Summary
The EU Data Act—Regulation (EU) 2023/2854—is European legislation that governs who can access and share the data generated by connected products and related services. It aims to make data flow more fairly between businesses, consumers, and the public sector, and to reduce lock-in by giving customers clearer rights to move between cloud and data-processing providers.
What is the EU Data Act?
Adopted in 2023 and applicable from September 2025 (with some staggered transition periods), the Data Act sets out obligations around data sharing in business-to-business and business-to-consumer settings—particularly for IoT and connected devices, where it strengthens users' rights to access and share the data their devices produce. It also includes provisions to ease switching between cloud service providers and to address unfair contractual terms.
A central idea is to set baseline data-sharing terms in law rather than re-negotiating them in every bilateral contract, which lowers the cost and friction of participating in shared data ecosystems and data spaces. For organisations in B2B data-sharing, industrial data, or cloud-switching scenarios, the practical question is which existing contracts are affected by Data Act obligations and which need to change. It overlaps with the GDPR for personal data and with the EU AI Act for systems that process the data involved.
Why is the EU Data Act relevant?
- Fairer data access: Clarifies who may use and share data from connected products and services
- Anti-lock-in: Strengthens rights to switch cloud and data-processing providers
- Terms set in law: Baseline sharing rules in statute reduce per-contract negotiation
- Compliance overlap: Interacts with the GDPR and EU AI Act for data-processing systems