§ Data Act · Article 6

Data Act Article 6: Obligations, Deadlines & Penalties

Regulation (EU) 2023/2854, Article 6 · All obligations · Data Act
At a glance
Article 6 of the Data Act imposes 11 obligations on third party. At least one obligation carries an explicit compliance deadline.
§ Obligations

All obligations under Article 6

Obligation 1
A third party shall process the data made available to it only for the purposes and under the conditions agreed with the user and subject to Union and national law on the protection of personal data. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
process
Deadline
Penalty
Obligation 2
The third party shall erase the data when they are no longer necessary for the agreed purpose, unless otherwise agreed with the user in relation to non-personal data. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
erase
Deadline
when no longer necessary for the agreed purpose
Penalty
Exemptions
non-personal data if otherwise agreed with the user
Obligation 3
The third party shall not make the exercise of choices or rights under Article 5 and this Article by the user unduly difficult, including by offering choices in a non-neutral manner, or by coercing, deceiving or manipulating the user. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from making difficult
Deadline
Penalty
Obligation 4
The third party shall not use the data it receives for profiling, unless it is necessary to provide the service requested by the user. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from profiling
Deadline
Penalty
Exemptions
if necessary to provide the service requested by the user
Obligation 5
The third party shall not make the data it receives available to another third party, unless the data is made available on the basis of a contract with the user and the other third party takes necessary measures to preserve confidentiality of trade secrets. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from sharing
Deadline
Penalty
Exemptions
if based on contract with user and confidentiality measures are taken
Obligation 6
The third party shall not make the data it receives available to an undertaking designated as a gatekeeper pursuant to Article 3 of Regulation (EU) 2022/1925. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from sharing
Deadline
Penalty
Obligation 7
The third party shall not use the data it receives to develop a product that competes with the connected product from which the accessed data originate or share the data with another third party for that purpose. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from using for competition
Deadline
Penalty
Obligation 8
Third parties shall not use any non-personal product data or related service data made available to them to derive insights about the economic situation, assets and production methods of, or use by, the data holder. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from deriving insights
Deadline
Penalty
Obligation 9
The third party shall not use the data it receives in a manner that has an adverse impact on the security of the connected product or related service. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from adverse security impact
Deadline
Penalty
Obligation 10
The third party shall not disregard the specific measures agreed with a data holder or with the trade secrets holder pursuant to Article 5(9) and undermine the confidentiality of trade secrets. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from undermining confidentiality
Deadline
Penalty
Obligation 11
The third party shall not prevent the user that is a consumer, including on the basis of a contract, from making the data it receives available to other parties. Regulation (EU) 2023/2854, Article 6, Article 6
Obligated entity
third party
Action required
refrain from preventing sharing
Deadline
Penalty
§ Frequently asked

Questions about Article 6

Who must comply with Article 6 of the Data Act? +
third party.
What does Article 6 of the Data Act require? +
process erase refrain from making difficult
What is the compliance deadline for Data Act Article 6? +
when no longer necessary for the agreed purpose
Need a cross-border briefing on Data Act Article 6?
Search Fontvera ↵
All EU obligation pages  ·  All Data Act articles