--- title: "EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates" canonical_url: "https://www.sorena.io/artifacts/eu/data-act/faq" source_url: "https://www.sorena.io/artifacts/eu/data-act/faq/items/page/9" author: "Sorena AI" description: "Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates." published_at: "2026-05-06" updated_at: "2026-05-25" keywords: - "EU Data Act FAQ" - "Data Act scope" - "connected product data" - "B2G data sharing" - "cloud switching" - "GDPR Data Act" - "EU Data Act" - "Data Act FAQ" - "Regulation (EU) 2023/2854" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates. *FAQ* *EU* *Data Act* ## EU Data Act FAQ hub Answers to the recurring EU Data Act questions that decide whether connected-product data, related-service data, B2G requests, cloud contracts, or smart-contract tooling need a compliance review. Use this index to orient product, legal, cloud, procurement, data protection, security, and public-sector request teams before opening the deeper topic modules. The EU Data Act, Regulation (EU) 2023/2854, creates horizontal rules for fair access to and use of data. Its FAQ set is not only about IoT data portability: it also covers mandatory B2B sharing terms, unfair contractual terms, public-sector access in exceptional need, cloud and edge switching, safeguards against unlawful third-country government access to non-personal data, interoperability, smart contracts, enforcement, and the boundary with GDPR. ## Browse sub-FAQ modules ### [Data Act and Data Governance Act Overlap FAQ](/artifacts/eu/data-act/faq/data-governance-act-overlap.md) FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows. - 12 items ### [Data Act and GDPR Personal Data Overlap FAQ](/artifacts/eu/data-act/faq/gdpr-personal-data-overlap.md) FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing. - 12 items ### [Data Act Audit Evidence And Request Logs FAQ](/artifacts/eu/data-act/faq/audit-evidence-and-request-logs.md) FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries. - 12 items ### [Data Act Cloud Switching Contract Terms FAQ](/artifacts/eu/data-act/faq/cloud-switching-contract-terms.md) FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records. - 12 items ### [Data Act Cloud Switching Fees And Deadlines FAQ](/artifacts/eu/data-act/faq/cloud-switching-fees-and-deadlines.md) FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records. - 12 items ### [Data Act Complaints and Dispute Settlement FAQ](/artifacts/eu/data-act/faq/complaints-and-dispute-settlement.md) FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records. - 12 items ### [Data Act Exportable Data and Metadata FAQ](/artifacts/eu/data-act/faq/exportable-data-and-metadata.md) FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded. - 12 items ### [Data Act FAQ for Aftermarket Repair and Mobility Services](/artifacts/eu/data-act/faq/aftermarket-repair-and-mobility-services.md) FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services. - 12 items ### [Data Act Functional Equivalence FAQ](/artifacts/eu/data-act/faq/functional-equivalence.md) FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence. - 12 items ### [Data Act Indirect Access Request Flows FAQ](/artifacts/eu/data-act/faq/indirect-access-request-flows.md) FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited. - 12 items ### [Data Act International Government Access FAQ](/artifacts/eu/data-act/faq/international-government-access.md) FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers. - 12 items ### [Data Act Interoperability Standards FAQ](/artifacts/eu/data-act/faq/interoperability-standards.md) FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614. - 12 items ### [Data Act Model Contractual Terms FAQ](/artifacts/eu/data-act/faq/model-contractual-terms.md) FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence. - 12 items ### [Data Act Public Emergency Requests FAQ](/artifacts/eu/data-act/faq/public-emergency-requests.md) FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records. - 12 items ### [Data Act SME Exceptions and Startups FAQ](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md) FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms. - 12 items ### [Data Act Trade Secret Technical Protection Measures FAQ](/artifacts/eu/data-act/faq/trade-secret-technical-protection-measures.md) FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence. - 12 items ### [EU Data Act and Common European Data Spaces FAQ](/artifacts/eu/data-act/faq/data-act-and-common-european-data-spaces.md) FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation. - 12 items ### [EU Data Act Application Dates And Transition FAQ](/artifacts/eu/data-act/faq/application-dates-and-transition.md) FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain. - 12 items ### [EU Data Act Article 36 Smart Contract Controls FAQ](/artifacts/eu/data-act/faq/article-36-smart-contract-controls.md) FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires. - 12 items ### [EU Data Act B2B Data Sharing Compensation FAQ](/artifacts/eu/data-act/faq/compensation-for-b2b-data-sharing.md) FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards. - 12 items ### [EU Data Act B2G Compensation and Costs FAQ](/artifacts/eu/data-act/faq/b2g-compensation-and-costs.md) FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep. - 12 items ### [EU Data Act B2G Exceptional Need FAQ](/artifacts/eu/data-act/faq/b2g-exceptional-need.md) When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence. - 13 items ### [EU Data Act Cloud Switching Procurement FAQ](/artifacts/eu/data-act/faq/cloud-switching-procurement-checklist.md) Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence. - 12 items ### [EU Data Act Connected Product Scope FAQ](/artifacts/eu/data-act/faq/scope-connected-products.md) FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope. - 12 items ### [EU Data Act data spaces interoperability FAQ](/artifacts/eu/data-act/faq/data-spaces-interoperability.md) FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence. - 12 items ### [EU Data Act Direct Access by Design FAQ](/artifacts/eu/data-act/faq/direct-access-by-design.md) FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act. - 12 items ### [EU Data Act Enforcement And Competent Authorities FAQ](/artifacts/eu/data-act/faq/enforcement-and-competent-authorities.md) FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible. - 12 items ### [EU Data Act Non-Emergency Public-Sector Requests FAQ](/artifacts/eu/data-act/faq/non-emergency-public-sector-requests.md) FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence. - 12 items ### [EU Data Act Non-Personal Data and Mixed Datasets FAQ](/artifacts/eu/data-act/faq/non-personal-data-and-mixed-datasets.md) FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records. - 12 items ### [EU Data Act Pre-Contractual Information FAQ](/artifacts/eu/data-act/faq/pre-contractual-information.md) FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries. - 12 items ### [EU Data Act Product Data vs Related Service Data FAQ](/artifacts/eu/data-act/faq/product-data-and-service-data.md) FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs. - 12 items ### [EU Data Act Readily Available Data FAQ](/artifacts/eu/data-act/faq/readily-available-data.md) FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics. - 12 items ### [EU Data Act Related Services FAQ](/artifacts/eu/data-act/faq/related-services.md) FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply. - 12 items ### [EU Data Act Smart Contracts for Data Sharing FAQ](/artifacts/eu/data-act/faq/smart-contracts-for-data-sharing.md) Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status. - 12 items ### [EU Data Act Third-Party Data Sharing FAQ](/artifacts/eu/data-act/faq/third-party-data-sharing.md) FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers. - 12 items ### [EU Data Act Trade Secret Safeguards FAQ](/artifacts/eu/data-act/faq/trade-secrets-safeguards.md) FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records. - 12 items ### [EU Data Act Unfair Contractual Terms FAQ](/artifacts/eu/data-act/faq/unfair-contractual-terms.md) FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence. - 12 items ### [EU Data Act Users, Data Holders, and Recipients FAQ](/artifacts/eu/data-act/faq/users-data-holders-and-recipients.md) FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries. - 12 items ### [EU Data Act Vehicle Data Guidance FAQ](/artifacts/eu/data-act/faq/vehicle-data-guidance.md) FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries. - 12 items Browse all indexed questions: [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) ## All FAQ items *Page 9 of 24. Showing 20 of 469 items.* ### [Can a public emergency request include personal data under the Data Act?](/artifacts/eu/data-act/faq/public-emergency-requests.md#can-a-public-emergency-request-include-personal-data-under-the-data-act) *Module: [Data Act Public Emergency Requests](/artifacts/eu/data-act/faq/public-emergency-requests.md)* Yes, but the Data Act starts from non-personal data. Article 17 says requests should concern non-personal data, and personal data may be requested only if non-personal data are shown to be insufficient for the exceptional need and the request establishes the necessary technical and organisational protection measures. - Ask whether non-personal data would be enough to respond to the emergency. - If personal data remain necessary, require the request to identify protection measures and whether anonymisation can be applied. - Record the anonymisation or pseudonymisation decision and the reason personal data were or were not disclosed. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 17 and 18 set the non-personal-data preference and anonymisation or pseudonymisation duties. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains that public emergency requests should start with non-personal data and move to personal data only if that is insufficient. ### [What happens to trade secrets, confidentiality, and security under the Data Act?](/artifacts/eu/data-act/faq/public-emergency-requests.md#what-happens-to-trade-secrets-confidentiality-and-security-under-the-data-act) *Module: [Data Act Public Emergency Requests](/artifacts/eu/data-act/faq/public-emergency-requests.md)* The Data Act context is the starting point for this answer. A public emergency does not erase confidentiality duties. Article 17 requires requests to respect the legitimate aims of the data holder, including trade secret protection and the cost and effort needed to make data available. Article 19 says trade secrets must be disclosed only to the extent strictly necessary for the Article 15 purpose. - Mark trade-secret fields and related metadata before disclosure. - Require a confidentiality and transfer-security plan for any sensitive delivery route. - Separate confidentiality safeguards from refusal grounds: safeguards should narrow and protect disclosure where disclosure is legally required. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 17 and 19 require trade-secret protection, confidentiality and integrity measures, and security of received data. - [European Commission Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The Commission FAQ points to Article 17, Article 18(4), and Article 19 safeguards for personal data and trade secrets. ### [Can the data holder charge for emergency response data under the Data Act?](/artifacts/eu/data-act/faq/public-emergency-requests.md#can-the-data-holder-charge-for-emergency-response-data-under-the-data-act) *Module: [Data Act Public Emergency Requests](/artifacts/eu/data-act/faq/public-emergency-requests.md)* The Data Act context is the starting point for this answer. For data necessary to respond to a public emergency under Article 15(1)(a), Article 20 says data holders other than microenterprises and small enterprises must make the data available free of charge. They can request public acknowledgement from the receiving public body or EU body. - Classify the request before discussing payment: emergency response and non-emergency exceptional need have different compensation rules. - For non-micro and non-small data holders responding to a public emergency, do not invoice unless another grounded rule applies. - For micro or small enterprises, keep the cost basis for any reasonable remuneration request. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 20 sets compensation rules for public emergency and non-emergency exceptional-need requests. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - The Commission compensation table explains what businesses may request for public emergency and non-emergency Chapter V data sharing. ### [Can the public body reuse or share the data after receiving it under the Data Act?](/artifacts/eu/data-act/faq/public-emergency-requests.md#can-the-public-body-reuse-or-share-the-data-after-receiving-it-under-the-data-act) *Module: [Data Act Public Emergency Requests](/artifacts/eu/data-act/faq/public-emergency-requests.md)* The Data Act context is the starting point for this answer. Data obtained under Chapter V do not become open public-sector information. Article 17 says data obtained under Chapter V must not be made available for reuse under the Data Governance Act or Open Data Directive definitions. Article 19 also bars use in a manner incompatible with the request purpose. - Check whether all expected recipients were named in the original request. - Require onward recipients to follow the same Chapter V purpose, confidentiality, integrity, and security limits. - Track erasure notices from the public body and, where Article 21 sharing occurs, any additional six-month retention period for research or statistical recipients. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 17, 19, and 21 limit reuse, onward sharing, purpose use, and retention of Chapter V data. - [European Commission Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - The Commission FAQ explains that requested data do not become public sector information for open reuse. ### [What records should a company keep for a public emergency request under the Data Act?](/artifacts/eu/data-act/faq/public-emergency-requests.md#what-records-should-a-company-keep-for-a-public-emergency-request-under-the-data-act) *Module: [Data Act Public Emergency Requests](/artifacts/eu/data-act/faq/public-emergency-requests.md)* The Data Act context is the starting point for this answer. Keep enough evidence to prove the request was assessed under the correct Chapter V branch and handled within the required time. The file should include the written request, receipt timestamp, requester identity, asserted public emergency, Article 15 exceptional-need analysis, Article 17 completeness check, data-control analysis, data scope, personal-data and trade-secret treatment, delivery record, and any refusal or modification notice. - Maintain one emergency-request log with deadlines, decisions, owners, and cited Article 18 grounds where used. - Attach the data inventory showing what was available, unavailable, anonymised, pseudonymised, protected, or excluded. - Preserve public-body erasure notices and any onward-sharing notifications because they affect duplicate-request and once-only analysis. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 17 to 21 support the recommended records: request content, response grounds, safeguards, erasure, compensation, and onward sharing. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Explains the once-only principle and publication of requests by the data coordinator, subject to security concerns. ### [What Data Act source evidence should teams keep for the Public Emergency Requests FAQ decision?](/artifacts/eu/data-act/faq/public-emergency-requests.md#what-data-act-source-evidence-should-teams-keep-for-the-public-emergency-requests-faq-decision) *Module: [Data Act Public Emergency Requests](/artifacts/eu/data-act/faq/public-emergency-requests.md)* Keep the legal basis and the implementation evidence together. For a Chapter V public emergency workflow, the most useful sources are the Data Act itself, the Commission explainer, and any internal note showing why the request met Article 15 and Article 17. Link those sources to the final decision so a reviewer can see whether the request was accepted, modified, or declined. - Map the public emergency decision to the specific Data Act article and to the source URL used to interpret it. - Store the owner, affected workflow, evidence artifact, and review trigger for each request file. - Attach the request, response, and any notice to the competent authority in one place so the decision stays auditable. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Chapter V public emergency exceptional-need requests, required request content, data holder response duties, confidentiality, compensation, erasure, and onward sharing. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for Chapter V business-to-government data sharing, public emergency examples, data type expectations, compensation context, and the once-only principle. - [European Commission Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Technical FAQ used for non-binding implementation context on verifying Chapter V requests, cross-border requests, reuse limits, repetitive requests, and safeguards. ### [How should teams assign ownership for Data Act Public Emergency Requests implementation work?](/artifacts/eu/data-act/faq/public-emergency-requests.md#how-should-teams-assign-ownership-for-data-act-public-emergency-requests-implementation-work) *Module: [Data Act Public Emergency Requests](/artifacts/eu/data-act/faq/public-emergency-requests.md)* Assign one accountable owner for the Data Act legal assessment and one for the operational response, then keep the rest of the stakeholders as consulted teams. The legal owner should assess Article 15, Article 17, Article 18, and Article 19 issues; the operational owner should coordinate data extraction, security controls, delivery, and recordkeeping. - Use one owner for legal review, one for technical delivery, and one for records retention. - Record the business unit that controls the requested data and the people who can approve disclosure or refusal. - Track the review trigger and any escalation path separately so the workflow does not depend on ad hoc decisions. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Chapter V public emergency exceptional-need requests, required request content, data holder response duties, confidentiality, compensation, erasure, and onward sharing. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for Chapter V business-to-government data sharing, public emergency examples, data type expectations, compensation context, and the once-only principle. - [European Commission Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Technical FAQ used for non-binding implementation context on verifying Chapter V requests, cross-border requests, reuse limits, repetitive requests, and safeguards. ### [Which Data Act implementation evidence makes the Public Emergency Requests answer usable later?](/artifacts/eu/data-act/faq/public-emergency-requests.md#which-data-act-implementation-evidence-makes-the-public-emergency-requests-answer-usable-later) *Module: [Data Act Public Emergency Requests](/artifacts/eu/data-act/faq/public-emergency-requests.md)* Data Act evidence should show the full chain from request to response. The most useful artifacts are the written request, the Article 17 completeness check, the decision memo on Article 15 exceptional need, the refusal or modification notice if any, the delivery log, and the notices sent to the competent authority or other authorities. - Map the public emergency decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. - Keep all request, response, and escalation records together instead of splitting them across teams. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary legal source for Chapter V public emergency exceptional-need requests, required request content, data holder response duties, confidentiality, compensation, erasure, and onward sharing. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission explainer for Chapter V business-to-government data sharing, public emergency examples, data type expectations, compensation context, and the once-only principle. - [European Commission Data Act FAQ](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Technical FAQ used for non-binding implementation context on verifying Chapter V requests, cross-border requests, reuse limits, repetitive requests, and safeguards. ### [Does the Data Act give startups or SMEs a blanket exemption for SME Exceptions And Startups implementation evidence?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#does-the-data-act-give-startups-or-smes-a-blanket-exemption-for-sme-exceptions-and-startups-implementation-evidence) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* No. The Data Act gives targeted size-based treatment, not a general exemption for startups or SMEs. The answer depends on the chapter, the actor's role, and whether the company is the manufacturer, designer, related-service provider, data holder, data recipient, user, or contracting party. - Use company size only after mapping the Data Act role and chapter. - Treat startup status as context, not as a legal exemption by itself. - Record whether the question is about Chapter II access, Chapter III compensation, Chapter IV unfair terms, or Chapter V public-sector requests. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding source for Article 7 micro, small, and medium-sized enterprise treatment and Article 9 SME compensation rules. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview explaining that micro and small companies are not subject to the same obligations as larger companies. ### [When do micro and small enterprises fall outside Chapter II connected-product access obligations under the Data Act?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#when-do-micro-and-small-enterprises-fall-outside-chapter-ii-connected-product-access-obligations-under-the-data-act) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* The Data Act context is the starting point for this answer. Article 7 says Chapter II business-to-consumer and business-to-business access obligations do not apply to data generated through connected products manufactured or designed by a microenterprise or small enterprise, or related services provided by one, when the Article 7 conditions are met. - Check whether the data comes from the company's own connected product or related service. - Check partner and linked-enterprise status, not only the legal entity signing the contract. - Check whether the company is acting as a subcontractor for another enterprise's product or service. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 7(1) sets the micro and small enterprise Chapter II carve-out and the partner, linked-enterprise, and subcontracting limits. ### [What transition applies when an enterprise has recently become medium-sized under the Data Act?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#what-transition-applies-when-an-enterprise-has-recently-become-medium-sized-under-the-data-act) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* The Data Act context is the starting point for this answer. Article 7 also gives limited treatment to data generated through connected products manufactured by, or related services provided by, an enterprise that has qualified as medium-sized for less than one year. For connected products, the same treatment applies for one year after the product was placed on the market by the medium-sized enterprise. - Keep the date the enterprise first qualified as medium-sized. - Keep the placing-on-the-market date for each affected connected product. - Move the product or service into the ordinary Chapter II workflow when the one-year transition no longer applies. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 7(1) provides the one-year medium-sized enterprise and connected-product transition. ### [Can a micro or small enterprise still have Data Act duties in another role?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#can-a-micro-or-small-enterprise-still-have-data-act-duties-in-another-role) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* Yes. The Chapter II carve-out is not a whole-Regulation exclusion. Recital 41 states that a microenterprise or small enterprise may still be subject to Data Act requirements as a data holder where it is not the manufacturer of the connected product or the provider of related services. - Do not copy a Chapter II exception into Chapter III, IV, V, cloud switching, or interoperability workflows. - Classify the entity separately for each request, contract, and product line. - Retain the role analysis with the access request or contract review. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Recital 41 explains that micro and small enterprises may still be subject to requirements as data holders outside the protected manufacturer or related-service provider situation. ### [How does SME status affect B2B compensation for making data available under the Data Act?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#how-does-sme-status-affect-b2b-compensation-for-making-data-available-under-the-data-act) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* The Data Act context is the starting point for this answer. In mandatory B2B data sharing, Article 9 allows agreed compensation to be reasonable and non-discriminatory and to include a margin. The SME protection is on the data-recipient side: if the data recipient is an SME or a not-for-profit research organisation, and it does not have partner or linked enterprises that do not qualify as SMEs, compensation must not exceed the Article 9(2)(a) costs. - Check SME status of the data recipient, not only the data holder. - Exclude margin where Article 9(4) caps compensation for an SME recipient. - Ask for the compensation calculation basis before accepting a fee as reasonable. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 9 sets the reasonable, non-discriminatory compensation rule and the SME recipient cost cap. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - FAQ 39 explains that compensation has no fixed upper or lower number and that profit margin is not allowed for SME recipients. ### [Do the unfair contractual terms rules protect only SMEs under the Data Act?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#do-the-unfair-contractual-terms-rules-protect-only-smes-under-the-data-act) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* The Data Act context is the starting point for this answer. No. Article 13 applies to covered terms unilaterally imposed by one enterprise on another enterprise. The Commission FAQ says Chapter IV does not specifically address SMEs, even though it is expected to particularly support SMEs because they often have weaker negotiating positions. - Confirm that both parties are enterprises. - Confirm the term concerns data access, data use, or data-related liability or remedies. - Confirm the term was supplied on a take-it-or-leave-it basis or otherwise unilaterally imposed. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13 applies the unfairness rule to covered data terms unilaterally imposed by one enterprise on another. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - FAQ 41 explains that Chapter IV is not SME-specific but is expected to particularly help SMEs. ### [What contract evidence should an SME keep when challenging an unfair data term under the Data Act?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#what-contract-evidence-should-an-sme-keep-when-challenging-an-unfair-data-term-under-the-data-act) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* The Data Act context is the starting point for this answer. Keep evidence that the challenged clause is in Article 13 scope: the contract, negotiation history, requested changes, the final refused or imposed wording, and the link between the clause and data access, data use, or data-related liability or remedies. - Save the imposed clause and any attempted negotiation. - Mark whether the issue is an Article 13(4) always-unfair term or an Article 13(5) presumed-unfair term. - If the imposing party disputes the issue, preserve the record for a competent authority, court, or agreed dispute settlement body. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Article 13 lists terms that are unfair and terms that are presumed unfair, and states the effect on severable terms. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - FAQ 42 outlines the assessment steps and possible escalation routes for unfair data-sharing terms. ### [How do micro and small enterprise rules work for public-sector exceptional-need requests under the Data Act?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#how-do-micro-and-small-enterprise-rules-work-for-public-sector-exceptional-need-requests-under-the-data-act) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* The Data Act context is the starting point for this answer. Chapter V has a different size rule. Article 15(2) says the non-emergency exceptional-need route in Article 15(1)(b) does not apply to microenterprises and small enterprises. That means a non-emergency public-sector request under that route should not be treated like an ordinary obligation for a micro or small company. - Separate public emergency requests from other exceptional-need requests. - For non-emergency Article 15(1)(b) requests, check whether the data holder is micro or small. - For public-emergency requests to micro or small enterprises, preserve compensation calculations and any acknowledgement request. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Articles 15 and 20 set the micro and small enterprise treatment for public-sector exceptional-need requests and compensation. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview includes the Chapter V compensation table for micro and small companies. ### [How should teams document SME status and startup treatment in a Data Act status file?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#how-should-teams-document-sme-status-and-startup-treatment-in-a-data-act-status-file) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* Create one status file per Data Act workflow, not one generic SME certificate for the whole company. The useful record names the legal entity, partner and linked-enterprise position, Data Act role, affected product or related service, data request or contract, chapter relied on, date of status review, and source used. - Keep one record for Chapter II product and related-service treatment. - Keep one record for Chapter III compensation decisions and any SME recipient cap. - Keep one record for Chapter IV contract reviews and the unfair-term analysis. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Primary source for the separate Chapter II, Chapter III, Chapter IV, and Chapter V size-based rules. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ support for compensation, dispute settlement, and unfair-term implementation questions. ### [What Data Act source evidence should teams keep for the SME Exceptions And Startups FAQ decision?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#what-data-act-source-evidence-should-teams-keep-for-the-sme-exceptions-and-startups-faq-decision) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* For SME exceptions and startups, the Data Act record should identify the source clause, Commission guidance, actor role, dataset, request or contract trigger, and the owner who approved the interpretation. - Map the SME exceptions and startups decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding legal text used for Article 7 micro, small, and medium-sized enterprise treatment; Article 9 SME recipient compensation; Article 13 unfair contractual terms; and Chapter V public-sector request treatment. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of reasonable compensation, SME support under unfair-term rules, challenge steps, and dispute-settlement context. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview used for Chapter-level context on smaller companies, B2B data sharing, unfair contractual terms, and public-sector exceptional-need requests. ### [How should teams assign ownership for Data Act SME exceptions and startup treatment?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#how-should-teams-assign-ownership-for-data-act-sme-exceptions-and-startup-treatment) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* For SME exceptions and startups, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process. - Map the SME exceptions and startups decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding legal text used for Article 7 micro, small, and medium-sized enterprise treatment; Article 9 SME recipient compensation; Article 13 unfair contractual terms; and Chapter V public-sector request treatment. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of reasonable compensation, SME support under unfair-term rules, challenge steps, and dispute-settlement context. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview used for Chapter-level context on smaller companies, B2B data sharing, unfair contractual terms, and public-sector exceptional-need requests. ### [Which Data Act implementation evidence makes the SME Exceptions And Startups answer usable later?](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md#which-data-act-implementation-evidence-makes-the-sme-exceptions-and-startups-answer-usable-later) *Module: [Data Act SME Exceptions and Startups](/artifacts/eu/data-act/faq/sme-exceptions-and-startups.md)* For SME exceptions and startups, the Data Act evidence should be concrete enough for a later reviewer to reconstruct why the team classified the product, service, request, or contract in scope. - Map the SME exceptions and startups decision to a cited Data Act source URL. - Store the owner, affected workflow, evidence artifact, and review trigger. Sources for this answer: - [Regulation (EU) 2023/2854 (Data Act)](https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng?ref=sorena.io) - Binding legal text used for Article 7 micro, small, and medium-sized enterprise treatment; Article 9 SME recipient compensation; Article 13 unfair contractual terms; and Chapter V public-sector request treatment. - [European Commission - Data Act FAQs v1.4](https://ec.europa.eu/newsroom/dae/redirection/document/108144?ref=sorena.io) - Commission FAQ used for practical interpretation of reasonable compensation, SME support under unfair-term rules, challenge steps, and dispute-settlement context. - [European Commission - Data Act explained](https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained?ref=sorena.io) - Commission overview used for Chapter-level context on smaller companies, B2B data sharing, unfair contractual terms, and public-sector exceptional-need requests. ## FAQ Pagination - Canonical index (page 1): [/artifacts/eu/data-act/faq/items](/artifacts/eu/data-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 9 of 24 Pages: [1](/artifacts/eu/data-act/faq/items.md) | [2](/artifacts/eu/data-act/faq/items/page/2.md) | [3](/artifacts/eu/data-act/faq/items/page/3.md) | [4](/artifacts/eu/data-act/faq/items/page/4.md) | [5](/artifacts/eu/data-act/faq/items/page/5.md) | [6](/artifacts/eu/data-act/faq/items/page/6.md) | [7](/artifacts/eu/data-act/faq/items/page/7.md) | [8](/artifacts/eu/data-act/faq/items/page/8.md) | [9](/artifacts/eu/data-act/faq/items/page/9.md) | [10](/artifacts/eu/data-act/faq/items/page/10.md) | [11](/artifacts/eu/data-act/faq/items/page/11.md) | [12](/artifacts/eu/data-act/faq/items/page/12.md) | [13](/artifacts/eu/data-act/faq/items/page/13.md) | [14](/artifacts/eu/data-act/faq/items/page/14.md) | [15](/artifacts/eu/data-act/faq/items/page/15.md) | [16](/artifacts/eu/data-act/faq/items/page/16.md) | [17](/artifacts/eu/data-act/faq/items/page/17.md) | [18](/artifacts/eu/data-act/faq/items/page/18.md) | [19](/artifacts/eu/data-act/faq/items/page/19.md) | [20](/artifacts/eu/data-act/faq/items/page/20.md) | [21](/artifacts/eu/data-act/faq/items/page/21.md) | [22](/artifacts/eu/data-act/faq/items/page/22.md) | [23](/artifacts/eu/data-act/faq/items/page/23.md) | [24](/artifacts/eu/data-act/faq/items/page/24.md) [Previous page](/artifacts/eu/data-act/faq/items/page/8.md) | [Next page](/artifacts/eu/data-act/faq/items/page/10.md) *Recommended next step* *Placement: before sources* ## Turn a Data Act FAQ answer into a scoped review Review one product, dataset, cloud contract, public-sector request, or smart-contract deployment against the cited Data Act source and keep the scope, role, evidence, and unresolved questions together. - [Open Research Copilot](/solutions/research-copilot.md): Check Data Act scope, GDPR boundaries, cloud switching, and contract questions with cited source outputs. - [Talk through Data Act implementation](/contact.md): Review one connected product, data-sharing contract, cloud switch, or public-sector request before committing to an implementation path. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/data-act/faq/items/page/9