§ Data Act · Article 11

Data Act Article 11: Obligations, Deadlines & Penalties

Regulation (EU) 2023/2854, Article 11 · All obligations · Data Act
At a glance
Article 11 of the Data Act imposes 8 obligations on data recipient, data recipients, third parties and 3 other entity type(s). At least one obligation carries an explicit compliance deadline.
§ Obligations

All obligations under Article 11

Obligation 1
Users, third parties, and data recipients shall not alter or remove technical protection measures applied by the data holder unless agreed by the data holder. Regulation (EU) 2023/2854, Article 11, Article 11
Obligated entity
users, third parties, data recipients
Action required
not alter or remove
Deadline
Penalty
Exemptions
unless agreed by the data holder
Obligation 2
In circumstances of unauthorized use or disclosure, the third party or data recipient shall erase the data made available by the data holder and any copies thereof without undue delay. Regulation (EU) 2023/2854, Article 11, Article 11
Obligated entity
third party, data recipient
Action required
erase
Deadline
without undue delay
Penalty
Obligation 3
In circumstances of unauthorized use or disclosure, the third party or data recipient shall end the production, offering, placing on the market, or use of goods, derivative data, or services produced on the basis of knowledge obtained through such data, and destroy any infringing goods where there is a serious risk of significant harm or where not disproportionate. Regulation (EU) 2023/2854, Article 11, Article 11
Obligated entity
third party, data recipient
Action required
end production/offering/use and destroy
Deadline
without undue delay
Penalty
Obligation 4
In circumstances of unauthorized use or disclosure, the third party or data recipient shall inform the user of the unauthorized use or disclosure of the data and of the measures taken to put an end to it. Regulation (EU) 2023/2854, Article 11, Article 11
Obligated entity
third party, data recipient
Action required
inform
Deadline
without undue delay
Penalty
Obligation 5
In circumstances of unauthorized use or disclosure, the third party or data recipient shall compensate the party suffering from the misuse or disclosure of such unlawfully accessed or used data. Regulation (EU) 2023/2854, Article 11, Article 11
Obligated entity
third party, data recipient
Action required
compensate
Deadline
without undue delay
Penalty
Obligation 6
A data recipient shall maintain the technical and organisational measures agreed pursuant to Article 5(9) to avoid obligations under paragraph 2. Regulation (EU) 2023/2854, Article 11, Article 11
Obligated entity
data recipient
Action required
maintain
Deadline
Penalty
Obligation 7
A user shall not alter or remove technical protection measures applied by the data holder to avoid obligations under paragraph 2. Regulation (EU) 2023/2854, Article 11, Article 11
Obligated entity
user
Action required
not alter or remove
Deadline
Penalty
Obligation 8
A user shall maintain the technical and organisational measures taken in agreement with the data holder or trade secrets holder to preserve trade secrets to avoid obligations under paragraph 2. Regulation (EU) 2023/2854, Article 11, Article 11
Obligated entity
user
Action required
maintain
Deadline
Penalty
§ Frequently asked

Questions about Article 11

Who must comply with Article 11 of the Data Act? +
data recipient, data recipients, third parties, third party, user, users.
What does Article 11 of the Data Act require? +
not alter or remove erase end production/offering/use and destroy
What is the compliance deadline for Data Act Article 11? +
without undue delay
Need a cross-border briefing on Data Act Article 11?
Search Fontvera ↵
All EU obligation pages  ·  All Data Act articles