Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
Data Act — Table of Contents

AI-generated summary

Cloud providers publish on their website the jurisdictions governing their infrastructure and the safeguards they have put in place against unlawful third-country access. This disclosure is central to risk assessment by EU customers in light of laws such as the US CLOUD Act.

Art. 28 Data Act

Contractual transparency obligations on international access and transfer

(1.)Providers of data processing services shall make the following information available on their websites, and keep that information up to date: (a) the jurisdiction to which the ICT infrastructure deployed for data processing of their individual services is subject; (b) a general description of the technical, organisational and contractual measures adopted by the provider of data processing services in order to prevent international governmental access to or transfer of non-personal data held in the Union where such access or transfer would create a conflict with Union law or the national law of the relevant Member State.
(2.)The websites referred to in paragraph 1 shall be listed in contracts for all data processing services offered by providers of data processing services.
Source:
EUR-Lex CELEX 32023R2854
Citation:
OJ L 2023/2854, 22.12.2023
As of:
2023-12-22
Retrieved:
2026-04-21