--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/5" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 5 of 24. Showing 20 of 469 items.* ### [What evidence should an exportability register contain under the Data Act?](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md#what-evidence-should-an-exportability-register-contain-under-the-data-act) *Module: [Data Act Exportable Data and Metadata](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md)* A useful exportability register should make the Data Act answer reproducible. For each connected product, related service, or cloud service, record the data category, role, user or customer route, format, metadata, access method, retention or retrieval constraint, exclusion reason, safeguard, and owner. - For connected products and related services, include type, format, estimated volume, collection frequency where relevant, storage location, retention, and access or retrieval method. - For cloud services, include exportable data categories, digital assets, methods and formats, known restrictions, technical limits, and the online register entry. - For exclusions, include the source-linked reason and the remaining data and metadata that will still be provided. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports the register fields through Article 3 pre-contract disclosures, Article 4 access obligations, and Article 26 switching information duties. - [Commission standardisation request for a European Trusted Data Framework](https://ec.europa.eu/transparency/documents-register/api/files/C(2025)4135_1/de00000001072897?rendition=false&ref=sorena.io) - Supports using catalogue metadata, semantic assets, access descriptions, and auditability fields for data-sharing records. ### [How should teams document the Data Act source and review trail for exportability decisions?](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md#how-should-teams-document-the-data-act-source-and-review-trail-for-exportability-decisions) *Module: [Data Act Exportable Data and Metadata](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md)* For exportable data and metadata, the Data Act record should identify the source clause, Commission guidance, actor role, dataset, request or contract trigger, and the owner who approved the interpretation. - Record the Data Act article or recital and the source URL that supports the interpretation. - Store the owner, affected workflow, evidence artifact, and review trigger in the same register entry. - Keep the review date and unresolved assumptions so later reviewers can see why the decision was made. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for readily available data, product data, related service data, metadata, access formats, cloud switching, exportable data, exclusions, trade secrets, and security limits. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for practical scope examples covering raw and pre-processed connected-product data, relevant metadata, exclusions, trade secrets, security limits, and cloud switching. - [Commission standardisation request for a European Trusted Data Framework](https://ec.europa.eu/transparency/documents-register/api/files/C(2025)4135_1/de00000001072897?rendition=false&ref=sorena.io) - Official Commission standardisation request used for practical metadata and catalogue fields relevant to discoverability, data formats, vocabularies, access descriptions, and auditability. ### [Who should own Data Act exportability decisions and follow-up work?](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md#who-should-own-data-act-exportability-decisions-and-follow-up-work) *Module: [Data Act Exportable Data and Metadata](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md)* For exportable data and metadata, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process. - Assign one accountable owner for each exportability decision, with clear backup responsibility. - Note which teams must update contracts, technical export routes, customer notices, or security controls. - Keep the owner linked to the evidence artifact and the next review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for readily available data, product data, related service data, metadata, access formats, cloud switching, exportable data, exclusions, trade secrets, and security limits. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for practical scope examples covering raw and pre-processed connected-product data, relevant metadata, exclusions, trade secrets, security limits, and cloud switching. - [Commission standardisation request for a European Trusted Data Framework](https://ec.europa.eu/transparency/documents-register/api/files/C(2025)4135_1/de00000001072897?rendition=false&ref=sorena.io) - Official Commission standardisation request used for practical metadata and catalogue fields relevant to discoverability, data formats, vocabularies, access descriptions, and auditability. ### [What Data Act implementation evidence should teams keep so exportability decisions can be reused later?](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md#what-data-act-implementation-evidence-should-teams-keep-so-exportability-decisions-can-be-reused-later) *Module: [Data Act Exportable Data and Metadata](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md)* For exportable data and metadata, the Data Act evidence should be concrete enough for a later reviewer to reconstruct why the team classified the product, service, request, or contract in scope. - Keep evidence that shows the actual data category, format, metadata, and exclusion handling. - Attach the supporting source URL and the approval record to the same implementation note. - Retain request logs, notices, and technical controls so the decision can be checked later. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for readily available data, product data, related service data, metadata, access formats, cloud switching, exportable data, exclusions, trade secrets, and security limits. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer used for practical scope examples covering raw and pre-processed connected-product data, relevant metadata, exclusions, trade secrets, security limits, and cloud switching. - [Commission standardisation request for a European Trusted Data Framework](https://ec.europa.eu/transparency/documents-register/api/files/C(2025)4135_1/de00000001072897?rendition=false&ref=sorena.io) - Official Commission standardisation request used for practical metadata and catalogue fields relevant to discoverability, data formats, vocabularies, access descriptions, and auditability. ### [Does the Data Act give repairers and mobility-service providers a direct right to connected-vehicle data?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#does-the-data-act-give-repairers-and-mobility-service-providers-a-direct-right-to-connected-vehicle-data) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* The Data Act context is the starting point for this answer. Usually, the route is user-driven. Article 5 requires the data holder, on request by a user or by a party acting on behalf of a user, to make readily available product data and related service data available to a third party. In vehicle workflows, that third party may be an independent repair shop, fleet service provider, insurer, leasing provider, mobility platform, or other service provider chosen by the user. - Verify the requester is the user, or is acting on behalf of the user, before treating the request as an Article 5 sharing request. - Identify the data holder, which may be an OEM, manufacturer, or related-service provider depending on who has the right or obligation to make the data available. - Keep the request scoped to product data, related service data, and the metadata needed to interpret and use that data. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines users, data holders, data recipients, readily available data, and the user-requested third-party sharing right. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Explains how Chapter II access rules apply to vehicle data and automotive stakeholders. ### [What vehicle data is likely to matter for repair, maintenance, fleet, and mobility use cases under the Data Act?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#what-vehicle-data-is-likely-to-matter-for-repair-maintenance-fleet-and-mobility-use-cases-under-the-data-act) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* The Data Act context is the starting point for this answer. The vehicle-data guidance treats raw and pre-processed vehicle data as the core Chapter II access category. Examples include wheel speed, tyre pressure, brake pressure, yaw rate, oxygen sensor readings, CAN bus messages, component status, vehicle speed, acceleration, GNSS-based location, odometer value, battery level, fault codes, malfunction indicators, brake-pad wear, and time or distance to next service when those data are not predictions outside the guidance boundary. - Classify requested fields as raw, pre-processed, inferred, derived, unavailable, personal, non-personal, or mixed before responding. - For service workflows, document whether the requested data describes vehicle operation or status, or instead represents a new insight created by additional processing. - Include relevant metadata, such as basic context and timestamps, when needed to make the data usable. Sources for this answer: - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Lists illustrative raw and pre-processed vehicle-data examples and distinguishes inferred or derived vehicle data. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines product data, related service data, readily available data, and relevant metadata. ### [Are regular repair and maintenance services themselves related services under the Data Act?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#are-regular-repair-and-maintenance-services-themselves-related-services-under-the-data-act) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* The Data Act context is the starting point for this answer. Not usually. The vehicle-data guidance says traditional aftermarket services such as auxiliary consulting, analytics, financial services, and regular repair and maintenance are generally not vehicle-related services where they do not affect vehicle operation and do not transmit data or commands to the vehicle. Manual brake replacement or oil changes, for example, are not treated as related services just because they concern a connected vehicle. - Do not classify an offline workshop activity as a related service merely because vehicle data was used to diagnose the issue. - Check whether the service transmits commands or data back to the vehicle and affects vehicle operation or behaviour. - If the service provider generates related service data, identify whether it becomes a data holder for that data. Sources for this answer: - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Explains vehicle-related services and why regular offline repair and maintenance are generally outside that definition. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Defines related services and the role of related-service providers in product and related-service data. ### [What access quality must a data holder provide to independent repairers or service providers chosen by the user under the Data Act?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#what-access-quality-must-a-data-holder-provide-to-independent-repairers-or-service-providers-chosen-by-the-user-under-the-data-act) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* For indirect access under Article 4 and third-party sharing under Article 5, the Data Act requires readily available data to be made available without undue delay, in the same quality available to the data holder, easily, securely, free of charge to the user, in a comprehensive, structured, commonly used and machine-readable format, and where relevant and technically feasible continuously and in real time. - Compare quality, accuracy, completeness, relevance, and timeliness against the data available to the data holder itself. - Avoid access routes that create undue barriers, costs, procedural hurdles, or specialist-tool dependencies for the user or chosen third party. - Record any format, latency, API, portal, or onboard-access limitation and the source-linked reason for it. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Sets Article 4 and Article 5 access conditions for user access and third-party sharing. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Clarifies non-discrimination, access quality, and vehicle-data access methods for independent repairers and service providers. ### [Can a manufacturer or data holder refuse aftermarket data access for trade-secret, safety, or security reasons under the Data Act?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#can-a-manufacturer-or-data-holder-refuse-aftermarket-data-access-for-trade-secret-safety-or-security-reasons-under-the-data-act) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* A trade-secret label is not enough by itself to block access. The Data Act requires trade secrets to be preserved through proportionate technical and organisational measures, such as confidentiality agreements, strict access protocols, technical standards, model contractual terms, or codes of conduct. Withholding or suspension is possible where measures are not agreed or implemented, and refusal is reserved for exceptional case-by-case situations where serious economic damage is highly likely despite safeguards. - Identify the exact trade-secret data or security requirement, rather than relying on broad confidentiality or cybersecurity wording. - Choose proportionate controls first; refusal should be reserved for the narrow situations supported by Articles 4 and 5. - Keep written reasons, safeguard terms, authority notifications, and the user or third-party challenge route in the request file. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Sets the Article 4 and Article 5 trade-secret, withholding, refusal, and security mechanisms. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Explains the trade-secrets handbrake and safety/security handbrake in Data Act access workflows. ### [What may a third-party repairer, insurer, fleet provider, or mobility service do with vehicle data it receives under the Data Act?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#what-may-a-third-party-repairer-insurer-fleet-provider-or-mobility-service-do-with-vehicle-data-it-receives-under-the-data-act) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* The Data Act context is the starting point for this answer. Article 6 limits third-party use to the purposes and conditions agreed with the user, subject to data-protection law where personal data is involved. That means the request should state the service purpose: diagnosis, repair estimate, maintenance alert, fleet optimization, insurance product, charging support, leasing service, or another specific use. - Tie each data field to the user-agreed service purpose and erase it when no longer necessary unless otherwise agreed for non-personal data. - Do not use Article 5 access to build or improve a competing connected product. - Prevent onward sharing to gatekeepers and require any permitted onward recipient to maintain agreed trade-secret safeguards. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Sets Article 6 obligations and prohibited uses for third parties receiving data at the user's request. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Summarizes third-party use limits, including agreed purpose, competing products, and gatekeeper restrictions. ### [How should teams handle GDPR when vehicle data contains driver, passenger, or location data under the Data Act?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#how-should-teams-handle-gdpr-when-vehicle-data-contains-driver-passenger-or-location-data-under-the-data-act) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* The GDPR boundary is central. Article 1(5) says the Data Act is without prejudice to EU and national personal-data law, and the Commission FAQ states that GDPR rules prevail in a conflict. The Data Act can complement GDPR access and portability rights, but it is not a free-standing legal basis for giving personal data to a user who is not the data subject or to a third party. - Separate personal data, non-personal data, and mixed datasets before fulfilling an aftermarket or mobility request. - Where multiple users or data subjects are involved, avoid exposing another person's personal data without a valid legal basis. - Use anonymisation, pseudonymisation, minimisation, and purpose limits where needed, but do not use privacy techniques to evade valid Data Act access rights. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Confirms that personal-data and privacy law prevail and sets the GDPR legal-basis boundary for Articles 4 and 5. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Explains GDPR interaction, user/data-subject scenarios, controller duties, and legal-basis checks. ### [What should an aftermarket vehicle-data request record contain under the Data Act?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#what-should-an-aftermarket-vehicle-data-request-record-contain-under-the-data-act) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* The Data Act context is the starting point for this answer. A useful request record should be concrete enough for a later complaint, dispute, authority question, or contract review. It should show who the user is, who the third party is, who the data holder is, which vehicle or related service is involved, which data fields and metadata were requested, which fields were delivered or excluded, and why. - Log the user request or user authorisation, recipient identity, requested purpose, data categories, access method, decision, delivery date, and safeguards. - Keep written reasons for excluded inferred or derived data, unavailable data, trade-secret restrictions, safety/security restrictions, and personal-data limits. - Review the matrix when vehicle architecture, backend storage, partner access, authorised repairer access, service design, or Commission guidance changes. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Provides the source obligations for request verification, access conditions, safeguards, compensation, and dispute routes. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Provides vehicle-specific implementation points for in-scope data, access quality, backend availability, and independent service providers. ### [What Data Act source evidence should teams keep for the Aftermarket Repair And Mobility Services FAQ decision?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#what-data-act-source-evidence-should-teams-keep-for-the-aftermarket-repair-and-mobility-services-faq-decision) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* For aftermarket repair and mobility services, the Data Act record should keep the cited Article 4, 5, 6, or 7 basis, the Commission vehicle-data guidance reference, the actor role, the data categories affected, the request or contract trigger, and the approver who signed off on the interpretation. - Link each decision to the specific Data Act clause or vehicle-data guidance passage used. - Record the owner, affected workflow, evidence artifact, and any follow-up review date. - Store the reasoning for why a field was included, excluded, or treated as in scope or out of scope. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for Chapter II connected-product access, third-party sharing, data-holder duties, safeguards, GDPR boundary, compensation, and dispute settlement. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Official vehicle-data guidance for automotive stakeholders, including OEMs, suppliers, aftermarket service providers, and insurance providers. - [European Commission vehicle-data guidance page](https://digital-strategy.ec.europa.eu/en/library/guidance-vehicle-data-accompanying-data-act?ref=sorena.io) - Commission publication page confirming the vehicle-data guidance scope and automotive-sector focus. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for GDPR interaction, trade-secret and safety/security handbrakes, user verification, and third-party use limits. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview for Data Act chapters, connected-product access, B2G requests, cloud switching, interoperability, and implementation support. ### [How should teams assign ownership for Data Act Aftermarket Repair And Mobility Services implementation work?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#how-should-teams-assign-ownership-for-data-act-aftermarket-repair-and-mobility-services-implementation-work) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* For aftermarket repair and mobility services, the Data Act workflow should name a single accountable owner for each operational change, such as legal, product, procurement, cloud, support, or security. - Assign one owner per action and one backup reviewer for the vehicle-data workflow. - Record the teams consulted, the system or contract touched, and the current status of implementation. - Tie each ownership record to the same cited Data Act source URL used for the decision. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for Chapter II connected-product access, third-party sharing, data-holder duties, safeguards, GDPR boundary, compensation, and dispute settlement. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Official vehicle-data guidance for automotive stakeholders, including OEMs, suppliers, aftermarket service providers, and insurance providers. - [European Commission vehicle-data guidance page](https://digital-strategy.ec.europa.eu/en/library/guidance-vehicle-data-accompanying-data-act?ref=sorena.io) - Commission publication page confirming the vehicle-data guidance scope and automotive-sector focus. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for GDPR interaction, trade-secret and safety/security handbrakes, user verification, and third-party use limits. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview for Data Act chapters, connected-product access, B2G requests, cloud switching, interoperability, and implementation support. ### [Which Data Act implementation evidence makes the Aftermarket Repair And Mobility Services answer usable later?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#which-data-act-implementation-evidence-makes-the-aftermarket-repair-and-mobility-services-answer-usable-later) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* For aftermarket repair and mobility services under the Data Act, the most useful evidence is the material that lets a later reviewer reconstruct the decision without guessing. That usually means the source article or guidance cited, the data inventory or request log, the contract clause or access rule, the security or trade-secret control used, and the approval record. - Keep source URLs, request logs, contract clauses, technical controls, notices, and approval records in one file set. - Note which evidence supports scope, which supports access method, and which supports security or privacy limits. - Retain the review trigger and the date of the last substantive decision. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for Chapter II connected-product access, third-party sharing, data-holder duties, safeguards, GDPR boundary, compensation, and dispute settlement. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Official vehicle-data guidance for automotive stakeholders, including OEMs, suppliers, aftermarket service providers, and insurance providers. - [European Commission vehicle-data guidance page](https://digital-strategy.ec.europa.eu/en/library/guidance-vehicle-data-accompanying-data-act?ref=sorena.io) - Commission publication page confirming the vehicle-data guidance scope and automotive-sector focus. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for GDPR interaction, trade-secret and safety/security handbrakes, user verification, and third-party use limits. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview for Data Act chapters, connected-product access, B2G requests, cloud switching, interoperability, and implementation support. ### [When should the Data Act Aftermarket Repair And Mobility Services FAQ answer be reviewed again by the team?](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md#when-should-the-data-act-aftermarket-repair-and-mobility-services-faq-answer-be-reviewed-again-by-the-team) *Module: [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md)* For aftermarket repair and mobility services, the Data Act answer should be reviewed whenever the product architecture, service model, dataset, customer role, or contract terms change in a way that could change who controls the data or how it is shared. - Set a review date plus event triggers for product, service, and contract changes. - Review again after architecture changes, new data fields, new third-party recipients, or updated compliance guidance. - Keep the owner and reviewer on the record so the next review has a clear accountable path. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for Chapter II connected-product access, third-party sharing, data-holder duties, safeguards, GDPR boundary, compensation, and dispute settlement. - [Commission guidance on vehicle data - Official Journal](https://eur-lex.europa.eu/eli/C/2025/5026/oj/eng?ref=sorena.io) - Official vehicle-data guidance for automotive stakeholders, including OEMs, suppliers, aftermarket service providers, and insurance providers. - [European Commission vehicle-data guidance page](https://digital-strategy.ec.europa.eu/en/library/guidance-vehicle-data-accompanying-data-act?ref=sorena.io) - Commission publication page confirming the vehicle-data guidance scope and automotive-sector focus. - [European Commission Data Act FAQs](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for GDPR interaction, trade-secret and safety/security handbrakes, user verification, and third-party use limits. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview for Data Act chapters, connected-product access, B2G requests, cloud switching, interoperability, and implementation support. ### [What does functional equivalence actually mean under the EU Data Act cloud-switching rules?](/artifacts/eu/data-act/faq/functional-equivalence.md#what-does-functional-equivalence-actually-mean-under-the-eu-data-act-cloud-switching-rules) *Module: [Data Act Functional Equivalence](/artifacts/eu/data-act/faq/functional-equivalence.md)* Under the Data Act, functional equivalence means re-establishing a minimum level of functionality after a customer switches to a new data processing service of the same service type. The comparison is based on the customer's exportable data and digital assets, and it looks at whether the destination service delivers a materially comparable outcome for the same input and for shared contractual features. - Compare the source and destination services only for the same service type and shared features supplied under the contract. - Base the assessment on exportable data and digital assets, not on provider-owned assets, protected trade secrets, or destination-provider architecture. - Avoid customer-facing promises such as seamless identical operation unless the specific migration plan and service pair support that claim. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 2(37) defines functional equivalence by reference to minimum functionality, exportable data, digital assets, same service type, and materially comparable outcomes. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer describes functional equivalence as comparable outcomes for shared IaaS features after switching. ### [Which cloud services have the functional-equivalence duty under the Data Act?](/artifacts/eu/data-act/faq/functional-equivalence.md#which-cloud-services-have-the-functional-equivalence-duty-under-the-data-act) *Module: [Data Act Functional Equivalence](/artifacts/eu/data-act/faq/functional-equivalence.md)* The Data Act context is the starting point for this answer. The functional-equivalence obligation in Article 30(1) is aimed at providers of data processing services limited to infrastructural elements such as servers, networks, and virtual resources. In practical cloud terms, the Commission FAQ describes this as applying to source providers of Infrastructure as a Service. - Treat functional equivalence as an IaaS switching issue unless the grounding source for the service says otherwise. - For PaaS or SaaS, focus the page, contract, and support workflow on open interfaces, machine-readable exports, and standards compatibility rather than functional-equivalence guarantees. - Check whether a custom-built service or limited testing service falls under the specific regime in Article 31 before applying the full Chapter VI workflow. Sources for this answer: - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - FAQ 58a states that functional equivalence in Article 30(1) applies to IaaS, while PaaS and SaaS have open-interface and standards duties. - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 30 separates IaaS functional-equivalence facilitation from the open-interface, standards, and export obligations for other data processing services. ### [What result should a customer be able to expect after switching under the Data Act?](/artifacts/eu/data-act/faq/functional-equivalence.md#what-result-should-a-customer-be-able-to-expect-after-switching-under-the-data-act) *Module: [Data Act Functional Equivalence](/artifacts/eu/data-act/faq/functional-equivalence.md)* For an in-scope IaaS switch, the customer should be supported toward using a destination service of the same service type with materially comparable outcomes for shared features. The Data Act does not say the source provider must make the destination service identical, rebuild the workload for the customer, or control the destination provider's environment. - Define acceptance criteria around shared features and comparable outcomes, not around perfect parity. - Identify customer tasks and destination-provider tasks separately from source-provider tasks. - Document known risks to business continuity and any technical limitations before the transition starts. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 25 requires reasonable assistance, due care for business continuity, information on known continuity risks, and security during switching. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - FAQ 58b explains that the source provider is not responsible for rebuilding the customer's service in the destination provider's ecosystem. ### [What must the source provider provide to facilitate functional equivalence under the Data Act?](/artifacts/eu/data-act/faq/functional-equivalence.md#what-must-the-source-provider-provide-to-facilitate-functional-equivalence-under-the-data-act) *Module: [Data Act Functional Equivalence](/artifacts/eu/data-act/faq/functional-equivalence.md)* The Data Act context is the starting point for this answer. For IaaS functional equivalence, the source provider must take reasonable measures within its power. Article 30 describes the facilitation package as capabilities, adequate information, documentation, technical support, and, where appropriate, necessary tools. - Maintain a switching runbook that lists export methods, supported formats, known limitations, support channels, and escalation routes. - Keep an online register for exportable-data structures, formats, relevant standards, and open interoperability specifications. - Make clear which support is included in the Data Act switching obligation and which additional transition services are separately requested by the customer. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 26 and 30 ground the provider information, register, documentation, technical support, and tooling needed for switching. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - FAQ 53 explains digital assets as elements customers need to use their data in the new provider environment, such as configuration, security, access, virtual machines, and containers. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 5 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items/page/4.md) | [Next page](/artifacts/eu/data-act/faq/items/page/6.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/5