← Back to all briefings

Data Strategy · Credibility 86/100 · · 2 min read

Data infrastructure alert — EU Data Act smart contract safeguards go live

Article 30 of the EU Data Act takes effect on 12 September 2025, forcing organisations that automate data sharing through smart contracts to implement safe termination, logging, and access controls across their middleware stacks.

Executive briefing: The EU Data Act (Regulation (EU) 2023/2854) applies from 12 September 2025, and Article 30 introduces mandatory safeguards for smart contracts used to automate data sharing. Enterprises operating data spaces, connected-product ecosystems, or industrial data exchanges must ensure smart contracts include kill switches, access management, and resilience mechanisms before that date. Without compliant safeguards, businesses risk enforcement actions and suspension of automated data pipelines relied upon by partners.

Compliance checkpoints

  • Access controls. Article 30(2)(a) requires mechanisms to prevent unauthorised access or functional changes, demanding code reviews, role-based permissions, and secure key custody.
  • Safe termination. Article 30(2)(b) mandates the ability to terminate smart contract execution, including when agreed conditions change or vulnerabilities appear—organisations must embed controllable stop functions.
  • Audit trails. Article 30(2)(c) obliges recording of operations to provide traceability and evidence for regulators and commercial partners.

Operational build

  • Inventory every smart contract that mediates B2B or B2C data sharing across platforms, noting protocols, dependencies, and service integrators.
  • Design automated emergency stop tooling with multi-party approval workflows to satisfy Article 30 while minimising downtime.
  • Instrument structured logging, tamper-evident storage, and monitoring for contract execution to support investigations and transparency duties.

Enablement moves

  • Engage engineering, legal, and commercial teams to update contractual terms referencing Article 30 controls and liability splits.
  • Conduct penetration testing and adversarial simulations on smart contract infrastructure, documenting remediation prior to go-live.
  • Align smart contract governance with ISO/IEC 27001 change management and incident response controls to streamline audits.

Sources

Zeph Tech helps connected-product and data-space operators retrofit smart contracts for Data Act compliance—engineering safe termination controls, logging, and governance models.

  • EU Data Act
  • Smart contracts
  • Data sharing
  • Access controls
Back to curated briefings