The EU's digital single market - new opportunities for you!

1. General information

The EU Data Act is intended to create a European digital data space. The aim is to break up data monopolies in the digital space and regulate fair access and use of data.

The EU Data Act came into force on 11 January 2024 and applies directly in all member states of the European Union from today, 12 September 2025.

2. Basic idea

The basic idea of the EU Data Act is that the data that is within the scope of utilisation of "networked products" and the associated "connected services" are not collected solely from the Data owner (usually the manufacturer), but also the Users should be available. The terms in detail:

• "Connected products": A connected product is a device that collects and provides data about its use or environment (e.g. smart cars, smart home products, smart watches, etc.);
• "Connected services": A connected service is a digital service or software that is connected to a networked product and is necessary for its use, expansion or updating (e.g. smart fitness rings, cloud platforms or IoT platforms: An IoT platform is a special platform that connects and controls devices in the "Internet of Things", regularly building on a cloud platform. It is a network of smart devices or objects - such as mobile phones, medical monitoring devices, robots, motor vehicles, household appliances, conveyor belts, infusion stands - that are equipped with sensors and software to collect and process data.)

The aim is to facilitate access to this data - which until now has usually been exclusively controlled by the manufacturer - and to enable its use by users or third parties (e.g. for maintenance or repairs).

3. What data is covered by the EU Data Act?

The scope of the EU Data Act basically extends to all data generated through the use of networked products and the associated services - regardless of whether it is personal or non-personal data. This does not include the actual content data, but primarily raw and metadata.

While the provisions of the GDPR always apply in addition to personal data, in practice the EU Data Act focuses primarily on non-personal "industrial data" - i.e. data that companies collect when using machines, robots, vehicles or other smart devices.

4. What is the relationship between the GDPR and the EU Data Act?

The EU Data Act supplements the GDPR. However, as soon as personal data is affected, the GDPR Priority. Their requirements may neither be undermined nor relativised within the framework of the EU Data Act.

5. What obligations do data owners have?

To illustrate this, the most important obligations from our point of view are briefly described below:

• Grant data access: Users in the B2C and B2B sectors must be given access to the data generated by products or services.
• Ensure transparency: Before concluding a contract (e.g. purchase, leasing; provider of a connected service), the following information in particular must be provided to the contractual partner in a clear and comprehensible manner: The type, scope, format and frequency of the data that networked products and connected services generate; the options for data access, storage including duration; the identity and contact options of the data controller and the conditions for use and disclosure of the data by third parties. This applies to both the B2C and B2B sectors.
• Data transfer to third parties: Users can request that their data be transferred directly to third parties or other services "free of charge, in the same quality as that available to the data controller, simply, securely, at no cost to the user, in a comprehensive, structured, commonly used and machine-readable format and, where relevant and technically feasible, continuously and in real time" (Art 5 (1) EU Data Act). This regulation also applies to both the B2C and B2B sectors.
• B2B contracts: Contracts between companies must not contain any inappropriate or unfair clauses, such as the unilateral exclusion of liability or the exclusive right to use data. The European Commission has drawn up model contract clauses for this purpose (although these are only available in draft form so far).
• B2C contracts: In contracts with consumers, fair and transparent conditions for the use of data must be regulated - mandatory consumer protection regulations must not be excluded or restricted.

6. Conclusion

The EU Data Act marks a turning point: away from data monopolies and towards more transparency, fairness and innovation. Europe is thus committing itself to a digital single market - and is thus taking one of the most important steps towards harmonisation in decades! Companies gain access to new markets, while users benefit from greater self-determination and more choice.