Governance Briefing — EU Data Act application date
The EU Data Act applies from 12 September 2025, requiring governance over data sharing requests, switchability, and cloud exit obligations across sectors.
Executive briefing: Regulation (EU) 2023/2854 (Data Act) enters into application on 12 September 2025. Boards must oversee governance structures enabling users to access and share data generated by connected products and related services, respond to public sector requests, and support cloud service switching. The regulation imposes contractual, technical, and organisational requirements affecting manufacturers, service providers, and public bodies.
Key governance signals
- Data sharing compliance. Companies must honour user data access and portability requests, ensuring transparency, security, and non-discrimination.
- Public sector requests. Organisations must establish processes to respond to exceptional need requests from public bodies, including governance over confidentiality and compensation.
- Cloud switching. Providers must support switching and interoperability, with boards overseeing contractual updates and operational readiness.
Action checklist
- Conduct data inventory assessments to map connected product data flows, ownership, and third-party dependencies.
- Update governance policies, contracts, and customer communications to reflect Data Act rights and obligations.
- Prepare operational playbooks for public sector requests, including escalation paths, legal review, and logging.
Enablement moves
- Implement technical capabilities for secure data access, portability, and service switching.
- Integrate Data Act compliance dashboards into board and risk committee reporting.
- Train commercial, legal, and engineering teams on contractual templates, refusal conditions, and dispute handling.
Sources
Zeph Tech helps organisations operationalise the Data Act with governance playbooks covering user rights, public sector requests, and cloud switching readiness.