EU Data Act: Unfair contractual terms

1. Which contracts are subject to a fairness check?

General information

The fairness check of Art. 13 Data Act applies to contracts that (1) are concluded between enterprises, i.e. (in simple terms) natural or legal persons acting in business capacity, voluntarily or compulsorily (see below) and (2) regulate data-related rights and obligations. It is not limited to certain types of contracts, meaning that it also applies to purchase and rental agreements between enterprises if they contain data-related rights and obligations.

The fairness check applies to all contracts concluded after 12 September 2025 (Art. 50 para. 5 Data Act). Contracts concluded before this date are subject to a fairness check from 12 September 2027 if they are concluded for an indefinite term or if their contract term ends no earlier than 10 years after 11 January 2024 (Art. 50 para. 6 Data Act).

However, the fairness check does not apply to contracts between enterprises that do not involve data or contracts involving data that are concluded exclusively between consumers or between an enterprise and a consumer.

Voluntary contracts

The fairness check generally applies to data-related contracts that enterprises conclude with each other on a voluntary basis. An example of this would be a contract stipulating that, for instance, a vehicle manufacturer or a manufacturer of smart home products provides anonymized usage data of a connected product to another enterprise for research and development purposes or for data analysis.

Mandatory contracts

However, the fairness check also applies, based on Art. 8 para. 2 Data Act, to contracts that enterprises are obliged to conclude with each other because an enterprise acting as a data holder (for definition see Art. 2 no. 13 Data Act) must provide the data to another enterprise acting as a data recipient (for definition see Art. 2 no. 14 Data Act) due to a legal obligation.

According to Art. 8 para. 1 Data Act, such an obligation may initially arise when the user of a connected product (e.g., the buyer or tenant) requires the data holder (e.g., the manufacturer of the connected product) to provide the generated data to the data recipient (Art. 5 Data Act). Examples of this would be

• A contract between a heat pump manufacturer and a maintenance service for the transfer of data relevant to maintenance.
• A contract between a manufacturer of fitness watches and an enterprise that provides personalized health services by sharing collected fitness data.
• A contract between a vehicle manufacturer and an insurance company allowing the user of a connected vehicle to receive customized insurance benefits based on the collected vehicle data (e.g., maintenance information, mileage).

An obligation to provide data may also arise from other EU or national laws in accordance with Art. 8 para. 1 Data Act. However, - at least in our opinion - the prerequisite in this case is that the relevant legal act enters into force after 12 September 2025. Therefore, contracts for which the obligation to make data available arises from EU law or national law that entered into force before the Data Act became applicable, do not fall within the scope of Art. 8 Data Act. An example of this is Art. 61 et seq. of the EU Type-Approval Regulation (Regulation (EU) 2018/858), which requires vehicle manufacturers to provide repair and maintenance information to independent economic operators (e.g., repair shops or automotive parts traders). Contracts for the provision of this data would therefore not be covered.

2. Which contractual terms are subject to a fairness check?

All contractual terms on data access and data use or liability and remedies in the event of a breach or termination of data-related obligations are subject to a fairness check (Art. 13 para. 1 Data Act).

Contractual terms that concern other rights or obligations and are not data-related are not subject to the fairness check of Art. 13 Data Act. However, these non-data-related contractual terms are subject to an (additional) general content review under national law, e.g., in Germany in accordance with Sections 307 et seq. German Civil Code (BGB). This can lead to a split review of content, requiring a distinction between data-related and non-data-related provisions.

A further prerequisite is that the (data-related) contractual terms have been unilaterally imposed by one party on the other party. This is the case if they have been provided by one party and the other party is unable to influence their content despite attempts to negotiate (Art. 13 para. 6 sentence 1 Data Act). If the relevant provisions are negotiated individually, there is therefore no review of their content.

However, with regard to contractual terms relating to the main subject matter of the contract or the adequacy of the price, there is generally no fairness check under the Data Act (Art. 13 para. 8 Data Act).

But be careful: If it is a contract that must be concluded between a data holder and a data recipient in accordance with Art. 8 para. 1 Data Act, the price to be paid by the data recipient to the data holder for the provision of data must comply with the requirements of Art. 9 Data Act. In this case, the price must be non-discriminatory and reasonable (Art. 9 para. 1 Data Act) and is therefore ultimately also subject to a fairness check.

3. Which contractual terms are unfair?

The fairness check of Art. 13 Data Act follows a three-stage approach:

• General fairness check: Art. 13 para. 3 Data Act initially contains a general fairness requirement. Contractual terms are deemed unfair if they grossly deviate from good commercial practice in data use and data access or violate the principle of good faith. This is the case if the contractual term (objectively) impairs the data-related interests of the other party without any objective justification on the part of the party using this contractual term in this particular case. It is expected that this general fairness requirement will be specified over time, particularly through case law.
• Black list: Art. 13 para. 4 Data Act specifies the general fairness requirement and contains a so-called "black list" of contractual terms that are (irrefutably) considered unfair in any case. This includes, for example, a contractual term that excludes or limits the liability of the party using this contractual term regarding (data-related) breaches of duty in the event of intent or gross negligence.
• Grey list: Art. 13 para. 5 Data Act also specifies the general fairness requirement and contains a so-called "grey list" of contractual terms that are presumed to be unfair. This includes, for example, unilateral (short-term) termination options or price adjustment rights of the party using this contractual term. However, the presumption can be rebutted if the party using this contractual term can prove that the term in question is not unfair due to special circumstances in the specific case.

The examination of whether contractual terms are unfair should therefore first be based on the "black list", then on the "grey list" and finally on the general fairness requirement.

4. What are the legal consequences of unfair contractual terms?

If enterprises use unfair terms in their contracts, the affected terms are invalid (Art. 13 para. 1 Data Act). However, the remainder of the contract between the parties remains effective (Art. 13 para. 7 Data Act).

Further legal consequences may include the following in particular:

• Competitors or associations could admonish the party using the unfair contractual term and demand injunctive relief, as the provisions of the Data Act are likely considered market conduct rules within the meaning of Section 3a German Unfair Competition Act (UWG).
• Contractual partners of the user of the contractual term might theoretically claim damages if they have actually suffered damage as a result of the use of unfair contractual terms.

If the enterprise also violates Art. 8 to 12 of the Data Act by using unfair contractual terms (e.g., by agreeing to a discriminatory price), it may face fines in the worst case (Art. 40 para. 4 of the Data Act). These fines can amount to up to EUR 20,000,000 or 4% of an enterprise's total global annual turnover in the previous financial year, whichever is higher.

In addition, further penalties for infringements are to be expected in the future. By 12 September 2025, the EU Member States must adopt corresponding rules that enable effective, proportionate and dissuasive penalties. When imposing penalties, in addition to the nature and extent of the infringement, previous infringements, financial benefits and the annual turnover of the infringing party in the previous financial year in the EU can also be taken into account  (Art. 40 para. 1 to para. 3 Data Act).

5. Recommendation for action

Enterprises should check whether their contract templates contain any unfair contractual terms relating to data access and data use or liability and remedies for breach or termination of data-related obligations and amend these terms in accordance with the requirements of the Data Act.

In this context, the EU Commission will also recommend model contractual terms before  12 September 2025 (Art. 41 Data Act), which can be used if necessary. A draft of these model contractual terms is available in the final report of an Expert Group of the EU Commission on B2B data exchange and cloud computing contracts (accessible at: Register of Commission expert groups and other similar entities, pages 16-118 (last downloaded 1 July 2025)).

However, these model contractual terms should not be used in contracts governed by German law without reviewing them, as the EU Commission's model contractual terms must also meet the legal requirements under general terms and conditions law. A similar issue arose with the EU Commission's "No-Russia Clauses", which did not fully comply with the legal requirements for general terms and conditions and required adaptation for the German market.

We are happy to support you in reviewing and adapting your contract templates.

Authored by Golo Edel, Susanne Schuster, and Niklas Knop.