EU Data Act Pre-Contractual Information FAQ

The Data Act context is the starting point for this answer. Before conclusion of a purchase, rent, or lease contract for a connected product, Article 3(2) requires the seller, rentor, or lessor to give the user clear and comprehensible information. The disclosure must cover the type, format, and estimated volume of product data the connected product can generate.

The same pre-contract notice should also tell the user whether the product can generate data continuously and in real time, whether data can be stored on the device or on a remote server, the intended retention duration where applicable, and how the user may access, retrieve, or, where relevant, erase the data.

The Data Act context is the starting point for this answer. For a related service, Article 3(3) requires the prospective provider to disclose both product data it expects to obtain and related service data that will be generated. The notice must explain the nature, estimated volume, and, for product data, collection frequency, plus access or retrieval arrangements and storage or retention arrangements.

A related service disclosure also has to say whether the prospective data holder expects to use readily available data itself, the purposes of that use, and whether one or more third parties may use the data for purposes agreed with the user.

The Data Act context is the starting point for this answer. The Article 3 notice should focus on product data and related service data, not a broad inventory of every file associated with the product. Commission guidance describes Chapter II as covering raw and pre-processed data that are readily available to the data holder, including relevant metadata, while inferred or derived data and protected content can fall outside that Chapter II access scope.

For a useful pre-contract notice, translate internal labels such as telemetry, diagnostics, sensor logs, or app events into the Data Act categories that matter to the user: product data, related service data, readily available data, relevant metadata, and material that is not being offered because it is derived, inferred, content, or otherwise outside the access duty.

The Data Act context is the starting point for this answer. Article 3(1) says connected products and related services should be designed so product data and related service data are easily, securely, and freely accessible to the user in a structured, commonly used, machine-readable format, and directly accessible where relevant and technically feasible.

The pre-contract information should therefore say whether access is direct, indirect, or split by data type. Commission FAQ material explains direct access as user access without asking the data holder to act, while indirect access means the user has to ask the data holder, for example through a portal or approval process.

The Data Act context is the starting point for this answer. Yes for related services, and in practice the identity question is central for connected products too because the user needs to know who controls access to readily available data. Article 3(3) requires the related service provider to disclose the prospective data holder's identity, such as trading name and geographical address, plus communication means for quick and efficient contact.

Commission FAQ material warns that the manufacturer is not always the data holder. A related service provider or another entity may be the data holder if it controls access to readily available data, and users must be told who the data holder or data holders are before signing the relevant contracts.

The Data Act context is the starting point for this answer. For related services, Article 3(3) requires information on how the user can ask for data to be shared with a third party and, where applicable, how to end that sharing. It also requires disclosure of whether the prospective data holder intends to allow one or more third parties to use the data for purposes agreed with the user.

The notice should not overpromise third-party access. Commission guidance states that users can ask data holders to share data with a third party of their choice, but Digital Markets Act gatekeepers are excluded from the third-party role and the Data Act does not oblige a data holder to share with third parties based outside the EU.

The Data Act does not supersede the GDPR. Commission FAQ material states that the GDPR is fully applicable to personal data processing under the Data Act, and that GDPR rules prevail in a conflict. Article 3 disclosures can describe personal-data categories and access routes, but they do not create a new legal basis for collecting, generating, or disclosing personal data.

Where the user requesting data is not the data subject, personal data can be made available only if there is a valid GDPR legal basis. A practical notice should therefore separate personal and non-personal data where possible, explain when anonymised data may be provided, and avoid suggesting that Data Act access overrides privacy, confidentiality of communications, or data subject rights.

Article 3(3) requires the related-service notice to say whether a prospective data holder is the holder of trade secrets contained in accessible or generated data, and, if not, to identify the trade secret holder. The Data Act also allows safeguards for trade secrets and security, but those safeguards should be explained as limits on access or sharing, not as a blanket reason to avoid clear Article 3 disclosures.

A useful pre-contract package should identify trade secret-sensitive data categories at a high level, explain any agreed confidentiality measures, and avoid exposing the secret itself. If security requirements laid down in EU or national law could restrict access or sharing, the notice should point users to the practical consequence for the relevant data stream.

No. The Data Act pre-contract obligation is a user-facing information duty about generated data, access, retrieval, data holder identity, third-party sharing, and related limits. It is not a CE-style declaration of conformity or a standalone self-certification document under the Data Act.

A seller, lessor, rentor, or related service provider may choose a stable web page, product documentation, contract schedule, or another appropriate form for the Article 3 information, as long as the user receives clear and comprehensible information before the relevant contract is concluded.

For pre contractual information, the Data Act record should identify the source clause, Commission guidance, actor role, dataset, request or contract trigger, and the owner who approved the interpretation.

For pre contractual information, keep the cited external URL, decision date, reviewer, unresolved assumptions, and implementation artifact together so the answer remains auditable.

For pre contractual information, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process.

For pre contractual information, use one accountable owner per action, then record consulted teams and evidence dependencies separately.

For pre contractual information, the Data Act evidence should be concrete enough for a later reviewer to reconstruct why the team classified the product, service, request, or contract in scope.

For pre contractual information, useful evidence includes source URLs, data inventories, contract clauses, request logs, technical controls, customer notices, and approval records.