Data Insights
Louise

The EU Data Act: A Reset in Data Power

What data leaders need to know about compliance

Table of Contents

    Key Takeaways

    The EU Data Act, in force since January 2024, begins applying its core provisions on 12 September 2025, reshaping how enterprises access, share, and manage data. By 2027, it will mandate fair contracts, cloud portability, and interoperability across providers. For data leaders, the Act is both a compliance obligation and a strategic opportunity: to audit data flows, modernize contracts, and adopt governance and transformation platforms that ensure trusted, AI-ready data ecosystems.

    For years, the balance of power between enterprises and the platforms they rely on for data handling has been uneven. Service providers and technology vendors have built artificial barriers to data access ,from proprietary formats to contractual lock-ins, that make it costly and complex for companies to extract, move, and activate their own data.

    That’s changing.

    What is the EU Data Act?

    The EU Data Act, adopted in late 2023, represents a seismic shift in data rights. Beginning September 12, 2025, organizations across Europe (and beyond) gain clear, enforceable rights to access and port the data they generate, regardless of the platform or service provider that holds it. In today’s AI-driven economy, where innovation depends on seamless access to trusted data, these rights have never been more important.

     

    Why Was the EU Data Act Established?

    The EU Data Act was designed to unlock the value of data in the European economy by ensuring that connected product and IoT data is accessible, fair, and usable. It addresses market imbalances where platforms imposed lock-ins or unfair terms, clarifies who can use what data and under which conditions, and empowers users with greater control over their data.

    Beyond boosting competition and innovation, it also strengthens Europe’s ability to respond to public emergencies and builds the foundation for a single market for data alongside the Data Governance Act.

    Timeline and implementation

    • 11 January 2024: The Data Act entered into force.
    • 12 September 2025: Core provisions apply: user access rights, interoperability standards, fair contractual terms, and public authority access mechanisms.
    • 12 September 2026: Design/manufacture obligations: connected products must be built with accessible data pathways.
    • 12 September 2027: Legacy B2B contracts face restrictions on unfair terms; all switching fees for cloud/data services eliminated.

    Timeline graphic of the EU Data Act showing key milestones: 2024 Act enters into force, 2025 core provisions apply, 2026 design obligations, and 2027 cloud switching requirements.

    Key objectives and scope

    The EU Data Act was designed to unlock data’s potential for innovation and competition while protecting rights and IP. Its objectives include:
    Data Portability & Access Rights: Enterprises and individuals can demand data generated by their connected devices or services, and share it with third parties.

    • Fairness of Contracts: Preventing dominant providers from imposing unfair data terms in B2B agreements.
    • Cloud Switching & Interoperability: Service providers must remove technical and contractual lock-in, supporting fast, cost-effective switching.
    • Public Sector Access: Emergency mechanisms for governments to access private data when strictly necessary.
    • Extraterritorial Reach: Applies to non-EU companies serving EU users, mirroring GDPR’s global effect.

    Implementation guidance for enterprises

    The Act puts the burden on data holders and service providers, but every enterprise that uses connected products, SaaS platforms, or cloud services must prepare to exercise its rights.

    Key steps include:

    • Review contracts: ensure B2B terms don’t contain clauses that would soon be unenforceable.
    • Audit data flows: know what data your org generates, where it resides, and whether it’s exportable.
    • Plan for switching: evaluate dependencies on cloud vendors or SaaS platforms, and budget for migration pathways.
    • Establish governance: set policies for lawful data sharing with third parties and public authorities.

    To learn more about implementation guidance, check out this primer created by IAPP European Operations Coordinator Laura Pliauskaite

    Practical implications for data leaders

    For CDOs, CIOs, and data engineering teams, the Act represents both a compliance requirement and a strategic opportunity:

    • More leverage with vendors: enterprises can negotiate with confidence, citing regulation that requires fair, interoperable access.
    • New data ecosystems: access to device and service data unlocks innovation in AI, analytics, and cross-domain collaboration.
    • Operational complexity: teams must prepare for a world where data flows across more parties and jurisdictions, requiring stronger controls.

    Industry impacts

    IoT and Automotive

    Manufacturers must build connected products with accessible, machine-readable data pathways by 2026. Independent garages, insurers, and fleet managers will gain access to telematics and diagnostics once restricted to OEMs. Under the AI Act, any high-risk AI models built on this data (e.g. driver-assistance systems, predictive maintenance) must show provenance and quality of input data. This means OEMs must prove not just data access but also accuracy and integrity.

    Cloud and Data Infrastructure

    Cloud providers must eliminate switching fees by 2027 and support standardized export formats and APIs. This directly supports the AI Act’s transparency and auditability requirements. AI developers training or deploying models in the EU will need verifiable logs of where data resides, how it moves, and whether it complies with EU standards. Cloud vendors that fail to provide clean, auditable migration paths will expose customers to AI Act compliance risks.

    Healthcare and MedTech

    Connected health devices must offer patient and clinician access to raw data. The Data Act enables portability across hospitals, EHRs, and third-party apps. The AI Act overlays stricter rules: AI systems using medical data are high-risk and must document lineage, consent, and safeguards. Device makers must ensure their APIs and exports preserve metadata that supports these obligations. Hospitals will need governance platforms that reconcile GDPR, Data Act, and AI Act simultaneously.

    Public Sector and Critical Infrastructure

    Authorities gain structured access to private-sector data during emergencies. Combined with the AI Act, this creates obligations for explainability and accountability in automated decision systems (e.g. disaster prediction, crisis response). Any AI model that consumes emergency-access data must show how data was ingested, validated, and used in decision pipelines.

    EU Data act compliance strategies that work

    To prepare, organizations should:

    1. Conduct a data inventory: understand which datasets fall under the Act.
    2. Adopt interoperability standards: align with machine-readable formats and APIs.
    3. Harden governance: establish policies and workflows for third-party data sharing.
    4. Modernize contracts: proactively adjust SLAs and data terms before 2027.

    Educate teams: build awareness across legal, IT, data engineering, and product.

    How can data platforms enable EU Data Act compliance and advantages?

    The Act’s intent isn’t just compliance, it’s to empower enterprises to innovate with their data. This is where data transformation, governance, and catalog platforms come in:

    Aren’t data platforms just another compliance checkbox? No. The EU Data Act isn’t only about compliance, it’s about giving enterprises the freedom to innovate with their own data. Data transformation, governance, and catalog platforms are not just safeguards; they’re enablers of speed, trust, and competitive advantage.

    How does a data transformation platform help?

    • Standardize raw outputs into machine-readable, interoperable formats.
    • Automate API-driven exports, making portability seamless.
    • Validate data quality and capture lineage so organizations can share data with confidence.

    What role does governance play?

    • Governance platforms enforce access rights, purpose limitations, and policies automatically.
    • They provide audit trails of who accessed what, when, and why.
    • They allow companies to mask or partition sensitive IP while still sharing compliant datasets.

    Where do data catalogs fit in?

    • Catalogs make data discoverable and transparent, with metadata, ownership, and lineage.
    • They embed product contracts (schemas, SLAs, usage policies) directly into data assets.
    • They encourage safe cross-domain reuse without chaos.

    What’s the bigger picture?

    Together, these three platforms form the operational backbone for Data Act compliance. More importantly, they position enterprises to move faster, collaborate safely, and innovate in AI-driven ecosystems.

    Closing thoughts

    The EU Data Act marks the end of artificial barriers to data mobility. In a world where AI thrives on seamless, trustworthy data access, enterprises that prepare now will gain not only compliance and peace of mind, but also a strategic edge in innovation.

    At Coalesce, we believe this is the dawn of a new, data-empowered enterprise era, one where data transformation, governance, and cataloging aren’t just tools or features, but the foundation for growth.

    Frequently Asked Questions

    The Data Act aims to enhance the EU’s data economy by making data, especially industrial and IoT-generated, more accessible and usable, thereby spurring data-driven innovation and increasing overall data availability. It also strives to ensure fairness in how the economic value of data is allocated among actors in the data ecosystem.

    The rapid growth of IoT devices in Europe has generated massive volumes of data, creating a huge opportunity for innovation. The Data Act gives owners or users of these connected products (businesses or individuals) greater control over the data they generate, while still protecting incentives for companies to invest in data-generating technologies.

    By clarifying who can use what data and under which conditions, the Data Act aims to distribute the gains from data fairly, making it explicit who has rights, under what terms, and ensuring equitable participation, especially for smaller players.

    • It counteracts unfair contractual terms imposed by dominant players in data sharing.
    • It opens up competition by enabling seamless switching between cloud/data services.
    • It strengthens the EU’s ability to respond to public emergencies by allowing structured access to private data when needed.

    It also ensures safeguards against unlawful third-country access to data held in the EU.

    The Data Act complements the Data Governance Act (which supports voluntary and trusted data sharing), together laying the groundwork for a European single market for data. The goal is to make Europe a global leader in the data economy, while ensuring that data flows safely, fairly, and innovatively across sectors and borders.

    More from Coalesce

    Discover More
    Discover More