unyer
06/11/2025

The EU Data Act

What is the EU Data Act?

The EU Data Act establishes harmonised rules regarding the fair access to and use of data across digital markets.

Its overarching goal is to Promote competition, innovation and the free flow of data within the EU – with particular attention to data generated by connected (IoT) products and related services. It also introduces obligations for cloud service providers to enable users to switch to other providers easily, quickly and free of charge.

EU Member States must designate competent authorities responsible for supervising and enforcing the Data Act, including determining fines and penalties for non-compliance. Currently, only some Member States have yet to finalise their implementing measures.

 

Is your company affected?

The EU Data Act is applicable to any entity offering such products or services on the EU market, regardless of where it is established:
• Manufacturers and sellers of connected (IoT) products placed on the EU market,
• Providers of related services linked to such products,
• Providers of data processing services, including SaaS, IaaS and PaaS,
• Data holders, including non-EU entities, making data available to EU récipients,
• Public sector bodies and EU authorities that request data in the public interest.

 

What are the main obligations?

For manufacturers and/or sellers of connected products and related services:
• Pre-contractual transparency: Provide users with clear and upfront information on the type of data the product or related service generates.
• Data access: Ensure users can obtain all data generated by their products securely, free of charge and in a user-friendly format.
• Third-party sharing: Upon the user’s request, data must be made available to third parties under fair, reasonable, non-discriminatory and transparent (FRAND) terms.

For providers of data processing and cloud services:
• Facilitate switching: Remove technical and contractual barriers to enable customers to transfer data to alternative providers easily and securely.
• Contractual requirements: Contracts must specify clear provisions on data portability, exit strategies, contract termination, data retrieval and deletion and any switching fees.
• No switching fees: Providers may no longer charge customers for switching to another service provider.

Maximilian Donath
Stefanie Hellmich
Mattia Salerno
Anne Lambert-Favreau

Business Case

discover more
Business Case 23/04/2025
What the European Health Data Space Means for Pharmaceutical Companies
Barbara Kuchar , Petra Artner
Read more Read more
×
Countries covered by unyer
Summary of the privacy policy
Unyer

Cookies - Functions

This cookie is used to store your cookie preferences :
- _moove gdpr pop up .

Web analytics cookies

This website uses Google Analytics for statistical purposes (audience measurement cookies). They make it possible to know how many times a certain page has been consulted. We only use this information to improve the content of our website.

Please find below the cookies used :

– ga : This cookie is used to identify users of the Website via the users’ IP addresses.

– gat : This cookie is used to limit the number of simultaneous requests in order to avoid bugs

– gid : This cookie is used to identify the Website users via their IP address (which are stored 24h)

You can visit Google's privacy page.