EU Data Act’s Unfair Terms Rules

The EU Data Act (Regulation (EU) 2023/2854) introduces a new, horizontal regime governing unfair terms in business-to-business contracts that address access to and use of data, or liability and remedies for breach or termination of data-related obligations. This regime applies across sectors and contract types, even where data is not the principal subject of the agreement. It requires organisations to review and adapt standard terms, templates and legacy agreements to ensure compliance and preserve enforceability of key provisions.

Scope

The unfair terms provisions apply to unilaterally imposed terms in B2B contracts that regulate data access and use, or data-related liability and remedies. The regime is horizontal and captures a wide array of contracts and industries, including agreements where data provisions are embedded within broader commercial terms. In practice, this means that even if a contract is mainly about something else, if it includes sections about data access and use, those sections must comply with the Data Act’s fairness rules. General liability or remedies clauses also fall in scope insofar as they relate to data obligations.

What Counts as Unfair

A unilaterally imposed term is unfair where it grossly deviates from good commercial practice in data access and use, contrary to good faith and fair dealing. The Data Act sets out two categories.

Blacklist – Automatically unfair and void. These include clauses that:

• exclude or limit liability for intentional acts or gross negligence;
• exclude the other party’s remedies for non‑performance or exclude liability for breach of data‑related obligations; or
• grant the imposing party exclusive rights to interpret contractual terms or determine data conformity.

Greylist – Presumed unfair unless justified. These include clauses that:

• inappropriately limit remedies or liability;
• allow the imposing party to access or use the counterparty’s data in a manner significantly detrimental to the latter’s legitimate interests, particularly where data are commercially sensitive or protected by trade secrets or IP;
• prevent reasonable use, access, retention or exploitation of data contributed or generated during the contract;
• restrict termination by the counterparty on reasonable notice;
• prevent obtaining a copy of data during or after the contract;
• enable the imposing party to terminate at unreasonably short notice without serious grounds; or
• enable unilateral changes to price or other substantive conditions without valid reason or without a termination right for the counterparty.

For contracts of indeterminate duration, unilateral change rights are permissible only if a valid reason is specified, reasonable notice is given, and the counterparty can terminate at no cost.

Timelines

• From 12 September 2025, unilaterally imposed unfair terms falling within the blacklist are void, and grey‑listed terms are presumed unfair unless the imposing party can justify them in light of good faith, fair dealing, and good commercial practice.
• From 12 September 2027, the Act will also apply to contracts concluded on or before 12 September 2025 if they are of indefinite duration or set to expire at least ten years from 11 January 2024.