Add a bookmark to get started

Levelling the playing field and unleashing the opportunities arising from data and cloud services in the EU

The Data Act introduces rules concerning access and use of connected product and related service data to empower their (B2C or B2B) users, and on switching and interoperability of cloud and edge services to address lock-in scenarios. Amongst other things, the Data Act also contains restrictions applicable to some B2B data sharing terms and obligations relating to public emergency access to data.

On 22 December 2023, the regulation on harmonised rules on fair access to and use of data (Data Act) was published in the Official Journal of the EU. The Data Act entered into force on 11 January 2024. Most of the provisions of the Data Act will become applicable as of 12 September 2025.

Who is in scope of the Data Act

As one of the cornerstone pieces of the European Strategy for Data, the Data Act aims to unlock the full potential of data for the European economy. The Data Act is a wide-ranging and sector-neutral legislation. Due to its horizontal nature, the Data Act regulates several aspects of the data economy and is relevant for many companies.

“The Data Act has an impact on all organisations that deal in one way or another with data, including those producing, offering or using connected products, related services and cloud services.”

What are the main elements of the Data Act

The Data Act focuses on:

  • data sharing obligations for connected product and related service data
  • facilitating switching cloud and edge services and regulating related customer agreements
  • interoperability and minimum requirements for various stakeholders in the data economy
  • restrictions applicable to data sharing agreements in case of data sharing obligations and unfair unilaterally imposed terms
  • data sharing obligation to share data with public bodies in cases of exceptional need
  • non-personal data transfers by providers of cloud and edge services to countries outside the European Economic Area without sufficient protection
Actions to consider

Organisations should assess to what extent their activities are affected by the Data Act. The Internet of Things (IoT) data sharing requirements have direct implications for the manufacturers of connected devices in various sectors. Additionally, these rules also affect related service providers, which may be producing add-on elements to such connected products – such as software companies, providers of sensors and other electronic equipment that are relying on connected products. Following the implementation of these requirements, companies and consumers using connected products and related services will have more opportunities with regard to the use and further exploitation of the data they generated.

Moreover, the rules relating to cloud (and other data processing) services will result in additional rights for customers of cloud services and in more transparent and detailed service agreements. These new requirements are not insignificant, and Cloud service providers should start preparing for them by undertaking early reviews of their cloud contracts and related documentation.

More generally, organisations should also start reviewing their data sharing terms.

Get in touch with your usual DLA Piper contact or our key contacts below for information on how we can assist you with this exercise.