The long-awaited model contractual terms on data access and use (“MCTs”) and the standard contractual clauses for cloud computing contracts (“SCCs”) that we developed to support the implementation of the Data Act — which applies from 12 September 2025 — have finally been published! They can now be used to draft, amend, or negotiate data sharing agreements and cloud computing contracts.

You can access the Final Report of the Expert Group on B2B data sharing and cloud computing contracts published in the Register of Commission expert groups and other similar entities here. The official Commission Recommendation will be published on the basis of this Report, most likely before the summer.

According to Article 41 of the Data Act, the Commission should recommend non-binding model contractual terms on data access and use and standard contractual clauses for cloud computing contracts. In 2022, the Commission set up the Expert group on B2B data sharing and cloud computing contractsto assist in the development of the terms and clauses. I had the great privilege of being one of the experts to work on the development of the MCTs and SCCs in the context of the Expert Group. Together with my esteemed colleagues and under the coordination of the very competent officers of the Commission, we completed:

Four (4) MCTs:

1.     Data Holder to User

2.     User to Data Recipient

3.     Data Holder to Data Recipient

4.     Data Sharer to Data Recipient

and

Six (6) SCCs:

1.     General

2.     Switching & Exit

3.     Termination

4.     Security & Business continuity

5.     Non-dispersion

6.     Liability

7.     Non-Amendment

The MCTs and SCCs are non-binding and voluntary. They have been designed to be adaptable by the parties based on their contractual needs. However, it is important to note that these models were developed to align with the rights and obligations set out in the Data Act and are coherent with each another.

The model terms and clauses were drafted primarily for business-to-business relationships. However, they may also be used in the context of businesses’ relationships with consumers, provided that additional provisions are included to ensure compliance with mandatory consumer protection rules, for example, the consumer’s right of withdrawal in contracts concluded online or at a distance.

It has been a constructive, collaborative, and truly rewarding experience working alongside my fellow experts and the Commission’s officers. Together, we engaged in many insightful discussions, meticulously dissecting the Data Act, anticipating potential challenges, and exploring practical solutions. Now, it’s time to see how the MCTs, SCCs, and the Data Act as a whole will play out in practice!