed. That makes it clear why a term was treated as unilaterally imposed, always unfair, presumed unfair, or outside the scope of Article 13. - Keep the cited Data Act article text, the source URL, the review date, and the reviewer or approver. - Store the clause draft, final wording, and any negotiation evidence together with the implementation artifact. - Note whether the outcome was removal, severance, rewrite, or no change because the clause fell outside Article 13. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Article 13 unfair contractual terms, Article 41 model terms, and Article 50 application timing. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for Chapter IV, including take-it-or-leave-it terms, SME relevance, always-unfair and presumed-unfair examples, and severability. - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source for voluntary model contractual terms and standard contractual clauses developed to help parties, especially SMEs, implement the Data Act. ### [How should teams assign ownership for Data Act Unfair Contractual Terms implementation work?](/artifacts/eu/data-act/faq/unfair-contractual-terms.md#how-should-teams-assign-ownership-for-data-act-unfair-contractual-terms-implementation-work) *Module: [EU Data Act Unfair Contractual Terms](/artifacts/eu/data-act/faq/unfair-contractual-terms.md)* Assign one accountable owner who can change the contract or workflow affected by Article 13. For a Data Act unfair-terms review, that is usually the legal or commercial lead for the contract, with procurement, product, cloud, support, or security teams consulted where their process is affected. - Name a single accountable owner for each Article 13 action, such as template update, deal review, or process change. - Record the affected workflow, the evidence artifact, and the review trigger beside the owner. - List consulted teams separately so accountability stays with the team that can actually make the change. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Article 13 unfair contractual terms, Article 41 model terms, and Article 50 application timing. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for Chapter IV, including take-it-or-leave-it terms, SME relevance, always-unfair and presumed-unfair examples, and severability. - [European Commission - Model contractual terms and cloud SCCs](https://digital-strategy.ec.europa.eu/en/library/draft-recommendation-non-binding-model-contractual-terms-data-access-and-use-and-non-binding?ref=sorena.io) - Commission source for voluntary model contractual terms and standard contractual clauses developed to help parties, especially SMEs, implement the Data Act. ### [Who is a user under the EU Data Act for Users Data Holders And Recipients implementation evidence?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#who-is-a-user-under-the-eu-data-act-for-users-data-holders-and-recipients-implementation-evidence) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* The Data Act context is the starting point for this answer. A user is a natural or legal person that owns a connected product, has temporary contractual rights to use that connected product, or receives a related service. A company can be a user; a consumer can be a user; and more than one person can be a user of the same connected product when ownership, lease, rental, or service rights support that position. - Check the ownership, rental, lease, user account, and related-service contract before assigning the user role. - For multi-user products, record which user can access which data and how account-level access is separated. - A public sector body can also be a user under Chapter II if it owns, uses, or receives the relevant connected product or related service. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(12) defines the Data Act user role by ownership, temporary contractual use rights, or receipt of related services. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 14 to 16 explain user status, EU user scope, and multiple-user connected-product scenarios. ### [What makes a product or service relevant to these Data Act roles?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#what-makes-a-product-or-service-relevant-to-these-data-act-roles) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* The Data Act context is the starting point for this answer. The Chapter II role analysis applies to connected products and related services. A connected product obtains, generates, or collects data about its use or environment, can communicate product data electronically, physically, or through on-device access, and is not primarily a data storage, processing, or transmission service for someone other than the user. - Separate product data from manuals, packaging text, and other descriptive material that does not arise from product use. - Separate related services from connectivity, power supply, repair, maintenance, analytics, and other aftermarket services that do not meet the related-service test. - For each product line, identify whether access is direct from the product, indirect through the data holder, or mixed. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(5) and 2(6) define connected products and related services for Data Act access analysis. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 7 and 10 give practical examples and indicators for connected products and related services. ### [Who is the data holder, and is it always the manufacturer under the Data Act?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#who-is-the-data-holder-and-is-it-always-the-manufacturer-under-the-data-act) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* A data holder is the person or organisation that has the right or obligation under the Data Act, other EU law, or national law to use and make data available. For product and related-service data, the role turns on who can lawfully retrieve, generate, use, and make available the data, not simply on who made the hardware. - Identify every entity that receives product data or related service data from the connected product ecosystem. - Check whether the user was told the identity and contact details of each prospective data holder before the relevant contract. - Do not assign data-holder status to a party that has no access to the data and no Data Act or other legal duty to make it available. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(13) defines data holder status; Article 3 requires pre-contractual information about prospective data holders. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 21 and 34 explain why manufacturers are not always data holders and why role status can differ by product or data relationship. ### [What data can users access from a data holder under the Data Act?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#what-data-can-users-access-from-a-data-holder-under-the-data-act) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* The Data Act context is the starting point for this answer. Users can access readily available product data and related service data, together with the metadata needed to interpret and use it. Where the data is not directly accessible from the product or service, the data holder must make it available without undue delay, in the same quality available to the data holder, easily, securely, free of charge, and in a structured, commonly used, machine-readable format. - Include necessary metadata, not just sensor values or event records, when metadata is needed to make the data usable. - Classify raw, pre-processed, inferred, derived, personal, non-personal, and trade-secret data separately before responding. - Do not use anonymisation, pseudonymisation, or encryption labels as a shortcut to avoid deciding whether data is readily available. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 3 and 4 set the user access rule, format expectations, metadata requirement, and indirect-access obligation. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 4, 5, 13, and 22a explain in-scope raw and pre-processed data, metadata, readily available data, enrichment boundaries, and format expectations. ### [Can the user require the data holder to share data with a third party under the Data Act?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#can-the-user-require-the-data-holder-to-share-data-with-a-third-party-under-the-data-act) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* Yes, if Article 5 applies. At the user's request, or at the request of a party acting on behalf of the user, the data holder must make readily available data and necessary metadata available to a third party under the Data Act conditions. This right exists even if the user also has direct access, provided there is a data holder with readily available data. - Verify the user's request and the recipient's identity using only information necessary for that verification. - Route third-party sharing through the agreed purpose, data scope, safeguards, and transmission arrangements. - Do not treat a non-EU recipient or DMA gatekeeper as an eligible mandatory third-party recipient under Article 5. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 5 gives users the right to ask a data holder to make readily available data available to third parties and excludes DMA gatekeepers. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 31, 36, and 37 clarify third-party sharing even after direct access, DMA gatekeeper exclusion, and non-EU recipient limits. ### [What limits apply to data recipients and third parties after they receive Data Act data?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#what-limits-apply-to-data-recipients-and-third-parties-after-they-receive-data-act-data) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* The Data Act context is the starting point for this answer. A third party receiving data at the user's request may use the data only for the purposes and under the conditions agreed with the user, subject to personal-data law where personal data is involved. It must erase the data when no longer necessary for the agreed purpose unless the user has agreed otherwise for non-personal data. - Write the agreed purpose narrowly enough that support, engineering, and partner teams can enforce it. - Keep onward-sharing, profiling, security, trade-secret, and deletion controls in the recipient contract or access terms. - Separate use of the data to provide an aftermarket or related service from prohibited use to develop a competing connected product. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 6 lists the permitted purpose rule and prohibited conduct for third parties receiving data at the user's request. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Question 35 summarizes what third parties may do with data received in the Chapter II user-sharing context. ### [What obligations and safeguards should data holders apply when making data available under the Data Act?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#what-obligations-and-safeguards-should-data-holders-apply-when-making-data-available-under-the-data-act) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* The Data Act context is the starting point for this answer. Data holders should build the request process around access that is easy, secure, non-discriminatory, and limited to necessary verification. They must not make user choices unduly difficult, require unnecessary information to verify a user or third party, or keep access logs beyond what is needed for request execution and infrastructure security and maintenance. - Use simple electronic request mechanisms where technically feasible and avoid unnecessary manual clearance. - Document any safety, security, or trade-secret limitation with the specific legal basis, data affected, evidence, notice, and challenge path. - When sharing with data recipients in business-to-business relations, apply fair, reasonable, non-discriminatory, and transparent terms under Chapter III. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 4, 5, 8, and 11 support necessary verification, access design, trade-secret safeguards, FRAND terms, and technical protection-measure limits. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 22a, 23, 25, and 30 explain format, quality, timeliness, trade-secret handling, safety/security restrictions, and legitimate-user verification. ### [How does the GDPR boundary affect Data Act users, data holders, and recipients?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#how-does-the-gdpr-boundary-affect-data-act-users-data-holders-and-recipients) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* The Data Act covers personal and non-personal data, but it does not supersede the GDPR. Article 1(5) says EU and national personal-data and privacy law continue to apply, and those rules prevail in a conflict. The Commission FAQ states that the GDPR is fully applicable to personal-data processing under the Data Act. - Do not cite the Data Act itself as the GDPR legal basis for giving one person's personal data to another user or third party. - For mixed datasets, separate personal data, non-personal data, anonymised data, and data that can reasonably be relinked to a user or product. - Escalate personal-data disputes to the data protection authority path where the issue concerns GDPR rights or lawful processing. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 1(5), Article 4(12), Article 5(7), and Article 37(3) establish the GDPR boundary for Data Act access and enforcement. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Questions 1, 2, 18, 25a, 25b, and 30 explain GDPR priority, portability overlap, legal-basis checks, and controller accountability. ### [What records should teams keep for an EU Data Act role decision so it can be rechecked later?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#what-records-should-teams-keep-for-an-eu-data-act-role-decision-so-it-can-be-rechecked-later) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* Keep a short decision note that links the role analysis to the relevant Data Act article or Commission FAQ, the product or service in scope, the user type, the data holder, any third party or recipient involved, and the date of the decision. That gives later reviewers enough context to see why the team treated a person as a user, a party as a data holder, or a recipient as a third party. - Record the source URL and the specific article or FAQ question used. - Store the related product, service, contract, or request record. - Note whether the decision depended on direct access, indirect access, or third-party sharing. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal text for Data Act definitions, user access rights, third-party sharing, data-holder obligations, data-recipient conditions, safeguards, and GDPR priority. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of users, data holders, connected products, related services, third parties, in-scope data, trade secrets, and GDPR scenarios. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview used for public-facing context on the Data Act's purpose: giving users of connected products more control over data they generate. ### [Which team should own EU Data Act role-mapping work and keep the role assignments current over time?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#which-team-should-own-eu-data-act-role-mapping-work-and-keep-the-role-assignments-current-over-time) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* Assign one accountable owner who can change the product, contract, support, procurement, or privacy process that the role decision affects. For most teams, that is legal, privacy, product, or compliance, depending on which workflow actually controls the Data Act response. - Name a single accountable owner for the role decision. - List consulted teams such as legal, product, support, security, and procurement. - Link the owner to the workflow that will actually implement the decision. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal text for Data Act definitions, user access rights, third-party sharing, data-holder obligations, data-recipient conditions, safeguards, and GDPR priority. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of users, data holders, connected products, related services, third parties, in-scope data, trade secrets, and GDPR scenarios. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview used for public-facing context on the Data Act's purpose: giving users of connected products more control over data they generate. ### [What evidence makes a Data Act role decision easier to review later?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#what-evidence-makes-a-data-act-role-decision-easier-to-review-later) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* Keep Data Act evidence that shows how the team decided whether the product or service was in scope and who the relevant actors were. The most useful items are the contract, user-facing notice, product or service description, data inventory, access flow, and any request or refusal record. - Save the contract or notice that identifies the role relationship. - Keep the data inventory or access-flow diagram used in the analysis. - Retain any refusal, escalation, or legal-basis note tied to the decision. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal text for Data Act definitions, user access rights, third-party sharing, data-holder obligations, data-recipient conditions, safeguards, and GDPR priority. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of users, data holders, connected products, related services, third parties, in-scope data, trade secrets, and GDPR scenarios. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview used for public-facing context on the Data Act's purpose: giving users of connected products more control over data they generate. ### [When should an EU Data Act role decision be reviewed again as products and contracts change?](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md#when-should-an-eu-data-act-role-decision-be-reviewed-again-as-products-and-contracts-change) *Module: [EU Data Act Users, Data Holders, and Recipients](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md)* Review the Data Act decision whenever the product, service, contract, access method, or data-sharing pathway changes. A new related service, a new user type, a new data holder, or a new third-party recipient can change the answer even if the product itself stays the same. - Review again when the product or service changes. - Review again when the contract, access flow, or recipient changes. - Review again when a GDPR, security, or trade-secret issue changes the analysis. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal text for Data Act definitions, user access rights, third-party sharing, data-holder obligations, data-recipient conditions, safeguards, and GDPR priority. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of users, data holders, connected products, related services, third parties, in-scope data, trade secrets, and GDPR scenarios. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview used for public-facing context on the Data Act's purpose: giving users of connected products more control over data they generate. ### [What is the Commission vehicle-data guidance for the EU Data Act?](/artifacts/eu/data-act/faq/vehicle-data-guidance.md#what-is-the-commission-vehicle-data-guidance-for-the-eu-data-act) *Module: [EU Data Act Vehicle Data Guidance](/artifacts/eu/data-act/faq/vehicle-data-guidance.md)* It is Commission guidance for automotive stakeholders applying Chapter II of the Data Act to vehicle data. The guidance focuses on connected vehicles, vehicle-related services, data within the scope of Chapter II, and the access rules for users and third parties chosen by users. - Use it for connected-vehicle and vehicle-related service access questions. - Do not treat it as guidance on public-sector access requests or non-automotive products. - Read it alongside the binding Data Act text and any applicable sector-specific rules. Sources for this answer: - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Explains the purpose, legal status, automotive-sector scope, and boundaries of the vehicle-data guidance. - [European Commission - Vehicle data guidance page](https://digital-strategy.ec.europa.eu/en/library/guidance-vehicle-data-accompanying-data-act?ref=sorena.io) - Commission publication page describing the guidance as tailored advice for automotive stakeholders implementing Chapter II. ### [Which vehicles and services are covered under the Data Act for Vehicle Data Guidance implementation evidence?](/artifacts/eu/data-act/faq/vehicle-data-guidance.md#which-vehicles-and-services-are-covered-under-the-data-act-for-vehicle-data-guidance-implementation-evidence) *Module: [EU Data Act Vehicle Data Guidance](/artifacts/eu/data-act/faq/vehicle-data-guidance.md)* The guidance covers vehicles that qualify as connected products under the Data Act: vehicles that obtain, generate, or collect data about use or environment and can communicate product data electronically, by physical connection, or through on-device access. - Regular manual repair and maintenance, such as brake replacement or oil changes, are generally not vehicle-related services when carried out offline. - Pay-how-you-drive insurance analytics and apps that only display charging history are examples of services that may use vehicle data but do not necessarily qualify as related services. - The same company may be an OEM, data holder, service provider, recipient, or third party depending on the workflow. Sources for this answer: - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Defines the connected-vehicle and vehicle-related-service boundaries used by the guidance. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Provides the Data Act definitions for connected products, related services, users, data holders, and data recipients. ### [What vehicle data is in scope under Chapter II under the Data Act?](/artifacts/eu/data-act/faq/vehicle-data-guidance.md#what-vehicle-data-is-in-scope-under-chapter-ii-under-the-data-act) *Module: [EU Data Act Vehicle Data Guidance](/artifacts/eu/data-act/faq/vehicle-data-guidance.md)* The Data Act context is the starting point for this answer. For this guidance, vehicle data means product data generated by the use of a connected vehicle and vehicle-related service data. The in-scope set includes raw and pre-processed data, together with relevant metadata needed to interpret and use the data. - Classify each requested field as raw, pre-processed, inferred, derived, metadata, or unavailable. - Keep examples tied to actual data fields, such as GNSS-based location, odometer value, battery level, brake-pad wear, fault codes, and malfunction indicators. - Do not label all analytics outputs as shareable vehicle data; check whether the output represents new inferred or derived information. Sources for this answer: - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Explains vehicle data, raw data, pre-processed data, and inferred or derived data in the automotive context. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Clarifies that Chapter II access rights generally cover raw and pre-processed data that are readily available. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 23 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items/page/22.md) | [Next page](/artifacts/eu/data-act/faq/items/page/24.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/23