Contract Clauses and the EU Data Act – What You Need to Know

The EU Data Act, in force since 12 September 2025, fundamentally reshapes how companies handle data. For businesses, law firms, and legal departments, the regulation redefines access, use, and transparency of data. Many standard contract clauses – such as liability exclusions, exclusive usage rights, or data-sharing restrictions – may now violate the new data law requirements. Failing to update contracts can result in invalid provisions, fines, and reputational damage.

The Data Act is not just a regulatory challenge but also an opportunity for greater fairness, innovation, and data-driven business models. This article explains which clauses are critical, how to adjust them, and what opportunities arise as a result.

The Risks Behind Contract Clauses – What You Need to Know

The EU Data Act aims to ensure fair, transparent, and non-discriminatory data usage. Until now, manufacturers and platform providers could often control access to data unilaterally – for example, through terms and conditions that excluded users or prohibited data sharing.

With the new regulation, that’s no longer possible: Providers of connected products and digital services must grant users access to the data they generate (Articles 4 et seq. EU Data Act). Any unfair contractual terms restricting this access are automatically void.

The regulation particularly affects:

• B2B contracts where one party holds significantly more bargaining power;
• Data-sharing agreements between manufacturers, platforms, and users;
• Cloud or SaaS contracts containing restrictive exit or lock-in provisions.

Its goal is to balance power asymmetries and promote innovation through fair data exchange.

Which Clauses Need to Be Adjusted – and How

1. Data Access and Usage Rights

Clauses granting providers full ownership of all generated data are no longer permitted.
Contracts must clearly define user access and usage rights, ensuring data is provided free of charge, without delay, and in a commonly used, machine-readable format.

2. Confidentiality and Trade Secret Clauses

The Data Act requires a balance between data access and trade secret protection.
Broad confidentiality clauses that prohibit any disclosure are problematic and should be replaced with tailored provisions allowing data sharing under NDAs or technical safeguards (e.g., data masking).

3. Liability and Warranty Exclusions

Clauses that completely exclude liability for incorrect or incomplete data are considered unfair, especially if they disadvantage users.
Contracts should instead include balanced risk allocation and tiered liability frameworks, strengthening both compliance and legal clarity.

4. Cloud and Exit Clauses

From 2027, cloud service providers must enable easy switching between providers.
Long-term lock-ins, transfer fees, or technical barriers will no longer be allowed.
Contracts should include clear exit procedures, defined timelines, and data export and migration support.

5. Licensing and Compensation Clauses

Data must be shared under fair, reasonable, and non-discriminatory (FRAND) conditions. Excessive fees or exclusive usage rights are not compliant.
Recommended are transparent pricing models that reflect actual effort and data value.

New Opportunities and Risks for Law Firms, Legal Departments, and Businesses

Opportunities

• New advisory fields: The extensive need for contract updates opens opportunities for law firms and legal operations teams to offer EU Data Act compliance services.
• Stronger negotiating power: Companies can demand fairer terms from providers, particularly in cloud and platform contracts.
• Innovation boost: Broader data access enables collaboration, data sharing, and the development of data-driven business models.

Risks

• High adaptation effort: Existing contracts, terms, and licenses require comprehensive revisions.
• Liability exposure: Missing or vague provisions can lead to damage claims or contract invalidity.
• Coordination challenges: IT, Legal, and Procurement must work closely to align technical, legal, and operational requirements.

Conclusion

The EU Data Act compels companies to critically review their contractual landscape, especially wherever data is generated, used, or shared.Unfair or restrictive clauses lose their validity, and failure to act may lead to compliance gaps and economic disadvantages.

Law firms and legal departments should now develop Data Act–compliant contract models that combine transparency, protection, and innovation. A Data Act contract audit helps identify critical clauses, create FRAND-compliant templates, and ensure long-term compliance – enabling organizations to remain legally sound, efficient, and future-ready.

________________________________________________________________________________________________________________________________

Further Reading – Our Blog Series (Coming Soon):

• Part 1 - EU Data Act: Why the new EU regulation will also change your work
• Part 2 - EU Data Act from September 2025: What you need to know
• Part 4 – From risk to opportunity: How the EU Data Act opens up new possibilities
• Part 5 – Using legal tech for a Data Act compliance check: How Contract Insights provides support