On 12 September 2025, the Data Act (Regulation (EU) 2023/2854) comes into effect across the European Union, marking a decisive step in the implementation of the European Data Strategy. Positioned alongside the GDPR, the Data Governance Act, the Digital Markets Act and the Digital Services Act, the Data Act completes the EU’s legal framework for the data economy by focusing on non-personal and industrial data generated by products and related services. At its core, the Act sets harmonised rules on who can access and use such data, under what conditions and for what purposes. “Connected products” – ranging from IoT-enabled consumer devices (smart home appliances, wearables, connected cars) to industrial equipment and professional tools that continuously or periodically communicate data via the internet – must be designed to allow users to access and share the data they generate.
How the Data Act interacts with the DMA
The Data Act and the Digital Markets Act (DMA) are closely connected but serve distinct purposes. The DMA defines large online platforms as “gatekeepers” based on size and market presence, while the Data Act sets rules for accessing and using data generated by connected products and related services. Crucially, it explicitly excludes designated gatekeepers from benefitting from these new data-sharing obligations, to prevent further concentration of market power. In this way, the two regulations work hand in hand: the DMA specifies market dominance by designating “gatekeepers,” the Data Act introduces new data rights which empower users and smaller players to take better control of data. By explicitly excluding gatekeepers, the Data Act prevents them from extending their dominance through further data access.
Entities subject to compliance
• Manufacturers of connected devices (IoT products) placed on the EU market, regardless of where they are based, must comply. Non-compliance may lead to administrative sanctions imposed by national authorities.
• Providers of digital services – such as cloud computing, smart contracts, virtual assistants, audiovisual content, digital intermediation, and data brokerage – are also covered, whenever their services reach EU consumers.
Key obligations
The Act introduces new rights and obligations around data access and sharing:
• Users of connected products must be able to access the data they generate, and to share it with third parties of their choice.
• Devices must be designed to facilitate data access and portability.
• Switching between cloud providers must become seamless, thanks to new interoperability and portability rules.
• Data holders must make data available in specific formats, against reasonable compensation, with dispute-resolution mechanisms in case of refusal.
• Public sector bodies may request private-sector data in exceptional cases of public interest, such as emergencies.
Benefits and opportunities
The Data Act aims to increase trust, transparency, and innovation by:
• Broadening data availability for businesses, users, and the public sector.
• Preventing unfair contractual imbalances in data sharing.
• Fostering innovation and competitiveness by facilitating switching between providers.
Looking ahead
The Data Act doesn’t just set compliance obligations – it defines how businesses can legally access and use connected product data, driving innovation, interoperability, and more predictable operations across the European market. While the Act applies from 12 September 2025, product design requirements will only take effect one year later, giving companies time to adapt their products and compliance strategies.
Edited by Andreas Tsoufis