EU Data Act operational impacts: Introducing the Data Act

The latest installment in Brussels' ever-growing catalogue of laws, the EU Data Act became applicable 12 Sept. 2025. 

Over time, EU regulators have sharpened their focus on empowering users, anchored in a fundamental rights approach while ensuring fair market conditions. The EU General Data Protection Regulation marked a turning point, embedding human centrality in data governance and reflecting both rapid digitalization and growing awareness of individual rights. The Data Act builds on this trajectory, aiming to make more data available to individuals, businesses and the public sector while ensuring that access empowers users by giving them greater control over the data they generate.

This is the first article in a multipart series addressing the top operational impacts of the Data Act. It sets the scene: what led to the creation of the Data Act, its objectives, the negotiation backdrop, how it fits within the EU's digital rulebook, and what it means for an organization's compliance journey. The remaining articles in the series will explore some of the Data Act's key pillars and what they mean in practice.

At its core, the act reflects the EU's single-market vision and seeks to boost Europe’s digital economy by making industrial and Internet of Things data more accessible and usable. It grants users of connected products, and their chosen third parties, rights to access and share the data they generate with safeguards for trade secrets, intellectual property and reasonable compensation for data holders. 

Beyond user rights, the act aims to level the playing field by strengthening cloud portability and reducing vendor lock-in, restraining unfair contract terms, allowing public authorities to request private-sector data in exceptional circumstances such as emergencies, and promoting interoperability to enable seamless cross-border and cross-sector data flows, all while protecting against unlawful third-country access to non-personal data.