§ Data Act · Article 28
Data Act Article 28: Obligations, Deadlines & Penalties
At a glance
Article 28 of the Data Act imposes 4 obligations on provider of data processing services.
§ Obligations
All obligations under Article 28
Obligation 1
Providers of data processing services shall make available on their websites the jurisdiction to which the ICT infrastructure deployed for data processing of their individual services is subject.
Regulation (EU) 2023/2854, Article 28, Article 28
- Obligated entity
-
provider of data processing services
- Action required
-
publish
- Deadline
-
—
- Penalty
-
—
Obligation 2
Providers of data processing services shall make available on their websites a general description of the technical, organisational and contractual measures adopted to prevent international governmental access to or transfer of non-personal data held in the Union where such access or transfer would create a conflict with Union law or national law.
Regulation (EU) 2023/2854, Article 28, Article 28
- Obligated entity
-
provider of data processing services
- Action required
-
publish
- Deadline
-
—
- Penalty
-
—
Obligation 3
Providers of data processing services shall keep the information regarding jurisdiction and protective measures available on their websites up to date.
Regulation (EU) 2023/2854, Article 28, Article 28
- Obligated entity
-
provider of data processing services
- Action required
-
maintain
- Deadline
-
—
- Penalty
-
—
Obligation 4
Providers of data processing services shall list the websites containing the required transparency information in contracts for all data processing services offered.
Regulation (EU) 2023/2854, Article 28, Article 28
- Obligated entity
-
provider of data processing services
- Action required
-
include in contract
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 28
Who must comply with Article 28 of the Data Act?
+
provider of data processing services.
What does Article 28 of the Data Act require?
+
publish maintain include in contract