IT and data

EU Data Act: assertion of claims

Published on 17th February 2025

Part 2 in the series highlights claim scenarios and contractual arrangements – and practical steps for companies to take

The European Union's Data Act (DA), officially the "Regulation on harmonised rules for fair data access and use", came into force on 11 January 2024 and is expected to have far-reaching consequences for many companies.

The Data Act's requirements, unlike the Digital Markets Act, affect not only selected companies but every manufacturer or provider of connected products and associated services. Companies are also likely to exert considerable pressure on each other based on the Data Act.

Claims for users and third parties

The provisions in articles 3 to 7 DA aim to implement the legislation's objective: to make data easily accessible. The regulations thus focus on governing access, starting from the user's direct access to the obligation of the data holder to provide the data.

Article 3(1) DA establishes the obligation of the data holder to design and manufacture connected products or to design and provide associated services in such a way that the data is easily available, secure, free of charge, comprehensively structured, in a commonly used format, machine-readable and directly accessible to the user. However, the data holder must only make the data directly accessible to the user where this is relevant and technically feasible.

If the user cannot technically access the product data directly from the connected product or associated service, they have a data access claim against the data holder under article 4(1) DA for readily available data. Article 2(17) DA defines readily available data as that which a data holder can legally obtain from the connected product or associated service without disproportionate effort. Therefore, the prerequisite for the data access claim is that there is no access possibility under article 3(1) DA. The data access claim is triggered by a simple request from the user.

Primarily, third-party economic actors will be interested in using data. Against this background, the data holder must provide readily available data to a third party upon the user's request under article 5(1) DA. However, gatekeepers within the meaning of the Digital Markets Act are excluded from the data access claim.

Articles 4 and 5 DA result in every user of a connected product and almost every third party with the user's permission having access to the data generated by the connected product or associated service.

Required contractual relationships

This means that data holders and data seekers must be timely in addressing the appropriate contractual arrangements. Under the Data Act, three types of contractual relationships become relevant:

Data holder and user

Under the Data Act, the data holder itself may only use non-personal data generated by the product or service for its own purposes based on a contract with the user; that is, with the user's permission (article 4(13) DA). This permission will likely be obtained for practical reasons within the framework of the purchase, rental or leasing contract for the respective product or the contract for the provision of the service. The Data Act does not contain a coupling prohibition that would prevent the data holder from making the use of a product or service dependent on the conclusion of corresponding contractual clauses (see also recital 25).

Certain minimum information must be provided to the user before the contract is concluded, such as the type of data that the connected product or service can generate and the user's options for accessing it (article 3(3) and (4) DA). Data holders may also only provide generated product data (service data is not mentioned here) to third parties for the purpose of fulfilling their contract with the user (article 4(14) DA). Whether this can be contractually deviated from is still disputed.

Data holder and third party

If the user requests that the data holder grant a third-party access to the generated data, this requires a contract between the data holder and the designated third party (article 8 DA). The data holder must provide the data to the third party on fair, reasonable, and non-discriminatory (FRAND) terms (article 8(1) DA). This FRAND requirement is also known from patent law. Similar to patent law, there are likely to be practical difficulties in assessing conditions as FRAND within the scope of the Data Act.

The data holder may charge a fee for providing the data to third parties (but not for providing it to the user). This fee should consider the costs of providing the data and investments in its collection, but – unless the data recipient is a small to medium-sized enterprise or a non-profit research institution – is not limited to these costs (Article 9(2) and (3) DA). The data holder may also charge a margin (article 9(1) DA). However, how high this margin may be is still open. According to the Data Act, the Commission is to issue guidelines for calculating the appropriate remuneration (article 9(5) DA).

The requirement for fair contractual terms between the data holder and the third party is complemented by a negative list of abusive contractual clauses. The listed contractual clauses, such as liability exclusions or termination obstacles, are invalid if a company imposes them unilaterally on another (article 13 DA).

User and third party

Additionally, the user enters into an agreement with the third party who is to receive data from the data holder at the user's request. The third party may only use the data received as agreed with the user. In particular, they may not use it for purposes other than those contractually agreed (article 6(1) DA). The Data Act grants the user control over how their data is (further) used.

Osborne Clarke comment

Companies should first analyse which of their connected products and associated services fall within the scope of the DA. Then, companies should identify the extent of the data they need to make accessible to users or third parties: If the user has a direct access claim under article 3(1) DA, this includes product data or associated service data. The data access claim under article 4(1) DA (or article 5(1) DA in the case of third parties) is limited to "readily available data".

If companies are interested in not providing data to users, they should examine the possibilities to limit the data access claim: data holders can limit or exclude the user's data access claim, for example, in the absence of sufficient legal basis for data processing or in narrowly defined cases where trade secrets are present. In any scenario, a case-by-case assessment is required for each product or service.

If companies wish to offer a product or service for which they themselves rely on data access from data holders, they should ensure that the claim requirements under article 5 DA are met and that the necessary contractual agreements with the user and data holder are in place before bringing the product or service to market.

Related articles
Data Act: Teil 1 – was regelt der Data Act überhaupt?
23/01/2025 5 mins
Data Act: Teil 3 – Data Act und DSGVO
25/03/2025 9 mins
Data Act: Part 4 – The Data Act regulates cloud switching and influences the contractual relationship between customers and cloud service providers
22/04/2025 11 mins
Data Act: Teil 5 – Datenbereitstellung an den Staat und die EU
13/05/2025 9 mins
Interested in hearing more from Osborne Clarke?
Register now for more insights, news and events from across Osborne Clarke
Sign up

services

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Connect with one of our experts

Interested in hearing more from Osborne Clarke?
Register now for more insights, news and events from across Osborne Clarke
Sign up