EU regulation

Data Act (EU Data Regulation)

The Data Act (Regulation (EU) 2023/2854) governs access to and sharing of data from connected products and related services, and has applied since 12 September 2025.

Key obligations

Enable data access for the user
The user is entitled to access the product data; the data holder must make it available on request. The role determines who may request and who must supply.
Share data with a third party of choice
At the user's request, the data holder must supply data to a third party in a commonly used, machine-readable format under FRAND terms.
FRAND compensation and transparency
Art. 8-9: compensation for data sharing must be cost-based, transparent and non-discriminatory; for SMEs/non-profits, only the direct costs may be charged.
Remove unfair contract terms
Art. 13 prohibits unilaterally imposed unfair terms between businesses; clauses that block access or price it unreasonably may be void.
Support cloud switching
Providers of data processing services must support switching to another provider and may not impose lock-in clauses.
Protect trade secrets with justification
Art. 4-5: a trade secret is no carte blanche to refuse sharing; mark the data in advance, provide justification, and refuse only exceptionally where there is demonstrable serious harm, with notification to the supervisory authority.

Follow this topic

Get an email whenever something changes here. No account needed; confirm by email (double opt-in).

We use your email address only to send updates about this topic. You can unsubscribe at any time. See our privacy policy.

← Back to Trusq