← Back to all briefings

Data Strategy · Credibility 86/100 · · 2 min read

Industrial data strategy — Data Act aftermarket service access readiness

Connected-product manufacturers must unlock user and third-party access to device data by September 2025 under the EU Data Act, demanding API, security, and commercial model changes across mobility, energy, and industrial platforms.

Executive briefing: The EU Data Act requires manufacturers and data holders to provide product users—and the service providers they choose—with access to the data generated by connected devices. From 12 September 2025, Articles 4–6 oblige OEMs to design products and related services so that data is easily accessible, while contractual terms restricting independent repairers or aftermarket innovators become unenforceable. Automotive, industrial IoT, energy, and smart building companies must prioritise API strategies, consent capture, and cyber safeguards to support new sharing obligations.

Compliance checkpoints

  • By-design access. Article 4 requires that products and services be designed to allow data access by default; legacy devices may need firmware updates or edge gateways.
  • Third-party sharing. Article 5 forces data holders to grant access to third parties acting on behalf of users under fair, reasonable, and non-discriminatory conditions.
  • Security and misuse. Article 6 allows refusal of access requests that compromise cybersecurity or trade secrets, meaning denial processes must be documented.

Operational build

  • Catalogue connected products, telemetry schemas, and storage locations to determine which assets require new APIs or data export capabilities.
  • Implement consent management and authentication layers so users can delegate access securely to independent repairers or analytics partners.
  • Establish pricing and compensation models aligned to Article 9 while ensuring nondiscrimination across partner tiers.

Enablement moves

  • Update contractual terms with dealers, maintenance networks, and SaaS providers to reflect Data Act sharing rights and restrictions.
  • Strengthen cybersecurity baselines—segmentation, anomaly detection, and zero trust—so expanded data sharing does not increase attack surface.
  • Educate customer support and legal teams on handling access disputes, denials, and regulatory escalation under Article 10.

Sources

Zeph Tech assists OEMs with Data Act aftermarket strategies—engineering secure APIs, consent flows, and commercial policies that meet the new access rules.

  • EU Data Act
  • Connected products
  • Aftermarket access
  • Industrial IoT
Back to curated briefings