Practitioner-grade analysis and drafting on Regulation (EU) 2023/2854. Positions every matter on a role × chapter × stage anchor, then runs a seven-step cognitive method with gate checks for GDPR overlay, trade secrets, DMA gatekeeper exclusion, and sectoral lex specialis — for output the lawyer adopts with minimal edit.
Each capability is documented separately, tested separately, and called by the workflow at the right moment. Compose them or invoke individually.
Nine structured steps. The human stays accountable; the skill carries the structure, the citations, and the document trail.
Single-folder skill. SKILL.md is the runtime spec; references hold the knowledge corpus; evals hold the proof.
eu-data-act/ ├── evals # Test cases + assertions │ ├── evals.json # 8 cases, 0 assertions │ └── grading.md ├── references # Reference corpus │ ├── gates │ │ ├── dma-gatekeeper.md │ │ ├── gdpr-overlay.md │ │ ├── member-state.md │ │ ├── sectoral-lex-specialis.md │ │ └── trade-secrets-directive.md │ ├── method │ │ ├── analysis-method.md │ │ └── house-style.md │ ├── scenarios │ │ ├── ch2-data-holder-response.md │ │ ├── ch2-pre-contract-transparency.md │ │ ├── ch2-safety-security-handbrake.md │ │ ├── ch2-third-party-permitted-use.md │ │ ├── ch2-trade-secret-stage-3-refusal.md │ │ ├── ch2-trade-secret-stages-1-2.md │ │ ├── ch2-user-direct-request.md │ │ ├── ch2-user-third-party-request.md │ │ ├── ch3-compensation-challenge.md │ │ ├── ch3-frand-terms.md │ │ ├── ch4-contract-drafting.md │ │ ├── ch4-unfairness-challenge.md │ │ ├── ch5-cross-border-cooperation.md │ │ ├── ch5-decline-or-modify.md │ │ ├── ch5-request-preparation.md │ │ ├── ch6-charges.md │ │ ├── ch6-custom-built-carve-out.md │ │ ├── ch6-customer-contract-review.md │ │ ├── ch6-provider-compliance.md │ │ ├── ch6-switching-execution.md │ │ ├── ch7-third-country-request.md │ │ ├── cross-gap-analysis.md │ │ ├── cross-gdpr-boundary.md │ │ └── cross-omnibus-impact.md │ └── gotchas.md ├── scripts │ ├── check_house_style.py │ └── validate_sources.py ├── sources │ ├── _archive │ ├── _manifest.sha256 │ ├── _versions.json │ ├── digital-omnibus-amendments-tracker.md │ ├── faq-v1-4.md │ ├── mcts-sccs-recommendation-pointer.md │ ├── regulation-2023-2854.md │ └── vehicle-data-guidance-pointer.md ├── styles ├── templates │ ├── _drafter-notes │ │ ├── art13-unfairness-challenge.md │ │ ├── art17-public-sector-request.md │ │ ├── art18-decline-letter.md │ │ ├── art25-customer-side-clauses.md │ │ ├── art31-custom-built-assessment.md │ │ ├── art32-third-country-assessment.md │ │ ├── art4-1-data-holder-response.md │ │ ├── art4-1-user-request.md │ │ ├── art4-2-safety-handbrake-notice.md │ │ ├── art4-6-trade-secret-safeguards-agreement.md │ │ ├── art4-7-withholding-notice.md │ │ ├── art4-8-refusal-letter.md │ │ ├── art5-1-third-party-request.md │ │ ├── art6-third-party-recipient-contract.md │ │ └── art9-compensation-statement.md │ ├── art13-unfairness-challenge.md │ ├── art17-public-sector-request.md │ ├── art18-decline-letter.md │ ├── art25-customer-side-clauses.md │ ├── art31-custom-built-assessment.md │ ├── art32-third-country-assessment.md │ ├── art4-1-data-holder-response.md │ ├── art4-1-user-request.md │ ├── art4-2-safety-handbrake-notice.md │ ├── art4-6-trade-secret-safeguards-agreement.md │ ├── art4-7-withholding-notice.md │ ├── art4-8-refusal-letter.md │ ├── art5-1-third-party-request.md │ ├── art6-third-party-recipient-contract.md │ └── art9-compensation-statement.md ├── CHANGELOG.md # Version history ├── README.md # Deployment guide └── SKILL.md # Main skill instructions
Two deployment surfaces. The skill auto-triggers on relevant keywords once installed.
eu-data-act/ foldercp -r eu-data-act/ \ ~/.claude/skills/user/
Every output is documented, version-pinned, and traceable to its source citation.
Every release runs against a fixed test suite. Assertions check numeric consistency, citation accuracy, and decision-tree branches.
Every legal verdict resolves to one of these instruments. No invented articles, no synthetic recitals.
The trace is the product. Nothing happens off the record — no hidden tool calls, no silent retrieval, no opaque chain-of-thought.
See CHANGELOG.md for version history.
Practitioner-grade analysis and drafting on Regulation (EU) 2023/2854 (the Data Act). Calibrated for senior legal counsel, compliance officers, and product counsel working with the Data Act in client-facing or in-house contexts.
The skill's architectural anchor is role × chapter × stage. Every matter is positioned by identifying:
The anchor determines which references load and which scenario card the skill applies.
| Chapter | Articles | Operative depth |
|---|---|---|
| Ch II | 3–7 | Full — IoT product and related service data; B2C and B2B sharing |
| Ch III | 8–12 | Full — mandatory B2B sharing under other Union law (FRAND, compensation) |
| Ch IV | 13 | Full — unfair contract terms unilaterally imposed in B2B data contracts |
| Ch V | 14–22 | Full — public sector exceptional-need access |
| Ch VI | 23–31 | Full — switching between data processing services |
| Ch VII | 32 | Full — third-country governmental access |
| Ch VIII | 33–36 | Gate-only, except Arts. 34–35 where they serve Ch VI |
| Gate | Reference file | Posture |
|---|---|---|
| GDPR + ePrivacy | references/gates/gdpr-overlay.md |
Operative when personal data or terminal-equipment access is in scope |
| Trade Secrets Directive (EU) 2016/943 | references/gates/trade-secrets-directive.md |
Operative when trade-secret protection is claimed or asserted |
| DMA gatekeeper exclusion | references/gates/dma-gatekeeper.md |
Operative on Art. 5 third-party requests and Art. 6(2)(d) onward sharing |
| Sectoral lex specialis | references/gates/sectoral-lex-specialis.md |
Warn-only (vehicles, medical devices, DORA, NIS2, CRA, AI Act, eIDAS, energy, agriculture, telecoms) |
| Member State implementing law | references/gates/member-state.md |
Warn-only (competent authorities, dispute settlement, penalties) |
eu-data-act/
├── SKILL.md # Entry point and router
├── CHANGELOG.md # Version history
├── references/
│ ├── method/
│ │ ├── analysis-method.md # The seven-step cognitive flow
│ │ └── house-style.md # Voice, length, citation, structure
│ ├── gates/
│ │ ├── gdpr-overlay.md # Art. 1(5) bridge, Case A/B, ePrivacy
│ │ ├── trade-secrets-directive.md # TSD ladder, serious-AND-irreparable
│ │ ├── dma-gatekeeper.md # Art. 5(3) exclusion, Art. 6(2)(d)
│ │ ├── sectoral-lex-specialis.md # Warn-only sectoral catalogue
│ │ └── member-state.md # Warn-only MS implementing law
│ ├── gotchas.md # 20 numbered failure-mode entries
│ └── scenarios/ # Pre-walked role × chapter × stage cards
├── sources/
│ ├── regulation-2023-2854.md # Verbatim Data Act (119 recitals + 50 articles)
│ ├── faq-v1-4.md # Commission FAQ v1.4 (22 Jan 2026, CC BY 4.0)
│ ├── digital-omnibus-amendments-tracker.md
│ ├── mcts-sccs-recommendation-pointer.md
│ ├── vehicle-data-guidance-pointer.md
│ ├── _versions.json # Source provenance
│ └── _manifest.sha256 # Source checksums
├── scripts/
│ └── validate_sources.py # Source layer validator (20/20 checks)
├── templates/ # Drafting templates
└── evals/ # Eval fixtures + grading
Symlink the skill folder into ~/.claude/skills/:
ln -s ~/CLAUDE_PROJECTS/SKILLS/claude-skills/skills/eu-data-act ~/.claude/skills/eu-data-act
Upload the entire eu-data-act/ folder structure under Settings → Profile → Custom Skills.
Run before any release or downstream symlink:
python3 scripts/validate_sources.py --verbose
Checks heading taxonomy (every expected recital, article, and FAQ question), pointer-file presence, manifest checksums, and _versions.json structure. Exit 0 means all checks pass. Current state: 20/20.
| Document | Reference |
|---|---|
| EU Data Act | Regulation (EU) 2023/2854 |
| Commission FAQ on the Data Act | v1.4 (22 January 2026), CC BY 4.0 |
| Digital Omnibus proposal | COM(2025) 833 final, 19 November 2025 (co-legislator negotiation, not adopted) |
| Trade Secrets Directive | Directive (EU) 2016/943 |
| GDPR | Regulation (EU) 2016/679 |
| ePrivacy Directive | Directive 2002/58/EC |
| Digital Markets Act | Regulation (EU) 2022/1925 |
Licensed under AGPL-3.0 — see LICENSE at the repo root.
This skill provides structured guidance based on the EU Data Act, the Commission's FAQ, and adjacent EU law. It does not constitute legal advice. Substantive deliverables produced with the skill should be reviewed by qualified legal counsel with Data Act expertise.
Created by Oliver Schmidt-Prietz — OneZero Legal