The Data Act: A new era for the data economy

The EU Data Act sets a new standard for a regulated data economy, empowering customers with greater ownership of their data.

In brief

• The EU Data Act empowers organizations and individuals with greater control over data from connected devices and cloud-based services.
• Compliance requires new processes for data access, sharing and supplier switching, with significant penalties for non-compliance.
• The Data Act legally prohibits supplier lock-in in the cloud, requiring providers to let customers switch services easily and at no cost.

The digital economy is evolving, and the EU Data Act is at the forefront of this transformation. As organizations generate and depend on ever-growing volumes of information, we reach a tipping point—up to a point, a data economy is born. This Act ensures that individuals and businesses have greater control over the information produced through their use of connected devices, device-managing platforms, and cloud-based services. This legislation is more than a regulatory milestone, it’s a catalyst for new ways of handling customer data, transparency, and ownership.

The scope of the Data Act is broad. It covers connected devices like smart devices, sensors and vehicles, the software and platforms that support them, and a wide range of data processing services, including cloud storage and SaaS solutions. The Data Act introduces two central obligations: enabling users of connected devices and their supporting applications to access the data generated through their utilization, or to receive a readable copy of it; and allowing customers of cloud-based services to switch service providers without friction or loss of data integrity, while legally prohibiting vendor lock-in.

For most organizations operating in or with the EU, these requirements mean re-designing in-scope products and services in a way that ensures data exportability and interoperability of functionalities. The Data Act applies to manufacturers, providers, and resellers who serve EU citizens or store relevant data within the EU, with some exemptions for smaller businesses.

Meeting these obligations involves several practical steps:

• Assessing which products, services, and contracts are in scope
• Documenting all the functional data generated by these services, including their nature, format and storage location
• Providing clear, upfront information to users about the data generated by the service along with certain metrics such as volume of collected data or frequency of collection
• Clarifying roles and responsibilities in complex supply chains for the provisioning of services
• Reviewing and updating contracts to reflect new customer rights and responsibilities
• Establishing robust processes for handling data-sharing and supplier-switching requests

While the path to compliance is straightforward in principle, it can present real challenges. Organizations may need to interpret complex definitions and requirements, coordinate across multiple teams, review their business models excluding exit fees and customer lock-in strategies, and adapt IT systems to ensure “data accessibility by design”. Balancing the openness required by the Data Act with the need to protect intellectual property and commercial interests is another key consideration.

While not legally confirmed yet, penalties for non-compliance are expected to be significant - up to €20 million or 4% of global annual turnover - making it essential for leaders to act with urgency and foresight. But the Data Act is also an invitation: to build trust and transparency with customers and partners, and re-shape business decisions as centered around services and customers

For organizations that embrace the spirit of the Data Act, the rewards go beyond compliance. This is an opportunity to build trust in relationships with customers, reinforce a culture of customer-owned data, and position your business for success. As the digital landscape continues to evolve, those who act thoughtfully and decisively will position themselves optimally.