25. Does a data holder have to share data if there are safety/security concerns?

Pursuant to Article 4(2) of the Data Act, users and data holders can agree to restrict or refuse to share data if there is a risk that the security requirements of the connected product could be undermined, resulting in serious adverse effects to the health, safety or security of people. Such requirements must be laid down in EU or national law. Sectoral authorities may provide users and data holders with technical expertise in order to determine whether restrictions are necessary or warranted. This mechanism (i.e. the possibility of restricting or prohibiting data access on the basis of safety or security considerations), is referred to as the ‘safety and security handbrake’. If, under the conditions explained above, the data holder intends to activate this handbrake, it must notify the competent authority of the respective Member State. Moreover, users may challenge the data holder’s refusal to share data before the competent authorities, courts, or a dispute settlement body.