Policy Briefing — EU Data Act obligations begin applying

Executive briefing: The EU Data Act enters into application on 12 September 2025. Data holders for connected products and related services must enable user access and sharing on fair, reasonable, and non-discriminatory terms, support B2G requests in emergencies, and provide safeguards against unlawful third-party use. Cloud providers must support switching and functional equivalence when customers migrate workloads.

What changes now

• User and third-party access. Product and service data must be made available via transparent terms and machine-readable interfaces; gatekeeping or pretextual delays breach Articles 4–5.
• Cloud switching. Providers must remove technical and commercial barriers to exit, publish switching processes, and phase out egress fees under Articles 23–24.
• Public-sector requests. Competent authorities can compel access for public emergencies under Articles 14–22 with compensation and confidentiality controls.

Program actions

• Inventory connected products and services sold in the EU, mapping telemetry flows and contractual data-holder roles.
• Publish FRAND-aligned access terms, rate limits, and API documentation, and ensure lawful basis review for third-party recipients.
• Update cloud contracts and playbooks with switching timelines, egress charge removal plans, and functional equivalence test cases.
• Establish a B2G request triage process covering authentication, necessity checks, and compensation calculations.

Sources

• Regulation (EU) 2023/2854 (Data Act), OJ L 2023/2854, 22.12.2023
• European Commission Data Act policy page