Data Act

In line with the minimum requirement allowing switching between providers of data processing services, this Regulation also aims to improve interoperability for in-parallel use of multiple data processing services with complementary functionalities. This relates to situations in which customers do not terminate a contract to switch to a different provider of data processing services, but where multiple services of different providers are used in parallel, in an interoperable manner, to benefit from the complementary functionalities of the different services in the set-up of the customer’s system. However, it is recognised that the egress of data from one provider of data processing services to another in order to facilitate the in-parallel use of services can be an ongoing activity, in contrast with the one-off egress required as part of the switching process. Providers of data processing services should therefore continue to be able to impose data egress charges, not exceeding the costs incurred, for the purposes of in-parallel use after three years from the date of entry into force of this Regulation. This is important, inter alia, for the successful deployment of multi-cloud strategies, which allow customers to implement future-proof ICT strategies and which decrease dependence on individual providers of data processing services. Facilitating a multi-cloud approach for customers of data processing services can also contribute to increasing their digital operational resilience, as recognised for financial service institutions in Regulation (EU) 2022/2554 of the European Parliament and of the Council⁽¹⁾.

^{(1) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).}

Open interoperability specifications and standards developed in accordance with Annex II to Regulation (EU) No 1025/2012 of the European Parliament and of the Council⁽¹⁾ in the field of interoperability and portability are expected to enable a multi-vendor cloud environment, which is a key requirement for open innovation in the European data economy. As the market adoption of identified standards under the cloud standardisation coordination (CSC) initiative concluded in 2016 has been limited, it is also necessary that the Commission relies on parties in the market to develop relevant open interoperability specifications to keep up with the fast pace of technological development in this industry. Such open interoperability specifications can then be adopted by the Commission in the form of common specifications. In addition, where market-driven processes have not demonstrated a capacity to establish common specifications or standards that facilitate effective cloud interoperability at the PaaS and SaaS levels, the Commission should be able, on the basis of this Regulation and in accordance with Regulation (EU) No 1025/2012, to request European standardisation bodies to develop such standards for specific service types where such standards do not yet exist. In addition to this, the Commission will encourage parties in the market to develop relevant open interoperability specifications. After consulting stakeholders, the Commission, by means of implementing acts, should be able to mandate the use of harmonised standards for interoperability or common specifications for specific service types through a reference in a central Union standards repository for the interoperability of data processing services. Providers of data processing services should ensure compatibility with those harmonised standards and common specifications based on open interoperability specifications, which should not have an adverse impact on the security or integrity of data. Harmonised standards for the interoperability of data processing services and common specifications based on open interoperability specifications will be referenced only if they comply with the criteria specified in this Regulation, which have the same meaning as the requirements in Annex II to Regulation (EU) No 1025/2012 and the interoperability facets defined under the international standard ISO/IEC 19941:2017. In addition, standardisation should take into account the needs of SMEs.

^{(1) Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12).}

Standardisation and semantic interoperability should play a key role to provide technical solutions to ensure interoperability within and among common European data spaces which are purpose or sector specific or cross-sectoral interoperable frameworks for common standards and practices to share or jointly process data for, inter alia, the development of new products and services, scientific research or civil society initiatives. This Regulation lays down certain essential requirements for interoperability. Participants in data spaces that offer data or data services to other participants, which are entities facilitating or engaging in data sharing within common European data spaces, including data holders, should comply with those requirements insofar as elements under their control are concerned. Compliance with those rules can be ensured by adhering to the essential requirements laid down in this Regulation, or presumed by complying with harmonised standards or common specifications via a presumption of conformity. In order to facilitate conformity with the requirements for interoperability, it is necessary to provide for a presumption of conformity of interoperability solutions that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012, which represents the framework by default to elaborate standards that provide for such presumptions. The Commission should assess barriers to interoperability and prioritise standardisation needs, on the basis of which it may request one or more European standardisation organisations, pursuant to Regulation (EU) No 1025/2012, to draft harmonised standards which satisfy the essential requirements laid down in this Regulation. Where such requests do not result in harmonised standards or such harmonised standards are insufficient to ensure conformity with the essential requirements of this Regulation, the Commission should be able to adopt common specifications in those areas provided that in so doing it duly respects the role and functions of standardisation organisations. Common specification should be adopted only as an exceptional fall-back solution to facilitate compliance with the essential requirements of this Regulation, or when the standardisation process is blocked, or when there are delays in the establishment of appropriate harmonised standards. Where a delay is due to the technical complexity of the standard in question, this should be considered by the Commission before contemplating the establishment of common specifications. Common specifications should be developed in an open and inclusive manner and take into account, where relevant, the advice of the European Data Innovation Board (EDIB) established by Regulation (EU) 2022/868. Additionally, common specifications in different sectors could be adopted, in accordance with Union or national law, on the basis of specific needs of those sectors. Furthermore, the Commission should be enabled to mandate the development of harmonised standards for the interoperability of data processing services.

In line with the minimum requirement allowing switching between providers of data processing services, this Regulation also aims to improve interoperability for in-parallel use of multiple data processing services with complementary functionalities. This relates to situations in which customers do not terminate a contract to switch to a different provider of data processing services, but where multiple services of different providers are used in parallel, in an interoperable manner, to benefit from the complementary functionalities of the different services in the set-up of the customer’s system. However, it is recognised that the egress of data from one provider of data processing services to another in order to facilitate the in-parallel use of services can be an ongoing activity, in contrast with the one-off egress required as part of the switching process. Providers of data processing services should therefore continue to be able to impose data egress charges, not exceeding the costs incurred, for the purposes of in-parallel use after three years from the date of entry into force of this Regulation. This is important, inter alia, for the successful deployment of multi-cloud strategies, which allow customers to implement future-proof ICT strategies and which decrease dependence on individual providers of data processing services. Facilitating a multi-cloud approach for customers of data processing services can also contribute to increasing their digital operational resilience, as recognised for financial service institutions in Regulation (EU) 2022/2554 of the European Parliament and of the Council⁽¹⁾.

^{(1) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).}

Open interoperability specifications and standards developed in accordance with Annex II to Regulation (EU) No 1025/2012 of the European Parliament and of the Council⁽¹⁾ in the field of interoperability and portability are expected to enable a multi-vendor cloud environment, which is a key requirement for open innovation in the European data economy. As the market adoption of identified standards under the cloud standardisation coordination (CSC) initiative concluded in 2016 has been limited, it is also necessary that the Commission relies on parties in the market to develop relevant open interoperability specifications to keep up with the fast pace of technological development in this industry. Such open interoperability specifications can then be adopted by the Commission in the form of common specifications. In addition, where market-driven processes have not demonstrated a capacity to establish common specifications or standards that facilitate effective cloud interoperability at the PaaS and SaaS levels, the Commission should be able, on the basis of this Regulation and in accordance with Regulation (EU) No 1025/2012, to request European standardisation bodies to develop such standards for specific service types where such standards do not yet exist. In addition to this, the Commission will encourage parties in the market to develop relevant open interoperability specifications. After consulting stakeholders, the Commission, by means of implementing acts, should be able to mandate the use of harmonised standards for interoperability or common specifications for specific service types through a reference in a central Union standards repository for the interoperability of data processing services. Providers of data processing services should ensure compatibility with those harmonised standards and common specifications based on open interoperability specifications, which should not have an adverse impact on the security or integrity of data. Harmonised standards for the interoperability of data processing services and common specifications based on open interoperability specifications will be referenced only if they comply with the criteria specified in this Regulation, which have the same meaning as the requirements in Annex II to Regulation (EU) No 1025/2012 and the interoperability facets defined under the international standard ISO/IEC 19941:2017. In addition, standardisation should take into account the needs of SMEs.

^{(1) Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12).}

To promote the interoperability of tools for the automated execution of data sharing agreements, it is necessary to lay down essential requirements for smart contracts which professionals create for others or integrate in applications that support the implementation of agreements for data sharing. In order to facilitate the conformity of such smart contracts with those essential requirements, it is necessary to provide for a presumption of conformity of smart contracts that meet harmonised standards or parts thereof in accordance with Regulation (EU) No 1025/2012. The notion of ‘smart contract’ in this Regulation is technologically neutral. Smart contracts can, for example, be connected to an electronic ledger. The essential requirements should apply only to the vendors of smart contracts, although not where they develop smart contracts in-house exclusively for internal use. The essential requirement to ensure that smart contracts can be interrupted and terminated implies mutual consent by the parties to the data sharing agreement. The applicability of the relevant rules of civil, contractual and consumer protection law to data sharing agreements remains or should remain unaffected by the use of smart contracts for the automated execution of such agreements.

To demonstrate fulfilment of the essential requirements of this Regulation, the vendor of a smart contract, or in the absence thereof, the person whose trade, business or profession involves the deployment of smart contracts for others in the context of executing an agreement or part of it, to make data available in the context of this Regulation, should perform a conformity assessment and issue an EU declaration of conformity. Such a conformity assessment should be subject to the general principles set out in Regulation (EC) No 765/2008 of the European Parliament and of the Council⁽¹⁾ and Decision No 768/2008/EC of the European Parliament and of the Council⁽²⁾.

^{(1) Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and repealing Regulation (EEC) No 339/93 (OJ L 218, 13.8.2008, p. 30).
(2) Decision No 768/2008/EC of the European Parliament and of the Council of 9 July 2008 on a common framework for the marketing of products, and repealing Council Decision 93/465/EEC (OJ L 218, 13.8.2008, p. 82).}