Policy Briefing — September 12, 2025
The EU Data Act becomes applicable on September 12, 2025, imposing data-sharing, portability, and cloud switching obligations on manufacturers, service providers, and hyperscale platforms across the bloc.
Executive briefing: Regulation (EU) 2023/2854 (the Data Act) applies from September 12, 2025. Connected device manufacturers and digital service providers must enable business and consumer access to usage data, facilitate switching between cloud and edge services, and comply with interoperability and security safeguards for data-sharing requests.
Key policy signals
- Data access rights. Users of connected products and related services gain rights to access, port, and authorize third-party reuse of data generated by their equipment.
- Cloud switching rules. Providers must remove contractual barriers and technical fees that hinder switching, with transition periods for complex platform-as-a-service offerings.
- Public sector access. In emergency scenarios, public bodies can request data from private entities, subject to compensation frameworks and confidentiality obligations.
Operational priorities
- Map data flows. Inventory datasets generated by connected products, identify co-generated data, and prepare standardized access interfaces.
- Review cloud contracts. Update terms to align with switching fee caps, exit support requirements, and interoperability standards mandated by the Data Act.
- Plan for B2G requests. Establish procedures for validating lawful government data requests, including security vetting and compensation calculations.
Sources
- Regulation (EU) 2023/2854 — Data Act
- European Commission: The Data Act
- Clifford Chance: EU Data Act countdown
Zeph Tech is preparing Data Act readiness by cataloging device telemetry, modernizing cloud exit runbooks, and codifying public-sector request playbooks.