EU Data Act Calls for Multidisciplinary Approach From Business

The EU Data Act is designed to increase accessibility to, and sharing of, data across the EU, particularly from connected products and services. Businesses have until Sept. 12, when the act becomes applicable, to adapt their operations to ensure compliance and embrace the full potential of a well-regulated data economy.

Preparing for the Data Act requires a multidisciplinary approach combining legal, technical, and strategic knowledge. Organizations that act now to align their governance, infrastructure and contracts will be best positioned to thrive in the new data-driven landscape.

The act aims to foster a more open and competitive digital market, unlocking data-driven innovation and facilitating fairness in data sharing. It grants users the right to access and share data generated by their products, leading to improved business insights and operational efficiency.

It also supports EU digital sovereignty by promoting secure and fair data practices, especially in cases where data has traditionally been retained for competitive advantage.

For example, a manufacturer of connected industrial machines collects performance and usage data from sensors. Previously, only the manufacturer could access this data, limiting customers’ ability to use third-party services. The Data Act gives users the right to access and share this data freely, breaking vendor lock-in, promoting fair competition, and empowering European businesses to make full use of their own data.

Investing in robust data governance capabilities and seeking guidance will help businesses facilitate readiness and turn compliance into a strategic advantage.

Possibilities and Challenges

Improved access to data enables higher-quality product insights, better informed decision-making, and increased efficiency. For example, automotive manufacturers can leverage real-time usage data to optimize vehicle performance and maintenance.

However, implementation of the Data Act means businesses must revisit their data strategies to ensure their product designs support data access obligations. This requires close cooperation between manufacturers and service providers to ensure interoperability.

The act’s broad scope means all devices and systems in the value chain must be reviewed. Companies should also seek to protect their intellectual property and trade secrets while maintaining compliance, which could require careful balance of competing interests.

Ensuring Compliance

A successful and compliant strategy in response to the Data Act requires a coordinated and cross-functional approach.

Legal and compliance teams will play a crucial role in ensuring that contracts and policies align with the act’s requirements. Chief information officers and IT security teams must facilitate secure and structured data access while promoting interoperability.

Product design teams are responsible for developing connected products that meet data-sharing obligations. Data governance and analytics teams must ensure that data is accurately classified, accessible, and traceable.

Tax professionals should also be aware of the potential implications of the Data Act, particularly in areas where data access and sharing intersect with transfer pricing, digital reporting obligations, and tax technology systems. Collaboration across these roles is essential to ensure compliance and unlock strategic value.

To effectively navigate the act’s complexities and position themselves for success, companies should be proactive and implement these steps now to ensure compliance.

Data access and sharing obligations. Connected products must be designed to allow data access. If access isn’t readily available, users have the right to request it or share it with a third party. In return, data holders may request fair and reasonable compensation.

There may be legal consequences if access is unjustifiably denied. Companies must revise contracts, licenses, and terms of service to avoid unacceptable restrictions on data access.

Fairness in data contracts. Safeguards against unfair contractual terms will be introduced, particularly in cases of power imbalance—such as small and medium-sized entities negotiating with larger corporations. Businesses should review their contracts to ensure transparency and fairness, as exploitative clauses may be deemed unenforceable.

Data portability and cloud switching. Facilitating the switch between cloud and similar data processing services is a key objective. The Data Act aims to set minimum requirements for service contracts, including the gradual elimination of switching fees and lock-in clauses.

Interoperability is key, requiring standardized application programming interfaces and automated export tools, which could require significant updates to legacy systems. Product and system designs should be assessed to ensure they support data access and interoperability.

Alignment with General Data Protection Regulation and other EU data laws. The Data Act will complement the GDPR by focusing on nonpersonal and industrial data while ensuring that sharing personal data remains GDPR compliant.

The Data Act states that it won’t affect the application of the GDPR while also aligning with the Data Governance Act and the Digital Markets Act, with the aim of forming a coherent legal framework for data access, sharing, and interoperability.

Businesses must assess their data strategies to avoid regulatory blind spots, especially where they have mixed data sets.

Data governance as a strategic enabler. The Data Act reinforces the need for robust data governance frameworks. Organizations must be able to identify, classify, and manage data assets across their lifecycle to comply with access, sharing, and interoperability requirements.

This isn’t just a compliance issue; it’s a strategic opportunity to build trust, improve data quality, and unlock new value.

An advanced data governance framework, reinforced by a strong legal governance structure, will be essential for navigating regulatory complexity and transforming compliance into a strategic competitive advantage. Businesses should start reviewing this framework now.

Organizations that act now to align their governance, infrastructure and contracts will be best positioned to thrive in the new data-driven landscape. Investing in robust data governance capabilities and seeking guidance will help facilitate readiness and turn compliance into a strategic advantage.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law, Bloomberg Tax, and Bloomberg Government, or its owners.

Author Information

David De Falguera Llobet is a partner, AI & digital, with Ernst & Young Abogados, S.L.P.

Luis Montero is a partner, AI & data, with EY Transforma Servicios de Consultoría, S.L.

Clare Gray is EY global law knowledge lawyer.

The views reflected in this article are the views of the authors and do not necessarily reflect the views of the global EY organization or its member firms.

Write for Us: Author Guidelines