§ Data Act · Article 11
Data Act Article 11: Obligations, Deadlines & Penalties
At a glance
Article 11 of the Data Act imposes 8 obligations on data recipient, data recipients, third parties and 3 other entity type(s). At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 11
Obligation 1
Users, third parties, and data recipients shall not alter or remove technical protection measures applied by the data holder unless agreed by the data holder.
Regulation (EU) 2023/2854, Article 11, Article 11
- Obligated entity
-
users, third parties, data recipients
- Action required
-
not alter or remove
- Deadline
-
—
- Penalty
-
—
- Exemptions
- unless agreed by the data holder
Obligation 2
In circumstances of unauthorized use or disclosure, the third party or data recipient shall erase the data made available by the data holder and any copies thereof without undue delay.
Regulation (EU) 2023/2854, Article 11, Article 11
- Obligated entity
-
third party, data recipient
- Action required
-
erase
- Deadline
-
without undue delay
- Penalty
-
—
Obligation 3
In circumstances of unauthorized use or disclosure, the third party or data recipient shall end the production, offering, placing on the market, or use of goods, derivative data, or services produced on the basis of knowledge obtained through such data, and destroy any infringing goods where there is a serious risk of significant harm or where not disproportionate.
Regulation (EU) 2023/2854, Article 11, Article 11
- Obligated entity
-
third party, data recipient
- Action required
-
end production/offering/use and destroy
- Deadline
-
without undue delay
- Penalty
-
—
Obligation 4
In circumstances of unauthorized use or disclosure, the third party or data recipient shall inform the user of the unauthorized use or disclosure of the data and of the measures taken to put an end to it.
Regulation (EU) 2023/2854, Article 11, Article 11
- Obligated entity
-
third party, data recipient
- Action required
-
inform
- Deadline
-
without undue delay
- Penalty
-
—
Obligation 5
In circumstances of unauthorized use or disclosure, the third party or data recipient shall compensate the party suffering from the misuse or disclosure of such unlawfully accessed or used data.
Regulation (EU) 2023/2854, Article 11, Article 11
- Obligated entity
-
third party, data recipient
- Action required
-
compensate
- Deadline
-
without undue delay
- Penalty
-
—
Obligation 6
A data recipient shall maintain the technical and organisational measures agreed pursuant to Article 5(9) to avoid obligations under paragraph 2.
Regulation (EU) 2023/2854, Article 11, Article 11
- Obligated entity
-
data recipient
- Action required
-
maintain
- Deadline
-
—
- Penalty
-
—
Obligation 7
A user shall not alter or remove technical protection measures applied by the data holder to avoid obligations under paragraph 2.
Regulation (EU) 2023/2854, Article 11, Article 11
- Obligated entity
-
user
- Action required
-
not alter or remove
- Deadline
-
—
- Penalty
-
—
Obligation 8
A user shall maintain the technical and organisational measures taken in agreement with the data holder or trade secrets holder to preserve trade secrets to avoid obligations under paragraph 2.
Regulation (EU) 2023/2854, Article 11, Article 11
- Obligated entity
-
user
- Action required
-
maintain
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 11
Who must comply with Article 11 of the Data Act?
+
data recipient, data recipients, third parties, third party, user, users.
What does Article 11 of the Data Act require?
+
not alter or remove erase end production/offering/use and destroy
What is the compliance deadline for Data Act Article 11?
+
without undue delay