With ChatGPT by my side, I once again unravelled the mysteries of the Data Act quicker than a sneeze, proving once again that AI can be the ultimate writing buddy!
In our data-driven society, only a few large private companies hold access to the majority of human and machine-originated data. This data bottleneck hinders the full potential of data-driven innovations. Against this backdrop, the EU Data Act (‘DA’) steps onto the stage, tasked with a mighty mission: to bridge the digital divide, turbocharge the data economy, and stir up a more competitive data marketplace by enhancing data accessibility and usability. This ambition is realized through a firm commitment to equitable distribution of data’s value across all market players.
The DA is set to supercharge the European market with a surge of Internet-connected products, weaving a vast tapestry known as the ‘Internet of Things’ (IoT). It empowers users—both individuals and businesses—with increased control over the data these products generate, aiming to spark a surge in innovation, boost competitiveness, and improve interoperability. Furthermore, the Act champions data portability, aims to intensify competition in the EU’s cloud market by shielding businesses from unfair contractual terms, and establishes robust defences to prevent non-compliant access to non-personal data by third-country governments. With these measures, the EU is not just setting rules; it’s setting the stage for a transformed digital landscape.
As September 12, 2025, edges closer—the date the DA takes effect—here at Datastreams we believe it’s crucial for your business to grasp the ramifications of this new legislation on the digital marketplace, and on your operations. This blog not only will unpack the Act chapter-by-chapter but will also highlight how our data management platform can enhance your compliance efforts, by fast-tracking data portability.
Setting the Stage: The What and Why behind the EU Data Act
The EU DA sets a regulatory framework for stakeholders in the digital economy, ensuring user access to product and service data, protecting against breaches, and promoting seamless data service transitions and interoperability (Article 1). These measures aim to foster ethical data use, enhancing transparency and competitiveness in the EU’s digital market. The Act also introduces some interesting new definitions under Article 2, these include:
- ‘Product data’ as retrievable data generated by using connected products,
- ‘Related service data’ as digitized user actions or events linked to the product, and
- ‘Readily available data’ as such data accessible without disproportionate effort.
The DA will apply to all EU Member States, each of which will designate one or more competent authorities to guarantee that the DA is effectively implemented. The DA does not stipulate precise penalties, which are instead determined by these competent authorities, in a manner that is effective, proportionate, and dissuasive.
Relationship with Other EU Legislations
Whilst this blog post focuses only on the DA, it is important to note that this new legislation is heavily interconnected with both the General Data Protection Regulation (GDPR) and the recently enacted Data Governance Act. The latter complements the DA, which provides clarity as to data use and access, as it increases trust in voluntary data-sharing mechanisms.
The relationship with the GDPR is moderately more intricate. While the GDPR deals exclusively with personal data, the Data Act encompasses both personal and non-personal data. Any processing of personal data under the Data Act must comply with the GDPR, requiring a valid legal basis as specified by Articles 6 and 9 of the GDPR and Article 5(3) of the ePrivacy Directive.
Unpacking the EU Data Act: A Chapter-by-Chapter Breakdown
The DA is comprised of seven distinct chapters, including an initial introductory one, which outlines the legislation’s scope and key definitions. The other 6 key chapters will be briefly discussed below, with a focus on data sharing and portability, given that our data management platform can facilitate and guarantee compliance with these provisions.
Chapter II: Business-to-Business and Business-to-Consumer Data Sharing in the Context of IoT
This chapter regulates data sharing between businesses and consumers, covering raw and pre-processed data from connected products or services. It includes personal and non-personal data, like sensor readings, but excludes inferred or derived data. The Act empowers users to access and share generated data, ensuring greater data portability. Users can transfer data to third parties directly or through authorized data holders. Consent is required only for personal data, as data holders can share non-personal data at their discretion.
Ensuring Data Transparency and Protection
The Act mandates data transparency, simplifying user access and providing data for free while restricting data use to prevent competitive abuse. It aligns with GDPR to ensure data protection and encourages data-driven innovation, particularly benefiting smaller businesses. Furthermore, its confidentiality measures can protect trade secrets, and data sharing can be limited to maintain product security.
Chapter III: Rules on Mandatory Business-to business Data Sharing
The Act regulates data sharing where data holders are mandated by law to provide data to other businesses (data recipients). Terms must be fair, reasonable, and non-discriminatory, and data holders may seek reasonable compensation, covering costs and technical expenses, with exceptions for micro-companies, SMEs, and non-profits. Measures to address unlawful data access include ceasing production or seeking compensation. The Act ensures future legislation aligns with its provisions for consistent data-sharing obligations.
Chapter IV: Unfair Contractual Terms
The Act protects businesses, especially SMEs, from unfair contractual terms related to data access, particularly when one party has disproportionate bargaining power. It scrutinizes non-negotiable terms and invalidates those deemed unfair to ensure equitable business-to-business relationships.
Chapter V: Business-to-Government Data Sharing
The Act allows public sector bodies to access private data for tasks in the public interest, including emergencies. Entities that can request access include public sector bodies of Member States and specific EU institutions, bodies, and agencies, which may share data with research organizations under certain conditions. Requests must adhere to strict principles.
Chapter VI: Switching between Data Processing Services
The Act fosters competition by enabling cloud customers to benefit from free and swift transitions, addressing barriers like high charges and interoperability issues. It mandates contractual transparency and ensures data and application functionality continuity during transitions. Open interfaces are required for Platform and Software as a Service providers, and functional equivalence for Infrastructure as a Service providers. From January 12, 2027, all switching charges, including data egress fees, are abolished, promoting provider competition and customer flexibility. During the transition period from January 11, 2024, to January 12, 2027, providers can still levy charges.
Chapter VII: Interoperability
The Act fosters competition by enabling cloud customers to benefit from free and swift transitions, addressing barriers like high charges and interoperability issues. It mandates contractual transparency and ensures data and application functionality continuity during transitions. Open interfaces are required for Platform and Software as a Service providers, and functional equivalence for Infrastructure as a Service providers.
From January 12, 2027, all switching charges, including data egress fees, are abolished, promoting provider competition and customer flexibility. During the transition period from January 11, 2024, to January 12, 2027, providers can still levy charges.
Fast-Tracking Data Sharing with Datastreams
As we approach the implementation of the DA on September 12, 2025, it becomes crucial for businesses to understand and navigate the complexities of this transformative legislation. However, achieving compliance with the new regulations can be daunting. This is where Datastreams steps in as your trusted partner in regulatory technology.
Datastreams offers a no-code platform to streamline data sharing and compliance:
- Effortless Data Sharing: Our platform requires no coding expertise, enabling easy data access and transfer, saving time and resources, and enhancing data management sustainability.
- Enhanced Privacy and Security: We prioritize privacy-focused data management, automatically setting privacy levels and providing multiple control layers to minimize data breaches and unauthorized access.
- Customizable Data Management Services: Our flexible platform allows organizations to build and customize data services to meet specific regulatory and operational needs, ensuring compliant and efficient data sharing processes.
- Seamless Interoperability: Supporting various data formats, our platform ensures easy data sharing and integration with third-party systems, fostering a connected and competitive digital marketplace.
- Regulatory Compliance Made Easy: Datastreams automates compliance with DA regulations, allowing you to focus on core operations while we handle regulatory adherence complexities.
By leveraging Datastreams’ advanced capabilities, your organization can navigate the challenges of the EU DA with confidence and ease. Our commitment to providing high-quality, compliant data services ensures that you can harness the full potential of data-driven innovation, secure in the knowledge that your data is protected and managed according to the highest standards.
Feel free to contact me, and I will be more than happy to answer all of your questions.