As of today, 12 September 2025, the Data Act ((EU) 2023/2854) is directly applicable in all EU Member States.
Manufacturers of connected products and providers of related services must share product and service data to users and upon their request, to third parties (even competitors).
Providers of data processing services (such as cloud computing) must enable effective switching of services (including transfer of data & digital assets) to customer’s own IT-infrastructure or a competing service provider on max 2 months’ notice period.
Additional obligations are imposed on manufacturers, other data holders and providers of data processing services gradually during the upcoming transition period.
- As of today, mandatory sharing of data: Data holders must share users (natural and legal persons) of connected products and related services data relating to their use of the product and service.
- Ensure the freedom to operate! Both manufacturers/sellers and customers have strong incentives to revise existing contractual frameworks regarding access and use of product and service data, and new data sharing agreements must be drafted for sharing data with third parties.
- Sellers of connected products and providers of related services must provide potential users with certain pre-contractual information about data generation, storage and access.
- While data holders are required to share also personal data under the Data Act, the legal bases for such personal data processing must be found in the GDPR.
- Although not strictly mandatory, it is highly recommended to include wording on data protection roles and liabilities when drafting data sharing clauses under the Data Act.
- Providers of data processing services must enable effective switching of the service subject to 2 months’ notice period on reduced switching charges as well as meet certain interoperability requirements.
- The Data Act now includes mandatory provisions, which the providers of data processing services must flow down to their customers agreements.
- While the Data Act is directly applicable in the EU, the Member States will nationally designate the competent authorities and impose penalties – in Finland this is still pending.
For more information on the Data Act, please read our previous articles Implementing the Data Act without Clashing with the GDPR? and The Data Act Approved by the European Parliament.
Our Technology, Licensing & Data team members are happy to discuss with you about the implications of the Data Act.
