On September 12, 2025, the Data Act (Regulation (EU) 2023/2854) came into effect, aiming to harmonize rules regarding data access and use throughout the European Union. This regulation introduces significant changes that may greatly impact the functioning of many companies, especially in the sectors of new technologies, IoT, and digital services.
Nature and Objectives of the Data Act
The Data Act aims to support the development of a data-driven economy by:
- Increasing the accessibility and usefulness of data, particularly industrial data,
- Strengthening a competitive data market within the EU,
- Encouraging innovation and the development of new data-based services,
- Ensuring fair access to data among businesses and protecting their rights.
As an EU regulation, the Data Act applies directly in all member states, including Poland, where only procedural matters may be subject to supplementary national rules.
Who Is Covered by the Regulation?
The Data Act applies to a wide range of entities, including:
- Manufacturers of IoT equipment (e.g., smart household appliances, sensors, vehicles),
- Providers of applications and digital services related to that equipment,
- Companies offering data processing services (e.g., cloud computing),
- End users and third parties authorized by users to access the data,
- Public authorities with the right, in justified cases, to request access to data.
Key Definitions
The Data Act contains precise definitions regarding, among others:
- Connected product – a device that collects and communicates data (e.g., IoT devices, household appliances, vehicles),
- Related service – digital services connected to a product, such as remote management software,
- User – the person who owns or uses the product,
- Data holder – the entity responsible for the data from the product or service.
Understanding these terms is essential for correctly applying the regulations.
Main Duties and Rights of Businesses
The Data Act imposes many obligations on businesses but also grants new rights, including:
- The right of product users to obtain data from the product or service in a readable, secure, and structured format,
- The obligation of data holders to promptly provide these data to recipients designated by users,
- Prevention of vendor lock-in practices in data processing services to facilitate provider switching,
- A ban on applying unilateral, unfair contractual terms that limit data usage.
There are certain exceptions and additional rights for small businesses aimed at stimulating their participation in the data-driven economy.
Impact of the Data Act on Businesses
Implementing the Data Act will require many companies to change both internal contracts and policies as well as technical processes related to data sharing and processing. The greatest challenges are expected for IoT manufacturers, related service providers, and data processing service providers (e.g., cloud computing).
The new rules may significantly enhance market competitiveness and open the door to innovative data-driven solutions. At the same time, they constitute a challenge in securing trade secrets and protecting data.
Summary
The Data Act is one of the most important EU digital regulations in recent years, shaping the future of the data-driven economy. Companies should carefully consider the new obligations and rights, prepare organizational and contractual adjustments, and consciously leverage the opportunities provided by the Data Act.