02.04.2026
Gernot Fritz, Amina Kovacevic
Data contracts have long become part of commercial reality. Companies procure datasets, obtain access to ongoing data streams, integrate data into platforms, and use it to develop new products, models, and services. However, the legal classification of these constellations remains inconsistent. Depending on their structure, data contracts fall somewhere between licence, sale, access, and service.
Against this background, the current work of UNCITRAL is gaining importance. With the Draft Model Legislative Provisions on Contracts for the Provision of Data, Working Group IV (Electronic Commerce) has presented a draft that addresses precisely this interface. The aim is not to create a comprehensive body of “data law”, but rather a structured set of default rules for typical contractual questions arising in data provision agreements.
The draft is not yet final, but it already constitutes a remarkably consistent reference framework and therefore a practical point of orientation for contract drafting.
Contractual logic instead of ownership debates
What is striking at the outset is the chosen approach. The Model Clauses deliberately avoid taking a position on who “owns” data. Instead, they place the contractual relationship between the data provider and the data recipient at the centre.
This is consistent. In practice, the key conflicts do not arise at the level of abstract ownership allocations, but along concrete performance and usage obligations: What data must be provided? In what form? With what access rights? What use is permitted? And who bears the risk vis-à-vis third parties?
The Model Clauses do not answer these questions conclusively, but they structure them systematically. They expressly understand themselves as a framework governing the rights and obligations of the parties under a data provision contract, rather than a comprehensive regulation of all data law issues beyond that contractual relationship.
It is precisely in negotiations that discussions around “data sovereignty” or “ownership” often prove of limited practical value, whereas questions of use, access, and liability are the actual dealbreakers. The focus of the Model Clauses therefore corresponds very closely to the practical negotiation setting.
Data contracts as a distinct regulatory field
The Model Clauses deliberately refer to contracts for the provision of data. This wording avoids categories such as “sale” or “licence” and thereby signals that data contracts should not be prematurely classified under traditional contract types. Data contracts often do not follow the logic of classical contract categories. They may be structured as the transfer of a dataset, as access to a system, or as participation in data pools. Hybrid forms are also the rule rather than the exception.
At the same time, the Model Clauses deliberately limit their scope of application. They cover contracts in which one party provides data to another party. They do not cover, for example, constellations in which data primarily constitute functional elements, such as software, or represent rights, such as digital assets. Nor do they extend to pure data processing services.
For practice, this is more than a definitional issue. It is an attempt to capture data contracts as a distinct field of regulation.
This is also relevant because many contractual frameworks currently “run along” without clearly distinguishing between data provision, data processing, and software services, a point that regularly leads to uncertainty in negotiations regarding scope of performance and liability.
The core idea: to provide means to make available
A central point lies in the shaping of the provider’s obligation to perform. The provider does not merely owe “delivery” in a physical sense, but the provision of the data in a form that actually enables their use. This expressly includes all information required for access, such as metadata, domain tables, keys, and other access credentials.
In doing so, the Model Clauses reflect a practical reality: data projects rarely fail because no data exist, but because, without context, structure, or means of access, the data cannot be used economically. In this respect, the Model Clauses succeed in capturing this reality much more effectively than many traditional contracts.
This is precisely where a frequent negotiation conflict lies: while providers tend to define the subject matter of performance as narrowly as possible (“provision of a dataset”), recipients regularly expect usable functionality within the operational system. The Model Clauses provide this broader understanding of performance with a clear foundation.
Data quality as a core legal obligation
For practice, the provision in Article 8 on conformity of the data is particularly relevant. At its core lies a simple but decisive question: when are data regarded as conforming to the contract?
Here, the Model Clauses follow a two-step approach. The starting point is the agreement of the parties. Quantity, quality, and description are determined primarily by the contract. To the extent that the contract contains no detailed specifications, supplementary standards apply: the data must possess characteristics that may reasonably be expected, be fit for known purposes, and correspond to certain reference values, samples or models. In addition, they must be lawfully provided and free from third-party rights and claims that impede their use. As possible assessment criteria, the Model Clauses refer, among other things, to authenticity, integrity, completeness, accuracy, availability, as well as format and structure.
In this way, they develop an autonomous quality standard for data. This is particularly relevant for companies, because data quality is no longer a purely technical issue, but a legally relevant component of performance. Anyone licensing datasets, offering data feeds, or providing training data will in future find it even harder to describe quality solely in vague terms.
In practice, this point is regularly one of the central points of dispute: how “good” must data be? How up to date? How complete? And who bears the risk if datasets prove unusable? The Model Clauses make it clear that such questions should not remain open but must be clearly addressed in the contract.
Usage rights: broad, but not exclusive
The Model Clauses also contain a clear starting point with regard to the use of data. Unless the parties agree otherwise, the data recipient may in principle use the data comprehensively, that is, for any lawful purpose and without time limitation, but may not pass the data on to third parties. At the same time, the provider remains entitled to continue using the data itself and to make them available to third parties.
The model is therefore characterised by parallel use. Exclusivity is not the rule, but the exception, and must be expressly agreed.
This is precisely where tensions regularly arise in practice: while recipients often assume de facto exclusivity, for example because of investment-intensive use, providers deliberately reserve the possibility of multiple exploitation. The Model Clauses make clear that, absent express agreement, no exclusive right of use arises.
Derived data: the real value often arises only later
Article 10 on derived data is particularly interesting. It generally allows the data recipient to pass on results generated from the provided data to third parties, provided that they are sufficiently different from the original data. The distinction is made on the basis of functional criteria: reconstructability of the original data, substitutability, and the degree of independent investment.
This is particularly central in the AI context. The economic added value often lies not in the raw dataset, but in the transformation, that is, in models, scores, aggregated patterns, benchmarks, or optimised datasets. The Model Clauses address this area of tension and create a differentiated starting point between mere onward transfer and genuine value creation.
In negotiations, this regularly reveals a core conflict: providers want to prevent their data from being economically “replaced”, while recipients seek the broadest possible exploitation rights in derived outputs. The Model Clauses provide, for the first time, a structured point of departure for this issue, without fully resolving the tension.
Passive provision of data: data as an ongoing process
The rule in Article 13 on passive provision of data expressly addresses constellations in which data are not actively “delivered”, but are continuously generated and made accessible, for example in connected devices, IoT environments, or sensor-based services.
In such cases, the provider’s obligation is essentially reduced to enabling access and not interfering with it. Traditional requirements on mode, timing and conformity of providing the data are, in part, not intended to apply here. In this way, the Model Clauses take account of the fact that data are often not transferred statically, but generated continuously. A party that merely enables the flow of data from a system should not automatically be subject to the same obligations as someone who actively compiles, verifies, and delivers a dataset.
Particularly in IoT or platform models, the question regularly arises in practice as to how far the provider’s responsibility for data quality or availability extends. Here, the Model Clauses provide a more differentiated basis than traditional contract models.
What this means for contract drafting
Even without final adoption, the Model Clauses already provide clear guidance for practice. They show which points are regularly decisive in data contracts: subject matter of performance and data scope, format and access, metadata and context, quality requirements, usage rights and onward transfer, the handling of third-party rights, derived data, as well as particularities relating to ongoing data streams.
At the same time, they also make clear where the greatest practical risks lie: in unclearly defined performance content, in the absence of quality standards, in implicit assumptions regarding exclusivity, and in insufficient regulation of derived data. These are precisely the points that often determine whether a data project works economically or not.
Outlook
The Model Clauses do not create a new concept of data ownership, nor do they replace existing regulation on data access, data use, or data security. Their added value lies elsewhere: they provide, for the first time, a clear structure for data provision contracts.
They show that many issues cannot sensibly be resolved by reference to general categories alone, but must be addressed concretely in the contract. At the same time, they create a common reference point that can help harmonise the discussion on data contracts.
This applies in particular in the AI context, where data are not used in isolation, but along complex value chains. The more such systems scale, the more important a precise contractual mapping of the underlying data flows becomes.
The Model Clauses do not provide ready-made solutions, but they do offer a structured starting point.
Anyone seeking to use data strategically needs clear contractual foundations. We are happy to support you in putting them in place.
