Model Clauses & Standard Contractual Clauses under the EU Data Act (B2B)

UPDATE: Based on the work of the expert group appointed for this purpose, the European Commission has published a Recommendation on non-binding standard contractual clauses for cloud computing contracts (see European Commission).

Implementing the EU Data Act continues to pose significant challenges for companies. In addition to the legal obligations themselves, an expert group appointed by the European Commission has published practical guidance for the B2B context: Model Contractual Terms (MCTs) and Standard Contractual Clauses (SCCs). Since these templates are still largely unknown, here is a brief overview.

Background

The Data Act aims to make access to and use of data within the European Union fairer, more transparent and more innovative. Since September 12, 2025, a wide range of obligations apply to manufacturers or data holders of connected products/related services, to cloud providers and to data recipients. Contracts that were previously drafted individually and often very differently are to be harmonized through clearer framework conditions.

Article 41 Data Act obliges the European Commission to publish non-binding contract templates. In preparation, a Commission-appointed expert group already presented corresponding drafts on March 14, 2025. These documents are intended to provide market participants with guidance without themselves creating legal norms.

Contents of the Model Contractual Terms (MCTs)

• Agreements between data holders and users of a connected product or service,
• Contracts between users and third parties to whom data is transferred,
• Rules for the direct provision of data from the data holder to a data recipient,
• Agreements for voluntary data sharing beyond statutory minimum obligations.

Typical topics: definition of the data concerned, data quality and formats, protection of trade secrets, time limits for provision as well as remuneration aspects for data provision.

Standard Contractual Clauses (SCCs)

The SCCs are aimed in particular at cloud and data processing services. They address, among other things, provider switching, rules on termination, data security and business continuity as well as liability. The aim is to ensure a fair, transparent exit from contractual relationships and to avoid "lock-in".

Relevance for Companies

The templates are voluntary and non-binding, but can significantly facilitate contract drafting. Small and medium-sized enterprises in particular benefit from a clear structure that already takes central requirements of the EU Data Act into account.

Open questions remain regarding the interpretation of undefined legal terms - for example, the "reasonable remuneration" for making data available to third parties. In addition, interfaces with data protection law, trade secret protection and competition law must be carefully assessed in each individual case.

Outlook

With the MCTs and SCCs, a first practical toolbox is available. Binding recommendations from the European Commission are expected by autumn 2025 at the latest. Until then, the expert group's documents provide important guidance to help prepare for the EU Data Act in a targeted manner.

Note: This article is intended solely for general information and does not replace individual legal advice.