top of page

The EU Data Act: Shaping Europe’s Data-Driven Future

  • Antonis Hadjicostas
  • Sep 20
  • 3 min read
ree


Introduction


The EU Data Act (Regulation (EU) 2023/2854) is a landmark regulation in the European Union’s digital agenda. It entered into force on 11 January 2024, and its provisions apply from 12 September 2025. As the second major legislative initiative of the EU Data Strategy (after the Data Governance Act), the Data Act creates a framework for fair access, use, and sharing of data across industries and Member States.


According to the European Commission, the Data Act could add €270 billion to EU GDP by 2028, making it not only a regulatory framework but also a strategic economic driver.


Objectives of the Data Act


ree

  • Empower users of connected products to access and control the data they generate.- Promote fairness in digital markets, particularly protecting SMEs from abusive practices.

  • Facilitate B2B and B2C data sharing to fuel innovation.

  • Enable public authorities to access data in exceptional circumstances.

  • Support cloud portability and interoperability to reduce vendor lock-in.- Safeguard trade secrets, IP rights, and cybersecurity.


Who is Affected?


The Data Act is a horizontal regulation, cutting across industries rather than targeting one specific sector. It applies to:

  • Manufacturers of connected devices (cars, wearables, appliances, industrial machines).

  • Providers of digital services linked to connected products.

  • Data holders and data recipients, including SMEs.

  • Public sector bodies requesting data in exceptional circumstances.

  • Cloud and edge service providers operating in the EU.


This broad scope reflects the EU’s ambition to ensure that all actors in the data economy operate under fair and transparent rules.


Key Provisions


1. User Access to Data from Connected Devices

Users of connected products have the right to access and use the data they generate. Manufacturers must ensure such data is available free of charge, easily, and in real time where feasible. Third parties, such as repairers or aftermarket providers, can also access this data with the user’s consent.


2. Fairness in Data Contracts

The Act prevents large companies from imposing unfair contractual terms on SMEs. Any unilaterally imposed clause that grossly deviates from good commercial practice is invalid. The European Commission provides model contract clauses to support SMEs.


3. Public Sector Access in Exceptional Need

Public authorities may request data in emergencies (e.g., natural disasters, pandemics). Requests must be necessary, proportionate, and fair. Compensation is due except in genuine emergencies, when data must be provided free of charge.


4. Cloud Switching and Interoperability

Customers of cloud services have a legal right to switch providers. Providers must remove technical and contractual barriers to switching. The EU is also developing interoperability standards to enable seamless transfer of data and applications.


5. Safeguards for Trade Secrets, IP, and Security

Data sharing must respect trade secrets and intellectual property rights. Confidentiality agreements and technical safeguards are required, and cybersecurity must not be compromised.


Enforcement and Penalties


Each Member State designates competent authorities to supervise compliance. Penalties must be effective, proportionate, and dissuasive. Dispute resolution mechanisms are foreseen, particularly for contractual disagreements.


Business Implications


  • Manufacturers & IoT Providers → Must adapt products and contracts.

  • SMEs → Gain protection from unfair terms and more access to data.

  • Cloud Providers → Must enable switching and prepare for interoperability standards.

  • Public Authorities → Gain a legal basis for emergency data requests.


Timeline


11 January 2024 → Regulation entered into force.

12 September 2025 → Provisions apply across all EU Member States.

Cloud switching obligations → Phased until 2027.


Conclusion


The EU Data Act is a transformative step in Europe’s digital economy. It empowers individuals, protects SMEs, supports public interest, and promotes fair competition.


Businesses should now:

  1. Map data flows and assess accessibility.

  2. Review contracts for compliance.

  3. Prepare for cloud switching requests.

  4. Strengthen safeguards for IP and cybersecurity.


Those who act early not only comply but also gain a competitive edge in Europe’s new data-driven landscape.

 
 

The material reflected in our website, including Blog material, is for informational purposes only and does not constitute legal advice, consulting, or any other professional advice. Please seek independent professional guidance for your specific needs.

All rights reserved. No part of this work may be reproduced, stored in a retrieval system of any nature, or transmitted, in any form or by any means including photocopying and recording, without the prior written permission of the ENAH Services Ltd. The reproduction or transmission of all or part of the work, whether by photocopying or storing in any medium by electronic means or otherwise without the written permission of the owner is strictly prohibited and the commission of any unauthorised act in relation to the work will result in civil and/or criminal actions. 

bottom of page