The availability of data has become a key economic driver, particularly with the rise of AI and other data-driven technologies. Yet, companies often remain hesitant to share their data, thus limiting innovation competition and cross-sector collaboration. The European Union aims to address this challenge through its broader data strategy. At the core of this strategy lies the “Data Act” – a landmark regulation intended to foster a fair, accessible, and competitive data economy across the EU. With the application date of the Data Act approaching (12 September 2025), we will be dedicating the upcoming weeks to exploring its key provisions, obligations, and implications.
Two fundamental questions stand at the forefront: What is the Data Act and who has to deal with it?
Broadly speaking, the Data Act applies to several key actors in the data economy:
- Manufacturers of connected products – such as smart vehicles or tools – placed on the EU market
- Providers of related services to the connected products, including apps used to control connected products
- Providers of data processing services, most notably cloud and edge computing providers
The Data Act applies regardless of the manufacturer’s or provider’s place of establishment, as long as the product/service is made available in the EU.
The Act consistently refers to “data” – defined broadly as any digital representation of acts, facts, or information, including compilations thereof, in formats such as sound, visual, or audiovisual content. It generally does not distinguish between personal and non-personal data. However, where personal data is involved, GDPR will take precedence. Similarly, the Data Act applies regardless of whether the product or service is offered to businesses or consumers.
The Data Act is not a comprehensive framework governing all aspects of data access and use. Instead, it introduces a set of targeted regulatory building blocks aimed at fostering a fair and functional data economy. These include provisions on data access and sharing, a prohibition of unfair contractual terms, as well as rules on interoperability and switching rights, particularly for cloud and edge service providers, which we will cover in detail in the upcoming editions of this article-series.
With the applicability of the Data Act being only a few weeks away (12 September 2025), those falling within its scope should begin reviewing and adapting their contracts, internal processes and technical frameworks now in order to to ensure compliance. Particularly with regards to handling data access requests efficiently and lawfully, preparations should already be well underway.
In the next edition of our Data Act article-series, we will take a closer look at the data access obligations, examining the specific responsibilities placed on the data holders. Stay tuned!
Need guidance on the Data Act?
