European Parliament Adopts Data Act Negotiating Position

The European Parliament adopted its position on the Data Act on 14 March 2023, endorsing full measures to make data generated by connected devices more accessible to users and downstream service providers. The text strengthens safeguards for trade secrets, adds interoperability requirements for cloud and edge services to enable switching without undue fees, and introduces restrictions on governmental access to data.

The vote set Parliament's mandate for trilogues with the Council and Commission, influencing obligations manufacturers and cloud providers will face once the regulation is finalized. Product and data teams should monitor final negotiations to anticipate access-right workflows, switching timelines, and contractual updates needed for European customers.

Key Parliamentary Amendments

Parliament's position introduced several significant changes to the Commission's original proposal. The amendments strengthen user access rights by requiring manufacturers to provide data in standardized, machine-readable formats within specific timeframes. Trade secret protections were improved with clearer criteria for when data holders can refuse access requests to protect commercially sensitive information.

Cloud switching provisions were strengthened with specific requirements for data portability between service providers. Parliament added provisions for interoperability requirements ensuring cloud services can exchange data smoothly. The text also introduced limits on switching fees and mandated transition periods for customers moving between providers.

Connected Product Obligations

Manufacturers of connected products face new design requirements ensuring data accessibility from the point of product development. Products must be designed to allow users to access their data directly or share it with third-party service providers. This applies to IoT devices, industrial equipment, connected vehicles, and smart home systems.

The Parliament's position requires manufacturers to provide clear information about data generation, access mechanisms, and third-party sharing options before purchase. Technical documentation must specify data formats, access interfaces, and security measures for data retrieval.

B2B Data Sharing Framework

The Data Act creates obligations for business-to-business data sharing when data holders possess non-personal data valuable to downstream service providers. Parliament's amendments clarified conditions under which data holders must share data, including reasonable compensation mechanisms and safeguards against competitive harm.

Contractual negotiations between businesses must comply with fairness requirements preventing dominant parties from imposing one-sided terms. The position includes provisions addressing situations where small and medium enterprises need protection against unfair data access conditions imposed by larger counterparties.

Public Sector Data Access

Government bodies can request data from private entities under exceptional circumstances including public emergencies, statistical purposes, and official policy development. Parliament introduced additional safeguards requiring proportionality assessments, purpose limitation, and restrictions on cross-border data sharing with authorities outside the European Union.

Compensation provisions ensure businesses receive fair remuneration when public authorities request significant data volumes outside emergency situations. The position establishes oversight mechanisms for monitoring public sector data requests.

Key considerations

If you are affected, begin preparing for Data Act compliance by auditing connected product portfolios and data flows. Technical infrastructure supporting data access requests requires development, including APIs, authentication systems, and data formatting capabilities.

Contract reviews should identify agreements requiring amendment to comply with fairness requirements and switching provisions. Cloud service agreements in particular need evaluation against new portability and interoperability obligations.

• European Parliament press release summarizes the adopted amendments and goals.
• Commission proposal provides the baseline articles on data sharing, cloud switching, and public sector requests.

How to implement

Successful implementation requires a structured approach that addresses technical, operational, and organizational considerations. Organizations should establish dedicated implementation teams with clear responsibilities and sufficient authority to drive necessary changes across the enterprise.

Project governance should include regular status reviews, risk assessments, and stakeholder communications. Executive sponsorship is essential for securing resources and removing organizational barriers that might impede progress.

Change management practices help ensure smooth transitions and stakeholder acceptance. Training programs, communication plans, and feedback mechanisms all contribute to effective change management outcomes.

How to verify compliance

Compliance verification involves systematic evaluation of implemented controls against applicable requirements. Organizations should establish verification procedures that provide objective evidence of compliance status and identify areas requiring remediation.

Internal audit functions play an important role in providing independent assurance over compliance activities. Audit plans should incorporate risk-based prioritization and coordination with external audit requirements where applicable.

Continuous compliance monitoring capabilities enable early detection of control failures or compliance drift. Automated monitoring tools can provide real-time visibility into compliance status across multiple control domains.

Supply chain factors

Third-party relationships require careful management to ensure compliance obligations are properly addressed throughout the vendor ecosystem. Due diligence procedures should evaluate vendor compliance capabilities before engagement.

Contractual provisions should clearly allocate compliance responsibilities and establish appropriate oversight mechanisms. Service level agreements should address compliance-relevant performance metrics and reporting requirements.

Ongoing vendor monitoring ensures continued compliance throughout the relationship lifecycle. Periodic assessments, audit rights, and incident response procedures all contribute to effective third-party risk management.

Planning notes

Strategic alignment ensures that compliance initiatives support broader organizational objectives while addressing regulatory requirements. Leadership should evaluate how this development affects competitive positioning, operational efficiency, and stakeholder relationships.

Resource planning should account for both immediate implementation needs and ongoing operational requirements. Organizations should develop realistic timelines that balance urgency with practical constraints on resource availability and organizational capacity for change.

Monitoring approach

Effective monitoring programs provide visibility into compliance status and control effectiveness. Key performance indicators should be established for critical control areas, with regular reporting to appropriate stakeholders.

Metrics should address both compliance outcomes and process efficiency, enabling continuous improvement of compliance operations. Trend analysis helps identify emerging issues and evaluate the impact of improvement initiatives.

Where to go from here

Organizations should prioritize assessment of their current posture against the requirements outlined above and develop actionable plans to address identified gaps. Regular progress reviews and stakeholder communications help maintain momentum and accountability throughout the implementation journey.

Continued engagement with industry peers, professional associations, and regulatory bodies provides valuable opportunities for knowledge sharing and influence on future policy developments. Organizations that address emerging requirements position themselves favorably relative to competitors and build stakeholder confidence.

Iterate and adapt

Compliance programs should incorporate mechanisms for continuous improvement based on lessons learned, emerging best practices, and evolving requirements. Regular program assessments help identify enhancement opportunities and ensure sustained effectiveness over time.

Organizations that approach this development strategically, with appropriate attention to governance, risk management, and operational excellence, will be well-positioned to achieve compliance objectives while supporting broader business goals.

Similar analysis

Additional analysis covering similar themes.

Policy · Credibility 71/100 · May 11, 2023

EU Parliament committees clear AI Act negotiation mandate

EU Parliament committee mandate for AI Act negotiations in May 2023 set the parameters for trilogue. Foundation model provisions and prohibited practices were key issues.

Policy · Credibility 71/100 · September 12, 2023

European Parliament Adopts Cyber Resilience Act Position

The European Parliament approved its negotiating position on the Cyber Resilience Act on 12 September 2023, backing mandatory security requirements and vulnerability handling obligations for connected products.

Policy · Credibility 71/100 · December 8, 2023

EU Institutions Reach Political Agreement on the AI Act

After years of debate, the EU AI Act reached political agreement. The framework bans certain AI uses like social scoring, mandates conformity assessments for high-risk systems, and creates transparency rules for…

Policy · Credibility 92/100 · February 8, 2022

European Chips Act Proposal Unveiled

The European Commission’s 8 February 2022 Chips Act package pushed semiconductor teams to prioritize operational resilience, governance, and sourcing alliances across the EU value chain.

Policy · Credibility 92/100 · June 4, 2021

EU Updates Standard Contractual Clauses

The European Commission adopted new modular Standard Contractual Clauses for GDPR-compliant international data transfers following Schrems II.

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• AI Policy Implementation Guide

  Coordinate governance, safety, and reporting programmes that meet EU Artificial Intelligence Act timelines and U.S. National AI Initiative Act mandates while sustaining product…

• Digital Markets Compliance Guide

  Implement EU Digital Markets Act, EU Digital Services Act, UK Digital Markets, Competition and Consumers Act, and U.S. Sherman Act requirements with cross-functional operating…

• Semiconductor Industrial Strategy Policy Guide

  Coordinate CHIPS and Science Act, EU Chips Act, and Defense Production Act programmes with capital planning, compliance, and supplier readiness.

Coverage intelligence

Published

March 14, 2023

Coverage pillar

Policy

Source credibility

71/100 — medium confidence

Topics

Data Act · Data Access · Cloud Interoperability · European Union

Sources cited

2 sources (iso.org, crsreports.congress.gov)

Reading time

5 min

Further reading

1. Industry Standards and Best Practices — International Organization for Standardization
2. Congressional Research Service Analysis