Compliance Briefing — June 27, 2023

Executive briefing: On June 27, 2023, the European Parliament and Council negotiators reached a political agreement on the Data Act, establishing new obligations for connected product manufacturers, industrial data intermediaries, and cloud service providers. The deal, announced by the European Commission, creates harmonised rules on data access, switching, interoperability, and safeguards for trade secrets when sharing usage data with business partners or public authorities.

Immediate compliance priorities

• Usage data inventory. Catalogue datasets generated by connected products and related services, classifying which business users, partners, or public bodies may request access under Articles 4–8.
• Contractual refresh. Update customer agreements and partner contracts to reflect mandated access rights, compensation terms, and trade-secret protections specified in the agreement.
• Cloud switching readiness. Prepare migration playbooks, APIs, and notice processes that allow customers to switch providers or port data within the timelines outlined for cloud and edge services.

Control alignment

• Data governance. Embed accountability for handling business user access requests, including validation, logging, and escalation of sensitive or critical infrastructure data requests.
• Security and confidentiality. Implement technical controls that balance mandated data sharing with protection of trade secrets and cybersecurity, aligning with Article 8 safeguards.
• Vendor management. Integrate Data Act requirements into procurement, ensuring downstream processors and cloud providers can satisfy interoperability and switching duties.

Enablement moves

• Launch cross-functional workshops to map business processes and digital twins affected by the new access rights and public-sector request mechanisms.
• Develop customer communications and transparency dashboards describing available data formats, APIs, and redress channels.
• Coordinate with industry alliances to monitor forthcoming delegated acts on interoperability standards and SMEs exemptions.

Sources

• European Commission: Political agreement on the Data Act
• Council of the EU: Council and Parliament strike deal on the Data Act

Zeph Tech supports industrial platform teams with data inventory mapping, portability testing, and regulator-ready governance controls for the EU Data Act.

Related briefings

Curated signals from the same pillar or overlapping topics.

Compliance · Credibility 50/100 · September 12, 2025

Compliance Briefing — September 12, 2025

EU Data Act obligations for data processing services take effect on September 12, 2025, forcing cloud providers to enable contractually guaranteed switching and portability without undue fees.

Compliance · Credibility 89/100 · January 11, 2024

Compliance Briefing — January 11, 2024

The EU Data Act entered into force on 11 January 2024, triggering 2025 deadlines for connected product data sharing, cloud switching, smart contract controls, and safeguards against unlawful foreign access across EU and…

Compliance · Credibility 90/100 · June 26, 2023

Compliance Briefing — June 26, 2023

The International Sustainability Standards Board issued IFRS S1 and IFRS S2, establishing global baselines for sustainability and climate-related financial disclosures effective for 2024 reporting periods.

Compliance · Credibility 89/100 · July 1, 2023

Compliance Briefing — July 1, 2023

Connecticut's Data Privacy Act now governs controllers serving state residents, pressing boards to institutionalise privacy governance, deliver verifiable opt-out and consent workflows, and build mature DSAR operations…

Compliance · Credibility 40/100 · July 10, 2023

Compliance Briefing — EU adopts Data Privacy Framework adequacy decision

The European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework on 10 July 2023, reinstating a legal basis for transatlantic personal data flows to certified U.S. companies.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Third-Party Risk Oversight Playbook — Zeph Tech

  Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.

• Compliance Operations Control Room — Zeph Tech

  Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.

• SOX Modernization Control Playbook — Zeph Tech

  Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.