The EU Data Act is in force – What companies need to know now
Since September 12, 2025, the EU Data Act has been binding in all member states of the European Union. The regulation marks a decisive step in Europe’s digital transformation. The aim is to make access to and use of data fair, transparent and conducive to innovation – especially for small and medium-sized enterprises, start-ups and new data-driven business models.
What does the Data Act regulate?
The Data Act creates uniform rules for access to and use of data generated by networked devices and digital services. This primarily concerns data generated by the use of products such as machines, vehicles, sensors or smart home devices. In future, this data should no longer remain exclusively with the manufacturer, but should also be made accessible to users and third parties – under clearly defined conditions.
Key points of the Data Act
- Access to data from networked devices
Users of IoT devices – whether private individuals or companies – have the right to access the data generated by their use. They can also pass this data on to third parties, such as repair services or alternative providers. This strengthens user rights and promotes competition in the aftermarket. - Data sharing between companies (B2B) and with consumers (B2C)
The Data Act obliges companies to share data with other companies or end users under certain conditions. Fair, transparent and non-discriminatory conditions must apply. In B2B contexts, appropriate remuneration may be required. - Prohibition of unfair contractual clauses
Contracts that unreasonably restrict access to data or are unilaterally designed in favor of a contractual partner will be deemed invalid in the future. This is intended to protect smaller companies in particular from abuse by powerful market players. - Access for public authorities in exceptional circumstances
In emergencies – such as natural disasters or pandemics – public authorities can request access to certain data if this is necessary to manage the crisis. The requirements for this access are strictly regulated in order to prevent misuse. - Cloud switching and interoperability
The Data Act obliges providers of cloud services to remove technical and contractual barriers to switching to other providers. The aim is to avoid lock-in effects and improve interoperability between different platforms. - Relationship to the GDPR and protection of trade secrets
The Data Act supplements the General Data Protection Regulation (GDPR) without replacing it. Personal data may still only be processed in accordance with the GDPR. At the same time, the Data Act contains protection mechanisms for business secrets and sensitive company data. - Standard contractual clauses and legal clarity
To support implementation, the EU Commission provides model contractual clauses that companies can use when drafting fair data access contracts. These clauses should not be confused with the standard contractual clauses for international data transfers.
Why is the Data Act so important?
Data is considered a key raw material in the digital economy. Until now, however, access to this data has often been restricted – especially for smaller companies that do not have the market power to negotiate fair conditions. The Data Act aims to eliminate these imbalances and create a true single market for data. At the same time, it promotes innovation by enabling new business models based on the use of machine data.
Examples from practice
In future, a farmer will be able to use the data from his networked agricultural machinery to optimize harvest cycles. A machine manufacturer will be able to access performance data from its customers’ systems in order to better plan maintenance intervals. A consumer can pass on their smartwatch data to an independent repair service without having to rely on the manufacturer. All of this is made possible by the Data Act – while safeguarding data protection and business secrets.
What does this mean for companies?
Companies that manufacture networked products or offer digital services need to rethink their data strategies. They should examine what data they collect, how it is stored and processed and under what conditions it must be made available. Existing contracts should also be reviewed for their compatibility with the Data Act.
It is also advisable to design internal processes and IT systems in such a way that data access can be made efficient, secure and traceable. Companies should familiarize themselves with the new requirements at an early stage in order to avoid legal risks and take advantage of opportunities.
How does SYNGENITY® GmbH support you?
SYNGENITY® GmbH supports companies in implementing the EU Data Act – from the initial analysis to the actual implementation. We help you to document your data flows, adapt contracts, check technical interfaces and design internal processes in compliance with data protection regulations. We also keep an eye on the interfaces to the GDPR, the NIS2 Directive and industry-specific requirements.
Our aim is to see compliance not as an obligation, but as a competitive advantage. Because using data fairly and transparently creates trust – with customers, partners and authorities.
Conclusion
The EU Data Act is a milestone for the European data economy. It creates clear rules, strengthens users’ rights and promotes innovation. Companies should use the remaining time until full implementation to strategically position themselves. SYNGENITY® GmbH is at your side as a competent partner.
If you would like to find out more about the Data Act or would like specific support, please contact us.
