The EU Database Right: A Guide for Data-Driven Businesses

The EU database right is a sui generis right under the Database Directive (96/9/EC) that protects databases resulting from substantial investment in obtaining, verifying or presenting their contents. It is separate from copyright, does not require originality, commonly runs for around fifteen years, and can renew on substantial change.

If your business runs on data, whether that is a listings platform, a market-intelligence feed, a directory or a curated dataset sold to others, the EU sui generis database right can be one of the most relevant protections available to you, and it is often poorly understood. It sits alongside copyright rather than inside it, it protects investment rather than creativity, and it interacts in awkward ways with data scraping and with data-protection law. This page frames how it works at a high level for a foreign or data-driven business. It is general information, not legal advice, and anything fact-specific should go to a qualified local professional.

What the database right protects

The right comes from the EU Database Directive (96/9/EC) and is a creation of EU law that is unusual outside the European Economic Area, with few equivalents elsewhere. It protects a database, meaning a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible, where there has been substantial investment in obtaining, verifying or presenting the contents. Substantial here can be assessed qualitatively or quantitatively, or both, and it is the investment in the collection itself that matters.

That last point is a well-known trap. EU case law has drawn a line between investment in creating the underlying data and investment in gathering existing data together. Investment that merely generates the data as a by-product of your main activity, for example a sports body producing a fixtures list, has been treated as not counting towards the substantial-investment test, whereas investment in seeking out, collecting, checking and presenting pre-existing material does count. Whether your particular dataset clears the threshold is fact-sensitive and is exactly the kind of question to put to local counsel before you rely on the right in a dispute.

It is easy to conflate this with copyright, so keep the two apart. Copyright in a database, where it exists, protects the original selection or arrangement of the contents, in other words the structure, as the author's own intellectual creation. It says nothing about the data inside. The sui generis database right is the mirror image: it does not require any originality at all and it protects the maker's investment in the contents, guarding against extraction or re-utilisation of a substantial part of the database. A single database can carry both, one or neither. The broader copyright framework this sits within is covered in our EU copyright overview, which is the parent pillar for this topic and worth reading alongside this page.

There is also an eligibility catch worth flagging. As a rule the sui generis right is available only to makers connected to the European Economic Area, so a maker based outside it, for example a business incorporated in a third country, generally does not obtain the right for its databases absent a reciprocity arrangement, and broad arrangements of that kind do not exist. This is a real limit for the foreign-business audience, not a formality, and the position for your specific corporate structure is one to confirm with local advice rather than assume the right travels the way copyright does under the Berne Convention.

How long it lasts

The term is where softening matters most. The right is commonly cited as running for roughly fifteen years, reckoned from the start of the year following completion of the database. A separate count can be triggered if the database is made available to the public before that first period runs out, so publication can extend the protection rather than simply relocate it, with the exact reckoning set by national law. The feature that surprises people is renewal: a substantial new investment in the database, including through accumulated additions, deletions or verifications, can be treated as creating a fresh database that qualifies for its own term. In practice a continuously maintained, actively updated database can therefore enjoy protection well beyond the headline period, though the analysis is done on the facts each time and is contested territory. Do not treat any exact statutory period as fixed; confirm the current position for your situation with the national authorities (there is no central EU database-right registry) or with local counsel. There is no registration and no filing here, and no official fee to obtain the right; it arises automatically when the conditions are met.

Scraping, the Data Act and the GDPR overlay

For data businesses the live issue is almost always scraping. The database right can be infringed by extracting or re-utilising a substantial part of a protected database, and repeated extraction of insubstantial parts can add up to an infringement where it conflicts with normal exploitation. That makes the right a genuine tool against competitors harvesting your data, and equally a risk if you are the one building on someone else's dataset.

A newer development narrows what some businesses can protect. The EU Data Act (Regulation (EU) 2023/2854), which began to apply in 2025, disapplies the sui generis database right to databases containing data obtained from or generated by the use of a connected product or a related service, in other words much device-generated and Internet-of-Things data. The aim is to stop the database right being used to sidestep the Act's data-access obligations. If your data originates from connected devices or their services, this carve-out may mean the database right is simply not available for that material, so treat it as a priority point to check with local counsel; the boundaries are still settling.

Layered on top is data-protection law. Where the contents are personal data, the General Data Protection Regulation applies independently of any database right, so lawful basis, transparency and the rights of individuals sit alongside the IP question, and clearing one does not clear the other. A scraping practice can be permissible under one regime and unlawful under the other. These questions are decided on national law and specific facts, so treat this as orientation rather than a green light.

Where this leaves a data business

The database right is a powerful but quietly technical protection, and its edges, the substantial-investment test, the term and its renewal, the Data Act carve-out for device data, and the scraping and GDPR overlay, are exactly where businesses come unstuck. For the wider EU IP picture, see our European Union jurisdiction hub.

IPEnvoy is not a law firm and does not provide legal advice; this is general information. Confirm the current position with the national authorities (there is no central EU database-right registry) and a qualified local IP professional. If it would help, IPEnvoy can introduce you to a vetted IP firm in the relevant market to pressure-test whether your dataset qualifies and how best to protect it.

Related

Author: Steffen Hoyemsvoll

Reviewers: pending review