27 November 2023 – the European Council adopted the European Data Act


After the adoption of the Data Governance Act in 2022, the Data Act is the second main legislative initiative resulting from the EU Commission’s strategy for data, which aims at creating a single market for data that will ensure Europe’s global competitiveness and data sovereignty.

While the Data Governance Act creates the processes and structures to facilitate data sharing by companies, individuals, and the public sector, the Data Act aims at “freeing” industrial data, allowing its accessibility and use by everyone, and fostering a competitive and reliable European cloud market. 

”Following the adoption of the Digital Services, Digital Markets and Data Governance Acts, today’s agreement forms another milestone in our efforts to reshape the digital space. The Data Act will ensure that industrial data is shared, stored and processed in full respect of European rules. It will create a thriving data economy that is innovative and open, but on our European conditions.”

Thierry Breton, Commissioner for Internal Market - 28/06/2023

Key takeaways of the new Regulation

The Data Act includes:

  • Measures that enable users of connected devices (or Internet of Things -IoT- devices) to access the data generated by such devices (e.g. metadata) and by related services. Until now, users had limited access to such data and the manufacturers were the main beneficiaries of such collection. Users will also be able to share such data with other third parties (data portability); for example, you will be able to transfer your (product and related service) data from your smartwatch to another smartwatch provider more easily. Although the right to data portability is already established in the GDPR, the Data Act enhances it by facilitating the transfer of data across different services and at the same time it broadens its scope. 
  • Measures to allow users to switch between various cloud data-processing service providers, to prevent users from being locked in with a specific vendor.  
  • Measures to protect and prevent EU companies from entering into unfair or unjust contractual arrangements due to the abuse of the market position of large companies. This will allow EU companies, specifically SMEs, to foster their negotiation power and participate in the digital market under more fair terms.
  • Measures to allow public sector bodies to access and use data held by the private sector in exceptional cases, such as public emergencies, or when implementing a legal mandate.
  • Various Safeguards against unlawful data transfers.

Next steps

Following the formal adoption by the Council, which was the last step of the legislative process, the Data Act will enter into force twenty days after its publication in the EU’s official (which represents the date when the regulation has legal existence in the EU legal order and the national legal order of each Member State). The Regulation will be applicable and fully enforceable 20 months after it enters into force, except for Article 3 §1 (requirements for simplified access to data for new products), which will be applicable 32 months after the date of entry into force. 

For questions about how the Data Act will affect your business, do not hesitate to reach out to us to discuss this further.

Written by Elisavet Dravalou

More from our team