The EU Data Act (DA) is changing the way corporate data is handled, requiring a closer look at contractual agreements. Those offering or using connected products and data-based services will have no choice but to systematically review their contracts.
What does the EU Data Act regulate?
The EU Data Act (Regulation (EU) 2023/2854) establishes clear rules for the access, use, and sharing of data from connected products and related services. The regulation, which must be implemented by September 12, 2025, covers both personal and non-personal data generated by connected devices, sensors, machines, or platforms. Its goal is to foster a fair, transparent, and innovation-friendly market within the EU, where companies can efficiently and legally utilize data.
Impact on contract drafting
The EU Data Act directly impacts the drafting of supply, service, SaaS, and cloud contracts. Companies must clearly define which parties have access to which data, the purposes for which the parties will use it, and how they will disclose information to third parties. Additionally, formats, deadlines, interfaces, technical access options, and security and availability requirements must be specified. Pre-contractual information must also include transparent details on the type, scope, frequency, storage location, and access options for relevant data.
Which clauses are affected?
- Data access and use
Exclusive rights for providers to user data are not permitted. Contracts must contain clear provisions for free access in a machine-readable format. - Confidentiality and secrecy
Targeted regulations (such as NDAs or technical protection measures) should replace blanket confidentiality clauses in order to balance data access and trade secret protection. - Liability and warranty
Unilateral exclusions of liability for data errors are considered unfair. Instead, appropriate risk-sharing and proportional models should be agreed upon. - Cloud exit and binding
From 2027 onward, cloud contracts will require straightforward switching options without fees or obstacles, including export and migration assistance. - Licensing and remuneration
Data sharing must meet FRAND (fair, reasonable, and non-discriminatory) conditions, with transparent prices based on real value.
To help companies draft and negotiate contracts that comply with the EU Data Act, the European Commission published model contract clauses for data provision and standard contractual clauses (SCCs) for cloud contracts. While these serve as guidance, they do not replace an individual review of the clauses for the respective business case.
Deadlines: When must contracts be amended?
Since September 12, 2025, all new contracts must be EU Data Act-compliant. A transition period applies to existing contracts. Open-ended contracts, as well as agreements with an original term exceeding ten years based on the January 11, 2024, entry-into-force date, must be amended by September 12, 2027.
Need for action in contract management
In practical terms, companies must review their contracts for compliance with the Data Act throughout the entire data lifecycle, including supply, service, maintenance, and cloud and platform contracts. Particularly critical are constellations involving networked products, IoT services, and data-driven business models, in which data access and transfer have thus far been largely regulated on a unilateral basis. Companies that establish clear, fair, and legally compliant regulations early on will reduce liability risks and strengthen their data strategy.
Using AI tools for contract review
The large number of contracts and new regulatory requirements quickly render manual review ineffective. This is where modern contract management software with AI-supported automation comes in. AI review catalogs analyze the contract portfolio against defined criteria, such as Data Act-relevant clauses, using customizable checklists. The AI recognizes the risks involved and presents them in a clear format. Subsequent process steps, such as creating supplementary agreements, approval, and signing, are quick and easy thanks to templates, clause libraries, and digital workflows. This allows companies to efficiently, scalably, and audit-proof implement the requirements of the EU Data Act across their entire contract portfolio.
Would you like to learn more about AI contract review with Fabasoft Contracts? Download the white paper now
