--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/7" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 7 of 24. Showing 20 of 469 items.* ### [Who is covered by the Data Act rule on third-country government access?](/artifacts/eu/data-act/faq/international-government-access.md#who-is-covered-by-the-data-act-rule-on-third-country-government-access) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Article 32 safeguard is aimed at providers of data processing services, including cloud and edge service contexts covered by the Data Act's data processing services chapter. The protected data is non-personal data held in the Union and falling within the scope of the Regulation. - Confirm the recipient of the request is the provider of a data processing service. - Confirm the requested data is non-personal data held in the Union. - Separate this Article 32 analysis from GDPR, criminal-law, customs, taxation, and sector-specific access regimes that may have their own rules. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 32](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32 identifies providers of data processing services and non-personal data held in the Union as the relevant access-transfer scenario. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explanation of Chapter VII scope for unlawful third-country government access. ### [What must providers do before a foreign government request ever arrives under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#what-must-providers-do-before-a-foreign-government-request-ever-arrives-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. Providers must maintain technical, organisational, and legal measures, including contractual measures, to prevent third-country governmental access or transfer where the access or transfer would conflict with Union law or the national law of the relevant Member State. The Commission's explainer gives implementation examples such as encryption, audits, and adherence to certification schemes. - Publish the provider infrastructure jurisdictions that may create exposure to third-country authority requests. - Publish a general description of preventive technical, organisational, and contractual measures. - Keep the public information current and list the relevant website in contracts for data processing services. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Articles 28 and 32](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 28 sets contractual transparency obligations, while Article 32 requires preventive measures against conflicting access or transfer. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission material lists practical safeguard examples for providers. ### [Does a third-country court order or authority decision automatically work in the EU under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#does-a-third-country-court-order-or-authority-decision-automatically-work-in-the-eu-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. No. A third-country court judgment, tribunal decision, or administrative authority decision requiring access to or transfer of covered non-personal data is recognised or enforceable only if it is based on an international agreement in force between the requesting third country and the Union or a Member State, such as a mutual legal assistance treaty. - Capture the decision, judgment, subpoena, warrant, or administrative order as received. - Identify the requesting authority and the third country. - Verify whether an in-force international agreement covers the request before recognising or enforcing it. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 32(2)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32(2) ties recognition or enforceability to an in-force international agreement. ### [What happens if there is no international agreement and compliance may conflict with EU or Member State law under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#what-happens-if-there-is-no-international-agreement-and-compliance-may-conflict-with-eu-or-member-state-law-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. Article 32 allows access or transfer without an international agreement only if defined safeguards are met. The third-country system must require reasons and proportionality, the decision must be specific, the provider's reasoned objection must be reviewable by a competent third-country court or tribunal, and that court or tribunal must be empowered to take account of relevant legal interests protected by Union or Member State law. - Check whether the request states reasons, proportionality, and a specific link to suspected persons, infringements, or another sufficiently specific matter. - Check whether a reasoned objection by the provider can be reviewed by a competent third-country court or tribunal. - Check whether that court or tribunal can consider the relevant EU or Member State legal interests. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 32(3)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32(3) provides the conditions for transfer or access where no international agreement exists and compliance risks legal conflict. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explanation summarises the no-agreement safeguard conditions and provider assessment route. ### [When should the provider ask a national authority for an opinion under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#when-should-the-provider-ask-a-national-authority-for-an-opinion-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. The provider may ask the relevant national body or authority competent for international cooperation in legal matters for an opinion on whether the Article 32 conditions are met. Article 32 specifically calls out this route where the decision may relate to trade secrets, commercially sensitive data, intellectual property-protected content, or transfer that may lead to re-identification. - Escalate for an opinion when trade secrets, commercially sensitive data, intellectual property, or re-identification risk are part of the request. - Request an opinion when national security or defence interests may be affected. - Record the date of the opinion request, any response, and whether the one-month no-reply rule became relevant. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 32(3)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32 describes when providers may or must seek an opinion from the relevant national body or authority. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission material confirms providers may contact the relevant national body to assess whether Data Act conditions are met. ### [If the request can be complied with, how much data may be provided under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#if-the-request-can-be-complied-with-how-much-data-may-be-provided-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. Article 32 requires minimisation. If the conditions for access or transfer are met, the provider must provide the minimum amount of data permissible in response to the request, based on the provider's reasonable interpretation of the request or the interpretation of the relevant national body or authority. - Translate the foreign request into a specific data inventory before disclosure. - Remove data categories not necessary for the permissible response. - Keep a disclosure log showing the request, interpretation, data supplied, data withheld, and approver. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 32(4)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32(4) establishes the minimum-data response rule. ### [Must the provider tell the customer before complying under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#must-the-provider-tell-the-customer-before-complying-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. Yes, Article 32 requires the provider to inform the customer about the existence of a third-country authority request before complying with that request. The exception is where the request serves law-enforcement purposes and withholding notice is necessary to preserve the effectiveness of the law-enforcement activity. - Notify the customer before compliance unless the law-enforcement exception applies. - Keep the notification content, timestamp, recipient, and channel. - Document the reason and duration for any delayed or withheld notice. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 32(5)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32(5) sets the customer-notice rule and law-enforcement exception. ### [How does this differ from EU public-sector access under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#how-does-this-differ-from-eu-public-sector-access-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. International government access under Article 32 is not the same as Chapter V business-to-government data sharing. Chapter V concerns EU public sector bodies, the Commission, the European Central Bank, and Union bodies accessing privately held data where there is an exceptional need. Article 32 concerns third-country governmental access or transfer of non-personal data held in the Union by providers of data processing services. - Use Chapter V workflows for qualifying EU public-sector exceptional-need requests. - Use Article 32 workflows for third-country governmental access or transfer requests to providers of data processing services. - Do not mix EU public-body request evidence with third-country conflict-of-law evidence. Sources for this answer: - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission material distinguishes Chapter V business-to-government access from Chapter VII third-country government access. - [EUR-Lex Summary - Rules on fair access to and use of data](https://eur-lex.europa.eu/EN/legal-content/summary/rules-on-fair-access-to-and-use-of-data-data-act.html?ref=sorena.io) - EUR-Lex summary lists public-sector access and safeguards against unlawful third-party government access as separate Data Act measures. ### [What evidence should a provider retain for an Article 32 request under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#what-evidence-should-a-provider-retain-for-an-article-32-request-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. The minimum useful evidence set is the received request, the identity and authority of the requester, the requested data inventory, the EU or Member State conflict assessment, any international-agreement analysis, any national-authority opinion request or response, the customer-notice record, the minimisation analysis, and the final disclosure or refusal log. - Retain the request and legal-basis analysis. - Retain the conflict, opinion, notice, minimisation, and outcome records. - Retain public transparency and contract evidence for the provider's preventive measures. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Articles 28 and 32](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 28 and 32 support evidence for public transparency, preventive measures, request assessment, customer notice, and minimisation. ### [What is the practical intake checklist for a non-EU government access request under the Data Act?](/artifacts/eu/data-act/faq/international-government-access.md#what-is-the-practical-intake-checklist-for-a-non-eu-government-access-request-under-the-data-act) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* The Data Act context is the starting point for this answer. Start by freezing the request record and routing it to legal, security, cloud operations, and the customer account owner. Then confirm whether Article 32 applies, whether an international agreement supports recognition or enforceability, whether no-agreement safeguards are met, whether a national-authority opinion is needed, whether customer notice is required or temporarily restricted, and what minimum data can be disclosed if compliance is allowed. - Log requester, authority, country, legal instrument, deadline, customer, service, and data location. - Assess Article 32 scope, agreement basis, no-agreement safeguards, national-authority opinion route, customer notice, and minimisation. - Close the record with a disclosure, partial disclosure, rejection, escalation, or deferred-notice outcome. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 32](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32 provides the sequence of measures, enforceability, fallback conditions, opinion route, minimisation, and customer notice. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission material explains the purpose of Chapter VII safeguards and provider measures. ### [What does a clean EU Data Act Article 32 decision record look like when the provider must respond?](/artifacts/eu/data-act/faq/international-government-access.md#what-does-a-clean-eu-data-act-article-32-decision-record-look-like-when-the-provider-must-respond) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* Under the Data Act, record the legal basis first: whether the request is enforceable under an in-force international agreement or must pass the Article 32(3) conflict checks. If there is doubt, document the national-body opinion request, the one-month reply window, and the final reason for accepting or rejecting access. - Keep one file for the legal basis and another for the disclosure scope. - Note whether the customer was notified before access and whether a law-enforcement exception applied. - Store the final acceptance, refusal, or partial disclosure decision with the cited Article 32 clause. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act), Article 32](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 32 covers enforceability, fallback conditions, minimisation, and customer notice. ### [Does the EU Data Act Article 32 rule cover personal data, or only non-personal data held in the EU?](/artifacts/eu/data-act/faq/international-government-access.md#does-the-eu-data-act-article-32-rule-cover-personal-data-or-only-non-personal-data-held-in-the-eu) *Module: [Data Act International Government Access](/artifacts/eu/data-act/faq/international-government-access.md)* Under the Data Act, Article 32 governs third-country governmental access to non-personal data held in the Union by providers of data processing services, while access requests touching personal data are governed by the GDPR and its international-transfer rules. A request spanning a mixed dataset can engage both regimes at once. - Apply Article 32 safeguards to non-personal data held in the Union by data processing services. - Route personal-data elements of a foreign request through the GDPR international-transfer analysis. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding Data Act text for Article 28 contractual transparency and Article 32 international governmental access and transfer safeguards. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for Chapter VII scope, non-personal data held in the EU, safeguard examples, and provider contact with national bodies. - [EUR-Lex Summary - Rules on fair access to and use of data](https://eur-lex.europa.eu/EN/legal-content/summary/rules-on-fair-access-to-and-use-of-data-data-act.html?ref=sorena.io) - EUR-Lex summary confirming that the Data Act includes safeguards against unlawful third-party government access to non-personal data. ### [Does the Data Act already name final interoperability standards that every team must implement?](/artifacts/eu/data-act/faq/interoperability-standards.md#does-the-data-act-already-name-final-interoperability-standards-that-every-team-must-implement) *Module: [Data Act Interoperability Standards](/artifacts/eu/data-act/faq/interoperability-standards.md)* No. The Data Act sets the legal framework and essential requirements, but teams should not describe the relevant standards as final unless an official reference has actually been published or adopted for the relevant requirement. - Treat the Data Act text as the binding baseline. - Treat harmonised standards as relevant when their references are officially published for the covered requirements. - Treat common specifications as relevant only when adopted by Commission implementing act for the relevant Data Act requirements. - Avoid saying a standard is mandatory or final unless the source you cite supports that exact status. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 33, 35, and 36 set the Data Act framework for harmonised standards, common specifications, and open interoperability specifications. ### [What does Article 33 require for data spaces and data sharing mechanisms under the Data Act?](/artifacts/eu/data-act/faq/interoperability-standards.md#what-does-article-33-require-for-data-spaces-and-data-sharing-mechanisms-under-the-data-act) *Module: [Data Act Interoperability Standards](/artifacts/eu/data-act/faq/interoperability-standards.md)* The Data Act context is the starting point for this answer. Article 33 applies to participants in data spaces that offer data or data services to other participants. It requires those participants to support interoperability of data, data sharing mechanisms and services, and common European data spaces. - Inventory the datasets or data services offered to other data-space participants. - Document machine-readable metadata, usage conditions, quality and uncertainty where applicable. - Keep public and consistent references for formats, vocabularies, taxonomies, code lists, and API terms. - Record whether smart-contract or other automation tools are used to execute data-sharing agreements. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 33 lists essential requirements for interoperability of data, data-sharing mechanisms and services, and common European data spaces. - [European Commission - Rolling Plan for ICT standardisation, Data Economy](https://interoperable-europe.ec.europa.eu/collection/rolling-plan-ict-standardisation/data-economy-rp-2025?ref=sorena.io) - Places data interoperability, data quality, data governance, and data-space interoperability in the Commission's data-economy standardisation context. ### [How do harmonised standards and common specifications work under Article 35 under the Data Act?](/artifacts/eu/data-act/faq/interoperability-standards.md#how-do-harmonised-standards-and-common-specifications-work-under-article-35-under-the-data-act) *Module: [Data Act Interoperability Standards](/artifacts/eu/data-act/faq/interoperability-standards.md)* The Data Act context is the starting point for this answer. Article 35 uses harmonised standards and common specifications as conformity tools, not as a blank replacement for the law. Open interoperability specifications and harmonised standards for data-processing services should support interoperability, portability of digital assets, functional equivalence where technically feasible, and compatibility with security and future innovation. - Track the Article 35 repository reference before relying on a standard in product or procurement work. - Separate portability of digital assets from service functionality and from security controls. - Use the published text of the Data Act to decide what must be supported now, and use standards to fill in the technical details. - Review interfaces, export data formats, and customer documentation when a harmonised standard or common specification is published. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 35 covers open interoperability specifications, harmonised standards, common specifications, and the central Union standards repository mechanism. - [Commission Notice - 2026 annual Union work programme for standardisation](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ%3AC_202601695&ref=sorena.io) - Lists interoperability for data processing services as an action under the 2026 work programme and supports ongoing standardisation work. ### [What should smart-contract vendors and deployers do under Article 36 under the Data Act?](/artifacts/eu/data-act/faq/interoperability-standards.md#what-should-smart-contract-vendors-and-deployers-do-under-article-36-under-the-data-act) *Module: [Data Act Interoperability Standards](/artifacts/eu/data-act/faq/interoperability-standards.md)* The Data Act context is the starting point for this answer. Article 36 applies to the vendor of an application using smart contracts, or where there is no vendor, to the person deploying smart contracts for others in the context of executing an agreement or part of it to make data available. - Map each smart contract to the data-sharing agreement or agreement part it executes. - Test termination, interruption, access control, auditability, and consistency with agreement terms. - Keep the conformity assessment, EU declaration of conformity, version history, and evidence of the requirements tested. - Do not treat a smart contract as compliant unless the tested controls match the Article 36 essential requirements. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 36 sets essential requirements, conformity assessment, EU declaration of conformity, and standards mechanisms for smart contracts used to execute data-sharing agreements. ### [Which evidence should a team keep for interoperability standards decisions under the Data Act?](/artifacts/eu/data-act/faq/interoperability-standards.md#which-evidence-should-a-team-keep-for-interoperability-standards-decisions-under-the-data-act) *Module: [Data Act Interoperability Standards](/artifacts/eu/data-act/faq/interoperability-standards.md)* Under the Data Act, keep a standards register rather than a generic legal memo. Each entry should show the Data Act article, affected product or service, data-space or cloud role, standard or specification status, source URL, owner, implementation ticket, test evidence, customer or participant documentation, and next review trigger. - Keep Official Journal references, implementing acts, repository references, and standardisation-request status in separate fields. - Link standards evidence to release gates, procurement requirements, contract clauses, and customer-facing documentation. - Update the register when an Article 33, 35, or 36 reference is published, amended, replaced, or superseded. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Supports the need to distinguish Article 33, Article 35, and Article 36 standards mechanisms and conformity evidence. - [Commission Implementing Decision C(2025) 4135 - standardisation request annexes](https://ec.europa.eu/transparency/documents-register/api/files/C(2025)4135_1/de00000001072897?rendition=false&ref=sorena.io) - Supports tracking M/614 deliverable status, adoption deadlines, and Article 33 coverage in a standards register. ### [What is the most important wording risk on Data Act interoperability standards pages?](/artifacts/eu/data-act/faq/interoperability-standards.md#what-is-the-most-important-wording-risk-on-data-act-interoperability-standards-pages) *Module: [Data Act Interoperability Standards](/artifacts/eu/data-act/faq/interoperability-standards.md)* The Data Act context is the starting point for this answer. The main risk is overstating legal status. A page, contract clause, procurement requirement, or architecture standard should not imply that M/614 deliverables, open specifications, or technical reports are final binding standards unless the cited source says so. - Say 'monitor' for requested deliverables that are not yet final. - Say 'presumption of conformity' only where the Data Act mechanism and official reference support it. - Say 'common specification' only for Commission implementing acts, not for any generic technical specification. - Say which article controls the point: Article 33 for data spaces, Article 35 for data-processing services, or Article 36 for smart contracts. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Provides the legal status distinctions used for harmonised standards, common specifications, and repository references. - [CEN-CENELEC - Data Act standardization request accepted](https://www.cencenelec.eu/news-events/news/2025/brief-news/2025-07-11-data-act-standardization-request/?ref=sorena.io) - Supports careful wording that M/614 deliverables were accepted for development, not already final standards. ### [What is the M/614 standardisation request and how should teams track its Data Act deliverables?](/artifacts/eu/data-act/faq/interoperability-standards.md#what-is-the-m614-standardisation-request-and-how-should-teams-track-its-data-act-deliverables) *Module: [Data Act Interoperability Standards](/artifacts/eu/data-act/faq/interoperability-standards.md)* Under the Data Act, the Commission issued standardisation request M/614 to CEN and CENELEC to develop deliverables that support the interoperability essential requirements, mainly for Article 33 data spaces. These deliverables are in development rather than published harmonised standards, so a team should track their status rather than treat them as binding. - Record each M/614 deliverable's status from requested through to Official Journal reference. - Avoid citing a deliverable as a binding Data Act standard until its reference is officially published. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Article 33 data-space interoperability, Article 35 data-processing service interoperability, and Article 36 smart-contract requirements. - [Commission Implementing Decision C(2025) 4135 - standardisation request annexes](https://ec.europa.eu/transparency/documents-register/api/files/C(2025)4135_1/de00000001072897?rendition=false&ref=sorena.io) - Lists M/614 European Trusted Data Framework deliverables and explains how entries 1, 2, and 3 support Article 33 essential requirements. - [CEN-CENELEC - Data Act standardization request accepted](https://www.cencenelec.eu/news-events/news/2025/brief-news/2025-07-11-data-act-standardization-request/?ref=sorena.io) - Confirms CEN and CENELEC acceptance of the Data Act standardisation request under Mandate M/614 and planned development of seven deliverables. - [European Commission - Rolling Plan for ICT standardisation, Data Economy](https://interoperable-europe.ec.europa.eu/collection/rolling-plan-ict-standardisation/data-economy-rp-2025?ref=sorena.io) - Provides Commission context for data interoperability, data quality, data governance, and common European data spaces. - [Commission Notice - 2026 annual Union work programme for standardisation](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ%3AC_202601695&ref=sorena.io) - Identifies planned standardisation work for interoperability of data-processing services in support of Data Act Articles 30 and 35. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview for Data Act chapters, connected-product access, B2G requests, cloud switching, interoperability, and implementation support. ### [How do Article 30 cloud-switching interoperability duties relate to the Article 35 standards mechanism under the Data Act?](/artifacts/eu/data-act/faq/interoperability-standards.md#how-do-article-30-cloud-switching-interoperability-duties-relate-to-the-article-35-standards-mechanism-under-the-data-act) *Module: [Data Act Interoperability Standards](/artifacts/eu/data-act/faq/interoperability-standards.md)* Under the Data Act, Article 30 requires providers of data processing services to support interoperability for switching, while Article 35 is the mechanism that supplies the open interoperability specifications, harmonised standards, and repository references those providers rely on. The duty exists now even though the standards pipeline is still being built. - Treat Article 30 interoperability for switching as a current obligation, not a future one. - Align cloud export formats with Article 35 references as they are published in the repository. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Article 33 data-space interoperability, Article 35 data-processing service interoperability, and Article 36 smart-contract requirements. - [Commission Implementing Decision C(2025) 4135 - standardisation request annexes](https://ec.europa.eu/transparency/documents-register/api/files/C(2025)4135_1/de00000001072897?rendition=false&ref=sorena.io) - Lists M/614 European Trusted Data Framework deliverables and explains how entries 1, 2, and 3 support Article 33 essential requirements. - [CEN-CENELEC - Data Act standardization request accepted](https://www.cencenelec.eu/news-events/news/2025/brief-news/2025-07-11-data-act-standardization-request/?ref=sorena.io) - Confirms CEN and CENELEC acceptance of the Data Act standardisation request under Mandate M/614 and planned development of seven deliverables. - [European Commission - Rolling Plan for ICT standardisation, Data Economy](https://interoperable-europe.ec.europa.eu/collection/rolling-plan-ict-standardisation/data-economy-rp-2025?ref=sorena.io) - Provides Commission context for data interoperability, data quality, data governance, and common European data spaces. - [Commission Notice - 2026 annual Union work programme for standardisation](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ%3AC_202601695&ref=sorena.io) - Identifies planned standardisation work for interoperability of data-processing services in support of Data Act Articles 30 and 35. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview for Data Act chapters, connected-product access, B2G requests, cloud switching, interoperability, and implementation support. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 7 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items/page/6.md) | [Next page](/artifacts/eu/data-act/faq/items/page/8.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/7