Contractual practices prohibited under the Data Act

17 November 2025 | Knowledge, News, The Right Focus

One of the key aspects of the Data Act[i] is the introduction of provisions on prohibited contractual practices. These provisions are intended to protect businesses operating within the broadly understood digital industry that have a weaker contractual position.

Contractual practices that have been deemed prohibited

The Data Act prohibits the use of contractual terms concerning:

Access to and use of data
Liability and remedies for breach or termination of data-related obligations

that are unfair and have been imposed by a (stronger) party on the other (weaker) party to the contract.

Terms are considered unfair if their use grossly deviates from good commercial practice and if they:

Do not reflect mandatory provisions of EU law that would apply if the term had not been included in the contract

The Data Act distinguishes between two categories of unfair contractual terms:

Unfair
Presumed unfair

Unfair terms (blacklist)

A contractual term will always be considered unfair if its object or effect is to:

Exclude or limit the liability of the stronger party for intentional acts or gross negligence
Exclude the remedies available to the weaker party in the event that the stronger party fails to perform or breaches the contract
Give the stronger party the exclusive right to decide whether the data supplied is in conformity with the contract or the exclusive right to interpret the contract

Terms presumed to be unfair (greylist)

In accordance with the Data Act, a contractual provision is presumed to be unfair if its object or effect is to:

Inappropriately limit the remedies or extend the liability of the weaker party, or inappropriately limit the liability of the stronger party
Allow the stronger party to access and use the weaker party’s data in a manner that is significantly detrimental to the legitimate interests of the weaker party
Prevent the weaker party from using the data provided or generated by it during the term of the contract, or restrict such use to the extent that the weaker party cannot use the data in an adequate manner
Prevent the weaker party from terminating the contract within a reasonable period
Prevent the weaker party from obtaining a copy of the data supplied or generated by that party during the term of the contract or within a reasonable period after its termination
Enable the stronger party to terminate the contract at unreasonably short notice
Enable the stronger party to substantially change the price agreed in the contract or any other substantive terms relating to the nature, format, quality or quantity of the data to be shared, where no valid reason and no right of the other party to terminate the contract in the case of such a change is specified in the contract

The stronger party may rebut the presumption if they can demonstrate that, in this specific situation, the term should not be considered unfair.

Consequences of applying unfair contractual terms

It should be borne in mind that unfair contractual terms are not binding on the weaker party. If an unfair term can be severed from the remaining terms of the contract, those remaining terms will remain binding. However, if the rest of the contract cannot be performed separately from the unfair terms, the entire contract will be invalidated.

Contracts covered by the new rules

The new Data Act provisions on unfair contractual terms apply:

from 12 September 2025 – to contracts concluded after that date
from 12 September 2027 – to contracts concluded on or before 12 September 2025, provided that they are:
- of indefinite duration, or
- due to expire at least 10 years from 11 January 2024

Any questions? Contact us

[i] The Data Act is an EU regulation (2023/2854) that introduces new rules on the use of both personal and non-personal data.

Latest Knowledge

The first-year pitfall – reporting on the separate collection rate under the deposit-return system for 2025

The deposit-return system came into operation on 1 October 2025. Some businesses joined immediately, while others opted to do so at a later date. At first glance, this may seem like a mere organisational matter. In practice, however, the timing of joining the system can significantly affect the outcome of accounting for the separate collection rate in 2025.

The new National Cybersecurity System

The amendment to the Act on the National Cybersecurity System (UKSC) is one of the most significant regulatory reforms in recent years. Its main objective is to align Polish law with Directive (EU) 2022/2555 of the European Parliament and of the Council. The directive, also known as NIS2, substantially raises digital security requirements across the Union. The Polish Act on the National Cybersecurity System has undergone a thorough overhaul, covering more organisations (with estimates suggesting nearly 40,000 entities), introducing more demanding obligations, statutory personal liability for management board members, and even more stringent rules for imposing financial penalties. In the case of the most serious violations, these penalties can reach 100 million PLN.

‘Made in Europe’ is no longer just a slogan. It is becoming law

Until recently, ‘Made in Europe’ was just a label. While it was useful for marketing purposes, it lacked any hard, normative content. This may soon change. On 4 March, the European Commission published a proposal for the Industrial Accelerator Act, stipulating that, from 2027 onwards, the Union origin of components will be a prerequisite for participating in renewable energy auctions, accessing public funding, and for being eligible to participate in public procurement procedures. The slogan ‘Buy European’ could become a concrete instrument for supporting local production and controlling foreign investment.

Non-obvious cases of transferring an establishment to a new employer

The transfer of all or part of an establishment (zakład pracy) is a special concept in labour law relating to changes in ownership. Put simply, it is the automatic transfer of all the rights and obligations of the employer from one entity to another, without the need for any additional actions or consents from the parties involved. However, this must be preceded by the fulfilment of a range of informing obligations by both the new and former employers. Let’s take a look at what the process should involve.

New right to withdraw from a company – draft amendment to the Commercial Companies Code

The Civil Law Codification Commission has adopted and published a draft amendment to the Commercial Companies Code. The proposed changes include new mechanisms to strengthen shareholder protection in capital companies, enabling shareholders to request to leave their respective companies.

Protecting yourself against tax risks in the deposit-return system

The deposit-return system has been in place since October 2025, raising significant tax concerns from the outset. Although the regulations came into force, it was unclear for a long time how to apply them in practice. Some of the regulations needed clarification, some solutions were missing and the published explanations did not cover all the key issues. Consequently, the market began to develop its own operating standards.

Banking sector overview | Banking today and tomorrow | March 2026

On 12 February 2026, the Court of Justice of the European Union (CJEU) issued a judgment concerning the use of the WIBOR index in loan agreements. The CJEU judges confirmed that, in consumer cases, courts cannot examine the correctness of the WIBOR calculation. The banks had correctly informed their clients about the reference rate in accordance with national and EU law.

The issue of the National Labour Inspectorate reform has resurfaced

A new draft law proposing changes to the way the National Labour Inspectorate operates has been submitted to the Sejm. During its first reading on 25 February, the draft was not rejected and was therefore referred to the Social Policy and Family Committee for further consideration. Despite the concerns and controversies raised so far, including by businesses, the legislature continues to pursue the thorough modernisation of Poland’s employment model, which involves increased supervision of the labour market and curbing the abuse of civil law contracts. In this article, we will take a look at the proposals included in the new draft and explain what they mean for businesses.

Energy Radar 2026: Unlocking connection capacity thanks to connections reform – draft UC84 / Sejm print no. 2150

The Polish power system has reached a turning point. While the energy transition is gaining momentum and technological limitations are no longer an issue, connection capacity has become a problem. The UC84[1] draft law, commonly referred to as the Connections Reform, is the response to this crisis.

Polish AI boom

According to the latest data, nearly 15,000 companies dealing with artificial intelligence were registered in Poland in 2025.[1] This testifies to an undoubted boom in AI, as well as to the dynamic changes related to the development of this technology. However, amid the rush to implement AI, do companies consider the most important issue: securing the outcomes of their work and protecting themselves against competitors? In this article, we explore this issue and suggest ways to avoid costly problems.