EU Data Act SME Exceptions and Startups FAQ

No. The Data Act gives targeted size-based treatment, not a general exemption for startups or SMEs. The answer depends on the chapter, the actor's role, and whether the company is the manufacturer, designer, related-service provider, data holder, data recipient, user, or contracting party.

Startups should not rely on the word startup alone. The binding Chapter II carve-out is framed around microenterprises, small enterprises, and a limited transition for medium-sized enterprises by reference to Commission Recommendation 2003/361/EC, not around venture stage, funding round, age of incorporation, or headcount labels used in sales systems. If a company wants to document its size position, it should record the Commission Recommendation 2003/361/EC test it used and the legal entity, partner-enterprise, and linked-enterprise facts behind the conclusion.

The Data Act context is the starting point for this answer. Article 7 says Chapter II business-to-consumer and business-to-business access obligations do not apply to data generated through connected products manufactured or designed by a microenterprise or small enterprise, or related services provided by one, when the Article 7 conditions are met.

The carve-out is narrow. It is lost if the micro or small enterprise has a partner or linked enterprise that does not itself qualify as a microenterprise or small enterprise. It also does not apply where the micro or small enterprise is subcontracted to manufacture or design the connected product or provide the related service.

The Data Act context is the starting point for this answer. Article 7 also gives limited treatment to data generated through connected products manufactured by, or related services provided by, an enterprise that has qualified as medium-sized for less than one year. For connected products, the same treatment applies for one year after the product was placed on the market by the medium-sized enterprise.

This should be managed as a dated transition record, not as a permanent SME exception. The file should show when the enterprise first qualified as medium-sized, which connected products or related services are affected, and when the transition ends for each product or service.

Yes. The Chapter II carve-out is not a whole-Regulation exclusion. Recital 41 states that a microenterprise or small enterprise may still be subject to Data Act requirements as a data holder where it is not the manufacturer of the connected product or the provider of related services.

For implementation, avoid writing contract language that says a small supplier is exempt from the Data Act. Write the exact role: for example, small related-service provider for its own service, SME data recipient seeking data under Chapter III, or enterprise challenging a unilaterally imposed data clause under Chapter IV.

The Data Act context is the starting point for this answer. In mandatory B2B data sharing, Article 9 allows agreed compensation to be reasonable and non-discriminatory and to include a margin. The SME protection is on the data-recipient side: if the data recipient is an SME or a not-for-profit research organisation, and it does not have partner or linked enterprises that do not qualify as SMEs, compensation must not exceed the Article 9(2)(a) costs.

The Commission FAQ explains the practical effect: there is no general upper or lower compensation number, but reasonable compensation cannot include a profit margin when the recipient is an SME or a non-profit research organisation. Data holders must also provide enough calculation information for the recipient to assess whether Article 9 is met.

The Data Act context is the starting point for this answer. No. Article 13 applies to covered terms unilaterally imposed by one enterprise on another enterprise. The Commission FAQ says Chapter IV does not specifically address SMEs, even though it is expected to particularly support SMEs because they often have weaker negotiating positions.

The rule is about the term and how it was imposed. It covers terms concerning access to and use of data, or liability and remedies for breach or termination of data-related obligations. It does not turn every unfavorable commercial term into a Data Act issue.

The Data Act context is the starting point for this answer. Keep evidence that the challenged clause is in Article 13 scope: the contract, negotiation history, requested changes, the final refused or imposed wording, and the link between the clause and data access, data use, or data-related liability or remedies.

Then classify the term. Some terms are always unfair under Article 13(4), such as excluding liability for intentional acts or gross negligence by the imposing party. Others are presumed to be unfair under Article 13(5), such as inappropriate remedy limits, significantly detrimental access to the other party's data, or unilateral changes to substantive data-sharing conditions without a valid reason and termination right.

The Data Act context is the starting point for this answer. Chapter V has a different size rule. Article 15(2) says the non-emergency exceptional-need route in Article 15(1)(b) does not apply to microenterprises and small enterprises. That means a non-emergency public-sector request under that route should not be treated like an ordinary obligation for a micro or small company.

For public emergencies, Article 20 treats micro and small enterprises differently on compensation. Data holders other than micro and small enterprises must make data necessary for public-emergency response available free of charge, but Article 20(3) allows the fair-compensation rule to apply where a microenterprise or small enterprise claims compensation.

Create one status file per Data Act workflow, not one generic SME certificate for the whole company. The useful record names the legal entity, partner and linked-enterprise position, Data Act role, affected product or related service, data request or contract, chapter relied on, date of status review, and source used.

For startup teams, the file should also note that startup status is not itself a legal category in the Data Act. The practical question is whether the entity qualifies as a microenterprise, small enterprise, or medium-sized enterprise under Commission Recommendation 2003/361/EC, and whether the Article 7 or Article 9 conditions actually apply.

For SME exceptions and startups, the Data Act record should identify the source clause, Commission guidance, actor role, dataset, request or contract trigger, and the owner who approved the interpretation.

For SME exceptions and startups, keep the cited external URL, decision date, reviewer, unresolved assumptions, and implementation artifact together so the answer remains auditable.

For SME exceptions and startups, the Data Act workflow should name the legal, product, procurement, cloud, support, or security owner who can change the affected process.

For SME exceptions and startups, use one accountable owner per action, then record consulted teams and evidence dependencies separately.

For SME exceptions and startups, the Data Act evidence should be concrete enough for a later reviewer to reconstruct why the team classified the product, service, request, or contract in scope.

For SME exceptions and startups, useful evidence includes source URLs, data inventories, contract clauses, request logs, technical controls, customer notices, and approval records.