The traditional “take-it-or-leave-it” approach to B2B data-sharing agreements has evolved, paving the way for more collaborative and flexible partnerships. For years, smaller enterprises have been forced into one-sided contracts by dominant players, signing away valuable data rights with little to no power to negotiate. The EU’s Data Act, which took effect in September 2025, directly targets this imbalance with a new fairness regime for B2B contracts.
The Data Act represents far more than a simple compliance challenge — it signifies a profound transformation in how businesses negotiate and govern data use. The Act renders unilaterally imposed, unfair clauses unenforceable, giving businesses a powerful tool to challenge terms that hinder their operations or lock them into digital ecosystems. For leaders in procurement, IT, and legal, understanding this new framework is critical for unlocking innovation and mitigating risk.
When a Clause Crosses the Line
Under the Data Act, a contractual clause is considered unfair if it grossly deviates from good commercial practice and violates the principles of good faith and fair dealing. In practical terms, any term that creates a “substantial imbalance” in rights and obligations to the detriment of one party can be challenged.
To provide clear guidance, the legislation establishes two categories of problematic clauses: a “blacklist” of terms that are always considered unfair and a “greylist” of terms that are presumed to be unfair unless the imposing party can prove otherwise.
The Blacklist: Automatically Unenforceable Terms
The blacklist can be viewed as a set of contract terms that are automatically disqualified for being fundamentally unfair. Any clause that is unilaterally imposed and serves one of the following purposes is automatically deemed unfair and cannot be enforced.
Excluding Liability: A clause cannot exclude or limit the imposing party’s liability for intentional acts or gross negligence.
Blocking Remedies: The contract cannot deprive the other party of the remedies available if the imposing party fails to fulfill its contractual obligations.
Granting Sole Interpretation: A clause cannot give the imposing party the exclusive right to determine if the provided data is compliant with the contract or to interpret any of its terms.
The Greylist: Clauses Presumed to Be Unfair
The greylist functions like a contractual yellow card. These clauses are presumed unfair, shifting the burden of proof to the company that imposed them to demonstrate their fairness. Key examples include terms that:
Unreasonably Limit Liability: Inappropriately restricting remedies or liability for a breach of contract.
Harm Legitimate Interests: Allowing the imposing party to access and use the other party’s data, such as trade secrets or intellectual property, in a way that causes serious harm.
Prevent Data Use: Unjustifiably stopping a party from using the data it has provided or generated during the contract.
Block Timely Termination: Preventing a party from ending the agreement within a reasonable timeframe.
Deny Access to Data: Withholding a copy of the data a party generated or provided during the contract term or shortly after its termination.
Impose Short Termination Notice: Allowing the imposing party to terminate the contract with an unreasonably short notice period without a valid reason.
How a Term Becomes Unfair
The entire fairness test hinges on whether a term was “unilaterally imposed.” A clause meets this definition if it was drafted by one party and the other party was not given a genuine opportunity to influence or negotiate its content. The burden of proof falls squarely on the party that supplied the contract.
This provision directly challenges the long-standing practice of presenting standardized, non-negotiable terms of service that leave no room for negotiation. To defend a clause, a company must now be able to demonstrate that a genuine negotiation occurred. Simply stating that the other party was free to walk away is no longer a sufficient defense. This change will require a significant shift in how sales and legal teams approach contract discussions, moving from presenting fixed terms to engaging in documented, good-faith negotiations.
The Business Case for Fair Data Deals
Adapting to the Data Act will require more from businesses than a simple legal exercise. It is part of a major shift that has become a strategic imperative with broad operational consequences. Organizations that approach the Data Act as a mere regulatory requirement risk overlooking its strategic potential. Proactively redesigning contracts to be fair and transparent can become a significant competitive differentiator, building trust with partners and customers.
However, failing to adapt to these new requirements exposes organizations to significant legal and operational risks. The Data Act adds a new and powerful line of attack in these disputes. Imagine a scenario where a business-critical SaaS provider uses an unfair clause to lock a customer into its platform. Under the new rules, that customer has a clear legal basis to challenge the clause and seek more favorable terms or migrate to a new provider.
Making Fairness Work Across Teams
True readiness for the Data Act extends far beyond the legal department. It requires a coordinated effort across the organization to embed fairness into core business processes.
Legal and Procurement Teams: All standard B2B agreement templates must be reviewed and revised, especially those pertaining to data access, IoT services, and cloud platforms. The procurement criteria for vendor selection should be updated to evaluate potential partners based on the fairness and transparency of their data terms and conditions.
Sales and Commercial Teams: Training is needed on negotiating data-related clauses in good faith. Participants must understand which terms are flexible and be ready to document negotiations to demonstrate that no clause was imposed unilaterally.
IT and Data Teams: All incoming and outgoing data flows governed by third-party contracts should be mapped. This audit will identify high-risk agreements that need immediate review and possible renegotiation, particularly those concerning critical operational data from a single supplier.
Consider a mid-sized logistics company using IoT sensors from a dominant hardware provider. The provider’s contract previously granted it exclusive rights to all vehicle telemetry data. This clause, now deemed unfair under the greylist, prevented the logistics firm from utilizing its own data in conjunction with third-party analytics tools to optimize routes. Armed with the Data Act, the firm can renegotiate, demanding the right to port its data. By reclaiming control over its operational data, the company could achieve efficiency gains, such as reduced fuel consumption and faster delivery times.
Boundaries of the Data Act Safeguards
The Data Act introduces strong protections for contracting parties, but it is equally important to understand where those protections begin and end. If a court or dispute resolution body determines that a clause is unfair, it becomes non-binding. If the unfair term is severable, the rest of the contract remains in effect.
However, these protections do not apply to all terms. Specifically, the rules do not cover clauses that define the main subject matter of the contract or those that determine the price paid for the data. Furthermore, the Act includes a non-derogation rule, meaning companies cannot use contractual clauses to exclude, modify, or circumvent these safeguards.
Steps to Make Your Contracts Data-Act Ready
Navigating these changes requires a structured approach. Leaders should use the following checklist to assess their organization’s preparedness and initiate corrective actions.
Conduct a Contract Audit: Identify all B2B agreements involving data sharing, paying close attention to cloud service, SaaS, and IoT contracts. Flag all clauses that could fall under the Data Act’s blacklist or greylist.
Revise Standard Templates: Work with legal counsel to update your company’s standard contract templates to ensure they align with the Data Act’s fairness principles.
Train Commercial Teams: Educate sales and procurement staff on the new rules, especially the concept of “unilaterally imposed” terms and the importance of documenting negotiations.
Develop a Dispute Protocol: Establish a clear internal process for identifying and challenging potentially unfair clauses in contracts presented by vendors or partners.
Ultimately, the Data Act serves as both a legal safeguard and a strategic framework for building equitable data relationships. It is a catalyst for creating a more equitable and innovative digital economy. Businesses that embrace this shift by building their data partnerships on a foundation of fairness and transparency will not only ensure compliance but also build the lasting trust needed to succeed.
