Chapter III - Obligations for data holders obliged to make data available to data recipients (Art. 8-12)

Chapter III – Obligations for data holders obliged to make data available to data recipients (Art. 8-12)

Art. 8 Data Act - Conditions under which data holders make data available to data recipients arrow_right_alt

Applicable after 12 September 2025. For more information, see Article 50.

Where, in business-to-business relations, a data holder is obliged to make data available to a data recipient under Article 5 or under other applicable Union law or national legislation adopted in accordance with Union law, it shall agree with a data recipient the arrangements for making the data available and shall do so under fair, reasonable and non-discriminatory terms and conditions and in a transparent manner in accordance with this Chapter and Chapter IV.
A contractual term concerning access to and the use of data, or liability and remedies for the breach or termination of data-related obligations, shall not be binding if it constitutes an unfair contractual term within the meaning of Article 13 or if, to the detriment of the user, it excludes the application of, derogates from or varies the effect of the user’s rights under Chapter II.
A data holder shall not discriminate regarding the arrangements for making data available between comparable categories of data recipients, including partner enterprises or linked enterprises of the data holder when making data available. Where a data recipient considers that the conditions under which data has been made available to it are discriminatory, the data holder shall without undue delay provide the data recipient, upon its reasoned request, with information showing that there has been no discrimination.
A data holder shall not make data available to a data recipient, including on an exclusive basis, unless requested to do so by the user under Chapter II.
Data holders and data recipients shall not be required to provide any information beyond what is necessary to verify compliance with the contractual terms agreed for making data available or with their obligations under this Regulation or other applicable Union law or national legislation adopted in accordance with Union law.
Unless otherwise provided for in Union law, including Article 4(6) and Article 5(9) of this Regulation, or by national legislation adopted in accordance with Union law, an obligation to make data available to a data recipient shall not oblige the disclosure of trade secrets.

Close tabsclose

Recital 42

Taking into account the variety of connected products producing data of different nature, volume and frequency, presenting different levels of data and cybersecurity risks and providing economic opportunities of different value, and for the purpose of ensuring consistency of data sharing practices in the internal market, including across sectors, and to encourage and promote fair data sharing practices even in areas where no such right to data access is provided for, this Regulation provides for horizontal rules on the arrangements for access to data whenever a data holder is obliged by Union law or national legislation adopted in accordance with Union law to make data available to a data recipient. Such access should be based on fair, reasonable, non-discriminatory and transparent terms and conditions. Those general access rules do not apply to obligations to make data available under Regulation (EU) 2016/679. Voluntary data sharing remains unaffected by those rules. The non-binding model contractual terms for business-to-business data sharing to be developed and recommended by the Commission may help parties to conclude contracts which include fair, reasonable and non-discriminatory terms and conditions and which are to be implemented in a transparent way. The conclusion of contracts, which may include the non-binding model contractual terms, should not mean that the right to share data with third parties is in any way conditional upon the existence of such a contract. Should parties be unable to conclude a contract on data sharing, including with the support of dispute settlement bodies, the right to share data with third parties is enforceable in national courts or tribunals.

Recital 43

On the basis of the principle of contractual freedom, parties should remain free to negotiate the precise conditions for making data available in their contracts within the framework for the general access rules for making data available. Terms of such contracts could include technical and organisational measures, including in relation to data security.

Recital 44

In order to ensure that the conditions for mandatory data access are fair for both parties to a contract, the general rules on data access rights should refer to the rule on avoiding unfair contractual terms.

Recital 45

Any agreement concluded in business-to-business relations for making data available should be non-discriminatory between comparable categories of data recipients, independently of whether the parties are large enterprises or SMEs. In order to compensate for the lack of information on the conditions contained in different contracts, which makes it difficult for the data recipient to assess whether the terms for making the data available are non-discriminatory, it should be the responsibility of data holders to demonstrate that a contractual term is not discriminatory. It is not unlawful discrimination where a data holder uses different contractual terms for making data available if those differences are justified by objective reasons. Those obligations are without prejudice to Regulation (EU) 2016/679.

Art. 9 Data Act - Compensation for making data available arrow_right_alt

Applicable after 12 September 2025. For more information, see Article 50.

Any compensation agreed upon between a data holder and a data recipient for making data available in business-to-business relations shall be non- discriminatory and reasonable and may include a margin.
When agreeing on any compensation, the data holder and the data recipient shall take into account in particular:
1. costs incurred in making the data available, including, in particular, the costs necessary for the formatting of data, dissemination via electronic means and storage;
2. investments in the collection and production of data, where applicable, taking into account whether other parties contributed to obtaining, generating or collecting the data in question.
The compensation referred to in paragraph 1 may also depend on the volume, format and nature of the data.
Where the data recipient is an SME or a not-for profit research organisation and where such a data recipient does not have partner enterprises or linked enterprises that do not qualify as SMEs, any compensation agreed shall not exceed the costs referred to in paragraph 2, point (a).
The Commission shall adopt guidelines on the calculation of reasonable compensation, taking into account the advice of the European Data Innovation Board (EDIB) referred to in Article 42.
This Article shall not preclude other Union law or national legislation adopted in accordance with Union law from excluding compensation for making data available or providing for lower compensation.
The data holder shall provide the data recipient with information setting out the basis for the calculation of the compensation in sufficient detail so that the data recipient can assess whether the requirements of paragraphs 1 to 4 are met.

Close tabsclose

Recital 46

In order to promote continued investment in generating and making available valuable data, including investments in relevant technical tools, while at the same time avoiding excessive burdens on access to and the use of data which make data sharing no longer commercially viable, this Regulation contains the principle that in business-to-business relations data holders may request reasonable compensation when obliged pursuant to Union law or national legislation adopted in accordance with Union law to make data available to a data recipient. Such compensation should not be understood to constitute payment for the data itself. The Commission should adopt guidelines on the calculation of reasonable compensation in the data economy.

Recital 47

First, reasonable compensation for meeting the obligation pursuant to Union law or national legislation adopted in accordance with Union law to comply with a request to make data available may include compensation for the costs incurred in making the data available. Those costs may be technical costs, such as the costs necessary for data reproduction, dissemination via electronic means and storage, but not for data collection or production. Such technical costs may also include the costs for processing, necessary to make data available, including costs associated with the formatting of data. Costs related to making the data available may also include the costs of facilitating concrete data sharing requests. They may also vary depending on the volume of the data as well as the arrangements taken for making the data available. Long-term arrangements between data holders and data recipients, for instance via a subscription model or the use of smart contracts, may reduce the costs in regular or repetitive transactions in a business relationship. Costs related to making data available are either specific to a particular request or shared with other requests. In the latter case, a single data recipient should not pay the full costs of making the data available. Second, reasonable compensation may also include a margin, except regarding SMEs and not-for-profit research organisations. A margin may vary depending on factors related to the data itself, such as volume, format or nature of the data. It may consider the costs for collecting the data. A margin may therefore decrease where the data holder has collected the data for its own business without significant investments or may increase where the investments in the data collection for the purposes of the data holder’s business are high. It may be limited or even excluded in situations where the use of the data by the data recipient does not affect the data holder’s own activities. The fact that the data is co-generated by a connected product owned, rented or leased by the user could also reduce the amount of the compensation in comparison to other situations where the data are generated by the data holder for example during the provision of a related service.

Recital 48

It is not necessary to intervene in the case of data sharing between large enterprises, or where the data holder is a small enterprise or a medium-sized enterprise and the data recipient is a large enterprise. In such cases, the enterprises are considered to be capable of negotiating the compensation within the limits of what is reasonable and non-discriminatory.

Recital 49

To protect SMEs from excessive economic burdens which would make it commercially too difficult for them to develop and run innovative business models, the reasonable compensation for making data available to be paid by them should not exceed the costs directly related to making the data available. Directly related costs are those costs which are attributable to individual requests, taking into account that the necessary technical interfaces or related software and connectivity is to be established on a permanent basis by the data holder. The same regime should apply to not-for-profit research organisations.

Recital 50

In duly justified cases, including where there is a need to safeguard consumer participation and competition or to promote innovation in certain markets, regulated compensation for making available specific data types may be provided for in Union law or national legislation adopted in accordance with Union law.

Recital 51

Transparency is an important principle for ensuring that the compensation requested by a data holder is reasonable, or, if the data recipient is an SME or a not-for-profit research organisation, that the compensation does not exceed the costs directly related to making the data available to the data recipient and is attributable to the individual request concerned. In order to put data recipients in a position to assess and verify that the compensation complies with the requirements of this Regulation, the data holder should provide to the data recipient sufficiently detailed information for the calculation of the compensation.

Art. 10 Data Act - Dispute settlement arrow_right_alt

Applicable after 12 September 2025. For more information, see Article 50.

Users, data holders and data recipients shall have access to a dispute settlement body, certified in accordance with paragraph 5 of this Article, to settle disputes pursuant to Article 4(3) and (9) and Article 5(12) as well as disputes relating to the fair, reasonable and non-discriminatory terms and conditions for, and transparent manner of, making data available in accordance with this Chapter and Chapter IV.
Dispute settlement bodies shall make the fees, or the mechanisms used to determine the fees, known to the parties concerned before those parties request a decision.
For disputes referred to a dispute settlement body pursuant to Article 4(3) and (9) and Article 5(12), where the dispute settlement body decides a dispute in favour of the user or of the data recipient, the data holder shall bear all the fees charged by the dispute settlement body and shall reimburse that user or that data recipient for any other reasonable expenses that it has incurred in relation to the dispute settlement. If the dispute settlement body decides a dispute in favour of the data holder, the user or the data recipient shall not be required to reimburse any fees or other expenses that the data holder paid or is to pay in relation to the dispute settlement, unless the dispute settlement body finds that the user or the data recipient manifestly acted in bad faith.
Customers and providers of data processing services shall have access to a dispute settlement body, certified in accordance with paragraph 5 of this Article, to settle disputes relating to breaches of the rights of customers and the obligations of providers of data processing services, in accordance with Articles 23 to 31.
The Member State where the dispute settlement body is established shall, at the request of that body, certify that body where it has demonstrated that it meets all of the following conditions:
1. it is impartial and independent, and it is to issue its decisions in accordance with clear, non-discriminatory and fair rules of procedure;
2. it has the necessary expertise, in particular in relation to fair, reasonable and non-discriminatory terms and conditions, including compensation, and on making data available in a transparent manner, allowing the body to effectively determine those terms and conditions;
3. it is easily accessible through electronic communication technology;
4. it is capable of adopting its decisions in a swift, efficient and cost-effective manner in at least one official language of the Union.
Member States shall notify to the Commission the dispute settlement bodies certified in accordance with paragraph 5. The Commission shall publish a list of those bodies on a dedicated website and keep it updated.
A dispute settlement body shall refuse to deal with a request to resolve a dispute that has already been brought before another dispute settlement body or before a court or tribunal of a Member State.
A dispute settlement body shall grant parties the possibility, within a reasonable period of time, to express their points of view on the matters those parties have brought before that body. In that context, each party to a dispute shall be provided with the submissions of the other party to their dispute and any statements made by experts. The parties shall be given the possibility to comment on those submissions and statements.
A dispute settlement body shall adopt its decision on a matter referred to it within 90 days of receipt of a request pursuant to paragraphs 1 and 4. That decision shall be in writing or on a durable medium and shall be supported by a statement of reasons.
Dispute settlement bodies shall draw up and make publicly available annual activity reports. Such annual reports shall include, in particular, the following general information:
1. an aggregation of the outcomes of disputes;
2. the average time taken to resolve disputes;
3. the most common reasons for disputes.
In order to facilitate the exchange of information and best practices, a dispute settlement body may decide to include recommendations in the report referred to in paragraph 10 as to how problems can be avoided or resolved.
The decision of a dispute settlement body shall be binding on the parties only if the parties have explicitly consented to its binding nature prior to the start of the dispute settlement proceedings.
This Article does not affect the right of parties to seek an effective remedy before a court
or tribunal of a Member State.

Close tabsclose

Recital 52

Ensuring access to alternative ways of resolving domestic and cross-border disputes that arise in connection with making data available should benefit data holders and data recipients and therefore strengthen trust in data sharing. Where parties cannot agree on fair, reasonable and non-discriminatory terms and conditions of making data available, dispute settlement bodies should offer a simple, fast and low-cost solution to the parties. While this Regulation only lays down the conditions that dispute settlement bodies need to fulfil to be certified, Member States are free to adopt any specific rules for the certification procedure, including the expiry or revocation of certification. The provisions of this Regulation on dispute settlement should not require Member States to establish dispute settlement bodies.

Recital 53

The dispute settlement procedure under this Regulation is a voluntary procedure that enables users, data holders and data recipients to agree to bring their disputes before dispute settlement bodies. Therefore, the parties should be free to address a dispute settlement body of their choice, be it within or outside of the Member States in which those parties are established.

Recital 54

To avoid cases in which two or more dispute settlement bodies are seized for the same dispute, in particular in a cross-border situation, a dispute settlement body should be able to refuse to deal with a request to resolve a dispute that has already been brought before another dispute settlement body or before a court or tribunal of a Member State.

Recital 55

In order to ensure the uniform application of this Regulation, the dispute settlement bodies should take into account the non-binding model contractual terms to be developed and recommended by the Commission as well as Union or national law specifying data sharing obligations or guidelines issued by sectoral authorities for the application of such law.

Recital 56

Parties to dispute settlement proceedings should not be prevented from exercising their fundamental rights to an effective remedy and a fair trial. Therefore, the decision to submit a dispute to a dispute settlement body should not deprive those parties of their right to seek redress before a court or tribunal of a Member State. Dispute settlement bodies should make annual activity reports publicly available.

Art. 11 Data Act - Technical protection measures on the unauthorised use or disclosure of data arrow_right_alt

Applicable after 12 September 2025. For more information, see Article 50.

A data holder may apply appropriate technical protection measures, including smart contracts and encryption, to prevent unauthorised access to data, including metadata, and to ensure compliance with Articles 4, 5, 6, 8 and 9, as well as with the agreed contractual terms for making data available. Such technical protection measures shall not discriminate between data recipients or hinder a user’s right to obtain a copy of, retrieve, use or access data, to provide data to third parties pursuant to Article 5 or any right of a third party under Union law or national legislation adopted in accordance with Union law. Users, third parties and data recipients shall not alter or remove such technical protection measures unless agreed by the data holder.
In the circumstances referred to in paragraph 3, the third party or data recipient shall comply, without undue delay, with the requests of the data holder and, where applicable and where they are not the same person, the trade secret holder or the user:
1. to erase the data made available by the data holder and any copies thereof;
2. to end the production, offering or placing on the market or use of goods, derivative data or services produced on the basis of knowledge obtained through such data, or the importation, export or storage of infringing goods for those purposes, and destroy any infringing goods, where there is a serious risk that the unlawful use of those data will cause significant harm to the data holder, the trade secret holder or the user or where such a measure would not be disproportionate in light of the interests of the data holder, the trade secret holder or the user;
3. to inform the user of the unauthorised use or disclosure of the data and of the measures taken to put an end to the unauthorised use or disclosure of the data;
4. to compensate the party suffering from the misuse or disclosure of such unlawfully accessed or used data.
Paragraph 2 shall apply where a third party or a data recipient has:
1. for the purposes of obtaining data, provided false information to a data holder, deployed deceptive or coercive means or abused gaps in the technical infrastructure of the data holder designed to protect the data;
2. used the data made available for unauthorised purposes, including the development of a competing connected product within the meaning of Article 6(2), point (e);
3. unlawfully disclosed data to another party;
4. not maintained the technical and organisational measures agreed pursuant to Article 5(9); or
5. altered or removed technical protection measures applied by the data holder pursuant to paragraph 1 of this Article without the agreement of the data holder.
Paragraph 2 shall also apply where a user alters or removes technical protection measures applied by the data holder or does not maintain the technical and organisational measures taken by the user in agreement with the data holder or, where they are not the same person, the trade secrets holder, in order to preserve trade secrets, as well as in respect of any other party that receives the data from the user by means of an infringement of this Regulation.
Where the data recipient infringes Article 6(2), point (a) or (b), users shall have the same rights as data holders under paragraph 2 of this Article.

Close tabsclose

Recital 57

Data holders may apply appropriate technical protection measures to prevent the unlawful disclosure of or access to data. However, those measures should neither discriminate between data recipients, nor hinder access to or the use of data for users or data recipients. In the case of abusive practices on the part of a data recipient, such as misleading the data holder by providing false information with the intent to use the data for unlawful purposes, including developing a competing connected product on the basis of the data, the data holder and, where applicable and where they are not the same person, the trade secret holder or the user can request the third party or data recipient to implement corrective or remedial measures without undue delay. Any such requests, and in particular requests to end the production, offering or placing on the market of goods, derivative data or services, as well as those to end importation, export, storage of infringing goods or their destruction, should be assessed in the light of their proportionality in relation to the interests of the data holder, the trade secret holder or the user.

Recital 58

Where one party is in a stronger bargaining position, there is a risk that that party could leverage such a position to the detriment of the other contracting party when negotiating access to data with the result that access to data is commercially less viable and sometimes economically prohibitive. Such contractual imbalances harm all enterprises without a meaningful ability to negotiate the conditions for access to data, and which may have no choice but to accept take-it-or-leave-it contractual terms. Therefore, unfair contractual terms regulating access to and the use of data, or liability and remedies for the breach or the termination of data related obligations, should not be binding on enterprises when those terms have been unilaterally imposed on those enterprises.

Art. 12 Data Act - Scope of obligations for data holders obliged pursuant to Union law to make data available arrow_right_alt

Previous: Chapter II - Business to consumer and business to business data sharing (Art. 3-7)

Next: Chapter IV - Unfair contractual terms related to data access and use between enterprises (Art. 13)