EU Data Act: Why the new EU regulation will also change your work

The EU Data Act (Regulation (EU) 2023/2854) is a new regulation that opens up many opportunities but also requires some adjustments. In this 5-part blog series, we would like to summarize the most important content in a clear and concise manner.

But what exactly is behind the Data Act? It forms a central component of the European data strategy. The regulation has been in force throughout the EU since 12 September 2025 and introduces comprehensive rules for the handling of data. It aims to distribute the value of data more fairly, promote innovation and create a more level playing field. This new EU regulation will also change the way you work: legal departments, lawyers and companies must adapt to new rights and obligations in data handling.

What does the EU Data Act say?

This regulation creates a framework for fair and transparent data use. The key points include:

• Data access rights for users: Users of networked devices and services are given the right to access the data they generate and to share it with third parties. Manufacturers and providers must provide technical interfaces (APIs) for this purpose.
• Fair data sharing between companies: Companies must share data with other companies on fair, reasonable and non-discriminatory terms. Abusive contractual clauses that unilaterally restrict data access will be invalid.
• Switching between cloud providers: Cloud providers must make it easy to switch providers. Vendor lock-in practices – technical or contractual barriers that tie customers in – are prohibited. From 2027 at the latest, switching fees may no longer be charged.
• Data access for authorities: In certain exceptional cases, authorities will be granted access to company data, for example to enable them to act more quickly in crisis situations.
• Protection of trade secrets: No obligation to disclose data if this would jeopardize legitimate trade secrets or security interests. The Data Act thus balances data access and confidentiality protection.

Impact on your practice

For companies, legal departments, and law firms, the Data Act means a considerable need for adjustment. Many processes and contracts will have to be revised to ensure compliance. Important implications include:

• Revising contracts: Existing contracts (terms and conditions, customer contracts, etc.) should be reviewed for clauses relevant to the Data Act and amended accordingly. Contracts must not contradict the new data access and usage rules.
• Prepare technical implementation: Together with IT, interfaces for data exchange must be created so that users can access their data.
• Set up internal processes: Clear procedures are necessary to process requests for data disclosure from users or authorities quickly and in compliance with the law. Responsibilities should be clearly defined and processes documented so that a rapid response is possible in an emergency.
• Combine data protection and confidentiality: The new obligations must be reconciled with existing data protection laws (GDPR) and the protection of trade secrets. Personal data may need to be anonymized without undermining users' rights to information.
• Train employees: Specialist departments, IT and legal teams should be informed and trained about the new regulations. Only if all those involved are familiar with the Data Act rules can errors and sanctions be avoided.

Sanctions for violations

From 12 September 2025, supervisory authorities will be able to impose fines for violations. These can be up to £18 million or 4% of global annual turnover. This high level of penalties shows that companies should take the Data Act seriously. Violations can not only be expensive but also damage a company's reputation. It should also be noted that civil law claims may be brought by contractual partners or users if data access rights are not granted.

Opportunities for companies

In addition to obligations, the Data Act also brings opportunities. Fair data access and greater transparency enable companies to develop new data-based business models and work more efficiently. Smaller companies in particular benefit, as they now have access to data that was previously reserved for large corporations. The Data Act promotes innovation and competition. Those who take advantage of the opportunities early on gain competitive advantages, minimize risks and lay the foundation for making their company fit for the future.

Conclusion

The EU Data Act fundamentally changes how data is handled and will also affect your legal work. Companies should start looking into the new requirements now at the latest and make the necessary adjustments. Those who act in good time will not only minimize the risk of sanctions, but can also actively promote the digital transformation of their business. Although the Data Act requires effort and a change in thinking, it also offers great opportunities for those who implement it proactively.

In the upcoming posts in this blog series, we will show you step by step what new rights and obligations you will face and how you can best take them into account in practice.

________________________________________________________________________________________________________________________________

More on this topic: An overview of our blog series for you (coming soon):

• Part 2 - EU Data Act from September 2025: What you need to know
• Part 3 - Which contract clauses will become problematic with the EU Data Act and what you should pay attention to
• Part 4 - From risk to opportunity: How the EU Data Act opens up new possibilities
• Part 5 - Using legal tech for a Data Act compliance check: How Contract Insights provides support