Artifact GuideEUData Act

EU Data Act requirements

A practical requirements view of Regulation (EU) 2023/2854 for product, data, contract, cloud, interoperability, and evidence teams.

Use it to identify the workstream, control, records, and source basis for each main Data Act obligation area.

Back to main artifactReview sources
Author
Sorena AI
Published
May 6, 2026
Updated
May 6, 2026
Sections
9

Structured answer sets in this page tree.

Primary sources
6

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 6, 2026
Updated May 6, 2026
Overview

The Data Act is not one compliance control. It creates separate requirements for connected-product and related-service data access, third-party sharing, B2B data-sharing terms, B2G exceptional-need requests, cloud switching, international access safeguards, interoperability, smart contracts, unfair terms, personal-data boundaries, and enforcement records.

Section 2

Data Act User-requested sharing with third parties for implementation evidence and owner review

Users can ask the data holder to make readily available data and necessary metadata available to a third party. The data holder cannot use transmission-arrangement disputes to block the user's Data Act sharing right, but the third party must use the data only for the agreed purpose and must erase it when it is no longer necessary unless the user agrees otherwise for non-personal data.

The requirement record should distinguish the user's access right from the third party's obligations. It should also flag gatekeeper restrictions, competing connected-product restrictions, profiling restrictions, trade-secret safeguards, and security limits.

  • Capture the user request, third-party identity, agreed purpose, data categories, metadata, format, and delivery method.
  • Check whether the intended recipient is excluded from receiving the data under the Data Act gatekeeper rule.
  • Require third-party terms that prohibit competing connected-product development, unauthorised onward sharing, prohibited profiling, security-harming use, and disregard of agreed trade-secret measures.
  • Track when the third party must erase the data or when a non-personal data retention arrangement with the user applies.
  • Keep refusal, withholding, suspension, complaint, and dispute-settlement records separate from ordinary fulfilment logs.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Supports Article 5 user-requested third-party sharing and Article 6 restrictions on third-party use, onward sharing, profiling, gatekeeper access, security, and competing products.
European Commission - Data Act explained
Provides Commission context for how the Data Act gives users of connected products control over data generated by their use.
Section 3

Data Act B2B data-sharing terms and compensation for implementation evidence and owner review

When a data holder must make data available to a data recipient in a business-to-business setting, the arrangements must be fair, reasonable, non-discriminatory, and transparent. Compensation can be agreed, but the basis must be explainable; for SME and not-for-profit research recipients, compensation is limited to the costs of making the data available that are listed in the Data Act.

A usable requirement is therefore a contract-and-pricing control, not just a policy statement. The record should show comparable-recipient treatment, data scope, purpose, format, compensation basis, trade-secret measures, technical protection measures, and dispute path.

  • Write data-sharing terms that identify the data, metadata, recipient, purpose, access method, format, quality, use limits, and security safeguards.
  • Document the compensation basis, including formatting, dissemination, storage, and any investment factors relied on.
  • Apply the SME and not-for-profit research limit where the recipient qualifies and no linked or partner enterprise takes it outside that status.
  • Keep non-discrimination evidence for comparable categories of recipients.
  • Use Commission model terms or cloud clauses only as non-binding drafting support, not as a substitute for checking the Data Act requirement.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Supports Article 8 conditions, Article 9 compensation requirements, Article 10 dispute settlement, and Article 11 technical protection measures for B2B data availability.
European Commission - Model terms and cloud clauses
Supports the statement that Commission model contractual terms and standard cloud clauses are non-binding implementation aids for drafting Data Act contracts.
Section 4

Data Act Unfair data-contract terms for implementation evidence and owner review

The Data Act makes certain unilaterally imposed B2B terms non-binding if they are unfair. The test is not limited to price; it covers access to and use of data, liability, remedies, breach, and termination of data-related obligations.

Contract review should flag terms that grossly deviate from good commercial practice, contradict good faith and fair dealing, or match the listed unfair or presumed unfair examples. The output should identify who supplied the term, whether the other party could influence it, the affected data obligation, and the replacement position.

  • Screen one-sided exclusions or limits of liability for intentional acts, gross negligence, non-performance remedies, and breach remedies.
  • Flag terms that let one party alone decide data conformity or interpret the contract.
  • Review terms that restrict the other party from using, obtaining a copy of, terminating around, or controlling data it provided or generated.
  • Check unilateral termination and price or substantive-condition changes for valid reason, notice, and termination rights.
  • Keep the review record with the supplied clause, negotiation evidence, unfairness reason, severability view, and approved replacement.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Supports Article 13 requirements for unfair contractual terms unilaterally imposed between enterprises in data access and use contracts.
European Commission - Data Act FAQs
Provides implementation context for assessing unfairness and handling terms found to be unfair or presumed unfair.
Section 5

Data Act B2G exceptional-need requests for implementation evidence and owner review

Chapter V is narrower than ordinary public-sector access. A public sector body, the Commission, the European Central Bank, or a Union body must demonstrate an exceptional need, limited in time and scope, to use certain data for a statutory public-interest task.

A public emergency request can include personal data only when the Data Act conditions and GDPR safeguards are met. For non-emergency exceptional need, the route is limited to non-personal data and depends on the public body showing that lack of specific data prevents a legally provided public-interest task and that other means have been exhausted.

  • Check whether the request is for a public emergency or another exceptional need, because the permitted data scope and response path differ.
  • Verify that the request is written, clear, specific, proportionate, duly justified, and limited to data under the holder's control.
  • Require the request to state purpose, intended use, duration, erasure expectation, recipient sharing, legal basis for the public-interest task, deadlines, penalties for non-compliance, and personal-data safeguards where relevant.
  • Track the holder's right to decline or seek modification within five working days for public-emergency data and within 30 working days for other exceptional-need requests.
  • Keep publication, competent-authority, data-holder response, compensation, erasure, onward-sharing, and research or statistics transfer records.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Supports Chapter V requirements for exceptional need, public-sector request content, data-holder response periods, compensation, erasure, and onward sharing.
European Commission - Data Act FAQs
Explains practical safeguards for B2G exceptional-need requests, including personal-data and trade-secret protections.
Section 6

Data Act Cloud switching and international access safeguards

Providers of data processing services must remove contractual, technical, commercial, organisational, and pre-commercial obstacles to switching to another provider, to on-premises ICT infrastructure, or to in-parallel use. Written contracts must set out switching rights and provider obligations before signature.

The switching requirement should be implemented through contract clauses, customer exit materials, exportable-data registers, support procedures, security controls, and charge controls. Providers also need public and contractual transparency about infrastructure jurisdiction and measures against unlawful third-country governmental access to non-personal data held in the Union.

  • Include switching clauses for exportable data and digital assets, transition support, continuity, security during transfer, termination, retrieval, erasure, and switching charges.
  • Set the maximum notice period to initiate switching at no more than two months and the mandatory maximum transitional period at 30 calendar days unless the Data Act technical-unfeasibility process is used.
  • If 30 calendar days is technically unfeasible, record the 14-working-day customer notification, justification, and alternative period not exceeding seven months.
  • Maintain an online register of data structures, formats, relevant standards, and open interoperability specifications for exportable data.
  • Publish infrastructure jurisdiction and technical, organisational, and contractual measures for preventing unlawful third-country governmental access or transfer of non-personal EU-held data.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Supports Articles 23 to 32 on switching, contractual terms, information duties, good-faith cooperation, charges, technical switching, in-parallel use, and third-country governmental access safeguards.
European Commission - Data Act explained
Supports the cloud-switching overview, including reduced switching charges during the transition period and the removal of switching charges from 12 January 2027.
Section 7

Data Act Interoperability and smart-contract controls for implementation evidence and owner review

Data-space participants that offer data or data services to other participants must describe dataset content, use restrictions, licences, collection methodology, quality, uncertainty, structures, formats, vocabularies, taxonomies, code lists, access means, API terms, and quality of service sufficiently for recipients to find, access, and use the data.

Smart contracts used to automate execution of data-sharing agreements have separate essential requirements: robustness and access control, safe termination and interruption, data archiving and continuity, governance-layer access control, and consistency with the data-sharing agreement. The vendor or deployer must perform a conformity assessment and issue an EU declaration of conformity when the requirements are fulfilled.

  • For data spaces, keep machine-readable dataset descriptions, public data-structure descriptions, API terms, quality-of-service descriptions, and automation-tool interoperability notes.
  • For data processing services, track when harmonised standards or common specifications are published in the central Union standards repository because that publication triggers compatibility duties after the Data Act period described in Article 30.
  • For smart contracts, test robustness, access control, stop or interruption mechanisms, auditability, continuity, and alignment with the underlying data-sharing terms.
  • Keep conformity assessment files, EU declarations of conformity, test evidence, standards references, and common-specification checks for smart-contract deployments.
  • Monitor European standardisation deliverables for Article 33 data-space interoperability, but do not treat draft or future standards as current mandatory controls until the legal trigger applies.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Supports Articles 33 to 36 on data-space interoperability, data processing service interoperability, common specifications, harmonised standards, and smart-contract essential requirements.
Commission standardisation request for a European Trusted Data Framework
Supports the interoperability standards context for Article 33, including planned deliverables for trusted data transactions, data catalogues, semantic assets, governance quality, and data-space maturity.
Section 8

Data Act GDPR boundary and personal-data controls for implementation evidence and owner review

The Data Act does not supersede the GDPR. Where personal data is processed in a Data Act workflow, GDPR rules apply and prevail in a conflict. The requirement record should identify whether the dataset is personal, non-personal, or mixed before an access, sharing, B2G, cloud, or interoperability control is marked complete.

If the user is not the data subject whose personal data is requested, the data holder may make the personal data available only where a valid GDPR legal basis exists and any relevant special-category and ePrivacy conditions are met. For B2G requests, the request must specify personal-data safeguards such as pseudonymisation and whether anonymisation can be applied before disclosure.

  • Classify every dataset as personal, non-personal, mixed, anonymised, pseudonymised, trade-secret-protected, or out of scope.
  • Record the GDPR role, legal basis, special-category condition, ePrivacy condition, and data-subject rights impact before disclosing personal data.
  • Use anonymisation or pseudonymisation where the Data Act route permits or requires it and keep the rationale with the access or request file.
  • Route personal-data enforcement questions to the data-protection authority competence described in the Data Act and GDPR framework.
  • Do not treat a Data Act access right as a standalone GDPR legal basis for a user who is not the data subject.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Supports the GDPR-precedence rule, Article 4 and Article 5 personal-data conditions, B2G personal-data safeguards, and Article 37 data-protection authority competence.
European Commission - Data Act FAQs
Explains the interaction between the Data Act and GDPR, including valid legal basis analysis when the requesting user is not the data subject.
Section 9

Data Act Records, complaints, and enforcement readiness for implementation evidence and owner review

The Data Act gives competent authorities complaint-handling, investigation, cooperation, information-request, and penalty powers. Records should therefore show not only that a requirement exists, but that the company can explain the rule, scope, actor, decision, control, and evidence if a user, third party, public body, customer, or authority challenges it.

Avoid one broad Data Act sign-off. The useful artifact is a requirements register with separate rows for connected-product access, related-service access, third-party sharing, B2B terms, unfair terms, B2G requests, cloud switching, international access, interoperability, smart contracts, personal-data boundaries, and unresolved exceptions.

  • For each requirement, keep the Data Act article or chapter, actor role, data category, affected product or service, owner, reviewer, control, evidence, status, and next review trigger.
  • Keep request logs, fulfilment logs, refusal or suspension reasons, trade-secret measures, security justifications, compensation calculations, contract approvals, switching notices, API registers, and smart-contract conformity files.
  • Preserve complaint and dispute records with the competent authority, dispute-settlement body, court, or data-protection authority path that applies.
  • For non-EU entities making connected products available or offering services in the Union, track the EU legal representative requirement where applicable.
  • Do not publish penalty amounts unless they are supported by the applicable Member State rules or the GDPR/EDPS provisions that apply to the specific personal-data context.
Sources for this answer
Regulation (EU) 2023/2854 (Data Act)
Supports Articles 37 to 40 on competent authorities, data coordinators, complaint rights, judicial remedies, information requests, legal representatives, and penalties.
European Commission - Data Act Legal Helpdesk
Supports the availability of Commission implementation support for Data Act questions without replacing competent-authority or court remedies.
Recommended next step

Turn Data Act requirements into an evidence register

Use the requirement areas above to create separate product, contract, public-sector request, cloud, interoperability, smart-contract, GDPR, and records workstreams with cited source links.

Research workflow
Open Research Copilot

Ask Data Act implementation questions and keep cited answers with the requirement record.

Explore next step
Talk to Sorena
Talk through implementation

Review product data, contracts, cloud switching, and evidence gaps before assigning work.

Explore next step
Primary sources

References and citations

European Commission - Data Act explained
digital-strategy.ec.europa.eu
Referenced sections
  • Supports the cloud-switching overview, including reduced switching charges during the transition period and the removal of switching charges from 12 January 2027.
European Commission - Data Act FAQs
ec.europa.eu
Referenced sections
  • Explains the interaction between the Data Act and GDPR, including valid legal basis analysis when the requesting user is not the data subject.
European Commission - Data Act Legal Helpdesk
digital-strategy.ec.europa.eu
Referenced sections
  • Supports the availability of Commission implementation support for Data Act questions without replacing competent-authority or court remedies.
European Commission - Model terms and cloud clauses
digital-strategy.ec.europa.eu
Referenced sections
  • Supports the statement that Commission model contractual terms and standard cloud clauses are non-binding implementation aids for drafting Data Act contracts.
Regulation (EU) 2023/2854 (Data Act)
eur-lex.europa.eu
Referenced sections
  • Supports Articles 37 to 40 on competent authorities, data coordinators, complaint rights, judicial remedies, information requests, legal representatives, and penalties.
Related guides

Explore more topics

Data Act and Common European Data Spaces
How Data Act Article 33 connects data-space participation with metadata, vocabularies, APIs, access terms, data quality, governance, and standards monitoring.
Data Act and Data Governance Act Overlap FAQ
FAQ explaining where the EU Data Act and Data Governance Act overlap, how they differ, and how to route product, cloud, public-sector reuse, intermediary, and data altruism workflows.
Data Act and GDPR Personal Data Overlap FAQ
FAQ on how the EU Data Act works when connected-product or related-service data includes personal data, mixed datasets, GDPR roles, lawful basis, trade secrets, and third-party sharing.
Data Act Audit Evidence And Request Logs FAQ
FAQ for Data Act request logs covering user and third-party access, B2G exceptional need requests, cloud switching records, contract terms, trade secrets, and GDPR boundaries.
Data Act B2B Data-Sharing Contract Clauses
Clause guide for EU Data Act B2B data sharing: FRAND terms, compensation, trade secret safeguards, recipient limits, termination, logs, and GDPR boundaries.
Data Act B2B Data-Sharing Contract Template
A usable EU Data Act B2B data-sharing template outline covering access requests, data schedules, permitted use, trade secrets, security, compensation, GDPR boundaries, audit records, and termination.
Data Act B2G Exceptional-Need Requests
A grounded guide to EU Data Act Chapter V requests from public bodies: exceptional need, public emergencies, request contents, limits, safeguards, costs, and records.
Data Act Cloud Switching Compliance Checklist
A grounded EU Data Act checklist for cloud and data processing service providers covering switching clauses, notices, export formats, charges, interoperability, and evidence.
Data Act Cloud Switching Contract Terms FAQ
FAQ on EU Data Act cloud switching contract terms: Article 25 clauses, assistance, notice, transition, charges, export, termination, interoperability, and records.
Data Act Cloud Switching Fees And Deadlines FAQ
FAQ on EU Data Act cloud switching charges, 2027 fee removal, notice periods, transition windows, data retrieval, contract terms, and evidence records.
Data Act Complaints and Dispute Settlement FAQ
FAQ on EU Data Act complaints, competent authorities, dispute settlement bodies, B2B data-sharing disputes, B2G requests, cloud switching disputes, and evidence records.
Data Act Exportable Data and Metadata FAQ
FAQ explaining which product, related service, metadata, and cloud switching data must be exportable under the EU Data Act, and which data can be excluded.
Data Act FAQ for Aftermarket Repair and Mobility Services
FAQ on EU Data Act vehicle-data access for repairers, independent service providers, fleets, insurers, and mobility services.
Data Act Functional Equivalence FAQ
FAQ on Data Act functional equivalence for cloud switching: IaaS scope, customer outcomes, export support, interoperability duties, limits, and evidence.
Data Act Indirect Access Request Flows FAQ
FAQ for Data Act teams handling user and third-party data requests when direct connected-product access is unavailable, incomplete, or limited.
Data Act International Government Access FAQ
FAQ on EU Data Act safeguards for non-EU government access to non-personal data held in the Union by data processing service providers.
Data Act Interoperability Standards FAQ
FAQ on EU Data Act interoperability standards for data spaces, cloud switching, smart contracts, harmonised standards, common specifications, and M/614.
Data Act Model Contractual Terms FAQ
FAQ on the EU Data Act non-binding model contractual terms for data access and use, cloud switching clauses, B2B use, unfair terms, and evidence.
Data Act Public Emergency Requests FAQ
FAQ on EU Data Act public emergency requests: exceptional need, request content, timing, data holder response, compensation, confidentiality, and records.
Data Act Smart Contracts for Data Sharing
Data Act Article 36 smart contract guide for data-sharing agreements: scope, robustness, access control, termination, interruption, archiving, standards status, and conformity evidence.
Data Act SME Exceptions and Startups FAQ
FAQ on where the EU Data Act gives micro, small, medium-sized, startup, and SME actors narrower treatment for access duties, compensation, and B2B terms.
Data Act Trade Secret Technical Protection Measures FAQ
FAQ on how EU Data Act data holders can protect trade secrets with confidentiality safeguards, technical measures, limited withholding, suspension, refusal, and evidence.
Data Act Trade Secrets and Protection Measures
Data Act guide for protecting trade secrets during access and sharing: classification, safeguards, refusal thresholds, notices, evidence records, and reviews.
Data Act Unfair Contractual Terms | Article 13 B2B Contract Review
Review B2B data-sharing clauses under EU Data Act Article 13: unilateral terms, always unfair examples, presumed unfair terms, model clauses, evidence, and remediation.
Data Act Vehicle Data Guidance
Commission-grounded guide to Data Act vehicle data access: connected vehicles, vehicle-related services, raw and pre-processed data, aftermarket use cases, access routes, safeguards, and GDPR boundaries.
Data Act vs GDPR: connected-product data access
Compare EU Data Act connected-product access duties with GDPR personal-data rules: scope, roles, lawful basis, data subject rights, third-party sharing, trade secrets, and conflicts.
EU Data Act and Common European Data Spaces FAQ
FAQ on how EU Data Act interoperability duties, Data Governance Act rules, and sector data-space governance fit together without treating participation as a general obligation.
EU Data Act Applicability Test
Check whether a product, related service, data holder, cloud service, data-space role, smart contract, or B2G request is in scope of the EU Data Act.
EU Data Act Application Dates And Transition FAQ
FAQ on when the EU Data Act applies, which obligations are delayed, and what product, contract, cloud, and evidence records teams should maintain.
EU Data Act Article 3 Pre-Contract Information
What Article 3 of the EU Data Act requires before connected-product purchase, rent, lease, or related-service contracting: data categories, access, data holder identity, third-party sharing, complaints, and evidence.
EU Data Act Article 36 Smart Contract Controls FAQ
FAQ explaining when EU Data Act Article 36 applies to smart contracts for data-sharing agreements and what controls, conformity evidence, and limits it requires.
EU Data Act B2B Data Sharing Compensation FAQ
FAQ on when Data Act data holders may charge B2B data recipients, what reasonable compensation can include, SME limits, unfair terms, disputes, and trade secret safeguards.
EU Data Act B2G Compensation and Costs FAQ
FAQ on when Data Act B2G exceptional-need requests are free, when fair compensation may be claimed, which costs can be included, and what records to keep.
EU Data Act B2G Exceptional Need FAQ
When public-sector bodies can request business-held data under the EU Data Act, what a valid request must contain, and how data holders handle limits, trade secrets, compensation, and evidence.
EU Data Act Checklist for Product, Cloud, and Contract Teams
A grounded EU Data Act checklist for connected-product data access, third-party sharing, B2G requests, cloud switching, unfair terms, smart contracts, personal data boundaries, evidence, and owners.
EU Data Act Cloud Switching and Exit Plans
A grounded EU Data Act guide for data processing service exit plans: switching contracts, exportable data, assistance, charges, interoperability, retrieval, erasure, and records.
EU Data Act Cloud Switching Procurement FAQ
Procurement checklist FAQ for EU Data Act cloud switching: contract terms, exit support, exportable data, switching charges, interoperability, termination, and supplier evidence.
EU Data Act Compliance Program
Build a Data Act compliance program for connected-product data access, contracts, B2G requests, cloud switching, smart contracts, GDPR boundaries, records, and ownership.
EU Data Act Connected Product Scope and Data Types
Classify EU Data Act connected products, related services, product data, related-service data, readily available data, metadata, and excluded derived outputs.
EU Data Act Connected Product Scope FAQ
FAQ explaining when connected products, related services, generated data, EU market placement, and SME exceptions fall within EU Data Act scope.
EU Data Act Data Processing Service Switching
A grounded EU Data Act guide for provider and customer switching duties: exit assistance, exportable data, contract clauses, charges, interoperability, retrieval, and erasure.
EU Data Act data spaces interoperability FAQ
FAQ explaining Article 33 Data Act interoperability requirements for data-space participants, common European data spaces, standards, APIs, metadata, and architecture evidence.
EU Data Act deadlines and compliance calendar
A source-linked calendar for EU Data Act application dates, product design timing, contract remediation, cloud switching charges, response periods, standards work, and evidence records.
EU Data Act Direct Access by Design FAQ
FAQ for product and legal teams designing user access to connected-product and related-service data under the EU Data Act.
EU Data Act Enforcement And Competent Authorities FAQ
FAQ on who enforces the EU Data Act, how complaints work, how Member States set penalties, when dispute settlement can be used, and when GDPR authorities remain responsible.
EU Data Act FAQ: scope, access rights, B2G, cloud switching, GDPR, and dates
Grounded EU Data Act FAQ index covering connected-product data access, third-party sharing, B2G exceptional need, cloud switching, smart contracts, GDPR boundaries, unfair terms, trade secrets, and application dates.
EU Data Act Non-Emergency Public-Sector Requests FAQ
FAQ on EU Data Act requests where a public body claims exceptional need outside a public emergency, including scope, request contents, limits, compensation, confidentiality, and evidence.
EU Data Act Non-Personal Data and Mixed Datasets FAQ
FAQ on how the EU Data Act treats non-personal data, mixed datasets, GDPR precedence, user and third-party access, trade-secret limits, and evidence records.
EU Data Act Penalties and Enforcement
Grounded guide to Data Act penalties under Article 40, Member State enforcement, penalty factors, complaints, judicial remedies, and the GDPR enforcement boundary.
EU Data Act Pre-Contractual Information FAQ
FAQ on EU Data Act Article 3 pre-contract information for connected products and related services, including data categories, access methods, data holder identity, third-party sharing, and GDPR boundaries.
EU Data Act Product Data vs Related Service Data FAQ
FAQ explaining how the EU Data Act separates connected product data, related service data, readily available raw and pre-processed data, metadata, and inferred or derived outputs.
EU Data Act Readily Available Data FAQ
FAQ on what counts as readily available data under the EU Data Act, including product data, related service data, metadata, inferred data, and access mechanics.
EU Data Act Related Services FAQ
FAQ explaining when software is a Data Act related service, how it links to connected products, which product and service data are in scope, and what exclusions apply.
EU Data Act Smart Contracts for Data Sharing FAQ
Answers on Article 36 Data Act smart-contract requirements for data sharing: scope, robustness, access control, termination, archiving, conformity assessment, contract terms, and standards status.
EU Data Act Third-Party Data Sharing FAQ
FAQ on user-directed third-party data sharing under the EU Data Act, covering data holder duties, recipient limits, trade secrets, security, GDPR, and gatekeepers.
EU Data Act Trade Secret Safeguards FAQ
FAQ on protecting trade secrets when handling EU Data Act user and third-party data access requests, including safeguards, withholding, suspension, refusal, notices, and records.
EU Data Act Unfair Contractual Terms FAQ
FAQ on Article 13 of the EU Data Act: B2B unfair contract terms, unilateral take-it-or-leave-it clauses, always-unfair terms, presumed-unfair terms, SMEs, model terms, and review evidence.
EU Data Act User Access and Portability Rights
Practical guide to EU Data Act user access, connected-product data portability, third-party sharing, trade secret safeguards, and the GDPR boundary.
EU Data Act Users, Data Holders, and Recipients FAQ
FAQ explaining Data Act users, data holders, data recipients, connected products, related services, user access, third-party limits, and GDPR boundaries.
EU Data Act Vehicle Data Guidance FAQ
FAQ on EU Data Act vehicle data guidance for connected vehicles, aftermarket repair, mobility services, third-party access, trade secrets, security, and GDPR boundaries.
EU Data Act vs Data Governance Act
Compare the EU Data Act with the Data Governance Act: connected-product access, cloud switching, B2B/B2G duties, protected public-sector reuse, intermediaries, altruism, governance, and enforcement.