Javascript is required
logo-dastralogo-dastra

Audit modelData Act Readiness Assessment

Are you Data Act ready? Take this quick self-assessment to see how prepared your organization is for the new rules on data sharing, portability, and cloud switching. Find out where you’re strong, and where action is needed before regulators, or your clients, ask the same question. https://www.dastra.eu/fr/audit/referential?page=1

1. Intro

2. Eligibility

2.1. Does your company manufacture connected products?

As provided by Article 1(3)(a) of the Data Act, the regulation applies to manufacturers of connected products placed on the market in the Union, irrespective of the place of establishment of those manufacturers.

Legal definition (Article 2(5) of the Data Act) : a ‘connected product’ means an item that obtains, generates or collects data concerning its use or environment and that is able to communicate product data via an electronic communications service, physical connection or on-device access, and whose primary function is not the storing, processing or transmission of data on behalf of any party other than the user;

In other words, connected products are physical items that generate, collect or obtain data concerning its use or environment & can communicate it via a connection (WiFi, Bluetooth, USB, etc.), on-device access, or via an electronic communications service

Examples of connected products include smart vehicles, wearable health trackers, MRI scanners, industrial robots, household appliances like smart refrigerators or washing machines, and connected energy meters. This also includes virtual assistants insofar as they interact with a connected product or related service (Article 1.4 of the Data Act).

2.2. Does your company offer related services that are in connection with the connected product?

As provided by Article 1(3)(a) of the Data Act, the regulation applies to providers of related services to connected products, irrespective of the place of establishment of those manufacturers.

Legal definition: a related service is any digital service installed on the product, and can be connected with the product at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to, update or adapt the functions of the connected product (Article 2(6) of the Data Act).

Two basic conditions must be satisfied for a digital service to be considered as a related service:

  • there must be a two-way/bidirectional exchange of data between the connected product and the service provider; and

  • the service must affect the connected product’s functions, behaviour, or operation

In other words, related services are those that allow the product to operate in a specific way or enhance its functionality. It is essential for the intended use of the product or adds functionalities to it. To offer a related service, a provider must first receive product data. Once a contractual relationship is established between the user and the provider and a related service is rendered that leads to the creation of data, the provider becomes a data holder.

For example, a mobile app to control home lighting, software that adjusts irrigation levels in smart farming equipment, or a platform that monitors and optimizes the performance of wind turbines. This also includes virtual assistants insofar as they interact with a connected product or related service (Article 1(4) of the Data Act).

The following digital services cannot be considered as related services: connectivity, power supply and aftermarket services (e.g. auxiliary consulting, analytics and financial services, and regular repair and maintenance) (cf. Recital 17)

2.3. Is your connected product or related service placed on the market in the Union?

For a connected product to fall in scope of the Data Act, it should be placed on the Union market, which means the first making available of a product on the Union market (Article 2(22) of the Data Act). It is placed on the market only once. This refers to each individual product, not to a type of product. All subsequent actions are considered as "making available on the market". There should be a transfer of ownership, possession or any other property right between two economic actors that occurs after the manufacturing stage.

For instance, if the product is manufactured in a Member state only to export it to a third country, the product is not considered to be placed on the market. And, the mere circulation of a connected product on EU territory is not sufficient to be considered as having been placed on the EU market because there has been no transfer of ownership.

For comprehensive guidance on the subject, refer to the Blue Guide on the implementation of the product rules 2022 of the European Commission.

The Data Act does not require the manufacturer or related service provider to be established in the EU. The Data Act establishes a right for users in the EU to access, use and share the readily available data they are entitled to. All connected products and related services placed in the EU must therefore be designed in such a way that this right can be exercised

2.4. For organisations established outside the EU that make connected products available or otherwise offer related services within the EU, did you appoint an EU representative?
2.5. Are you a data holder that makes data available to data recipients in the Union?

Pursuant to Article 1(2)(c) of the Data Act, the regulation applies to data holders, irrespective of their place of establishment, that make data available to data recipients in the Union;

‘data holder’ means a natural or legal person that has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation adopted in accordance with Union law, to use and make available data, including, where contractually agreed, product data or related service data which it has retrieved or generated during the provision of a related service;

Even though manufacturers will typically be data holders, this is not always the case. The Data Act allows an entity to ’outsource’ the role of ‘data holder’. For example, a manufacturer may contract out to another entity the role of ‘data holder’ for all or part of the manufacturer’s connected products.

In addition, a data holder who is not a manufacturer might be a company that provides a related service linked to a connected product. This means that the business offering the related service might be a data holder and be different from the company that actually made the connected product.

Determining who the data holder is does not depend on who produced the hardware or software, but on who controls access to the readily available data. See the flowchart below for an example of role distribution.

The flowchart illustrates a situation where a user enters into two contracts (e.g. for the sale of the connected product and for the provision of the related service) that establish a legal relationship (in red) between the user and three separate data holders (circled in blue). The user must always be informed of the identity of the data holder(s) before signing such contracts.

if a user acquires a connected product where the data are stored directly on the device or transferred from the device to the user’s computer, and the manufacturer does not have access to any of the data. In this scenario there is no data holder, since only the user has access to the data

A company can be both a user and a data holder with respect to different connected products or related services. For example, a manufacturing company can be both a ‘user’ of the robots used in its factory, and a ‘data holder’ for the connected products it manufactures. A company cannot simultaneously be a user and a data holder for the same data, and a user sharing data with a third party should not be considered a data holder for that third party.

2.6. Are you a provider of data processing services to customers in the Union? (i.e cloud)

Article 2.8 of the Data Act: ‘data processing service’ means a digital service that is provided to a customer and that enables ubiquitous and on-demand network access to a shared pool of configurable, scalable and elastic computing resources of a centralised, distributed or highly distributed nature that can be rapidly provisioned and released with minimal management effort or service provider interaction;

If your company offers any service that lets customers upload or host data in the cloud, the rules apply to you — even if you rely on another provider’s infrastructure. Providers of IaaS, PaaS, SaaS, and other models (Google Cloud, OVH Cloud, Azure...).

2.7. The Data Act does not apply to my organisation

You don't meet the criteria of scope pursuant to Article 1 of the Data Act.

2.8. The Data Act does not apply to my organisation

The Data Act only applies to connected products or related services placed on the Union market pursuant to Article 1. Refer to Question number 3 for more information on the notion of "placed on the market".

2.9. The Data Act does not apply to my organisation

The Data Act only applies to connected products or related services placed on the Union market pursuant to Article 1. Refer to Question number 3 for more information on the notion of "placed on the market".

3. Acces & data-sharing obligations

1. Identify the data in scope

1.1. Have you mapped the data that must be shared in accordance with the Data Act as explained above?

2. Identify your users

2.1. Have you identified your users as explained above?

3. Pre-contractual transparency

3.1. Connected products: Do you provide users with all required information before they purchase, rent, or lease a connected product?

A data holder is required to enter into a contract with the user (for example, a sales or rental agreement) which must define the user’s rights concerning the access, use, and sharing of data generated by the connected product.

Pursuant to Article 3(2) of the Data Act, and in a pre-sales transparency objective, business must inform users about the following before selling or leasing a connected product:

  • (a) the type, format and estimated volume of product data which the connected product is capable of generating;

  • (b) whether the connected product is capable of generating data continuously and in real-time;

  • (c) whether the connected product is capable of storing data on-device or on a remote server, including, where applicable, the intended duration of retention;

  • (d) how the user may access, retrieve or, where relevant, erase the data, including the technical means to do so, as well as their terms of use and quality of service.

In this context, EU consumer protection law continues to apply, in particular Directive 93/13/EEC on unfair terms in consumer contracts and Directive 2005/29/EC on unfair commercial practices, ensuring that users are protected against unfair contractual provisions.

3.2. Related service: Do you provide users with all required information before concluding a contract for the provision of a related service?

Pursuant to Article 3(3) of the Data Act, and in a pre-sales transparency objective, the provider of the related service must inform users about the following before concluding a contract for the provision of the related service (ex a user service agreement):

  • (a) the nature, estimated volume and collection frequency of product data that the prospective data holder is expected to obtain and, where relevant, the arrangements for the user to access or retrieve such data, including the prospective data holder’s data storage arrangements and the duration of retention;

  • (b) the nature and estimated volume of related service data to be generated, as well as the arrangements for the user to access or retrieve such data, including the prospective data holder’s data storage arrangements and the duration of retention;

  • (c) whether the prospective data holder expects to use readily available data itself and the purposes for which those data are to be used, and whether it intends to allow one or more third parties to use the data for purposes agreed upon with the user;

  • (d) the identity of the prospective data holder, such as its trading name and the geographical address at which it is established and, where applicable, of other data processing parties;

  • (e) the means of communication which make it possible to contact the prospective data holder quickly and communicate with that data holder efficiently;

  • (f) how the user can request that the data are shared with a third party and, where applicable, end the data sharing;

  • (g) the user’s right to lodge a complaint alleging an infringement of any of the provisions of this Chapter with the competent authority designated pursuant to Article 37;

  • (h) whether a prospective data holder is the holder of trade secrets contained in the data that is accessible from the connected product or generated during the provision of a related service, and, where the prospective data holder is not the trade secret holder, the identity of the trade secret holder;

  • (i) the duration of the contract between the user and the prospective data holder, as well as the arrangements for terminating such a contract.

3.3. If users are contractually allowed to delete their data, do you clearly inform them how to do so?
3.4. Does your company use the product data for its own purposes?

Any use of data generated by a connected product or related service (for example, for analytics, business intelligence, or advertising) is permitted only with the explicit consent of the user, formalised in a contract. Such contracts must include detailed clauses specifying the permitted uses of the data and the safeguards in place to protect it.

Ensure such data is not transferred to foreign authorities without appropriate judicial safeguards.

  • New contracts: must comply by 12 September 2025.

  • Existing contracts: must be brought into compliance by 12 September 2027, where they are either of indefinite duration or set to expire after 11 January 2034.

4. Access & data-sharing to users

4.1. Did you ensure that all existing or new contracts with users clearly define your rights to use the data generated by connected products or related services?

This obligation applies to connected products placed on the market both before and after 12 September 2025. Data holders who can identify the users of their connected products placed on the market before 12 September 2025 therefore need to either:

  • conclude a contract that secures the user’s agreement to their use of the data, if they were doing so without a contractual basis, or

  • check if an existing contract (e.g. a sales contract, a contract for the provision of related services or any other contract) needs to be adapted to include the user’s agreement to their use of the data.

Article 4(13) states that the data holder can use the non-personal data for any purpose, provided that (i) this is agreed with the user; and (ii) the data holder does not derive insights about the economic situation, assets and production methods of the user in any other manner that could undermine the commercial position of that user on the markets on which the user is active

Recital 25 further explains that any contractual term regarding the data holder’s intended use of data should be transparent to the user. Possible purposes of data usage by the data holder include the improving of the functioning of the connected product or related service or making aggregated data available to a third party, provided that these data do not allow identification of granular data. The user is the sole source of access to granular non-personal data from the connected product or related service.

For B2B data sharing, use the following model contractual terms of the Expert Group where appropriate. In 2022 the Commission set up the Expert group on B2B data sharing and cloud computing contracts to assist it with the development of the terms and clauses.

4.2. Does your connected product or related service allow users to access product data?

Pursuant to Article 3(1) of the Data Act, connected products and related services shall be designed and provided in such a manner that product data and related service data are accessible to the user, including the relevant metadata necessary to interpret and use those data.

The principle is simple: if a connected product or related services generates data, the user (natural or legal person) must be able to access it:

By the date of entry into application of the Data Act (12 September 2025), products already on the market and new products (when placed on the market) must allow for data to be accessed by the user.

By this date, data holders have to decide whether such access will be made:

  • directly in the product or the related application, or in a structured, machine-readable format (Article 3(1)).

  • or indirectly (Article 4(1)). This shall be done on the basis of a simple request through electronic means where technically feasible.

Different configurations are possible (for instance, part of the data could be made available directly, and the rest could be made available indirectly).

Article 3(1) of the Data Act does not oblige manufacturers to grant direct access to data in all situations and for all connected products. Data should be ‘directly accessible’ to the user ’where relevant and technically feasible’

The formulation ‘where relevant and technically feasible’ is meant to reinforce the manufacturers’ discretion to decide whether to design a connected product in a way that provides users with ‘uncontrolled’ access (i.e. without any intervention by any other party) or in a way that provides access with additional controls (typically via a remote server) (FAQ of the European Commission)

When making this choice, the protection of trade secrets or the security of the connected product can be a consideration, especially since, in a direct access situation, the manufacturer will be less involved (or not at all) than in an indirect access situation in how a user will exercise their access rights.

4.3. Can your mechanisms in place, manage data access rights for several users of the same connected product?

Various actors may have a legal right based on the contractual arrangements related to the use of a connected product. It is therefore entirely possible for multiple persons to be users of the same connected product. In such a situation, data holders should have mechanisms in place to ensure that each user can access the data to which they are entitled. Users might also conclude separate agreements (e.g. a userto-user sub-lease of a connected product

4.4. Do you have mechanisms in place to verify the identity?

For the purpose of verifying whether a natural or legal person qualifies as a user, a data holder shall not require that person to provide any information beyond what is necessary. Data holders shall not keep any information, in particular log data, on the user’s access to the data requested beyond what is necessary for the sound execution of the user’s access request and for the security and maintenance of the data infrastructure.

4.5. Is the access granted easily?

Data holders must grant access to data “easily”. This requires implementing mechanisms that streamline and simplify data sharing and avoid unnecessary complexities or barriers. Where access is limited to on-site or specific tools are required, it must not involve unreasonable complications for users or third parties, such as restrictive locations, time slots, or disproportionate costs.

Data holders shall not make the exercise of choices or rights under this Article by the user unduly difficult, including by offering choices to the user in a non-neutral manner or by subverting or impairing the autonomy, decision-making or choices of the user via the structure, design, function or manner of operation of a user digital interface or a part thereof (Article 4(4) of the Data Act).

4.6. Do you make the data available “in a comprehensive, structured, commonly used and machine-readable format”?

Data holders must make data available “in a comprehensive, structured, commonly used and machine-readable format” to ensure interoperability and facilitate reuse. Modelled after GDPR Art 20 (Data portability), this requirement establishes the minimum conditions for data portability. Data holders, as the entities responsible for the design of the data at the source, must provide data in an interoperable format (e.g. XML, JSON, CSV). Formats subject to licensing constraints are not considered “commonly used”. While industry is encouraged to develop common formats for certain data, no obligation to develop those flows from the Data Act

4.7. Do you share data of the same quality as you make available to yourself?

The data holder is required to share data “of the same quality” as it makes available to itself. This implies that the data should be shared in a format and quality consistent with how it would be shared with another subsidiary within the same corporate group or in a manner that aligns with industry standards or practices within a specific industry

Full product and service data must be made available, not curated extracts. Either directly. Access must be easy, timely, free of charge, and in real time where feasible

4.8. Do you provide the data "without undue delay” upon user or third-party request?

Articles 4(1) and 5(1) require data holders to provide data “without undue delay” upon user or third-party request. This means data should be made available in a prompt, timely and responsive manner. Data holders must proactively implement solutions such as automation, streamlined and structured request procedures, self-service portals, and clear organisation policies to minimise administrative bottlenecks and reduce reliance on manual intervention (c.f. Recital 21). Delays can be justified based on security, technical, or legal constraints, and must remain proportionate to the request

4.9. Do you ensure that data is made available securely and in line with recognized industry standards?

Data must be made available “securely”, ensuring protection against unauthorised access or use. Such mechanisms should align with industry standards and relevant legal frameworks, such as those related to cybersecurity.

5. Access & data-sharing to third parties

5.1. Does your company share any of the product data with third parties?
5.2. Is it possible for users to request to grant third parties access to their data?

Users may share data with third parties of their choice directly or can ask the data holder to do so (with only limited compensation allowed for substantial investments in a B2B setting).

Assess under which conditions the disclosure can be rejected & on which grounds.

5.3. Are third-party data requests documented and tracked?
5.4. Do you have contractual safeguards in place to prevent third parties from using or further sharing non-personal data beyond the agreed scope?

Article 4(14) addresses the specific aspect of data usage by the data holder that involves the sharing of non-personal data with third parties, which should only take place if contractually agreed with the user (in line with Article 4(13)).

Article 4(14): Data holders shall not make available non-personal product data to third parties for commercial or non-commercial purposes other than the fulfilment of their contract with the user. Where relevant, data holders shall contractually bind third parties not to further share data received from them.

The general principle, according to Article 6(1) of the Data Act, is that a third party can use the data for purposes that were agreed with the user (usually in the context of providing a service to the user). Article 6(2) includes a closed list of actions which are prohibited for the third party. This list includes using data to develop a competing product and sharing the data with a gatekeeper (as defined under the Digital Markets Act).

5.5. Does your company have security and verification measures in place to ensure that all data exchanges are protected and safeguarded against misuse?
5.6. Do you have safeguards in place to ensure that data is shared only with entities and individuals located within the European Union?

The scope of the Chapter II data-sharing obligation on data holders is limited to entities and persons, including consumers, in the Union (cf. Articles 1(3)(b), 1(3)(d) and 2(14) of the Data Act). Giving data access to operators that do not have a presence in the EU cannot be justified based on the Data Act. Irrespective of its place of establishment, a data holder has a legal obligation to share data with an EUbased entity or person at the request of an EU user. A user may ask a data holder to share data with an entity or person that is not established in the EU, but the data holder is not obliged to grant that access

6. Alignement with GDPR

6.1. If the data in scope includes personal data, do you ensure that a valid legal basis under the GDPR is in place before sharing it?

Different scenarios and different processing operations need to be distinguished.

  1. The user is the data subject in relation to the data in question
    Article 1(5) specifies that Data Act complements the rights of access by data subjects and rights to data portability under Articles 15 and 20 of Regulation (EU) 2016/679. This means that where the user is the data subject and requests the data under Article 4 of the Data Act for themselves, the situation is comparable to a data subject access request under Article 15 GDPR. Where the user asks data to be ported to a third party under Article 5 of the Data Act, the situation is comparable with Article 20 of the GDPR. The fact that the request to port the data is received via another actor does not change that assessment.

  2. The user is not the data subject in relation to the data in question

    Article 4(12): Where the user is not the data subject whose personal data is requested, any personal data generated by the use of a connected product or related service shall be made available by the data holder to the user only where there is a valid legal basis for processing under Article 6 of Regulation (EU) 2016/679 and, where relevant, the conditions of Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC are fulfilled.


    As specified in Recital 7, where the user is not the data subject, the Data Act was not intended as a legal basis for providing access or for making personal data available to a third party in the sense of Article 6(1) GDPR, including 6(1)(c). The intention was to protect data subjects in multi-user situations (either multiple users at the same level – co-ownership of a connected product – or layered user situations with owners and lessees).
    This means that the data holder will have to make an assessment on an appropriate legal basis for providing access or for making personal data available – or alternatively it will have to provide anonymised data.
    Depending on the circumstances of the request, the controller could explore whether providing the data is necessary for the performance of the contract with the data subject or service legitimate interest of data holder or a third party.

Recital 34 recalls that users that are data subjects can always access personal data concerning themselves. It also clarifies that users who are not data subjects are controllers under the GDPR and must comply with their obligations under the GDPR when requesting personal data from IoT devices.

7. Exceptions & limits

7.1. Do you document exceptions to the access to data?
7.2. Do you have processes in place to ensure that refusals to share data are justified solely on legally approved grounds (e.g., trade secrets, safety concerns)?
7.3. Are there safeguards in place prior to the sharing of data to protect trade secrets?

When a data holder receives a request to access data, it must identify the trade secrets that need to be shared and agree with the user/third party on the necessary measures to preserve their confidentiality (Articles 4(6) and 5(7) of the Data Act). These safeguards need to be in place prior to the sharing of data.

Possible measures could include model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct.

The data holder may withhold or suspend the sharing of trade secrets if there is no agreement, if the user or third party does not implement the agreed measures, or if the confidentiality of the trade secrets is undermined (Articles 4(7) and 5(10) of the Data Act).

In exceptional circumstances, the data holder may refuse to share trade secrets if it can demonstrate, on the basis of objective evidence, that it is highly likely that serious economic damage would result from the disclosure of trade secrets (Articles 4(8) and 5(11) of the Data Act). ‘Serious economic damage’ means serious and irreparable economic loss. Such decisions need to be made on a case-by-case basis.

7.4. If you consider that you must withhold, suspend or refuse to share data, do you communicate the reasoning behind the decision to the user or third party without undue delay?

If the data holder considers that it must withhold, suspend, or refuse to share data (in the cases explained previously), it must communicate the reasoning behind the decision to the user or third party without undue delay.

The decision of the data holder shall be duly substantiated and provided in writing to the user without undue delay.

7.5. Do you inform your users of the possibility to seek redress?

According to Article 4(3) : without prejudice to the user’s right to seek redress at any stage before a court or tribunal of a Member State, the user may, in relation to any dispute with the data holder concerning the contractual restrictions or prohibitions referred to in paragraph 2:

(a) lodge, in accordance with Article 37(5), point (b), a complaint with the competent authority; or

(b) agree with the data holder to refer the matter to a dispute settlement body in accordance with Article 10(1).

Therefore, the user or third party can seek redress and challenge the data holder’s decision before a court or tribunal of a Member State or agree with the data holder to refer the matter to a dispute settlement body. The user or third party can also lodge a complaint with the competent authority.

The competent authority should, without undue delay, decide whether and under which conditions data sharing should start or resume (Articles 4(9) and 5(12) of the Data Act.

7.6. Do you notify the competent authority of your respective Member State if you consider that you must withhold, suspend or refuse to share data?

Under the conditions explained previously, if the data holder intends to activate the said handbrakes, it must notify the competent authority of the respective member state designated pursuant to Article 37 of the Data Act.

7.7. Do you have contractual safeguards in place to prevent data recipients from using the data obtained to develop a competing product?

The data obtained cannot be used to develop a competing connected product. The user shall not use the data obtained pursuant to a request referred to in paragraph 1 to develop a connected product that competes with the connected product from which the data originate, nor share the data with a third party with that intent and shall not use such data to derive insights about the economic situation, assets and production methods of the manufacturer or, where applicable the data holder.

4. Cloud storage or cloud service providers

4.1. Does your company enable customers to migrate to another service provider or replace the service with an on-premises solution?

By requiring that switching be free of charge, efficient, and technically smooth, the framework strengthens customer choice by enabling them to select the services that best meet their needs, while also fostering competition by expanding the potential customer base available to providers.

4.2. Does your company charge fees for migrating customer data to another service provider or an on-premises solution?

Pursuant to Article 29(2) of the Data Act, providers of data processing services must reduce any switching charges (including egress charges) from 11 January 2024 onwards. Concretely, they must limit any switching charges to the costs that they incur in order to make the respective switching operation happen.

From 12 January 2027 onwards, providers will no longer be allowed to charge for switching (including data egress).

A special rule applies when a customer does not switch but instead asks a provider to provide services in parallel with other services, (e.g. in a multi-cloud deployment model). In such cases of in-parallel use, the 38 provider may still bill the customer for the costs incurred for data egress, even after 12 January 2027. This is because a multi-cloud deployment may imply a constant data egress as opposed to the one-off data egress that can be expected for a switching operation

Article 23(c) of the Data Act clarifies that customers who have benefited from a free-tier offering can also benefit from switching. A free-tier offering (sometimes referred to as cloud credits) is a free offer of data processing services from a provider to a customer. Free-tier offerings are intended to allow customers to test a data processing service or to assist start-up companies.

4.3. Do you respect the notice & transition period of the switching?

Article 25 of the Data Act provides that the notice period begins once the customer notifies the provider of data processing services of their desire to switch to another provider or to an on-premises ICT infrastructure. Switching should be completed by the end of the transition period, which starts after the end of the notice period (maximum 2 months).

During the transition period (maximum 30 calendar days), the provider must carry out the actions needed to enable the customer’s switching – in close cooperation with the customer themselves and, where applicable, with the customer’s new provider. The customer has the right to replace the 30-day transition period with a longer period. The provider can only extend the transition period if the provider can, within 14 days during the notice period, prove that a transition period of maximum 30 days would be technically unfeasible. In this case, the transition period can last a maximum of 7 months.

Created at:09/21/2025
Updated on :09/21/2025
License : © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale
Author :
Leïla Sayssa
Leïla Sayssa
Uses :1
Build my audit

Access all our audit templates

Try Dastra now to access all of our audit templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Build my audit
Subscribe to our newsletter

We'll send you occasional emails to keep you informed about our latest news and updates to our solution

* You can unsubscribe at any time using the link provided in each newsletter.