The EU Data Act is coming: stay on top of things with our scoping tool

From 12 September 2025, the EU Data Act (Regulation (EU) 2023/2854) will apply in full. Companies in the EU - including those with existing products - must prepare for new data access and provision obligations. However, before adapting processes, initiating investments or revising contracts, a fundamental question should be answered: Is my company affected?

Self-assessment as the first step towards compliance

Clarifying how you are affected is the central starting point for any Data Act strategy. Our Data Act Scoping Tool supports companies in this initial legal categorisation. It provides structured guidance through the central definitions and obligations of Chapter II of the Act and enables a well-founded self-assessment - even for users without a legal background.

At the end, an individualised assessment report is provided for download. Based on the results, you can decide internally whether you see a need for legal advice, whether structured data act management is required and whether further measures appear sensible. These include, for example, contractual or organisational adjustments, investments in technical interfaces to enable data access or changes to the product design as defined in Article 3 (2) et seq. of the Data Act.

How the scoping tool works

The tool is based on a three-stage scoping approach in line with the Data Act system:

1. Classification of the product and service portfolio: Our tool provides support by asking specific questions to determine whether and which offerings qualify as "connected products", "related services" or "virtual assistants" within the meaning of the legal definitions of Art. 2 Data Act (DA).
2. Identification of relevant data: In the next step, it helps to check whether data generated by the use of these products or services could fall under the access and use rights of the law, as it is "product" or "service data" (so-called "readily available data" according to Art. 2 No. 15, 16 DA).
3. Determination of roles and responsibilities: Finally, our tool helps you to correctly assign the role of "data holder" (Art. 2 No. 13 DA) according to the criteria of the Regulation.

Core obligations and time frame: An overview

As soon as the basic applicability of the Data Act and the affected products or services have been identified, it is important to keep an eye on the specific obligations and their staggered application dates. Based on the assessment report, companies can specifically evaluate whether and when further measures are required:

• Data access "by design and by default" (Art. 3 (1) DA): For connected products and related services placed on the market after 12 September 2026, the obligation to design for data accessibility applies.
• Pre-contractual information obligations (Art. 3 (2) et seq. DA): From 12 September 2025, users must be informed transparently about certain aspects of data generation and use before concluding a contract.
• Data access and onward transfer rights, contract design (Art. 4, 5, 13 DA): The central obligations must also be fulfilled from 12 September 2025. Data holders must grant users access to the data they have (co-)generated upon request (Art. 4 DA) and enable the transfer of this data to third parties designated by the user (Art. 5 DA). These obligations apply to all products and services classified as relevant in the scoping process, including those that were already placed on the market before this date, provided they fall within the scope of application. The contracts concluded in this context must be checked against the requirements of Art. 13 DA - existing agreements may also need to be adapted.
• Protection of trade secrets (e.g. Art. 4 (3) lit. b), Art. 5 (8), Art. 8 (6) DA): Since the data access and disclosure rights generally also include trade secrets of the data holder contained therein, special measures to protect trade secrets should be agreed and implemented from 12 September 2025.
• Regulations for B2B data licence agreements (Art. 8, 9, 13 DA): From 12 September 2025, new requirements will apply to B2B data licence agreements regarding fair, reasonable and non-discriminatory (FRAND) terms and a ban on unfair terms in contracts for data access between companies (Art. 13 DA). An adjustment period until 12 September 2027 is provided for contracts concluded before this date. The European Commission will publish non-binding model contractual clauses for voluntary use by 12 September 2025 (Art. 41 DA), which can serve as a guide.

Conclusion: gain clarity and set the right course now

For companies that want to prepare for the requirements and opportunities of the Data Act, an early and structured assessment of their own impact is essential. Our Data Act Scoping Tool offers an efficient and practical solution for this. It not only supports the initial legal assessment - including for existing products and services - but also provides a basis for strategic decisions with the customised assessment report. This includes investments in technical infrastructure, adjustments to product design and necessary contractual and organisational measures.

The tool is used on the basis of a monthly licence fee of EUR 4,890. This makes the tool ideal for a quick, structured initial assessment - whether as part of internal audits, legal risk analyses or strategic planning. The tool does not replace an individual legal assessment. However, it does provide the necessary basis to start implementing the new requirements in a targeted, legally compliant manner and with a clear strategy.

You can find further details on functionality, target users, and the licensing model in the flyer, which also includes a QR code and direct link to the free demo version (available in both English and German).

Download flyer