keyboard_tab Data Act 2023/2854 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- Article 1 Subject matter and scope
- Article 2 Definitions
- Article 3 Obligation to make product data and related service data accessible to the user
- Article 4 The rights and obligations of users and data holders with regard to access, use and making available product data and related service data
- Article 5 Right of the user to share data with third parties
- Article 6 Obligations of third parties receiving data at the request of the user
- Article 7 Scope of business-to-consumer and business-to-business data sharing obligations
- Article 8 Conditions under which data holders make data available to data recipients
- Article 9 Compensation for making data available
- Article 10 Dispute settlement
- Article 11 Technical protection measures on the unauthorised use or disclosure of data
- Article 12 Scope of obligations for data holders obliged pursuant to Union law to make data available
- Article 13 Unfair contractual terms unilaterally imposed on another enterprise
- Article 14 Obligation to make data available on the basis of an exceptional need
- Article 15 Exceptional need to use data
- Article 16 Relationship with other obligations to make data available to public sector bodies, the Commission, the European Central Bank and Union bodies
- Article 17 Requests for data to be made available
- Article 18 Compliance with requests for data
- Article 19 Obligations of public sector bodies, the Commission, the European Central Bank and Union bodies
- Article 20 Compensation in cases of an exceptional need
- Article 21 Sharing of data obtained in the context of an exceptional need with research organisations or statistical bodies
- Article 22 Mutual assistance and cross-border cooperation
- Article 23 Removing obstacles to effective switching
- Article 24 Scope of the technical obligations
- Article 25 Contractual terms concerning switching
- Article 26 Information obligation of providers of data processing services
- Article 27 Obligation of good faith
- Article 28 Contractual transparency obligations on international access and transfer
- Article 29 Gradual withdrawal of switching charges
- Article 30 Technical aspects of switching
- Article 31 Specific regime for certain data processing services
- Article 32 International governmental access and transfer
- Article 33 Essential requirements regarding interoperability of data, of data sharing mechanisms and services, as well as of common European data spaces
- Article 34 Interoperability for the purposes of in-parallel use of data processing services
- Article 35 Interoperability of data processing services
- Article 36 Essential requirements regarding smart contracts for executing data sharing agreements
- Article 37 Competent authorities and data coordinators
- Article 38 Right to lodge a complaint
- Article 39 Right to an effective judicial remedy
- Article 40 Penalties
- Article 41 Model contractual terms and standard contractual clauses
- Article 42 Role of the EDIB
- Article 43 Databases containing certain data
- Article 44 Other Union legal acts governing rights and obligations on data access and use
- Article 45 Exercise of the delegation
- Article 46 Committee procedure
- Article 47 Amendment to Regulation (EU) 2017/2394
- Article 48 Amendment to Directive (EU) 2020/1828
- Article 49 Evaluation and review
- Article 50 Entry into force and application
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
BUSINESS TO CONSUMER AND BUSINESS TO BUSINESS DATA SHARING
CHAPTER III
OBLIGATIONS FOR DATA HOLDERS OBLIGED TO MAKE DATA AVAILABLE PURSUANT TO UNION LAW
CHAPTER IV
UNFAIR CONTRACTUAL TERMS RELATED TO DATA ACCESS AND USE BETWEEN ENTERPRISES
CHAPTER V
MAKING DATA AVAILABLE TO PUBLIC SECTOR BODIES, THE COMMISSION, THE EUROPEAN CENTRAL BANK AND UNION BODIES ON THE BASIS OF AN EXCEPTIONAL NEED
CHAPTER VI
SWITCHING BETWEEN DATA PROCESSING SERVICES
CHAPTER VII
UNLAWFUL INTERNATIONAL GOVERNMENTAL ACCESS AND TRANSFER OF NON-PERSONAL DATA
CHAPTER VIII
INTEROPERABILITY
CHAPTER IX
IMPLEMENTATION AND ENFORCEMENT
CHAPTER X
SUI GENERIS RIGHT UNDER DIRECTIVE 96/9/EC
CHAPTER XI
FINAL PROVISIONS
- data
- metadata
- personal data
- non-personal data
- connected product
- related service
- processing
- data processing service
- same service type
- data intermediation service
- data subject
- user
- data holder
- data recipient
- product data
- related service data
- readily available data
- trade secret
- trade secret holder
- profiling
- making available on the market
- placing on the market
- consumer
- enterprise
- small enterprise
- microenterprise
- Union bodies
- public sector body
- public emergency
- customer
- virtual assistants
- digital assets
- on-premises ICT infrastructure
- switching
- data egress charges
- switching charges
- functional equivalence
- exportable data
- smart contract
- interoperability
- common specifications
- harmonised standard
- requirements 15
- shall 14
- paragraph 13
- essential 12
- smart_contract 10
- thereof 10
- commission 10
- laid 9
- down 9
- data 9
- smart_contracts 8
- implementing 7
- european 7
- article 6
- harmonised_standards 6
- referred 6
- regulation 6
- ensure 6
- article 6
- the 5
- executing 5
- agreement 5
- conformity 5
- harmonised_standard 5
- parts 5
- relevant 4
- journal 4
- official 4
- published 4
- involves 4
- profession 4
- acts 4
- vendor 4
- union 4
- which 4
- accordance 4
- reference 4
- draft 4
- absence 4
- request 4
- available 4
- context 4
- business 4
- been 4
- person 4
- control 4
- access 4
- trade 4
- deployment 4
- whose 4
Article 36
Essential requirements regarding smart_contracts for executing data sharing agreements
1. The vendor of an application using smart_contracts or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart_contracts for others in the context of executing an agreement or part of it, to make data available shall ensure that those smart_contracts comply with the following essential requirements of:
(a) | robustness and access control, to ensure that the smart_contract has been designed to offer access control mechanisms and a very high degree of robustness to avoid functional errors and to withstand manipulation by third parties; |
(b) | safe termination and interruption, to ensure that a mechanism exists to terminate the continued execution of transactions and that the smart_contract includes internal functions which can reset or instruct the contract to stop or interrupt the operation, in particular to avoid future accidental executions; |
(c) | data archiving and continuity, to ensure, in circumstances in which a smart_contract must be terminated or deactivated, there is a possibility to archive the transactional data, smart_contract logic and code in order to keep the record of operations performed on the data in the past (auditability); |
(d) | access control, to ensure that a smart_contract is protected through rigorous access control mechanisms at the governance and smart_contract layers; and |
(e) | consistency, to ensure consistency with the terms of the data sharing agreement that the smart_contract executes. |
2. The vendor of a smart_contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart_contracts for others in the context of executing an agreement or part of it, to make data available shall perform a conformity assessment with a view to fulfilling the essential requirements laid down in paragraph 1 and, on the fulfilment of those requirements, issue an EU declaration of conformity.
3. By drawing up the EU declaration of conformity, the vendor of an application using smart_contracts or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart_contracts for others in the context of executing an agreement or part of it, to make data available shall be responsible for compliance with the essential requirements laid down in paragraph 1.
4. A smart_contract that meets the harmonised_standards or the relevant parts thereof, the references of which are published in the Official Journal of the European Union, shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such harmonised_standards or parts thereof.
5. The Commission shall, pursuant to Article 10 of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised_standards that satisfy the essential requirements laid down in paragraph 1 of this Article.
6. The Commission may, by means of implementing acts, adopt common_specifications covering any or all of the essential requirements laid down in paragraph 1 where the following conditions have been fulfilled:
(a) | the Commission has requested, pursuant to Article 10(1) of Regulation (EU) No 1025/2012, one or more European standardisation organisations to draft a harmonised_standard that satisfies the essential requirements laid down in paragraph 1 of this Article and:
|
(b) | no reference to harmonised_standards covering the relevant essential requirements laid down in paragraph 1 of this Article is published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012 and no such reference is expected to be published within a reasonable period. |
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 46(2).
7. Before preparing a draft implementing act referred to in paragraph 6 of this Article, the Commission shall inform the committee referred to in Article 22 of Regulation (EU) No 1025/2012 that it considers that the conditions in paragraph 6 of this Article have been fulfilled.
8. When preparing the draft implementing act referred to in paragraph 6, the Commission shall take into account the advice of the EDIB and views of other relevant bodies or expert groups and shall duly consult all relevant stakeholders.
9. The vendor of a smart_contract or, in the absence thereof, the person whose trade, business or profession involves the deployment of smart_contracts for others in the context of executing an agreement or part of it, to make data available that meet the common_specifications established by implementing acts referred to in paragraph 6 or parts thereof shall be presumed to be in conformity with the essential requirements laid down in paragraph 1 to the extent that those requirements are covered by such common_specifications or parts thereof.
10. Where a harmonised_standard is adopted by a European standardisation organisation and proposed to the Commission for the purpose of publishing its reference in the Official Journal of the European Union, the Commission shall assess the harmonised_standard in accordance with Regulation (EU) No 1025/2012. Where the reference of a harmonised_standard is published in the Official Journal of the European Union, the Commission shall repeal the implementing acts referred to in paragraph 6 of this Article, or parts thereof which cover the same essential requirements as those covered by that harmonised_standard.
11. When a Member State considers that a common specification does not entirely satisfy the essential requirements laid down in paragraph 1, it shall inform the Commission thereof by submitting a detailed explanation. The Commission shall assess that detailed explanation and may, if appropriate, amend the implementing act establishing the common specification in question.
CHAPTER IX
IMPLEMENTATION AND ENFORCEMENT
whereas