EU Data Act is now here: This is what you need to know
EU Data Act is now here: This is what you need to know
The EU Data Act went into law last year and is officially applicable since 12.9.2025.
The act is hugely important and potentially far reaching because it governs how digital data is accessed, shared and used right across the European Union. If you are in business, it is likely to affect you one way or another. Its scope runs from data generated by standard connected ‘smart’ products and services, right the way up to industrial scale machinery and technology.
Principally, the act brings new rights over data access to digital consumers whilst mandating new responsibilities to companies whose services generate data. As a user, you’ll enjoy greater access to data that the products you own and services you use generate. In turn, companies need to ensure data is portable, accessible and interoperable like never before.
Put simply: as a consumer, your data will be fully yours to use as you choose.
The act came into force in January 2024, but today it is now applicable. The EU has given companies nearly two years to prepare for this law precisely because its impact has the potential to be so significant. Companies are going to need to review their data storage options to ensure it is accessible and transparent.
These changes will affect how data-focused businesses manage their cloud and storage systems. As a Europe-based company that provides cloud storage solutions on European soil, SpaceTime is ideally positioned to help businesses ensure compliance with the EU Data Act and other regulations. You can contact us for any questions or clarification on how the act will affect your company.
But first, let’s dig into the specifics.
What is the EU Data Act?
The Data Act is part of the EU’s broader digital strategy, which is aimed at setting a new standard in how data is managed and accessible to consumers.
It exists alongside other EU legislation that includes the General Data Protection Regulation (GDPR), the Digital Markets Act (DMA), and the Digital Services Act (DSA).
They each play separate but complementary roles. GDPR focuses on personal data protection, while the Data Act deals with industrial, IoT, and non-personal data. Primarily, it ensures that data generated within the EU can be accessed, shared, and used in fair and transparent ways.
The act was proposed in 2022 to combat the issue of trapping important data in silos, where it is controlled by device makers, service providers and others but not European consumers. Its goal is to turn that situation on its head and encourage new services and products that focus on transparent and accessible data.
Key provisions of the Data Act
The regulation is wide-ranging, but several provisions stand out:
1. Data sharing rights
Users (and that includes businesses as well as individuals) must have the right to access the data generated by their connected devices and services. Manufacturers of IoT products, for example, must ensure that data is not locked away and that it is available to customers in usable forms.
2. Portability and interoperability
The Act strengthens the principle of data portability by requiring cloud and storage providers to support switching between service providers. This includes removing technical and contractual obstacles, introducing standardised interfaces and reducing migration costs. The focus is to make the growing data economy more competitive by reducing vendor lock-in and big company advantages.
3. B2B and B2G data sharing
The act means some businesses may be required to share data with other companies (B2B) or with public authorities (B2G). A smart energy provider might, for example, need to share grid data with other operators, or companies may need to provide data to public bodies during emergencies.
4. Fairness clauses
To protect smaller businesses, the Data Act restricts unfair contract terms in data-sharing agreements. This is designed to prevent large players from exploiting bargaining power and to level the playing field for SMEs and startups.
5. Safeguards for non-EU access
The law includes provisions to prevent unlawful data transfers to non-EU authorities. We’ve covered Europe’s need for digital sovereignty extensively on this blog and this is a further step to reinforce that.
How will it affect your business?
The EU Data Act is likely to touch most companies, but its exact influence will depend on exactly what your business is.
Manufacturers and IoT companies: Products must now be designed to make all generated data accessible to users. This could mean new technical requirements, interfaces, or APIs that allow secure and usable data access.
Cloud and storage providers: Hyperscalers and other cloud providers will need to offer transparent terms and standardised processes. They will need to show that switching to other service providers can be done without excessive technical or financial burden.
SMEs and startups: The Act should empower smaller businesses by providing increased access to data, particularly around IoT and industrial services, which can be used to develop new services. We are excited to see what types of innovation might be born from opening up data that was once limited to incumbents.
The big one: compliance: Adapting to the Data Act requires data flows to be audited, contracts to be updated and systems to be interoperable. The introduction of GDPR was a huge challenge for security and compliance, but now expect to field newer requests for data access and sharing.
Implications for the data economy
The Data Act is more than just a compliance requirement. It signals a shift in how data is valued and shared across Europe and that comes with pros and cons.
Boost competition: Making it easier to switch providers, should mean the act limits vendor lock-in. At Spacetime, we see this provision as central to Europe’s push for open, sovereign infrastructure. Vendor lock-in shouldn’t be the cost of doing business. Customers will gain leverage, and providers will be pushed to compete on service quality, performance, and trust rather than any kind of reliance on capturing users.
Encourage innovation: Access to previously locked data could enable new business models to emerge across industries such as healthcare, energy, and transportation. Look out for tools around optimization of processes or providing greater insights.
Public sector resilience: Away from private sector changes, governments will have new abilities to access data for emergencies and crisis responses.
Digital sovereignty: The Act maintains the EU’s core goal of strengthening its digital independence to ensure that European data is governed under European rules and protected from external interference.
How to prepare: practical steps
There have been nearly two years to get prepared, but if you missed the warning or want to conduct a last-minute check, here are some suggested steps:
Audit your data: Map out what data your company generates, who controls it and how it is currently shared.
Review contracts: Assess whether existing agreements align with the Act’s fairness and sharing provisions.
Plan for portability: Ensure that systems are ready for data migration requests. This may involve adopting standardized APIs and formats.
Strengthen governance: Update internal data policies to account for new rights and obligations.
Conclusion: a more open and competitive data economy
The EU Data Act marks a turning point in Europe’s digital economy. By giving users greater control, breaking down silos and making switching providers easier, it lays the groundwork for a more open and competitive data ecosystem.
The act does bring compliance challenges but there will be opportunities. Businesses that adapt quickly won’t just avoid compliance risk, they’ll be best positioned to build trust, unlock new opportunities, and thrive in Europe’s more open data economy.
If the Data Act impacts your business and you want to review storage options that are available, our team at SpaceTime is happy to answer any questions. We’ve been preparing for this day, and are here to make sure European companies are positioned to take advantage and grow in this new digital economy.
