The EU Data Act officially came into force, marking a significant step in Europe’s digital strategy. The regulation, first proposed in 2022, sets out harmonised rules for accessing and sharing data generated by connected devices, such as cars, smart TVs, and industrial machinery.
The core principle of the Act is to give anyone using a connected device access to the data it produces. The regulation authorises users to share this data with third parties, allowing independent repair companies to compete with manufacturers, potentially reducing costs and extending device lifespans. It also prohibits unfair contracts that could prevent data-sharing.
For Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, this regulation “empowers users, opens markets, and gives businesses the data they need to create innovative services, from smarter vehicle repairs to new energy-efficiency solutions”. She emphasised the Commission’s commitment to helping companies adapt to the new rules, reducing administrative burdens, and turning data into real opportunities for people and businesses across Europe.
The Data Act empowers users, opens markets, and gives businesses the data they need to create innovative services, from smarter vehicle repairs to new energy-efficiency solutions. — Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy
Industry: Stop the clock
In August, a coalition of European companies and trade groups, including SAP, Siemens, Schneider Electric, and Digital Europe, called for a postponement. In a letter, addressed to President von der Leyen and EU Commissioners, they warned that immediate enforcement could disrupt artificial intelligence development and hamper Europe’s competitiveness.
They argued that the Data Act’s broad scope and legal uncertainty, combined with operational demands on IT systems and contracts, could create significant strain for businesses. “Europe already leads in connected products and industrial services. Yet companies across sectors—from manufacturing to transport, energy, mobility and healthcare—face disproportionate burdens”, the letter reads. The group urge a two-year delay and a thorough review as part of the Commission’s upcoming digital package.
Companies across sectors—from manufacturing to transport, energy, mobility and healthcare—face disproportionate burdens. — Letter from coalition of European companies and trade groups addressed to the Commission
EU Tech Commissioner Henna Virkkunen has rejected calls to postpone the law. She affirmed the Commission’s commitment to a “smooth and effective rollout” and emphasised cooperation with member states to support consistent implementation.
In the past, several CEO’s had called for “urgent rethink on Data Act”. Bernd Montag, CEO of Siemens Healthineers, cautioned that the proposal could “compromise cybersecurity by overriding current safety requirements for medical devices”.
You might be interested
Roland Busch, CEO of Siemens AG, framed the debate in economic terms, saying Europe’s digital sector is a “major driver of economic growth”. He added that the EU Data Act should help by “avoiding legal uncertainty; by protecting sensitive data; by safeguarding trade secrets; and by advancing cybersecurity”.
European Business Associations urge a strong Data Act
In response, a coalition of European Business Associations stated that the lobbying efforts to delay the Act “risk weakening the ability of the Data Act to foster a fairer, more open, and more competitive European data economy”. The alliance called the regulation “essential to unleash the innovative potential of small and medium-sized enterprises (SMEs) and Small Mid-Caps”.
The same group of SMEs and smaller digital enterprises have shared a letter titled “European Business Associations Urge Strong and Ambitious Implementation of the Data Act”. They stressed that the regulation is crucial for fair competition. It enables SMEs to port data to third parties, protecting them from unfair contract terms and preventing dominant providers from locking users into closed ecosystems.
National authorities facing challenges
Despite this, implementation challenges at the national level remain. The regulation will be enforced by a designated competent authority in each member state. However, many national authorities are still not fully empowered to enforce the law. Companies operating in multiple countries fall under the authority of the country where their main establishment is located.
To support these processes, the European Commission has set up an European Data Innovation Board and a dedicated helpdesk. Non-compliance can result in fines of up to €20m or 4 per cent of the company’s total worldwide annual turnover.
