European Data Act, Final Text



Preamble 61 to 70.


(61) Criteria for identifying unfair contractual terms should be applied only to excessive contractual terms where a stronger bargaining position has been abused. The vast majority of contractual terms that are commercially more favourable to one party than to the other, including those that are normal in business-to-business contracts, are a normal expression of the principle of contractual freedom and continue to apply. For the purposes of this Regulation, grossly deviating from good commercial practice would include, inter alia, objectively impairing the ability of the party upon whom the term has been unilaterally imposed to protect its legitimate commercial interest in the data in question.


(62) In order to ensure legal certainty, this Regulation establishes a list of clauses that are always considered unfair and a list of clauses that are presumed to be unfair. In the latter case, the enterprise that imposes the contractual term should be able to rebut the presumption of unfairness by demonstrating that the contractual term listed in this Regulation is not unfair in the specific case in question.

If a contractual term is not included in the list of terms that are always considered unfair or that are presumed to be unfair, the general unfairness provision applies. In that regard, the terms listed as unfair contractual terms in this Regulation should serve as a yardstick to interpret the general unfairness provision.

Finally, non-binding model contractual terms for business-to-business data sharing contracts to be developed and recommended by the Commission may also be helpful to commercial parties when negotiating contracts. If a contractual term is declared to be unfair, the contract concerned should continue to apply without that term, unless the unfair contractual term is not severable from the other terms of the contract.


(63) In situations of exceptional need, it may be necessary for public sector bodies, the Commission, the European Central Bank or Union bodies to use in the performance of their statutory duties in the public interest existing data, including, where relevant, accompanying metadata, to respond to public emergencies or in other exceptional cases. Exceptional needs are circumstances which are unforeseeable and limited in time, in contrast to other circumstances which might be planned, scheduled, periodic or frequent.

While the notion of ‘data holder’ does not, generally, include public sector bodies, it may include public undertakings. Research-performing organisations and research-funding organisations could also be organised as public sector bodies or bodies governed by public law. To limit the burden on businesses, microenterprises and small enterprises should only be under the obligation to provide data to public sector bodies, the Commission, the European Central Bank or Union bodies in situations of exceptional need where such data is required to respond to a public emergency and the public sector body, the Commission, the European Central Bank or the Union body is unable to obtain such data by alternative means in a timely and effective manner under equivalent conditions.


(64) In the case of public emergencies, such as public health emergencies, emergencies resulting from natural disasters including those aggravated by climate change and environmental degradation, as well as human-induced major disasters, such as major cybersecurity incidents, the public interest resulting from the use of the data will outweigh the interests of the data holders to dispose freely of the data they hold. In such a case, data holders should be placed under an obligation to make the data available to public sector bodies, the Commission, the European Central Bank or Union bodies upon their request.

The existence of a public emergency should be determined or declared in accordance with Union or national law and based on the relevant procedures, including those of the relevant international organisations. In such cases, the public sector body should demonstrate that the data in scope of the request could not otherwise be obtained in a timely and effective manner and under equivalent conditions, for instance by way of the voluntary provision of data by another enterprise or the consultation of a public database.


(65) An exceptional need may also arise from non-emergency situations. In such cases, a public sector body, the Commission, the European Central Bank or a Union body should be allowed to request only non-personal data. The public sector body should demonstrate that the data are necessary for the fulfilment of a specific task carried out in the public interest that has been explicitly provided for by law, such as the production of official statistics or the mitigation of or recovery from a public emergency.

In addition, such a request can be made only when the public sector body, the Commission, the European Central Bank or a Union body has identified specific data that could not otherwise be obtained in a timely and effective manner and under equivalent conditions and only if it has exhausted all other means at its disposal to obtain such data, such as obtaining the data through voluntary agreements, including purchasing of non-personal data on the market by offering market rates, or by relying on existing obligations to make data available or the adoption of new legislative measures which could guarantee the timely availability of data.

The conditions and principles governing requests, such as those related to purpose limitation, proportionality, transparency and time limitation, should also apply. In cases of requests for data necessary for the production of official statistics, the requesting public sector body should also demonstrate whether the national law allows it to purchase non-personal data on the market.


(66) This Regulation should not apply to, or pre-empt, voluntary arrangements for the exchange of data between private and public entities, including the provision of data by SMEs, and is without prejudice to Union legal acts providing for mandatory information requests by public entities to private entities.

Obligations placed on data holders to provide data that are motivated by needs of a non-exceptional nature, in particular where the range of data and of data holders is known or where data use can take place on a regular basis, as in the case of reporting obligations and internal market obligations, should not be affected by this Regulation. Requirements to access data to verify compliance with applicable rules, including where public sector bodies assign the task of the verification of compliance to entities other than public sector bodies, should also not be affected by this Regulation.


(67) This Regulation complements and is without prejudice to the Union and national law providing for access to and the use of data for statistical purposes, in particular Regulation (EC) No 223/2009 of the European Parliament and of the Council (27) as well as national legal acts related to official statistics.


(68) For the exercise of their tasks in the areas of prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal and administrative penalties, as well as the collection of data for taxation or customs purposes, public sector bodies, the Commission, the European Central Bank or Union bodies should rely on their powers under Union or national law. This Regulation accordingly does not affect legislative acts on the sharing, access to and use of data in those areas.


(69) In accordance with Article 6(1) and (3) of Regulation (EU) 2016/679, a proportionate, limited and predictable framework at Union level is necessary when providing for the legal basis for the making available of data by data holders, in cases of exceptional needs, to public sector bodies, the Commission, the European Central Bank or Union bodies, both to ensure legal certainty and to minimise the administrative burdens placed on businesses.

To that end, data requests from public sector bodies, the Commission, the European Central Bank or Union bodies to data holders should be specific, transparent and proportionate in their scope of content and their granularity. The purpose of the request and the intended use of the data requested should be specific and clearly explained, while allowing appropriate flexibility for the requesting entity to carry out its specific tasks in the public interest. The request should also respect the legitimate interests of the data holder to whom the request is made.

The burden on data holders should be minimised by obliging requesting entities to respect the once-only principle, which prevents the same data from being requested more than once by more than one public sector body or the Commission, the European Central Bank or Union bodies. To ensure transparency, data requests made by the Commission, the European Central Bank or Union bodies should be made public without undue delay by the entity requesting the data.

The European Central Bank and Union bodies should inform the Commission of their requests. If the data request has been made by a public sector body, that body should also notify the data coordinator of the Member State where the public sector body is established. Online public availability of all requests should be ensured. Upon the receipt of a notification of a data request, the competent authority can decide to assess the lawfulness of the request and exercise its functions in relation to the enforcement and application of this Regulation. Online public availability of all requests made by public sector bodies should be ensured by the data coordinator.


(70) The objective of the obligation to provide the data is to ensure that public sector bodies, the Commission, the European Central Bank or Union bodies have the necessary knowledge to respond to, prevent or recover from public emergencies or to maintain the capacity to fulfil specific tasks explicitly provided for by law. The data obtained by those entities may be commercially sensitive.

Therefore, neither Regulation (EU) 2022/868 nor Directive (EU) 2019/1024 of the European Parliament and of the Council should apply to data made available under this Regulation and should not be considered as open data available for reuse by third parties. This however should not affect the applicability of Directive (EU) 2019/1024 to the reuse of official statistics for the production of which data obtained pursuant to this Regulation was used, provided the reuse does not include the underlying data.

In addition, provided the conditions laid down in this Regulation are met, the possibility of sharing the data for conducting research or for the development, production and dissemination of official statistics should not be affected. Public sector bodies should also be allowed to exchange data obtained pursuant to this Regulation with other public sector bodies, the Commission, the European Central Bank or Union bodies in order to address the exceptional needs for which the data has been requested.