Skip to main content

22a. What technical and practical requirements must data holders meet concerning criteria such as data format, quality and latency?

The Data Act creates strong incentives and requirements for greater and better data availability in the EU. To comply with Articles 3(1), 4(1), and 5(1) of the Data Act, data holders must meet several technical and practical requirements, including:

  • Format: Data holders must make data available “in a comprehensive, structured, commonly used and machine-readable format” to ensure interoperability and facilitate reuse. Modelled after GDPR Art 20 (Data portability), this requirement establishes the minimum conditions for data portability. Data holders, as the entities responsible for the design of the data at the source, must provide data in an interoperable format (e.g. XML, JSON, CSV). Formats subject to licensing constraints are not considered “commonly used”. While industry is encouraged to develop common formats for certain data, no obligation to develop those flows from the Data Act.

  • Quality: The data holder is required to share data “of the same quality” as it makes available to itself. This implies that the data should be shared in a format and quality consistent with how it would be shared with another subsidiary within the same corporate group or in a manner that aligns with industry standards or practices within a specific industry.

  • Timeliness: Articles 4(1) and 5(1) require data holders to provide data “without undue delay” upon user or third-party request. This means data should be made available in a prompt, timely and responsive manner. Data holders must proactively implement solutions such as automation, streamlined and structured request procedures, self-service portals, and clear organisation policies to minimise administrative bottlenecks and reduce reliance on manual intervention (c.f. Recital 21). Delays can be justified based on security, technical, or legal constraints, and must remain proportionate to the request.

  • Latency: The requirement to provide data “where relevant and technically feasible, continuously and in real-time” applies to scenarios where low latency is beneficial, such as IoT systems, connected mobility, and industrial monitoring. Unlike Article 20 GDPR, the Data Act ensures that access is not hindered by technical obstacles (c.f. Recital 35). Feasibility must therefore be assessed objectively, based on industry standards and best practices. Data holders should proactively implement solutions such as APIs (automated data retrieval) and event architectures (software design that trigger data updates) to ensure real-time or near instantaneous access wherever feasible.

  • Convenience: Data holders must grant access to data “easily”. This requires implementing mechanisms that streamline and simplify data sharing and avoid unnecessary complexities or barriers. Where access is limited to on-site or specific tools are required, it must not involve unreasonable complications for users or third parties, such as restrictive locations, time slots, or disproportionate costs.

  • Security: Data must be made available “securely”, ensuring protection against unauthorised access or use. Such mechanisms should align with industry standards and relevant legal frameworks, such as those related to cybersecurity.